Skip to content

AWI: Amazon WorkSpaces

Select the Amazon WorkSpaces session connection type from the Configuration > Session page to configure the client to connect directly to your Amazon WorkSpaces desktop through multi-factor authentication when connecting with PCoIP Zero Clients on firmware 6.0 or newer. This connection type removes the need to deploy and manage the PCoIP Connection Manager for Amazon WorkSpaces in order to connect PCoIP Zero Clients to Amazon WorkSpaces.

Security

The connection manager determines the security requirements. Amazon WorkSpaces session type uses an Amazon connection manager which requires multi-factor authentication when connecting to Amazon WorkSpaces.

Alt text
AWI Session Connection type – Amazon WorkSpaces

The following parameters can be found in the AWI Session tab when the Amazon WorkSpaces connection type is selected with the advanced tab showing.

AWI Amazon WorkSpaces

Parameter Description
AWS Registration Code Enter the registration code from the invitation email sent after creating your Amazon WorkSpace.
AWS Connection Name Enter a name for this registered Amazon WorkSpace instance.
Desktop Name to Select Enter the desktop name used by the client when starting a session.
This field is case-insensitive.
Certificate Check Mode Select the level of verification performed on the certificate presented by the connection server:
  • Never connect to untrusted servers: Configure the client to reject the connection if a trusted, valid certificate is not installed. (This is the most secure option.)
  • Warn before connecting to untrusted servers: Configure the client to display a warning if an unsigned or expired certificate is encountered, or if the certificate is not self-signed and the Tera2 PCoIP Zero Client trust store is empty. (This option is selected by default.)
  • Do not verify server identity certificates: Configure the client to enable all connections. (This option is not secure.)
Certificate Check Mode Lockout When enabled, prevents users from changing the Certificate Check Mode settings from the OSD.
Auto Connect This field determines the client’s auto connect behavior after startup:
  • Enabled: The client automatically connects with the connection server after startup and a PCoIP session ends, bypassing the OSD Connect page.
  • Disabled: The client does not automatically connect with the connection server.
  • Enabled With Retry On Error: The client will continuously attempt to contact the connection server. After a connection failure, the client waits before attempting to connect again. This wait time increases with each successive failure. The wait interval is not configurable.
Devices running firmware 4.1.1 or lower do not support Retry On Error behavior and will always perform a single attempt to contact the connection server when this option is selected.

After enabling Auto Connect, the client must be power-cycled for the change to take effect.
Connection Server Cache Mode This field determines which Amazon Workspaces a user can select from the connection drop-down menu on the OSD Connect page.
  • Last servers used: Select this option if you want users to select the cached list of Amazon WorkSpaces. The drop-down lists the previous 50 WorkSpaces that the Zero Client established a successful connection to. If the cache is not cleared, new connections will begin to replace WorkSpaces that were previously cached starting at the oldest saved connection first.
  • Read-only: Select this option if you want users to select an Amazon WorkSpace from a read-only list. This list is created from a PCoIP Management Console profile that has Broker Address Cache List entries. and it will replace the Amazon WorkSpaces cached entries when applied to the Zero Client.
Auto Launch If Only One Desktop When enabled, users are automatically connected to a provisioned desktop after user credentials are entered.

This feature only applies to users who are entitled to a single desktop. It does not apply to users entitled to multiple virtual desktops.
Enable Peer Loss Overlay When enabled, the 'Network Connection Lost' overlay appears on the display(s) when a loss of network connectivity is detected. Normal hypervisor scheduling delays can falsely trigger this message.
Enable Preparing Desktop Overlay When enabled, the 'Preparing Desktop' overlay appears on the display(s) when users log in.

This overlay provides assurance that login is proceeding if the desktop takes more than a few seconds to appear.
Enable Session Disconnect Hotkey When enabled, users can press the Ctrl+Alt+F12 hotkey sequence to quickly disconnect a PCoIP session. See Disconnecting from a Session for details.
PCoIP Utility Bar Mode When enabled, the PCoIP Utility Bar appears at the top of the primary display when a user is in session and moves the cursor directly under the bar. The utility bar can be used to disconnect a session or to shut down a remote workstation. For Direct to Host session connection types, Local Cursor and Keyboard must be enabled in order for the Tera2 PCoIP Zero Client to process mouse events for the utility bar. For all connection types, the mouse must be locally connected (that is, not bridged).
  • Disabled: Disables the PCoIP Utility Bar. By default, the utility bar is disabled.
  • Enabled: Enables and auto-hides the PCoIP Utility Bar. Users can show the utility bar by pointing the mouse at the top of the screen directly under the utility bar. Users can slide the utility bar to the right and left at the top of the screen.
  • Enabled and Pinned: Enables and pins the PCoIP Utility Bar at the top of the screen. Users cannot hide the utility bar, but they can slide it to the right and left at the top of the screen.
This feature is configurable from the PCoIP Management Console and AWI only.
Session Negotiation Cipher Suites Configure the Transport Layer Security (TLS) cipher to use for negotiating the TLS session between the PCoIP client and the PCoIP host.
  • Maximum Compatibility: TLS 1.2 or higher with 112-bit or higher elliptic curve encryption: This option provides maximum compatibility.
  • Suite B: TLS 1.2 with Suite B-compliant 192-bit elliptic curve encryption. This option provides a higher level of security.
Disconnect Message Filter This field lets you control what type of messages appear when a session is disconnected. There are three categories:

Information: User- or administrator-initiated actions affecting the session:
  • You have been disconnected because you logged in from another location or your host was shut down or restarted.
  • You have been disconnected because an administrator disconnected you.
  • You have been disconnected because you logged in from another location.
  • You have been disconnected because you disconnected from your workstation.
Warning: System-initiated, but expected actions affecting the session:
  • You have been disconnected because your session timed out.
Error: Unexpected system-initiated actions causing session to fail:
  • You have been disconnected.
  • Unable to connect (0x1001). Contact your IT administrator.
  • Unable to connect (0x1002). Contact your IT administrator.
  • Session closed remotely.
  • Session closed remotely (unknown cause).
  • You have been disconnected due to a configuration error (0x100). Contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x201). Contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x300). Contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x301). Contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x302). Contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x303). Contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x305). Contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x400). Contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x401). Contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x402). Contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x403). Contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x404). Contact your IT administrator for assistance.
For detailed information about the session disconnect codes, see What do the PCoIP server log disconnect codes mean? (KB 1094).

You can choose to display:
  • Show All – This option shows all disconnect messages including Info, Warning, and Error messages.
  • Error and Warnings Only – This option hides info messages and displays only Error and Warning messages.
  • Show Eror Only - This option hides Info and Warning messages and displays only Error messages.
  • Show None – Don’t show any disconnect messages.
Enable DSCP When enabled, the PCoIP endpoint assigns a Differentiated Services Code Point (DSCP) value determined by the transport session priority negotiation between PCoIP endpoints using proprietary algorithms, enabling intermediate network nodes to prioritize PCoIP traffic accordingly. Additional settings can be configured via group policy for systems using PCoIP software endpoints such as HP Anyware. See your agent documentation for more information.

Sessions between Zero Clients and Remote Workstation Cards will only negotiate a medium priority.

Remote Workstation Card (medium)

  • DSCP value of CS3 for control traffic
  • DSCP value of AF42 for keyboard, mouse, pointer, audio
  • DSCP value of AF32 for desktop imaging, real-time virtual channels
  • DSCP value of AF12 for USB virtual channels

Software Agent (configurable OS policy to set session priority to low, medium, or high)

  • DSCP value of CS3 for control traffic (low, medium and high)
  • DSCP value of AF43(low), AF42(medium), AF41(high) for keyboard, mouse, pointer, audio
  • DSCP value of AF33(low), AF32(medium), AF31(high) for desktop imaging and real-time virtual channels
  • DSCP value of AF13(low), AF12(medium), AF11(high) for USB virtual channels

Warning: We don't recommend enabling DSCP on Zero Clients. The purpose of enabling this setting is to reduce the workload on network edge devices of assigning DSCP values on PCoIP packets. Using this setting requires networking expertise and control over the whole link between PCoIP endpoints. See your network administrator and network device documentation for further information on using DSCP in your network.

Enable Congestion Notification When enabled, transport congestion notification is enabled to enable PCoIP endpoints to react accordingly if an intermediate network node sets the congestion notification bit in either the IP header or PCoIP transport header. For more information about the PCoIP transport header, see PCoIP Packet Format.