Administration Guide for Cisco Virtualization Experience Client 2111/2211 PCoIP Firmware Release 4.0.2
Cisco VXC PCoIP Configuration
Downloads: This chapterpdf (PDF - 3.48MB) The complete bookPDF (PDF - 7.06MB) | Feedback

Cisco VXC PCoIP Configuration

Cisco VXC PCoIP Configuration

As a user or administrator you can interact with your Cisco VXC clients through the embedded HTTPS web interface (the Administrative Web Interface) and On Screen Display (OSD).

Users can connect or disconnect a session, view diagnostics, and configure user parameters. Administrators can view and change configuration settings and user permissions, upload data to the PCoIP device, view session diagnostics information, and view product information.

To minimize the total learning curve and maximize the accessibility, the web interface and OSD are organized as similarly as possible and are structured in a task-oriented fashion.

Device configuration

The Configuration option on the Administrative Web Interface and OSD lets you configure various aspects for the device. This section describes the full set of configuration options.


Note


The OSD configuration options are a subset of the options available in the Administrative Web Interface. To make changes to the configuration settings you need an administrative password. You do not need a password to view the Diagnostic and Information menus.


Configuration using the Initial Setup web page

The Initial Setup web page contains the configuration parameters that you can set before using the client. The page simplifies the out-of-box experience and reduces the time for new users to establish a session between a PCoIP zero client and remote virtual machine. More complex environments require further configuration.


Note


Cisco does not recommend that you use this page to configure the Cisco VXC client.

To configure Session parameters, see Session Configuration.

To configure network options see Network settings configuration.

To configure audio parameters, see Audio Parameters Configuration.

To set up a connection with a VMware View Connection Server, see Vmware View Connection Configuration.


If configured in the firmware defaults, the Initial Setup page appears the first time you log in. After you click Apply, the Home page appears for subsequent sessions unless the firmware parameters are reset.

After you update the settings on this page, click Apply.

Figure 1. Initial Setup Web page



The following table lists the audio parameters. For more information, see Audio Parameters Configuration.

Table 1 Audio Parameters
Parameter Comments
Enable HD Audio Enables audio support on the client
The following table lists the network parameters. For more information, see Network settings configuration.

Table 2 Network Parameters
Parameter Comments
Enable DHCP Enables DHCP rather than manual configuration
IP Address The device IP address
Subnet Mask The device subnet mask
Gateway The device gateway IP address
Primary DNS Server The device primary DNS IP address
Secondary DNS Server The device secondary DNS IP address
The following table lists the client session parameters. For more information, see Session Configuration.

Table 3 Session Parameters (Client)
Parameter Comments
Identify Host by Specifies the host identify method.
Host IP Address Specifies the host IP address
Host MAC Address Specifies the host MAC address. You can set the Host MAC Address value to 00-00-00-00-00-00 to ignore this field when a session starts.

Network settings configuration

You can configure the client network settings from the Network page. After you update the parameters on this page, click Apply to save your changes.

Figure 2. Network Configuration Web Page



Figure 3. OSD: Network Configuration



Table 4 Network Settings parameters
Parameter Description
Enable DHCP

When enabled: The device contacts a DHCP server to be assigned an IP address, subnet mask, gateway IP address, and DNS servers. The firmware requests a domain name (option 15), host name (option 12), and client FQDN (option 81).

When disabled: You must set these parameters manually.

IP Address

The device IP address. If DHCP is disabled, you must set this field to a valid IP address. If DHCP is enabled, you cannot edit this field.

Subnet Mask

The device subnet mask. If DHCP is disabled, you must set this field to a valid subnet mask. If DHCP is enabled, you cannot edit this field.

Caution   

It is possible to configure an illegal IP address/subnet mask combination (for example, invalid mask) that leaves the device unreachable. Take care when setting the subnet mask.

Gateway

The device gateway IP address. If DHCP is disabled, this field is required. If DHCP is enabled, you cannot edit this field.

Primary DNS Server

The device primary DNS IP address. This field is optional. If the DNS server IP address is configured when using a Connection Manager, the Connection Manager address may be set as an FQDN instead of an IP address.

Secondary DNS Server

The device secondary DNS IP address. This field is optional. If the DNS server IP address is configured when using a Connection Manager, the Connection Manager address may be set as an FQDN instead of an IP address.

Domain Name

The domain named used (for example, domain.local). This field is optional. This field specifies the client domain.

FQDN

The Fully Qualified Domain Name for the client. The default is pcoip-portal-<MAC> where <MAC> is the client MAC address. If used, the domain name is appended (for example, pcoip-portal-<MAC>.domain.local). This field is read-only on this page.

Note   

To use the FQDN feature, the DNS server with DHCP option 81 must be available and properly configured.

Ethernet Mode

Lets you configure the Ethernet mode of the client as:

  • Auto
  • 10 Mbps Full-Duplex
  • 100 Mbps Full-Duplex

When you choose 10 Mbps Full Duplex or 100 Mbps Full-Duplex and then click Apply, this warning message appears:

“Warning: When Auto-Negotiation is disabled on the PCoIP device, it must also be disabled on the switch. Additionally, the PCoIP device and switch must be configured to use the same speed and duplex parameters. Different parameters may result in a loss of network connectivity. Are you sure you want to continue?”

Click OK to change the parameter.

Note   

Always set the Ethernet Mode to Auto and use only 10 Mbps full-duplex or 100 Mbps full-duplex when the other network equipment (for example, switch) is also configured to operate at 10 Mbps full-duplex or 100 Mbps full-duplex. An improperly set Ethernet Mode may result in the network operating at half-duplex (which is not supported by the PCoIP protocol). The session will be severely degraded and eventually dropped.

Maximum MTU Size

Lets you configure the Maximum Transfer Unit packet size.

A smaller MTU may be needed for situations such as VPN tunneling because PCoIP packets cannot be fragmented. Set the Maximum MTU Size to a value smaller than the network path MTU for the end-to-end connection between the virtual machine and client.

The Maximum MTU Size range is 600 to 1500 bytes for all firmware versions.

Note   

The default MTU is 1300 for sessions with the remote virtual machine.

Enable 802.1X Security Enable this field for each of your hosts and zero clients if your network uses 802.1X security. If enabled, configure the Authentication, Identity, and Client Certificate fields.
Authentication This field is set to TLS (Transport Layer Security) and is grayed-out. TLS is currently the only authentication protocol supported.
Identity Enter the identity string used to identify your device to the network.
Client Certificate Click Choose to select the client certificate you want to use for your 802.1X devices. The list of certificates that appears includes the certificates uploaded from the Certificate Upload page that contain a private key. The certificate you choose from the Network page is linked to the read-only Client Certificate field on the Certificate Upload page.
Note    PCoIP only supports one 802.1X client certificate. Ensure your security details are all contained within the one file. The 802.1X certificate must contain a private key.

Configure IPv6 Settings

The IPv6 page lets you enable IPv6 for PCoIP devices connected to your IPv6 network.


Note


IPv6 is not currently supported by VMware View.


Figure 4. Administrative Web Interface IPv6 Settings page



Figure 5. OSD IPv6 Settings page




Note


When you make a change to one of the settings on this page, you must reboot your device for the change to take effect.


Table 5 IPv6 Settings parameters
Parameter Description
Enable IPv6 Enable this field to enable IPv6 for your PCoIP devices.
Link Local Address This field is automatically populated.
Gateway Enter the gateway address.
Enable DHCPv6 Enable this field to set up Dynamic Host Configuration Protocol version 6 (DHCPv6) for your device.
DHCPv6 Addresses When DHCPv6 is enabled and the device is rebooted, the server automatically populates these fields with addresses for the device.
Primary DNS The device's primary DNS IP address. If DHCPv6 is enabled, this field is automatically populated by the DHCPv6 server.
Secondary DNS The device's secondary DNS IP address. If DHCPv6 is enabled, this field is automatically populated by the DHCPv6 server.
Domain Name The domain name used (for example, 'domain.local') for the host or client. If DHCPv6 is enabled, this field is automatically populated by the DHCPv6 server.
FQDN The fully qualified domain name for the client. If DHCPv6 is enabled, this field is automatically populated by the DHCPv6 server.
Enable SLAAC Enable this field to set up stateless address auto-configuration (SLAAC) for your devices.
SLAAC Addresses When SLAAC is enabled and the device is rebooted, these fields are automatically populated.
Enable Manual Address Enable this field to set up a manual (static) address for the device.
Manual Address Enter the IP address for the device.

Custom information configuration

The Label page allows you to add custom information for the client.

Figure 6. Label Configuration Web Page



Figure 7. OSD: Label Configuration



Table 6 Label parameters
Parameter Description
PCoIP Device Name

Lets you give the client a logical name. The default is pcoip-portal-<MAC> where <MAC> is the device MAC address.

This field is the name the client registers with the DNS server if DHCP is enabled and the system is configured to support registering the host name with the DNS server. It is important to ensure that the PCoIP Device Name is unique for each endpoint in the network and follows these naming conventions:
  • The first and last character must be a letter (A-Z or a-z) or a digit (0-9)
  • The remaining characters must be letters, digits, or hyphens
  • The length must be 63 characters or less
PCoIP Device Description

A description or other information (such as the location of the endpoint) for the device. The firmware does not use this field. It is provided for administrator use only.

Generic Tag

Generic tag information about the device. The firmware does not use this field. It is provided for administrator use only.

Discovery mechanism configuration

This screen does not apply to the Cisco VXC client.

SNMP Agent Configuration

The Cisco VXC includes an SNMP agent that supports reporting of management information to an SNMP manager. The SNMP page lets you enable or disable the Cisco VXC SNMP agent.

The Cisco VXC uses “public” as the SNMP community string.


Note


For more information on using the PCoIP SNMP Agent, see the SNMP user guide on the Teradici support site.
Figure 8. SNMP Configuration Web Page



Table 7 SNMP Parameters
Parameter Description
Enable SNMP When enabled, the client enables the PCoIP SNMP agent to respond to SNMP requests. Disabling the SNMP agent prevents it from responding to SNMP requests and ensures that the PCoIP SNMP MIB cannot be accessed.
Community Configures the SNMP community name used by the device.

Session Configuration

The Session page lets you configure how the client device connects to or accepts connections from peer devices.

The Advanced configuration options available from the Session page depend on the option you select in the Session Connection Type field:

  • Direct to Host*
  • Direct to Host + SLP Host Discovery*
  • View Connection Server
  • View Connection Server + Auto-Logon
  • View Connection Server + Kiosk
  • View Connection Server + Imprivata OneSign
  • Connection Management Interface*

*Not supported with Cisco VXC.

Figure 9. Session Connection Type page



Vmware View Connection Configuration

The Session page lets you configure your client for use with a VMware View Connection server. When you select View Connection Server as the Session Connection Type, specific configuration options appear.

Figure 10. Administrative Web Interface VMware View session configuration page



Figure 11. OSD VMware View session configuration page



Figure 12. OSD VMware View session configuration page (advanced options)



Table 8 VMware View Page Parameters
Parameter Description
DNS Name or IP Address Enter the VMware View Connection server's DNS name or IP address.
Desktop Name to Select Enter the pool/desktop name used by a zero client when starting a session.
Note   

This setting is optional.

Port By default this field is blank, and port 443 is used to communicate with the VMware View Connection server. If your network is set up to use a non-standard port for secure connections, enter the port number.
VCS Certificate Check Mode Select how the client behaves if it cannot verify a secure connection to the server:
  • Never connect to untrusted servers: Configure the client to reject the connection if a trusted, valid certificate is not installed. (This is the most secure option.)
  • Warn before connecting to untrusted servers: Configure the client to display a warning if an unsigned or expired certificate is encountered, or if the certificate is not self-signed and the zero client trust store is empty. (This option is selected by default.)
  • Do not verify server identity certificates: Configure the client to allow all connections. (This option is not secure.)
VCS Certificate Check Lockout Enable to prevent users from changing the VCS Certificate Check Mode settings from the OSD.
Trusted View Connection Servers Click the Show button to display VMware View Connection servers for which the client has received a valid certificate. Click the Clear button to clear this cache.
Auto Connect Specify if the client should always connect at startup to the VMware View Connection server in the DNS Name or IP Address field. When Auto Connect is enabled, the client automatically connects to the selected VMware View Connection server whenever the client powers up or when a session with the virtual desktop is terminated.
Note   
  • The user sees the user credentials login dialog box on the OSD instead of the Connect dialog box.
  • After enabling Auto Connect, the client must be power-cycled for the change to take effect.
Connection Server Cache Mode

This field determines whether a View Connection Server is dynamically added to the Server drop-down menu on the OSD Connect page when a user types in a valid server address, or whether it appears in a read-only list for the user to select.

  • Last servers used: Select this option if you want a list of cached servers that a user has typed in to appear in the Server drop-down menu on the OSD Connect page.
  • Read-only: Select this option if you want users to select a View Connection Server from a read-only list.
Enable Self-Help Link See "Enabling the Self-Help Link" for details.
Auto Launch If Only One Desktop When enabled, after user credentials are entered, users are automatically connected to their virtual desktop.
Note    This feature only applies to users who are entitled to a single desktop. It does not apply to users entitled to multiple virtual desktops.
Login Username Caching When enabled, the username text box automatically populates with the last username entered.
Note    On the OSD, this field is called "Remember Username."
Use OSD Logo for View Banner When enabled, the PCoIP zero client OSD logo appears during login in place of the VMware View banner. You can upload a custom OSD logo via the Administrative Web Interface.
Prefer GSC-IS When selected, the GSC-IS interface is used if a smart card supports more than one interface such as CAC (GSC-IS) and PIV endpoint. If a smart card supports only one interface, such as either CAC or PIV endpoint, then only the CAC or PIV endpoint interface is used regardless of the Prefer GSC-IS setting. This only affects smart card access performed outside of PCoIP sessions.

Prefer GSC-IS is selected by default.

Enable Peer Loss Overlay When enabled, the “Network Connection Lost” overlay appears on the display(s) when a loss of network connectivity is detected. It also appears in the case of a virtual desktop such as VMware View. Normal hypervisor scheduling delays can falsely trigger this message. This option is disabled by default.
Note    This option is only available for a zero client. Desktop applications that require the peer loss notification should re-enable the feature through the OSD or Administrative Web Interface.
Enable Preparing Desktop Overlay When enabled, the "Preparing Desktop" overlay appears on the display(s) when you log in. This option is disabled by default.
Note    This overlay provides assurance that login is proceeding if the desktop takes more than a few seconds to appear.
Enable Session Disconnect Hotkey When enabled, users can press the Ctrl+Alt+F12 hotkey sequence to pop up the "Zero Client Control Panel" overlay, which lets them disconnect the current session on the workstation or power off the workstation.
Session Negotiation Cipher Configure the Transport Layer Security (TLS) cipher the client will use to negotiate the TLS session between the PCoIP client and the virtual machine: TLS 1.0 with RSA keys and AES-256 or AES-128 encryption.
Note   

The Cisco VXC 2111/2211 does not currently support AES-256 encryption.

Enabled Session Ciphers Enable or disable an encryption mode for the client. By default, both encryption modes are enabled:
  • AES-128-GCM: An encryption method implemented in the TERA1x100 processor that allows best performance between hardware endpoints.
  • Salsa20-256-Round12: A lighter encryption method implemented in firmware that may offer improved performance when connecting to VMware View 4 or later when there is more than about 7 Mbps available on the network. For more information, see documentation for using PCoIP zero clients with VMware View on the Teradici support site.
Note   

The enabled encryption mode must match between the virtual machine and client for a session to be established. If both modes are enabled, the firmware selects SALSA20-256-Round12 for the PCoIP session (VMware View 4.5 and later).

Note   

The Enabled Session Ciphers setting specifies the UDP packet encryption type used during the session. This setting has no effect on whether the client identifies the connection as trusted. The zero client identifies a View Connection Server (VCS) connection as trusted if a certificate is passed between the client and the VCS.

Disconnect Message Filter This field lets you control what type of messages appear when a session is disconnected. There are three categories:

Information: User or administrator initiated actions affecting the session.

  • You have been disconnected because you logged in from another location or your virtual machine was shut down or restarted.
  • You have been disconnected because an administrator disconnected you.
  • You have been disconnected because you logged in from another location.
  • You have been disconnected because you disconnected from your workstation.

Warning: System-initiated, but expected actions affecting the session. This occurs when a session is closed remotely (the global timeout value is reached).

Error: Unexpected system-initiated actions causing session to fail. The following are Error messages:

  • You have been disconnected.
  • Unable to connect (0x1001). Please contact your IT administrator.
  • Unable to connect (0x1002). Please contact your IT administrator.
  • Session closed remotely.
  • Session closed remotely (unknown cause).
  • You have been disconnected due to a configuration error (0x100). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x201). Please contact your IT administrator for assistance.
Disconnect Message Filter (continued)

Error (continued):

  • You have been disconnected due to a configuration error (0x300). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x301). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x302). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x303). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x305). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x400). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x401). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x402). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x403). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x404). Please contact your IT administrator for assistance.
Disconnect Message Filter (continued)

You can choose to display:

  1. Show All messages – This option shows all disconnect messages including Info, Warning, and Error messages.
  2. Show Error and Warnings Only – This option hides info messages and displays only error and warning messages.
  3. Show Error Only – This option hides Info and Warning messages and displays only Error messages.
  4. Show None – Don’t show any disconnect messages.

Enabling the Self-Help Link

The Self Help Link option lets you configure a self-help link for users that appears on the Connect window. Configuring the logon details ensures that the user is automatically logged into the virtual machine when the user clicks the self-help link.

Figure 13. Self-Help Link page



When you enable this field, the following options appear:

Table 9 Enable Self-Help Link page parameters
Parameter Description
View Connection Server Enter the name of the View Connection Server hosting the self-help virtual machine.
Port By default this field is blank, and port 443 is used to communicate with the VMware View Connection server. If your network is set up to use a non-standard port for secure connections, enter the port number.
Username To password protect the virtual machine for the self-help link, enter a username in this field.
Password To password protect the virtual machine for the self-help link, enter a password in this field.
Domain Enter the domain name used by the virtual machine for the self-help link.
Desktop Name to Select Enter the pool/desktop name used by the virtual machine for the self-help link.
Link Text Enter the text that you want to appear as hyperlinked texton the Connect window.

Configuring the VMware View Connection with Auto-Logon

You can set up the client so that the user does not need to enter a username or password to start a VMware View session (that is, the usual login details are automatically entered for the user). Select the View Connection Server + Auto-Logon option from Session Connection Type field on the Session page.

When you choose this connection type, the parameters are the same as those that appear for the View Connection Server with the exception of those parameters highlighted in the following table.

Figure 14. Administrative Web Interface VMware View Connection with Auto-Logon page



Figure 15. OSD VMware View Connection with Auto-Logon page



Table 10 VMware View Connection with Auto-Logon page parameters
Parameter Description
Logon Username Enter the username for the client.
Logon Password Enter the password.
Logon Domain Name Enter the domain name.

Kiosk Mode Configuration

You can configure kiosk mode by selecting the View Connection Server + Kiosk option as the Session Connection Type on the Session page on the OSD or the Administrative Web Interface. Kiosk mode requires a properly configured VMware View environment. See the applicable VMware View documentation for more information.

Figure 16. Administrative Web Interface Kiosk mode configuration page



Figure 17. OSD Kiosk mode configuration page



Figure 18. OSD Kiosk mode configuration page (advanced settings)



Table 11 View Connection Server + Kiosk Parameters
Parameter Description
DNS Name or IP Address Enter the IP address or DNS name for the kiosk's View Connection Server.
Username Type Select the type of username that matches the naming you use for the devices on the View Connection Server.
  • Zero Client MAC: Select this option to automatically populate the Username field with the MAC address of the zero client.
  • Custom: Enter the username for the zero client. This username has the prefix "Custom".
Username

When Custom is selected as the username type, enter the value for this component of the custom username. This field is limited to 13 characters.

Password To password protect the virtual machine for the kiosk, enter a password in this field. This password must match the one entered for the device in the View Connection Server.
Port By default this field is blank, and port 443 is used to communicate with the VMware View Connection server. If your network is set up to use a non-standard port for secure connections, enter the port number.
VCS Certificate Check Mode Select how the client behaves if it cannot verify a secure connection to the server:
  • Never connect to untrusted servers: Configure the client to reject the connection if a trusted, valid certificate is not installed. (This is the most secure option.)
  • Warn before connecting to untrusted servers: Configure the client to display a warning if an unsigned or expired certificate is encountered, or if the certificate is not self-signed and the zero client trust store is empty. (This option is selected by default.)
  • Do not verify server identity certificates: Configure the client to allow all connections. (This option is not secure.)
Note    In the OSD, these settings are available from the User Settings->Options menu. For details, see Vmware View Certificate Checking Configuration.
VCS Certificate Check Mode Lockout Enable to prevent users from changing the VCS Certificate Check Mode settings from the OSD.
Trusted View Connection Servers Click the Show button to display VMware View Connection servers for which the client has received a valid certificate. Click the Clear button to clear this cache.
Use OSD Logo for View Banner When enabled, the PCoIP zero client OSD logo appears during login. You can upload a custom OSD logo via the Administrative Web Interface.
Enable Peer Loss Overlay When enabled, the “Network Connection Lost” overlay appears on the display(s) when a loss of network connectivity is detected. It also appears in the case of a virtual desktop such as VMware View. Normal hypervisor scheduling delays can falsely trigger this message. This option is disabled by default.
Note    This option is only available for a zero client. Desktop applications that require the peer loss notification should re-enable the feature through the OSD or Administrative Web Interface.
Enable Preparing Desktop Overlay When enabled, the "Preparing Desktop" overlay appears on the display(s) when you log in. This option is disabled by default.
Note    This overlay provides assurance that login is proceeding if the desktop takes more than a few seconds to appear.
Enable Session Disconnect Hotkey When enabled, users can press the Ctrl+Alt+F12 hotkey sequence to pop up the "Zero Client Control Panel" overlay, which lets them disconnect the current session on the workstation or power off the workstation.
Session Negotiation Cipher Configure the Transport Layer Security (TLS) cipher the client will use to negotiate the TLS session between the PCoIP client and the virtual machine: TLS 1.0 with RSA keys and AES-256 or AES-128 encryption.
Note   

The Cisco VXC 2111/2211 does not currently support AES-256 encryption.

Enabled Session Ciphers Enable or disable an encryption mode for the client. By default, both encryption modes are enabled:
  • AES-128-GCM: An encryption method implemented in the TERA1x100 processor that allows best performance between hardware endpoints.
  • Salsa20-256-Round12: A lighter encryption method implemented in firmware that may offer improved performance when connecting to VMware View 4 or later when there is more than about 7 Mbps available on the network. For more information, see documentation for using PCoIP zero clients with VMware View on the Teradici support site.
Note   

The enabled encryption mode must match between the virtual machine and client for a session to be established. If both modes are enabled, the firmware selects SALSA20-256-Round12 for the PCoIP session (VMware View 4.5 and later).

Note   

The Enabled Session Ciphers setting specifies the UDP packet encryption type used during the session. This setting has no effect on whether the client identifies the connection as trusted. The zero client identifies a View Connection Server (VCS) connection as trusted if a certificate is passed between the client and the VCS.

Disconnect Message Filter This field lets you control what type of messages appear when a session is disconnected. There are three categories:

Information: User or administrator initiated actions affecting the session.

  • You have been disconnected because you logged in from another location or your virtual machine was shut down or restarted.
  • You have been disconnected because an administrator disconnected you.
  • You have been disconnected because you logged in from another location.
  • You have been disconnected because you disconnected from your workstation.

Warning: System-initiated, but expected actions affecting the session. This occurs when a session is closed remotely (the global timeout value is reached).

Error: Unexpected system-initiated actions causing session to fail. The following are Error messages:

  • You have been disconnected.
  • Unable to connect (0x1001). Please contact your IT administrator.
  • Unable to connect (0x1002). Please contact your IT administrator.
  • Session closed remotely.
  • Session closed remotely (unknown cause).
  • You have been disconnected due to a configuration error (0x100). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x201). Please contact your IT administrator for assistance.
Disconnect Message Filter (continued)

Error (continued):

  • You have been disconnected due to a configuration error (0x300). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x301). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x302). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x303). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x305). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x400). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x401). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x402). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x403). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x404). Please contact your IT administrator for assistance.
Disconnect Message Filter (continued)

You can choose to display:

  1. Show All messages – This option shows all disconnect messages including Info, Warning, and Error messages.
  2. Show Error and Warnings Only – This option hides info messages and displays only error and warning messages.
  3. Show Error Only – This option hides Info and Warning messages and displays only Error messages.
  4. Show None – Don’t show any disconnect messages.

View Connection Server Setup - Imprivata OneSign Connection configuration

If you want the zero client to authenticate through the Imprivata OneSign system, configure the View Connection Server + Imprivata OneSign option as the Session Connection Type on the Session page.


Note


The Cisco VXC 2111/2211 does not currently support View Connection Server + Imprivata OneSign connections.


Figure 19. Administrative Web Interface View Connection Server + Imprivata OneSign Connection page



Figure 20. OSD View Connection Server + Imprivata OneSign Connection page



Figure 21. OSD View Connection Server + Imprivata OneSign Connection page (advanced settings)



Table 12 View Connection Server + Imprivata OneSign Parameters
Parameter Description
DNS Name or IP Address Enter the VMware View Connection Server's DNS name or IP address.
Bootstrap URL Enter the bootstrap URL used to find an initial OneSign server in a OneSign authentication deployment.
OneSign Desktop Name Mode

Select whether the Desktop Name to Select property is used in OneSign Mode:

  • Ignore
  • Use If Set
Desktop Name to Select

Enter the desktop name. When the desktop pool list includes a pool with this name, the client will immediately start a session with that pool.

Note   

This field is case-insensitive

Remember Username When enabled, the username text box automatically populates with the last username entered.
OneSign Appliance Verification Select whether the Desktop Name to Select property is used in OneSign Mode:
  • No verification: Connect to any appliance.
  • Full verification: Only connect to appliances with verified certificates.
VCS Certificate Check Mode Select how the client behaves if it cannot verify a secure connection to the server:
  • Never connect to untrusted servers: Configure the client to reject the connection if a trusted, valid certificate is not installed. (This is the most secure option.)
  • Warn before connecting to untrusted servers: Configure the client to display a warning if an unsigned or expired certificate is encountered, or if the certificate is not self-signed and the zero client trust store is empty. (This option is selected by default.)
  • Do not verify server identity certificates: Configure the client to allow all connections. (This option is not secure.)
Note    In the OSD, these settings are available from the User Settings->Options menu. For details, see Vmware View Certificate Checking Configuration.
VCS Certificate Check Mode Lockout Enable to prevent users from changing the VCS Certificate Check Mode settings from the OSD.
Trusted View Connection Servers Click the Show button to display VMware View Connection servers for which the client has received a valid certificate. Click the Clear button to clear this cache.
Login Username Caching When enabled, the username text box automatically populates with the last username entered.
Note    On the OSD, this field is called "Remember Username."
Use OSD Logo for View Banner When enabled, the PCoIP zero client OSD logo appears during login. You can upload a custom OSD logo via the Administrative Web Interface.
Prefer GSC-IS When selected, the GSC-IS interface is used if a smart card supports more than one interface such as CAC (GSC-IS) and PIV endpoint. If a smart card supports only one interface, such as either CAC or PIV endpoint, then only the CAC or PIV endpoint interface is used regardless of this setting. This only affects smart card access performed outside of PCoIP sessions.
Enable Peer Loss Overlay When enabled, the “Network Connection Lost” overlay appears on the display(s) when a loss of network connectivity is detected. It also appears in the case of a virtual desktop such as VMware View. Normal hypervisor scheduling delays can falsely trigger this message. This option is disabled by default.
Note    This option is only available for a zero client. Desktop applications that require the peer loss notification should re-enable the feature through the OSD or Administrative Web Interface.
Enable Preparing Desktop Overlay When enabled, the "Preparing Desktop" overlay appears on the display(s) when you log in. This option is disabled by default.
Note    This overlay provides assurance that login is proceeding if the desktop takes more than a few seconds to appear.
Enable Session Disconnect Hotkey When enabled, users can press the Ctrl+Alt+F12 hotkey sequence to pop up the "Zero Client Control Panel" overlay, which lets them disconnect the current session on the workstation or power off the workstation.
Session Negotiation Cipher Configure the Transport Layer Security (TLS) cipher the client will use to negotiate the TLS session between the PCoIP client and the virtual machine: TLS 1.0 with RSA keys and AES-256 or AES-128 encryption.
Note   

The Cisco VXC 2111/2211 does not currently support AES-256 encryption.

Enabled Session Ciphers Enable or disable an encryption mode for the client. By default, both encryption modes are enabled:
  • AES-128-GCM: An encryption method implemented in the TERA1x100 processor that allows best performance between hardware endpoints.
  • Salsa20-256-Round12: A lighter encryption method implemented in firmware that may offer improved performance when connecting to VMware View 4 or later when there is more than about 7 Mbps available on the network. For more information, see documentation for using PCoIP zero clients with VMware View on the Teradici support site.
Note   

The enabled encryption mode must match between the virtual machine and client for a session to be established. If both modes are enabled, the firmware selects SALSA20-256-Round12 for the PCoIP session (VMware View 4.5).

Note   

The Enabled Session Ciphers setting specifies the UDP packet encryption type used during the session. This setting has no effect on whether the client identifies the connection as trusted. The zero client identifies a View Connection Server (VCS) connection as trusted if a certificate is passed between the client and the VCS.

Disconnect Message Filter This field lets you control what type of messages appear when a session is disconnected. There are three categories:

Information: User or administrator initiated actions affecting the session.

  • You have been disconnected because you logged in from another location or your virtual machine was shut down or restarted.
  • You have been disconnected because an administrator disconnected you.
  • You have been disconnected because you logged in from another location.
  • You have been disconnected because you disconnected from your workstation.

Warning: System-initiated, but expected actions affecting the session. This occurs when a session is closed remotely (the global timeout value is reached).

Error: Unexpected system-initiated actions causing session to fail. The following are Error messages:

  • You have been disconnected.
  • Unable to connect (0x1001). Please contact your IT administrator.
  • Unable to connect (0x1002). Please contact your IT administrator.
  • Session closed remotely.
  • Session closed remotely (unknown cause).
  • You have been disconnected due to a configuration error (0x100). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x201). Please contact your IT administrator for assistance.
Disconnect Message Filter (continued)

Error (continued):

  • You have been disconnected due to a configuration error (0x300). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x301). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x302). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x303). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x305). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x400). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x401). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x402). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x403). Please contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x404). Please contact your IT administrator for assistance.
Disconnect Message Filter (continued)

You can choose to display:

  1. Show All messages – This option shows all disconnect messages including Info, Warning, and Error messages.
  2. Show Error and Warnings Only – This option hides info messages and displays only error and warning messages.
  3. Show Error Only – This option hides Info and Warning messages and displays only Error messages.
  4. Show None – Don’t show any disconnect messages.

Bandwidth control for PCoIP sessions

The Bandwidth page lets you control the bandwidth used by the device during a PCoIP session. This applies to sessions between Cisco VXC clients and the remote virtual machine.

The parameters in this page are applied after you click Apply.

To configure the bandwidth used with a VMware View virtual desktop, adjust the PCoIP GPO session variables.

For more information, see WAN network guidelines for VMware View on the Teradici support site.

Figure 22. Bandwidth Configuration Web Page



Table 13 Bandwidth Parameters
Parameter Description
Device Bandwidth Limit

Defines the maximum bandwidth peak for the PCoIP system based on which side is sending data (for example, USB data from the client to the virtual machine).

The usable range of the device bandwidth is 1000 to 220,000 kbps.

The PCoIP processor uses only the required bandwidth up to the Device Bandwidth Limit maximum. The PCoIP processor dynamically adjusts the bandwidth in response to network congestion.

Setting the Device Bandwidth Limit to 0 configures the PCoIP processor to adjust the bandwidth depending on network congestion. If there is no congestion, there is no limit on bandwidth. That is, the processor uses the maximum rate available.

We recommend setting this field to the limit of the network connected to the client and virtual machine.

Note   

The setting in this field is applied immediately after you click Apply.

Device Bandwidth Target

Defines the temporary limit on the network bandwidth during periods of congestion (packet loss). When the network experiences congestion, the device bandwidth is reduced rapidly to the target value and more slowly below this value. This allows for a more even distribution of bandwidth between users sharing a congested network link.

After the congestion is alleviated, the bandwidth used increases depending on the available network resources up to the Device Bandwidth Limit.

You must have a good understanding of the network topology before setting this to a non-zero value.

Device Bandwidth Floor

Lets you configure the bandwidth floor used by the firmware when congestion is present and when bandwidth is required. This lets you optimize performance for a network with understood congestion or packet loss. If the bandwidth is not required, the bandwidth used drops below the floor.

A setting of 0 lets the firmware reduce bandwidth to 1000 kbps for these network impairments. You must have a good understanding of the network topology before setting this to a non-zero value.

Note   

The firmware implements a Slow Start Algorithm that:

  • Increases the bandwidth used until the bandwidth required is reached, network congestion is detected, or the Device Bandwidth Limit is reached
  • Begins at the lesser of the Device Bandwidth Limit and 8000 kbps
  • Increases the bandwidth used within seconds
  • Allows a graceful session startup for low bandwidth scenarios (for example, WAN)

After initiating a PCoIP session, users may temporarily notice low bandwidth video artifacts while the algorithm ramps up bandwidth use.

User interface language configuration

The Language page allows the administrator to change the user interface language.


Note


This setting affects the local OSD GUI.


Figure 23. Language Configuration Web Page



Figure 24. OSD: Language Configuration



Table 14 Language Parameters
Parameter Description
Language

Configure the OSD language. This setting determines the language for the OSD only. It does not affect the language setting for the actual user session.

For more information about supported languages, see Language and keyboard layout support.

Keyboard Layout

Change the layout of the keyboard. When the user starts a session, this setting is pushed to the virtual machine. If the Windows GPO is set to allow the keyboard layout setting, it is used during the user session. If the Windows GPO is not set to allow the setting, it is dropped.

For more information about supported keyboard layouts, see Language and keyboard layout support.

OSD Screen-saver Timeout Configuration

The OSD page lets you set the monitor screen-saver timeout for the local On Screen Display.

Figure 25. Administrative Web Interface OSD Screen-Saver Timeout page



Figure 26. OSD Screen-Saver Timeout page



Table 15 OSD Parameters
Parameter Description
Screen-saver Timeout

Configure the OSD screen-saver timeout with the number of seconds to wait (10 to 9999) before the attached displays are put into low-power mode. A setting of 0 seconds disables the screen-saver.

Image Quality Configuration

The Image page lets you make changes to the image quality of the PCoIP session. This applies to sessions between Cisco VXC clients and the virtual machine.

To configure the image quality settings with a VMware View virtual desktop, adjust the PCoIP session variables.

For more information, see the WAN network guidelines for VMware View on the Teradici support site.

Figure 27. Image Configuration Web Page



Figure 28. OSD: Image


Note


This page is available in the OSD from the Options > User Settings menu.




Table 16 Image Page Parameters
Parameter Description
Minimum Image Quality

Lets you compromise between image quality and frame rate when network bandwidth is limited. Some use cases may require lower-quality images at a higher frame rate while others need higher-quality images at a lower frame rate.

In environments where the network bandwidth is constrained, moving the slider towards Reduced allows higher frame rates. Moving the slider towards Perception-Free allows for higher image quality. When network bandwidth is not constrained, the PCoIP system maintains perception-free quality regardless of the Minimum Image Quality parameter.

Note   

The Minimum Image Quality must be less than or equal to the Maximum Initial Image Quality.

Maximum Initial Image Quality

Move the slider towards Reduced to reduce the network bandwidth peaks caused by screen content changes, but produce lower quality images. Move the slider towards Perception-Free to produce higher quality images but also higher bandwidth peaks.

This parameter limits the initial quality on the first display frame of a screen change. Unchanged regions of the image are built to a loss-less state regardless of this parameter.

Note   

The Maximum Image Quality:

  • Must be greater than or equal to the Minimum Image Qualified
  • Does not have a corresponding parameter on the OSD because it is intended as an administrator-only parameter
Image Quality Preference Move the slider towards Smoother Motion to result in a higher frame rate at a lower quality level. Move the slider towards Sharper Image to result in a lower frame rate at a higher quality level. The range is from 0 to 100 in steps of 5.
Note    This setting does not work in PCoIP sessions with VMware View virtual desktops running release 5.0 or earlier.
Maximum Frame Rate The maximum frame rate helps you manage multiple PCoIP sessions over a single network link. This setting determines the limit that your users can reach. Set this field to 0 to set no frame limit. If you set a value, a single user is limited to that value. This helps to control the user experience for all your users.
Note    The Maximum Frame Rate does not have a corresponding parameter on the OSD as it is an administrator-only parameter. This setting does not work in PCoIP sessions with VMware View virtual desktops running release 5.0 or earlier.
Disable Build to Lossless

 Leave this field unchecked to retain the PCoIP protocol's build-to-lossless feature, where images continue to be refined in the background until they reach a fully lossless state (that is, identical pixel-for-pixel rendering when compared to the host image source). This is the default (recommended) setting.

Warning: Activating the Disable build-to-lossless feature will degrade the image presented to the user by the zero client. Do not activate the Disable Build to Lossless feature unless it has been determined by the administrator of the zero client that users do not require optimal image quality to perform critical functions. It is the sole responsibility of the zero client administrator to make this determination.

If you do choose to turn on the Disable Build to Lossless field, the PCoIP protocol rapidly builds the client image to a high quality image that may be perceptually lossless, but is not a fully lossless state. This may provide some bandwidth savings, but is not recommended for use cases that require images and desktop content to be truly lossless. If you have any questions about this field setting, contact Teradici Support.

Note    This setting does not work in PCoIP sessions with VMware View virtual desktops running release 5.0 or earlier.

There is no Disable Build to Lossless setting on the OSD as it is an administrator-only parameter.

NTP parameter configuration

The Time web page configures the Network Time Protocol (NTP) settings to allow the event logs (see Event log message display) of the client to be time-stamped based on NTP time.


Note


To simplify system troubleshooting, set the NTP parameters to allow correlation of user events to the relevant diagnostic event log entries.



Note


If the zero client is configured for DHCP and the DHCP server provides an NTP server address, this address will override any manually configured NTP server. It will also enable NTP if it is disabled.

Note


The zero client does not get time zone or Daylight Saving Time (DST) information from the NTP server.


Figure 29. Time Configuration Web Page



Table 17 Time Parameters
Parameter Description
Current Time

Displays the time based on the NTP.

Enable NTP

Enable or disable the NTP feature.

Identify NTP Host By

Choose if the NTP Host (that is, the NTP server) is identified by IP address or by FQDN. If NTP is disabled, this field is not required and is not editable. If you enter an invalid IP address or DNS name, a message appears to prompt you to correct it. The parameter depends on which method you choose:

  • IP Address: Shows the NTP server IP address
  • FQDN: Shows the NTP server DNS name
NTP Host Port

Lets you configure the NTP port number.

NTP Query Interval

Lets you configure the query interval. The first field is for the interval period and the second field is for the time unit in Minute(s), Hour(s), Day(s), and Week(s).

Time Zone

Lets you select the local time zone.

Enable Daylight Savings Time

Enable or disable the automatic adjustment for daylight savings time.

Password update

The Password page lets you update the local administrative password for the device. The password can be a maximum of 20 characters. Some PCoIP devices have password protection disabled by default. The Password page is not available on these devices.

If a device is set up to have password protection disabled, the Password page on the OSD is not available.


Note


This parameter affects the web interface and the local OSD GUI. Take care when updating the client password because the client may become unusable if the password is lost.


Figure 30. Password Configuration Web Page



Figure 31. OSD: Change Password


Note


In the OSD, this page is available from the Options > Password menu.




Table 18 Password Parameters
Parameter Description
Old Password

This field must match the current administrative password before you can update the password.

New Password

The new administrative password for both the web interface and the local OSD GUI.

Confirm New Password

This field must match the New Password field for the change to take place.

Reset

If the client password is lost, you can click the Reset button to request a response code from the client vendor. The challenge code can be sent to the vendor. The vendor qualifies the request and returns a response code if authorized.

When the response code is correctly entered, the client password is reset to an empty string. You must enter a new password.

Note   

Contact the client vendor for more information when an authorized password reset is required. This option is not available through the Administrative Web Interface. It is available only through the OSD.

Password reset

Figure 32. Authorized Password Reset



Reset to factory defaults

The Reset Parameters page lets you reset configuration and permissions to factory default values stored in flash.


Note


Resetting parameters to factory default values does not revert the firmware or clear the custom OSD logo.


Figure 33. Reset Parameters Web Page



Figure 34. OSD: Reset



Table 19 Reset Parameters
Parameter Description
Reset Parameters When you click this button, a prompt appears for confirmation. This is to prevent accidental resets.
Enable Keyboard Shortcut When enabled, the user can press the combination of keys to automatically reset the parameters and permissions for the device.
Hide Keyboard Shortcut Sequence in OSD When the Enable Keyboard Shortcut field is enabled, and this field is:

Disabled: The keyboard sequence appears on the Reset Parameters page for the zero client.

Enabled: The keyboard sequence does not appear on the Reset Parameters page for the zero client. The user can still reset the parameters through the keyboard sequence.

EDID Override Mode Configuration

The Display page lets you enable the Extended Display Identification Data (EDID) override mode.


Note


This function is only available through the OSD.


Under normal operation, the virtual machine queries a monitor attached to the zero client to determine the monitor's capabilities. These are reported in the EDID information. In some situations, a monitor may be connected to a client in a way that prevents the client from reading the EDID information, such as when connecting through certain KVM devices. The options in this page configure the client to advertise default EDID information to the virtual machine.


Caution


You should only enable the Preferred Resolution Override feature when there is no valid EDID information and your monitor display characteristics are understood. In the case of an EDID read failure, the drop-down list may contain resolutions that are not actually supported by your display. If the display stays black or shows a "Timing Out of Range" message for more than 30 seconds after you set a preferred resolution, you can unplug and re-plug the video cable to reset your display resolution back to its previous value.


Figure 35. OSD Display page



Table 20 EDID override mode parameters
Parameter Description
Enable Attached Display Override

 This option is intended for legacy systems. It configures the client to send default EDID information to the virtual machine when a monitor cannot be detected or is not attached to the client. In versions of Windows prior to Windows 7, once the virtual machine had no EDID information, it would assume no monitors were attached and would never recheck. This option ensures that the virtual machine always has EDID information when the client is in session.

The following default resolutions are advertised when this option is enabled:

  • 2560x1600 @60 Hz
  • 2048x1152 @60 Hz
  • 1920x1440 @60 Hz
  • 1920x1200 @60 Hz
  • 1920x1080 @60 Hz
  • 1856x1392 @60 Hz
  • 1792x1344 @60 Hz
  • 1680x1050 @60 Hz
  • 1600x1200 @60 Hz
  • 1600x900 @60 Hz
  • 1440x900 @60 Hz
  • 1400x1050 @60 Hz
  • 1366x768 @60 Hz
  • 1360x768 @60 Hz
  • 1280x1024 @60 Hz
  • 1280x960 @60 Hz
  • 1280x800 @60 Hz
  • 1280x768 @60 Hz
  • 1280x720 @60 Hz
  • 1024x768 @60 Hz
  • 848x480 @60 Hz
  • 800x600 @60 Hz
  • 640x480 @60 Hz

Any displays attached to the client will be set to the native resolution of 1024x768 when this option is enabled.

Enable preferred resolution override Enable this option when a display is attached but cannot be detected by the system, and you want to specify a preferred resolution for the display. The same default list of resolutions as above will be advertised, except the native resolution you configure here for a display will be sent instead of the default native resolution of 1024x768.
  • Preferred resolution 0 : Select the preferred resolution of the display connected to port 1 on the zero client.
  • Preferred resolution 1: Select the preferred resolution of the display connected to port 2 on the zero client.
Any displays attached to the client will be set to their specified native resolutions when this option is enabled.

VPN for Cisco VXC 2111

Cisco IP Phones 8961, 9951, or 9971 running Firmware Release 9.3(1) or later provide support for the Cisco VXC VPN feature, which provides integrated VPN functionality for the Cisco VXC 2111. You can use this feature to enable VPN tunneling for the Cisco VXC 2111 clients when they are attached to Cisco Unified IP Phones 8961, 9951, or 9971. This feature is not supported on the Cisco VXC 2211.

The Cisco VXC clients require no configuration to support the VPN. All VPN configuration is performed for the phone only.

To support the Cisco VXC VPN feature, the Cisco VXC 2111 clients must be running the minimum PCoIP Firmware Release 4.0 or later.

For more information, see Cisco Unified IP Phone 8961, 9951, and 9971 Release Notes for Firmware Release 9.3(1).