High Security Settings Checklist

The following table provides a list of PCoIP Remote Workstation Card security settings that are frequently used in high security deployments. Your network administrator or your security advisor must determine whether these settings are appropriate for your own network environment. The most secure options are shown and are presented in the order seen in the AWI.

PCoIP Remote Workstation Card Security Settings

Configuration Category Setting Name                                       Setting
Initial Setup Accept Any Client False
Network Enable 802.1X Security True
Network Enable 802.1X Authentication Identity Enter the username configured for the 802.1X authentication
Management Security Level High Security Environment - Bootstrap phase disabled
Access Disable Management Console Interface False

Warning: Disabling both the Management Console and AWI interfaces will make your Remote Workstation Card unmanageable unless a factory reset is performed on the card

Access Disable Administrative Web Interface True
Access Force password change on next login True
Discovery Enable SLP Discovery False
SNMP Enable SNMP False
Session Accept Any Peer False
Session TLS Security Mode Suite B: TLS 1.2 with Suite B compliant 192-bit elliptic curve encryption
Session Peer-to-Peer Certificate If a custom certificate is uploaded then it will appear in the Peer-to-Peer Certificate field and you will be able to select it to be used for PCoIP Zero Client to Remote Workstation Card peer-to-peer connections
Session PCoIP Data Encryption Ciphers AES-256-GCM
Session Enable DSCP False
USB Authorized Devices Enter the USB rule, class, sub class and protocol of authorized USB devices bridged to the host PC to gain access to the USB device.

Example: To allow USB access to HID devices only, click Add New and configure these settings:

  • Authorized:
    Rule Type: Class
    Device Class: Human Interface Device
    Sub Class: Any
    Protocol: Any
  • Unauthorized
    No unauthorization rules. Delete any existing rules. When there are no rules, the MC displays two radio buttons on the Manage Profiles page. Select Erase the device's existing USB unauthorizations and replace them with an empty set.
USB Unauthorized Devices Enter the rule, class, sub class and protocol of unauthorized USB devices that are bridged to the host PC to prevent access to the USB device from the host PC.

Example: To allow USB access to all devices except mass storage, click Add New and configure these settings.

  • Authorized:
    Rule Type: Class
    Device Class: Any
    Sub Class: Any
    Protocol: Any

  • Unauthorized:
    Rule Type: Class
    Device Class: Mass Storage
    Sub Class: Any
    Protocol: Any

Certificate Store N/A Stores certificates for 802.1X and certificates for secure connections using the management protocol allowing management of the Remote Workstation Card