Brian Madden recently presented a video about his experience installing and using Teradici PC-over-IP (PCoIP) Demo Kit for remote access. (For more information about PCoIP see this post). Brian’s setup is very simple: a single PCoIP Host connected directly to a single PCoIP-enabled thin client (Portal). Obviously, actual production PCoIP deployments are going to be much more complex: multiple clients connected via LAN or WAN to multiple hosts. To utilize such configurations you will require another component – a PCoIP Broker. Teradici does not provide such a component, instead they have defined a set of APIs to enable its development. We at Ericom have worked closely with Teradici to develop a PCoIP Broker, and have integrated this functionality into our PowerTerm WebConnect Desktop and Presentation Virtualization solution. In this post I’ll describe this functionality, and explain why it’s a must-have for production PCoIP deployments.
One of the main benefits of desktop virtualization is that it enables a user to utilize multiple end-point device to access his or her desktop. Obviously you cannot expect a user to manually configure PCoIP clients to connect to the appropriate host each and every time he or she needs access to the desktop. Instead the connection must be performed automatically based on the user’s identity. This is exactly what PowerTerm WebConnect does for PCoIP. PowerTerm WebConnect defines a logon dialog that is displayed on the PCoIP clients when they are turned on. When the user provides credential information, this information is transmitted securely to PowerTerm WebConnect, and is used to identify and authenticate the user (usually with a directory service such as Microsoft Active Directory or Novell eDirectory). Based on this identification, PowerTerm WebConnect transmits the appropriate host address back to the client so that the connection can be established.
Even if you intend to assign clients devices to specific hosts based on device id (MAC address) rather than based on user, it’s still a big advantage to be able to perform this assignment operation from a single, centralized administrative console rather than having to manually configure each and every PCoIP client. PowerTerm WebConnect enables centralized configuration of PCoIP clients, for specifying host address as well as many other settings.
As described above, PowerTerm WebConnect configures the PCoIP clients to display a logon dialog, and uses the provided information to authenticate the user before a connection to a host can be established. This provides an extra layer of security in front of the operating system residing on the PCoIP host. Moreover, PowerTerm WebConnect can integrate with RSA SecurID and RADIUS servers for two-factor authentication.
The downside of authenticating users prior to connection to the hosted operating system is that is requires the user to authenticate twice in a row, often using the same credentials. This process can become tiresome and annoying to users. With PowerTerm WebConnect you can enable Single Sign-On so that the same credentials used to logon into PowerTerm WebConnect are automatically reused to logon into the hosted operating system.
From the PowerTerm WebConnect administrative console you can view and manage all the PCoIP clients and hosts. You can check device states, restart devices, even centrally apply Teradici firmware updates. Likewise you can view and manage the operating system instances running on the PCoIP hosts. The PowerTerm WebConnect administrative console presents you with views of all this information that update in real-time.
Adding new devices manually can become a time, repetitive consuming chore. Thoughtfully Teradici have defined an automatic discovery mechanism that enables PCoIP client and hosts to locate and connect to the PCoIP Broker. PowerTerm WebConnect utilizes this mechanism, and as result PCoIP clients and hosts in the network will automatically connect to it as the PCoIP Broker. Another advantage of this is that you can add PowerTerm WebConnect to an existing PCoIP deployment without having to modify the configuration of each and every device.
A user contacts you to inform you that she is experiencing problems. From the PowerTerm WebConnect administrative console you quickly determine which host she is connected to, and retrieve information about the hosted operating system. Based on this information and the user’s explanation of the problem, you decide that you need to change some settings on her desktop. Rather than having to physically go to that user, or bump her off in order to take control of the host, you instantiate a remote control session from within the PowerTerm WebConnect administrative console. And since the user is still connected to her session, she can view what you are doing and hopefully be able to resolve similar problems by herself next time.
The PCoIP protocol is great, but currently requires special hardware on both the host and the client. In the office, a user utilizes a PCoIP enabled client to access a host at the datacenter. However, at home the user does not have a PCoIP client, just a regular PC. Using PowerTerm WebConnect, the user can logon and remotely access his desktop using RDP. PowerTerm WebConnect will even automatically start up the device if it was power down. PowerTerm WebConnect includes an SSL Gateway for secure remote access, and also integrates with leading SSL VPNs, such as Juniper, F5, Aventail and Microsoft.
Using PowerTerm WebConnect as a PCoIP Broker has another significant advantage: the same product also supports virtual desktops on hypervisors, Terminal Servers and regular Blade PCs. This means you can mix and match the platforms you use in your environment, and provide each user with the most cost effective solution that best fits his or her needs. For more information about PowerTerm WebConnect support for PCoIP click here.