Configuring a Session¶
The Session page on the AWI allows you to configure how a PCoIP Remote Workstation Card accepts connections from peer devices. The available connection options depend on two parameters—Accept Any Peer and TLS Security Mode. The Differentiated Services Code Point (DSCP) option allows network administrators the ability to prioritize PCoIP traffic within their networks, which can also boost PCoIP network performance.
AWI Session Page
Accept Any Peer¶
When enabled this parameter allows compatible clients to connect to the PCoIP Remote Workstation Card. Deselecting this setting requires you know the MAC address of a client to peer with the host card.
TLS Security Mode and Encryption Ciphers¶
The PCoIP data stream is always encrypted, however the PCoIP Remote Workstation Card and client must have compatible security modes to connect. The two options are:
Maximum Compatibility: TLS 1.2 or higher with 112-bit or higher elliptic curve encryption: This option provides maximum compatibility with clients.
Suite B: TLS 1.2 with Suite B compliant 192-bit elliptic curve encryption: This option offers an additional certificate option which must match the configuration on the connecting PCoIP Zero Client. The Suite B option offers the peer-to-peer certificate option for added security. The endpoints will use the AES-256-GCM cipher.
Blacklisted Cipher Suites
The Blacklisted Cipher Suites offer maximum flexibility but should not be used if possible.
The blacklist cipher suites allow an administrator the ability to disable the use of certain cipher suites due to any security concerns. The blacklist allows you to protect your system without requiring a firmware update. At least one cipher suite must remain enabled at all times.
Differentiated Services Code Point (DSCP)¶
DSCP provides PCoIP prioritization capability to compatible network devices, allowing for improved network performance on congested networks.
Session Parameter Options
|Accept Any Peer||When enabled, the host accepts connections from any client. When disabled, you must specify the MAC address of the peer you want the host to accept.|
|Peer MAC Address||Enter the MAC address of the client that is allowed to connect to the host. If the Accept Any Peer option is enabled, this field is not required and not editable.|
|TLS Security Mode
(Session Negotiation Cipher)
|Configure the Transport Layer Security (TLS) cipher to use for negotiating the TLS session between the PCoIP client and the PCoIP host.
|Blacklisted Cipher Suites||The blacklist cipher suites allow an administrator the ability to disable the use of certain cipher suites due to any security concerns. The blacklist allows you to protect your system without requiring a firmware update. At least one cipher suite must remain enabled at all times.
|PCoIP Data Encryption Ciphers:
(Enabled Session Ciphers)
|The enabled encryption mode must match between the host and client for a session to be established. A more secure encryption method implemented in second-generation Tera2 processors, AES-256-GCM offers high security and performance between hardware endpoints.|
|Enable DSCP||When enabled, the device populates the Differentiated Services Code Point (DSCP) field in the IP header, allowing intermediate network nodes to prioritize PCoIP traffic accordingly.|
|Enable Transport Congestion Notification||When enabled, transport congestion notification is enabled to allow PCoIP endpoints to react accordingly if an intermediate network node sets the congestion notification bit in either the IP header or PCoIP transport header.
Note: For more information about the PCoIP transport header, see PCoIP Packet Format.