Connecting from a PCoIP Zero Client

Connecting Across a Wide Area Network (WAN)

PCoIP Zero Clients and Remote Workstation Cards use UDP-encapsulated IPsec format. Because this encapsulation type supports IP address and port number translation, it is not necessary to set up a VPN when these devices connect remotely. To connect devices with earlier firmware versions which require a VPN, see PCoIP Zero Client to Remote Workstation Card Using a Hardware VPN.

Remote Workstation Cards with firmware 20.01 and newer support connections from Teradici Software Clients when the Remote Workstation Card Agent and Remote Workstation Card Software are intalled on the host PC.

Remote Workstation Card Software Assumption

All Remote Workstation Card scenarios assume you have the PCoIP Remote Workstation Card Software installed on the host PC. For details, please see the Windows or Linux PCoIP® Remote Workstation Card Software Administrators' Guide used in your deployment. Please refer to Connection Prerequisites for other conditions that may apply.

Example IPs

The IP addresses in the following figures are intended as example addresses only.

The figure below shows a PCoIP Zero Client establishing a PCoIP session with a Remote Workstation Card over a WAN.

Scenario1: PCoIP WAN Sessions
Scenario 1: PCoIP Zero Client to Remote Workstation Card (WAN)

You can also have multiple PCoIP Zero Clients and Remote Workstation Cards connected behind NAT devices, as shown in the scenario 2 diagram. Separate client connections to dedicated Remote Workstation Cards require source IP translation which is usually found on enterprise-level NAT devices.

Scenario2: Multiple PCoIP WAN Sessions
Scenario 2: Remote PCoIP Sessions with Multiple Tera2 Devices

To establish the connection:

  1. Configure the enterprise NAT device to redirect TCP/UDP port 4172 to the Remote Workstation Card.

    • Scenario 1

      • Configure the enterprise NAT device to redirect TCP/UDP port 4172 to the Remote Workstation Card.
    • Scenario 2

      • Configure the source enterprise NAT device (203.0.0.1) to translate IP address and ports as follows:

        192.168.0.1:4172 to 203.0.0.1:4172
        192.168.0.2:4172 to 203.0.0.1:4173
        192.168.0.3:4172 to 203.0.0.1:4174

      • Configure the destination enterprise NAT device (144.0.0.1) to translate IP addresses and ports as follows:

        144.0.0.1:4172 to 10.0.10.1:4172
        144.0.0.1:4173 to 10.0.10.2:4172
        144.0.0.1:4174 to 10.0.10.3:4172

  2. From the PCoIP Zero Client's AWI:

    • Configure the Direct to Host session connection type, and enter the IP address of the destination enterprise NAT device.
  3. From the Remote Workstation Card's AWI:

    • Configure the Session connection.
  4. On your firewall or router, allow both TCP and UDP traffic on the ports you have configured in your NAT devices (4172+) in step 1.

  5. Start a PCoIP session.

  6. If necessary, adjust bandwidth and image parameters on both the host and client to optimize performance.

For more information on how NAT applications work with PCoIP, please log in to the Teradici support site and view KB 1623 and KB 1487.

PCoIP Zero Client to Remote Workstation Card via Hardware VPN

The figure below shows a PCoIP session between a PCoIP Zero Client and Remote Workstation Card over a hardware VPN.

Scenario3: PCoIP Session Via Hardware VPN
Scenario 3: Hardware VPN for PCoIP Zero Client to Remote Workstation Card (WAN)

A VPN is necessary when connecting the following PCoIP endpoints over the Internet:

  • PCoIP Zero Client to a Tera2 Remote Workstation Card when the installed firmware in these devices is prior to release 4.1.0

  • PCoIP Zero Client or Software Client to a Tera2 Remote Workstation Card when the enterprise NAT device/gateway cannot implement the required IP address and port translation

  • Teradici Software Client to a Remote Workstation Card when the Remote Workstation Card Agent is not installed

  • Teradici Software Client to a Remote Workstation Card when the client software host PC has no VPN software installed.

To establish the connection:

  1. At the home network, install a VPN endpoint device (e.g., a router) and establish a VPN session between the endpoint device and the enterprise VPN gateway. For information on how to set up the VPN, please see the documentation for your device.

  2. Configure the enterprise VPN gateway/firewall/NAT device to allow IPsec ESP traffic, and also traffic on UDP port 4172 for the PCoIP data stream and on TCP port 4172 for the TCP handshake.

  3. From the PCoIP Zero Client's AWI:

    • Configure the Direct to Host session connection type, and enter the IP address of the Remote Workstation Card.

    • Configure the address of the home VPN endpoint device as the default gateway.

    • Set the packet MTU to be less than or equal to the largest size supported by the VPN tunnel.

  4. From the Remote Workstation Card's AWI:

    • Configure the Session connection type.

    • Set the packet MTU to be less than or equal to the largest size supported by the VPN tunnel.

  5. Start a PCoIP session.

  6. If necessary, adjust bandwidth and image parameters on both the host and client to optimize performance.

For information on optimizing networks for WAN connections, please log in to the Teradici Support Site and see the following Knowledge Base topics: