Peering Zero Clients to Remote Workstation Cards¶
PCoIP Zero Clients can be peered (paired) to Remote Workstation Cards using custom certificates to establish a secure PCoIP peer-to-peer connection. This optional but recommended configuration allows for a more secure connection then the default connection. The custom peer-to-peer certificate and the root certificate must be present in both the Zero Client and Remote Workstation card certificate store. The custom certificate must then be applied to the Peer-to-Peer Certificate field, which is displayed when the Direct to Host Session Connection Type and Suite B: TLS 1.2 with Suite B-compliant 192-bit elliptic curve encryption TLS Security Mode options are selected.
Changing Session Connection Type
If you need to change your Session Connection Type from connecting to Remote Workstation Cards, be sure to change the TLS Security Mode to Maximum Compatibility: TLS 1.1 or higher with RSA keys
The peer-to-peer connection using certificates supports connections betweeen PCoIP Zero Clients and Remote Workstation Cards only. THis configuration is done via the AWI.
Important: OCSP (Online Certificate Status Protocol)
OCSP (Online Certificate Status Protocol) is currently not supported for custom peer-to-peer certificates
To configuring a secure peer-to-peer connection for a PCoIP Remote Workstation Card:¶
Upload both your custom peer-to-peer certificate and your root certificate to your PCoIP Zero Client certificate store. See Uploading Certificates.
Remote Workstation Certificate
Ensure the desired trusted certificate is uploaded to the Remote Workstation Card certificate store.
Select Direct to Host for the Session Connection Type on the Session page.
Enter the DNS Name or IP Address of the Remote Workstation Card that you are going to have a peer-to-peer connection with.
Select Show Advanced Options.
Select the TLS Security Mode option Suite B: TLS 1.2 with Suite B-compliant 192-bit elliptic curve encryption.
Select the correct Peer-to-Peer Certificate. (If it is not displayed, you have not yet uploaded it to the certificate store)