Administration Guide for Cisco Virtualization Experience Client 2111/2211 PCoIP Firmware Release 4.1.2
User Permissions setup
Downloads: This chapterpdf (PDF - 1.46MB) The complete bookPDF (PDF - 7.59MB) | The complete bookePub (ePub - 3.25MB) | Feedback

User Permissions setup

User Permissions setup

The Permissions menu on the Administrative Web Interface lets you configure parameters for the USB, Audio, and Power for the device.


Note


There are no corresponding Permissions options for the OSD.


USB device setup

The USB page lets you specify authorized and unauthorized USB devices. It is divided into two sections: Authorized Devices (“white list”) and Unauthorized Devices (“black list”). Devices are authorized or unauthorized based on ID or Class. You can use wildcards (or specify “any”) to reduce the number of entries needed to define all devices.

USB plug events are blocked in the Cisco VXC client hardware for unauthorized USB devices. The virtual machine cannot see or access the device for an additional layer of security.

The factory defaults for the client USB permissions are any, any, any (that is, authorized USB devices). USB permissions can only be configured on the client.


Note


The USB permissions are updated only at the start of a PCoIP session. They are authorized in the following order of priority (highest to lowest):

  1. Unauthorized Vendor ID/Product ID
  2. Authorized Vendor ID/Product ID
  3. Unauthorized Device Class/Sub Class/Protocol
  4. Authorized Device Class/Sub Class/Protocol

Figure 1. USB Permissions Web Page



Table 1 USB Parameters
Parameter Description
Authorized Devices

Specify the authorized USB devices for the client. Two buttons let you customize this “white list”:

Add New: Add a new device or device group to the list. This allows USB authorization by ID or Class:

  • ID: The USB device is authorized by Vendor ID and Product ID
  • Class: The USB device is authorized by Device Class, Sub Class, and Protocol

Remove: Delete a rule for a device or device group from the list.

Unauthorized Devices

Specify the unauthorized USB devices for the client.

Add New: Add a new device or device group to the list. This allows USB devices to be unauthorized by ID or Class:

  • ID: The USB device is unauthorized by Vendor ID and Product ID
  • Class: The USB device is unauthorized by Device Class, Sub Class, and Protocol

Remove: Delete a rule for a device or device group from the list.

Bridged Devices

Cisco VXC clients locally terminate HID devices when connecting to VMware View virtual desktops, however, some devices advertise as HID but use different drivers. These devices may need to be bridged to the virtual machine rather than locally terminated. This setting lets you force the client to bridge specific USB devices so that they use the drivers on the virtual desktop.

Bridging is a feature supported in firmware 3.3.1 or higher. This rule only affects sessions between a client and a virtual machine running VMware View 4.6 or later.

Add New: Add a new device or device group to the list. This allows you to bridge USB devices by Vendor ID and Product ID.

Remove: Delete a rule for a device or device group from the list.

Enable EHCI (root port only)

Enable this field to configure EHCI (USB 2.0) for devices connected directly to the zero client USB ports for sessions with a virtual machine running VMware View 4.6 or later.

Note   

This feature cannot be enabled on zero clients with less than 128 MB of RAM. Devices with isochronous endpoints will not operate at USB 2.0 speeds.

When you add a new USB authorized or unauthorized entry, the following parameters display depending on whether you describe the device by Class or ID.

Figure 2. Device Class Parameters



Figure 3. Device ID Parameters



Table 2 USB Authorized and Unauthorized Devices Parameters

Parameter

Description

Add new

When adding a new USB authorization or unauthorization entry, select one of the following:

  • Class: The USB device is authorized by its device class, sub-class, and protocol information.
  • ID: The USB device is authorized by its vendor ID and product ID information.
Device Class

This field is enabled when Class is selected.

Select a supported device class from the drop-down menu, or select Any to authorize or unauthorize (disable) any device class.

Sub Class

This field is enabled when Class is selected.

Select a supported device sub class from the drop-down menu, or select Any to authorize or unauthorize (disable) any sub-class.

Note   

If Any is selected as the device class, this will be the only selection available.

Protocol

This field is enabled when Class is selected.

Select a supported protocol from the drop-down menu, or select Any.

Note   

If Any is selected as the device class or sub-class, this will be the only selection available.

Vendor ID

This field is enabled when ID is selected.

Enter the vendor ID of the authorized (or unauthorized) device. The valid range is hexadecimal 0-FFFF.

Protocol ID

This field is enabled when ID is selected.

Enter the product ID of the (authorized or unauthorized) device. The valid range is hexadecimal 0-FFFF.

When you add a new USB bridged entry, the following parameters display.

Figure 4. USB Bridged Devices Parameters



Table 3 USB Bridged Devices Parameters

Parameter

Description

Vendor ID Enter the vendor ID of the bridged device. The valid range is hexadecimal 0-FFFF.
Protocol ID Enter the product ID of the bridged device. The valid range is hexadecimal 0-FFFF.

Audio Parameters Configuration

Use the Audio page to configure audio permissions for the device. After you update the options on this page, click Apply to save your changes.

To display the Audio page from the Administrative Web Interface, select the Permissions menu, and then click Audio.

Figure 5. Audio Web Page



Table 4 Audio Parameters
Parameter Description
Enable HD Audio

Enables audio support on the client. If the Enable HD Audio option is disabled on the virtual machine, the audio hardware is not available for the OS to enumerate.

Power-off permissions configuration

The Power page lets you configure the timeout and power settings for the client.

Figure 6. Power page



Figure 7. OSD: Power



Table 5 Power Parameters
Parameter Description
OSD Screen-Saver Timeout

Configure the number of seconds of inactivity (no keyboard or mouse activity) before the client puts the attached displays into low-power mode. Valid values are 10 to 9999. A setting of 0 seconds disables the screen saver.

Note    This timeout only applies when the device is not in session.
Auto Power-Off Timeout

Configure the number of seconds of inactivity (no keyboard or mouse activity) before the client powers down. Valid values are 60 to 28800 seconds, or use 0 to disable the power down.

Note   

Non-zero values are only allowed when the PCoIP client supports powering off.

Note   

This timeout only applies when the device is not in session.

Remote Host Power Control

Configure the functionality of the client's remote PC button.

The host is commanded to perform a soft power off (go into sleep mode) when the client's remote PC button is pressed for less than four seconds and soft power off is enabled.

The host is commanded to perform a hard power off (to shut down) when the client's remote PC button is pressed for more than four seconds and hard power off is enabled.
  • Power-off not permitted: Users cannot shut down the host or put it in sleep mode.
  • Soft power-off only: Users can put the host in sleep mode but not shut it down.
  • Hard power-off only: Users can shut down the host but not put it in sleep mode.
  • Soft and hard power-off: Users can put the host in sleep mode and shut it down.