About USB Settings¶
From the AWI and Management Console, you can configure access to the host PC operating system for USB devices plugged into PCoIP Zero Client USB ports. For PCoIP Management Console configurations, see the managing profiles topic in the PCoIP Management Console Administrators' Guide.
Software Client USB support
USB devices connected to Teradici Software Client hosts are not supported when connecting to Remote Workstation Cards or Remote Workstation Card Agents.
USB plug events are blocked in the Tera2 PCoIP Zero Client firmware by configuring the Unauthorized Devices in its AWI. The PCoIP Remote Workstation Card can also be configured to block USB device access to the host PC for an additional layer of security.
The PCoIP Remote Workstation Card USB permissions has a higher priority than the PCoIP Zero Client and thus overrides the client USB permissions. The authorized and unauthorized tables found in the AWI USB permissions page can each have up to 10 USB devices added. It is strongly recommended you only set the USB permissions on the host when connecting to a PCoIP Remote Workstation Card from a PCoIP Zero Client.
Endpoint Default Permissions
The factory defaults have no USB permissions configured on the host. The factory defaults for the client USB permissions are 'any, any, any' for the Authorized devices tables.
The following rules apply when configuring USB permissions.
If the host has permissions configured, the permissions are sent to the client. If the client has unauthorized devices, they are added to the host’s unauthorized devices and the consolidated list is used.
If the host does not have permissions programmed, the client’s permissions are used.
The host USB permissions are updated at the start of a PCoIP session. They are authorized in the following order of priority (from highest to lowest):
Unauthorized Vendor ID/Product ID
Authorized Vendor ID/Product ID
Unauthorized Device Class/Sub Class/Protocol
Authorized Device Class/Sub Class/Protocol
From the AWI you can configure USB permissions to authorize or unauthorize USB devices bridged to the host PC to access the host operating system.
Authorized Table: In this table, you can use the Add new button to create up to 10 USB rules that allow USB devices to connect to your endpoint based on the USB Vendor ID(VID) and Product ID(PID), or by USB device Class.
Unauthorized Table: In this table, you can use the Add new button to create up to 10 USB rules that prevent USB devices to connect to your endpoint based on USB ID or USB device Class. You can use wildcards (or specify any) to reduce the number of entries needed to define all devices.
The Class rules include categories Device Class, Sub Class, and Protocol. You can use wildcards (or select any) to reduce the number of entries needed to define all devices.
USB Permissions Page¶
The following categories display on the AWI Permissions > USB page:
|Authorized Devices||Lists up to 10 rules that authorize USB devices to connect to your endpoint.
Add New: This adds a new rule to the authorized table using the USB device's ID, or Class:
|Unauthorized Devices||Lists up to 10 rules that prevent USB devices from connecting to your endpoint.
Add New: This adds a new rule to the unauthorization table using the USB device's ID, or Class:
To configure USB settings:
From the AWI, select Configuration > USB.
AWI USB permissions page
From the AWI USB page, update the USB settings by selecting Add new and configure the required parameters. The parameters that display depend on whether you describe the device by Class or ID.
Device Class parameters
Device ID parameters
USB Configuration Parameters¶
The following parameters display when you authorize or unauthorize USB device parameters:
|Add new||When adding a new USB authorization or unauthorization entry, select one of the following:
|Device Class||This field is enabled when Class is selected.
Select a supported device class from the drop-down menu, or select Any to authorize or unauthorize (disable) any device class.
|Sub Class||This field is enabled when Class is selected.
Select a supported device sub class from the drop-down menu, or select Any to authorize or unauthorize (disable) any sub-class.Note: If Any is selected as the device class, this will be the only selection available.
|Protocol||This field is enabled when Class is selected.
Select a supported protocol from the drop-down menu, or select Any.Note: If Any is selected as the device class or sub-class, this will be the only selection available.
|Vendor ID||This field is enabled when ID is selected.
Enter the vendor ID of the authorized (or unauthorized) device. The valid range is hexadecimal 0-FFFF.
|Protocol ID||This field is enabled when ID is selected.
Enter the product ID of the (authorized or unauthorized) device. The valid range is hexadecimal 0-FFFF.