Instructions to create a Standard Room and connect my network to it

"I am creating a Room, connecting it to my network, and then (optionally) inviting another organization to join and use the Room."

(If you do not have a Tehama organization account, contact ~~Tehama Support~~ to discuss joining Tehama. Steps to join Tehama can be found in the Getting Started with Joining Tehama Guide.)

1. Log in to the Tehama Web UI.
   
   
2. Select the ROOMS tab in the navigation bar.
   
   
3. Click the NEW button at the top right. The CREATE ROOM dialog will appear.
   
   
4. Select Standard Room.
   
   
5. Click CONTINUE. The fields for a Standard Room will appear on the dialog.
   
   
6. Enter a name in the Room Name field.
   
   
7. Select "Your Organization" in the Connect this room to field.
   
   
8. OPTIONAL:    Check the box beside Create Free Trial Room to make this Room a "Trial Room". If you leave this box unchecked, you will be billed for this Room.
   
   
   Note: this option is only visible to those organizations who are eligible for a free trial Room. If your organization is not eligible for a free trial Room, then you will not see this option, and you will be billed for the Room.
   
   The TCU usage within a Trial Room is offset by the Trial TCU credits allocated to your organization. If the TCU usage in the Trial Room is over the number of available Trial TCU credits, then you will be billed for the difference.
   
   
   
9. Select your preferred region in the Region field.
   
   This is the region in which you want this Room's infrastructure to be provisioned. Select a region that is geographically appropriate for the users of this Room.
   
   
   Note: Not all Desktop specifications/images are available in all regions. Read through the list of supported Desktop specifications/images by region in the Desktops User Guide before selecting a region.
   
   
   
10. OPTIONAL:    Check the box beside Include the File Vault in this room to include a File Vault in this Room.
    
    
    Note: You can opt to enable/disable this Room feature after the Room is created by contacting Tehama Support for assistance, or through the Room Settings interface. See the Enable/Disable File Vault section in the Rooms User Guide.)
    
    
    
11. OPTIONAL:    Check the box beside Allow users to download files, except any containing sensitive data as determined by our Data Loss Prevention system, onto their local desktops to allow users to download files from the File Vault to their local desktops through the File Vault interface in the Tehama Web UI.
    
    
    Note: This option is only visible if you opted to enable the File Vault in the previous step.
    
    Note: As with the File Vault feature itself, you can opt to enable/disable this File Vault sub-option after the Room is created by contacting Tehama Support for assistance, or through the Room Settings interface. See the Enable/Disable File Vault section in the Rooms User Guide. Note, you must enable the File Vault feature flag to see this sub-option in the Room Settings interface.
    
    
    
12. OPTIONAL:    Check the box beside Include the App Vault in this room to include an App Vault in this Room.
    
    
    Note: You can opt to enable this Room feature after the Room is created by contacting Tehama Support for assistance, or through the Room Settings interface. See the Enable/Disable App Vault section in the Rooms User Guide.
    
    
    
13. Click CONTINUE at the bottom of the CREATE ROOM dialog.
    
    This will start a guided process to configure and create your Room and connect it to your organization's network.
    
    Observe that a page has appeared in the Tehama Web UI with your Room name and your Room description at the top.
    
    This is your Room interface page. It is a little empty right now while the room is still being created.
    
    Right now it should be displaying the NETWORK ACCESS CONFIGURATION modal.
    
    
14. On the NETWORK ACCESS CONFIGURATION modal:
    
    Select one of the following three options.
    
    
    • • Multi-path
        Choose this if you want your Room to connect to multiple private networks, or none and also access the internet (as with the other options, constrained by your Room's firewall settings).
        
        This option requires you to connect your networks to the Room through an IPSec VPN connection.
        
        If you select this option:
        
        
        • Click the CONTINUE button.
        • Proceed to step 15.
    • or
      
      
      • Tehama Gateway
        Choose this if you want your Room to connect to one network, your organization's private network, and also access the internet (as with the other options, constrained by your Room's firewall settings).
        
        This option requires you to install a Tehama Gateway (at least one) somewhere in your network's infrastructure.
        
        If you select this option:
        
        
        • Click the CONTINUE button.
        • Proceed to step 16.
    • or
      
      
      • Internet only
        Choose this if you only want your Room to access the internet, for example to connect to applications and services in the cloud (as with the other options, constrained by your Room's firewall settings).
        
        If you select this option:
        
        
        • Proceed to step 17.
    
    
    
15. If you selected Multi-path as your network access method ...
    
    Observe that your Room interface page has sprouted four tabs, MEMBERS, CONNECTION, AUDIT and POLICY.
    
    Proceed as follows:
    
    
    1. Click on the Room's CONNECTION tab, then select the STATUS sidebar item to navigate to the Room's STATUS page. You may be directed there automatically.
       
       The purpose of this page is to show your Room's infrastructure details and network connection details and status.
       
       See the Room/Desktop Connectivity - Types, Status and Settings guide for more information about this page.
       
       Initially, you will see a BUILD ROOM INFRASTRUCTURE button.
       
       
    2. Click the BUILD ROOM INFRASTRUCTURE button to build your Room's infrastructure.
       
       You will incur the cost of the Room when the Room's infrastructure begins to build.
       
       After clicking on the button, you will see the following Room status while the infrastructure is building:
       
       
       • Creating Room
       
       After the Room has completed building, that status will disappear, and the infrastructure details, like the Room IP and ports, will appear, along with lists of the network connections and DNS resolvers in the Room.
       
       Initially, the lists of network connections and DNS resolvers on the page will be empty. Without connections, your Room will only be able to provide access to the internet (controlled by your Room's firewall rules).
       
       
    3. Add connections to your private network(s) to your Room. See the Multi-Path Room - Add and Manage Connections guide for guidance. ^*
       
       
       *If you're not comfortable configuring the Multi-Path IPSec VPN connections in your network yourself and need an IT person to help, you can, in a Standard Room, opt to add connections/DNS resolvers until after you have invited another person to your organization, so they can help. See the Organization User Guide if you need help figuring out how to invite someone, but it's fairly easy to figure out if you just go to MEMBERS in the navigation bar. ↩
       
       
       
    4. Add DNS Resolvers to your Room. See the Multi-Path Room - Add and Manage DNS Resolvers guide for guidance. ^**
       
       
       **Similarly, you can wait for an IT person to help you add DNS resolvers. ↩
       
       
       
    5. Proceed to step 18.
    
    
    
16. If you selected Tehama Gateway as your network access method ...
    
    Observe the GATEWAY modal appear on the Room interface page.
    
    It has the heading Gateway near the top of the page, followed by the heading Access Key, and the button DONE at the bottom of the modal.
    
    Under the Gateway heading, you will find a text link Show User Guide to the Tehama Gateway - Installation and Management. This guide contains instructions on how to install a Tehama Gateway in your private network.
    
    Under the Access Key heading, you will find the Access Key for your Room, ready to be copied, downloaded or regenerated. The Access Key is required to connect the Gateway to your Room.
    
    Proceed as follows:
    
    
    1. Install a Tehama Gateway in your private network, and connect it to your Room, using one of the following installation methods: ^*
       
       You will incur the cost of the Room when you connect a Tehama Gateway to it, causing the Room's infrastructure to begin building.
       
       
       • Install the Tehama Gateway from an AWS AMI
       • Install the Tehama Gateway from an automated-script
       • Install the Tehama Gateway using Docker
       
       When these instructions tell you retrieve the Access Key, copy or download it from the GATEWAY modal.
       
       
       * Note that if you're just trying out Tehama you can just install the Tehama Gateway in a temporary location and have your IT people move it later.
       
       If you're not comfortable installing the Tehama Gateway yourself and need an IT person to help, you can, in a Standard Room, opt to delay the installation of the Tehama Gateway until after you have invited another person to your organization, so they can help. Just click DONE to move on. See the Organization User Guide if you need help figuring out how to invite someone, but it's fairly easy to figure out if you just go to MEMBERS in the navigation bar. ↩
       
       
         Tehama Gateway Network Limitations
       Due to a limitation in the authentication framework used by Tehama, the Tehama Gateway cannot be installed on the 172.31.x.x network. In addition, Tehama cannot connect to resources that are on the 172.31.x.x network directly.
       If you have the following situation:

       • the Tehama Gateway is on a supported network; and
       • a resource is on the 172.31.x.x network

       then a workaround would be to create a NAT on the network to NAT the address of the resource to an address that Tehama can see, like 10.x.x.x or something similar.
    2. Click DONE.
       
       Observe that your Room interface page has sprouted four tabs, MEMBERS, CONNECTION, AUDIT and POLICY.
       
       
    3. Click on the Room's CONNECTION tab, then select the STATUS sidebar item to navigate to the Room's STATUS page. You may be directed there automatically.
       
       The purpose of this page is to show your Room's infrastructure details and network connection details and status.
       
       See the Room/Desktop Connectivity - Types, Status and Settings guide for more information about this page.
       
       Your Room status will be one of the following, depending on how far along your gateway installation is:
       
       
       • Pending Gateway Connection, while waiting for your installed gateway to attempt a connection.
       • Creating Room, while the Room's infrastructure is building, triggered by the first gateway connection attempt it receives.
       • Connected, after the Room's infrastructure has completed building, and a successful gateway connection has been made.
       
       
         Note on the Multiple Gateways Feature:

       • The 'Multiple Gateways' feature provides redundancy for a Room's network access when the selected network access mode is 'Tehama Gateway' and the feature is enabled. It can be enabled/disabled by the owner (user with Org Admin role), Org Managers and Room Managers who are members of the Room who are members of the organization that owns the Room (which is your organization in this case). It allows you to provision a second Tehama Gateway, which you must install in your network's infrastructure. The two Gateways will run simultaneously. Access to this feature is not offered by default. Contact Tehama Support to arrange for access to this feature in your Room.
       After your Room is successfully built and connected to a Tehama Gateway, you can choose to enable the 'Multiple Gateways' option (see sidebar note) and install and connect a second gateway. Follow the same gateway installation instructions found in step a, above.
       
       Note: The Access Key asked for by the installation instructions in step a is now available from this STATUS page, through the View or Regenerate link. Use the same Access Key for both your primary gateway and, if you choose to install one, your second gateway.
       
       
       Observe that your Room interface page will sprout another tab: CONFIGURE (You may need to refresh your browser page to see it.)
       
       See the Tehama Gateway Room Connectivity User Guide for more information about Rooms with this network access type.
       
       
    4. Proceed to step 18.
    
    
    
17. If you selected Internet Only as your network access method ...
    
    Observe a new checkbox appear on the NETWORK ACCESS CONFIGURATION modal, with the text:
    
    
    • Build room when finish button is pressed
    
    and notice the text on the button at the bottom of the modal is now FINISH, instead of CONTINUE.
    
    Proceed as follows:
    
    
    1. Decide whether or not to build the Room at this time.
       
       You will incur the cost of the Room when the Room's infrastructure begins to build.
       
       
       • • Leave the checkmark in place beside Build room when finish button is pressed, if you are willing to accept responsibility for the cost of the Room at this point. Clicking FINISH when this checkbox is checked will cause the Room's infrastructure to begin building.
         or
         • Click in the checkbox to remove the checkmark, if you want to delay the creation of the Room. You can initiate the build of the Room's infrastructure from the Room's STATUS page at a later time.
       
       
       
    2. Click FINISH.
       
       Observe that your Room interface page has sprouted four tabs, MEMBERS, CONNECTION, AUDIT and POLICY.
       
       
    3. Click on the Room's CONNECTION tab, then select the STATUS sidebar item to navigate to the Room's STATUS page. You may be directed there automatically.
       
       The purpose of this page is to show your Room's infrastructure details and network connection details and status.
       
       See the Room/Desktop Connectivity - Types, Status and Settings guide for more information about this page.
       
       
       Note: If you did not opt to build the room in step a, you will see a BUILD button.
       
       

       • Click the BUILD ROOM INFRASTRUCTURE button to build your Room's infrastructure.
         
         You will incur the cost of the Room when the Room's infrastructure begins to build.
       
       While the Room is building, you will see the following Room status:
       
       
       • Creating Room
       
       After the Room has completed building, you will see the following Room status:
       
       
       • Built
       
       After the Room has completed building, the page will display the ROOM INFORMATION, including infrastructure details, like the Room IP and ports.
       
       Observe that your Room interface page will sprout another tab: CONFIGURE (You may need to refresh your browser page to see it.)
       
       See the Internet-Only Room Connectivity User Guide for more information about Rooms with this network access type.
    
    
    
18. OPTIONAL: Configure your Room and Desktop settings.
    
    You will need to configure your Room and Desktop settings to provide, or deny, your users access to Tehama features. Settings include access to Tehama features like Windows or Linux Desktops, or Desktop session recordings.
    
    You can choose to do this later.
    
    Navigate to the Room's SETTINGS page:
    
    
    1. Click on the Room's CONFIGURE tab.
    2. Select the SETTINGS sidebar item
    3. Proceed to configure the settings in your Room as desired.
       • set the Desktop idle session timeout.
       • enable/disable the Multi-Gateway feature.
       • enable/disable Linux Desktops.
       • enable/disable Windows Desktops.
       • enable/disable Desktop session recordings.
       • enable/disable the App Vault. You may have already configured this when you created your Room.
       • enable/disable the File Vault. You may have already configured this when you created your Room.
    
    
    You can find instructions for configuring your Room settings in the Room Desktop Settings section and in the Room Feature Settings section in the Rooms User Guide.
    
    

You have now created a Room, connected your network to it, and, optionally, configured your Room settings.

Your organization is both the Room's owner organization and its connected organization (owner+connected). See the Roles User Guide for more information on organization roles in Rooms.

More information on Rooms can be found in the Rooms User Guide.

Be sure to continue getting started with the Getting Started with Tehama Administration Guide.

Instructions to create a Domain Join Room and connect my network to it

"I am creating a Room, connecting it to my organization's network, and then connecting my network's domain to the Room."

(If you do not have a Tehama organization account, contact Tehama Support to discuss joining Tehama. Steps to join Tehama can be found in the Getting Started with Joining Tehama Guide.)

Before starting, read through the Domain Join Room Requirements and Limitations.

1. Log in to the Tehama Web UI.
   
   
2. Select the ROOMS tab in the navigation bar.
   
   
3. Click the NEW button at the top right. The CREATE ROOM dialog will appear.
   
   
4. Select Domain Join Room.
   • By default, the ability to create a Domain Join Room is disabled. Click on the text "submit a request ticket" found under the Domain Join Room option in the CREATE ROOM dialog to submit a ticket to Tehama Support. Express your wish to create a Domain Join Room in the ticket. Tehama Support will enable the feature and assist you through the Room creation process.
     
     
5. Click CONTINUE. The Create Room page will appear with the fields for a Domain Join Room.
   
   
6. Enter a name in the Room Name field.
   
   
7. Select your preferred region in the Region field.
   
   This is the region in which you want this Room's infrastructure to be provisioned. Select a region that is geographically appropriate for the users of this Room.
   
   
   Note: Not all Desktop specifications/images are available in all regions. Read through the list of supported Desktop specifications/images by region in the Desktops User Guide before selecting a region.
   
   
   
8. OPTIONAL:    Check the box beside Include the File Vault in this room to include a File Vault in this Room.
   
   
   Note: You can opt to enable/disable this Room feature after the Room is created by contacting Tehama Support for assistance, or through the Room Settings interface. See the Enable/Disable File Vault section in the Rooms User Guide.)
   
   
   
9. OPTIONAL:    Check the box beside Allow users to download files, except any containing sensitive data as determined by our Data Loss Prevention system, onto their local desktops to allow users to download files from the File Vault to their local desktops through the File Vault interface in the Tehama Web UI.
   
   
   Note: As with the File Vault feature itself, you can opt to enable/disable this File Vault sub-option after the Room is created by contacting Tehama Support for assistance, or through the Room Settings interface. See the Enable/Disable File Vault section in the Rooms User Guide. Note, you must enable the File Vault feature flag to see this sub-option in the Room Settings interface.
   
   
   
10. OPTIONAL:    Check the box beside Include the App Vault in this room to include an App Vault in this Room.
    
    
    Note: You can opt to enable this Room feature after the Room is created by contacting Tehama Support for assistance, or through the Room Settings interface. See the Enable/Disable App Vault section in the Rooms User Guide.
    
    
    
11. Click CREATE at the bottom of the CREATE ROOM page. You will see the Room Status page.
    
    This will start a guided process to configure and create your Room and connect it to your organization's network.
    
    
12. Establish a Gateway Connection:
    
    The Room Status page gives you the information you need to install a Gateway in your private network.
    
    Here you will find the Access Key for your Room, ready to be regenerated, downloaded or copied. The Access Key is required to connect the Gateway to your Room.
    
    
    1. Use one of the following installation methods to install your gateway
       
       
         Tehama Gateway Network Limitations
       Due to a limitation in the authentication framework used by Tehama, the Tehama Gateway cannot be installed on the 172.31.x.x network. In addition, Tehama cannot connect to resources that are on the 172.31.x.x network directly.
       If you have the following situation:

       • the Tehama Gateway is on a supported network; and
       • a resource is on the 172.31.x.x network

       then a workaround would be to create a NAT on the network to NAT the address of the resource to an address that Tehama can see, like 10.x.x.x or something similar.
       • Install the Tehama Gateway from an AWS AMI
       • Install the Tehama Gateway from an automated-script
       • Install the Tehama Gateway using Docker
       
       Connecting a Tehama Gateway to your new Room will cause your new Room's infrastructure to begin building.
       
       You will incur the cost of the Room when you connect it to a Tehama Gateway, causing the Room's infrastructure to begin building.
       
       
       
    2. Configure your network firewall (assuming your network has one) to open access in your network's Domain Controller(s) (DC) to the list of ports found in section Ports to open for Room to DC communication of the Room Domain Join User Guide, so that the Domain Join components in your Tehama Room can communicate with your DC(s) (via the Gateway).
       
       
    NOTE: Tehama denies all UDP traffic apart from DNS lookup to internet destinations not controlled by the gateway, by default. Override in your Room's firewall settings if necessary.
    
    
    
13. Click CONNECT. The Room Status page will display the status and the Room connection information.
    
    Through the lifetime of your Room, you will be able to access this page by clicking on the Room's CONNECTION tab, then selecting the STATUS sidebar item to navigate to what is now the Room's STATUS page.
    
    At this point your Room status should be one of the following:
    
    
    • Pending Gateway Connection (yellow); or
    • Connected (green).
    
    When you see the Room Status turn Connected (green), it means that your Room infrastructure has built and the Room is connected to your Tehama Gateway. Wait until the Room Status is green before proceeding to the next step.
    
    
      Note on the Multiple Gateways Feature:

    • The 'Multiple Gateways' feature provides redundancy for a Room's network access when the selected network access mode is 'Tehama Gateway' and the feature is enabled. It can be enabled/disabled by the owner (user with Org Admin role), Org Managers and Room Managers who are members of the Room who are members of the organization that owns the Room (which is your organization in this case). It allows you to provision a second Tehama Gateway, which you must install in your network's infrastructure. The two Gateways will run simultaneously. Access to this feature is not offered by default. Contact Tehama Support to arrange for access to this feature in your Room.
    From the STATUS page, you can both monitor your Room's status and configure your network access.
    
    You can regenerate the Room's access key.
    
    You can enable/disable the 'Multiple Gateways' option (see sidebar note).
    
    You can trigger automated Gateway version updates (if an update is available).
    
    See the Room/Desktops Connectivity - Types, Status and Settings guide for help.
    
    
    This page also provides you with the opportunity to configure the "Domain Information" for the Room. This important step sets up the Trust between your network's domain and your Tehama Room. Continue to the next step to begin setting up the Trust.
    
    
14. Click CONNECT TO DOMAIN. You will see the Connect to Domain page.
    
    
15. Enter your network's domain information in the following fields:
    
    
    • Domain name e.g.: name.tehama.io
    • Search base e.g.: DN=Users,DC=onprem,DC=com
    • Admin account name e.g.: myadminuser
    • Admin account password e.g.: adminpassw0rd
    • Service account name e.g.: myserviceuser
    • Service account password e.g.: servicepassw0rd
      
      
16. Click CONNECT. Your Room will connect to your network's domain.
    
    
    Note: You will not be able to perform any Room administration, such as adding members or creating/assigning Desktop templates, while you are waiting for the Room to connect to your domain.
    
    
    
17. Observe that the navigation bar will have changed to display: ROOMS -> <your room name> Your Room interface page will sprout four tabs (in addition to the CONNECTION tab already present), MEMBERS, CONFIGURE, AUDIT and POLICY.
    
    
18. Click on the Room's CONFIGURE tab, then select the SETTINGS sidebar item to navigate to the Room's SETTINGS page. This page shows your Room's settings. Proceed to configure the settings in your Room as desired.
    
    
    You can find instructions for configuring your Room settings in the Room Desktop Settings section and in the Room Feature Settings section in the Rooms User Guide.

You have now created a Room, connected your network to it and connected it to your network's domain. Your organization is both the Room's owner organization and its connected organization (owner+connected). See the Roles User Guide for more information on organization roles in Rooms.

More information on Rooms can be found in the Rooms User Guide.

More information on Domain Join Rooms can be found in the Room Domain Join User Guide.

Be sure to continue getting started with the Getting Started with Tehama Administration Guide.

Instructions to create a Service-provider Room

"I'm creating a Room and requesting another organization, my service-consumer, to connect it to their network."

(If you do not have a Tehama organization account, contact Tehama Support to discuss joining Tehama. Steps to join Tehama can be found in the Getting Started with Joining Tehama Guide.)

1. Log in to the Tehama Web UI.
   
   
2. Select the ROOMS tab in the navigation bar.
   
   
3. Click the NEW button at the top right. The CREATE ROOM dialog will appear.
   
   
4. Select Standard Room.
   
   
5. Click CONTINUE. The fields for a Standard Room will appear on the dialog. (a Service-provider Room is a special case of a Standard Room.)
   
   
6. Enter a name in the Room Name field.
   
   
7. Select "Third-Party Organization (Invite)" in the Connect this room to field.
   
   
8. OPTIONAL:    Check the box beside Create Free Trial Room to make this Room a "Trial Room". If you leave this box unchecked, you will be billed for this Room.
   
   
   Note: this option is only visible to those organizations who are eligible for a free trial Room. If your organization is not eligible for a free trial Room, then you will not see this option, and you will be billed for the Room.
   
   The TCU usage within a Trial Room is offset by the Trial TCU credits allocated to your organization. If the TCU usage in the Trial Room is over the number of available Trial TCU credits, then you will be billed for the difference.
   
   
   
9. Select your preferred region in the Region field.
   
   This is the region in which you want this Room's infrastructure to be provisioned. Select a region that is geographically appropriate for the users of this Room.
   
   
   Note: Not all Desktop specifications/images are available in all regions. Read through the list of supported Desktop specifications/images by region in the Desktops User Guide before selecting a region.
   
   
   
10. OPTIONAL:    Check the box beside Include the File Vault in this room to include a File Vault in this Room.
    
    
    Note: You can opt to enable/disable this Room feature after the Room is created by contacting Tehama Support for assistance, or through the Room Settings interface. See the Enable/Disable File Vault section in the Rooms User Guide.)
    
    
    
11. OPTIONAL:    Check the box beside Allow users to download files, except any containing sensitive data as determined by our Data Loss Prevention system, onto their local desktops to allow users to download files from the File Vault to their local desktops through the File Vault interface in the Tehama Web UI.
    
    
    Note: This option is only visible if you opted to enable the File Vault in the previous step.
    
    Note: As with the File Vault feature itself, you can opt to enable/disable this File Vault sub-option after the Room is created by contacting Tehama Support for assistance, or through the Room Settings interface. See the Enable/Disable File Vault section in the Rooms User Guide. Note, you must enable the File Vault feature flag to see this sub-option in the Room Settings interface.
    
    
    
12. OPTIONAL:    Check the box beside Include the App Vault in this room to include an App Vault in this Room.
    
    
    Note: You can opt to enable this Room feature after the Room is created by contacting Tehama Support for assistance, or through the Room Settings interface. See the Enable/Disable App Vault section in the Rooms User Guide.
    
    
    
13. Click CONTINUE at the bottom of the CREATE ROOM dialog. You will see the ADD ORGANIZATION dialog.
    
    
14. Enter a name in the Organization Name field. (This is the name of the Tehama organization of your service-consumer. This will be the Room's connected organization. If they do not have an organization yet, do not worry - the process will guide them in creating one.)
    
    
15. Enter a name in the Contact Name field. (This is the name of the Org Admin user or an Org Manager in your service-consumer's organization. If they do not have an organization yet, just use the name of your contact in the service-consumer's company - they will become the Org Admin in the organization when they create it.)
    
    
16. Enter the email for the contact in the Contact Email field. (This is the email that your contact uses to log in to their organization. Again, if they do not have an organization yet, just use the email your contact provided to you.)
    
    
17. Click SEND. An email invitation will be sent to the connected organization (your service-consumer).
    
    
18. Observe that a page has appeared in the Tehama Web UI with ROOMS -> <your room name> at the top. You will continue to configure your Room on this page. This page has sprouted four tabs, MEMBERS, CONNECTION, AUDIT and POLICY.
    
    The MEMBERS tab should be the default selection. You will see the both your organization and your connected organization listed in the page. Note there is a link Resend invitation next to the connected organization's name. Click on this link if you need to resend the invitation.
    
    The CONNECTION tab is where your connected organization will be directed to connect their organization to the Room. You can observe their progress connecting to the Room on this tab.

You have now created a Room and invited another organization to finish configuring it by connecting it to their network. Your organization is the Room's owner organization (user-owner). The other organization is (going to be) the Room's connected organization (connected-only). See the Roles User Guide for more information on organization roles in Rooms.

Once the other organization has connected to the Room, they will add members to the Room. As the owner of the Room, you may provision Desktops for them. See Desktops User Guide for more details.

If the other organization has set a policy for your organization, you'll be asked to review and accept it.

More information on Rooms can be found in the Rooms User Guide.

Be sure to continue getting started with the Getting Started with Tehama Administration Guide.

Instructions to connect a Service-provider Room

"I've been invited to connect my network to a Room that was created by my service provider."

The steps that led you to this point are as follows:

• You received an email inviting you to connect your organization to a Room. This email contains a link.
• You opened this link in a browser; and then either
  • logged in to your existing organization in the Tehama Web UI; or
  • joined Tehama, creating a new user and organization account, which you then logged in to.

Now:

1. You will be presented with an ACCEPT INVITE TO ROOM dialog, asking you to accept the invitation to join and connect to the Room. Click I ACCEPT.
   
   
2. Navigate to your organization's ROOMS tab. You will see the name of the Room in your list of Rooms.
   
   
3. Click on the Room name.
   
   This will start a guided process to configure and create your Room and, if you so choose, connect it to your organization's network.
   
   Observe that a page has appeared in the Tehama Web UI with your Room name and your Room description at the top.
   
   This is your Room interface page. It is a little empty right now while the room is still being created.
   
   Right now it should be displaying the NETWORK ACCESS CONFIGURATION modal.
   
   
4. On the NETWORK ACCESS CONFIGURATION modal:
   
   Select one of the following three options.
   
   
   • • Multi-path
       Choose this if you want your Room to connect to multiple private networks, or none and also access the internet (as with the other options, constrained by your Room's firewall settings).
       
       This option requires you to connect your networks to the Room through an IPSec VPN connection.
       
       If you select this option:
       
       
       • Click the CONTINUE button.
       • Proceed to step 5.
   • or
     
     
     • Tehama Gateway
       Choose this if you want your Room to connect to one network, your organization's private network, and also access the internet (as with the other options, constrained by your Room's firewall settings).
       
       This option requires you to install a Tehama Gateway (at least one) somewhere in your network's infrastructure.
       
       If you select this option:
       
       
       • Click the CONTINUE button.
       • Proceed to step 6.
   • or
     
     
     • Internet only
       Choose this if you only want your Room to access the internet, for example to connect to applications and services in the cloud (as with the other options, constrained by your Room's firewall settings).
       
       If you select this option:
       
       
       • Proceed to step 7.
   
   
   
5. If you selected Multi-path as your network access method ...
   
   Observe that your Room interface page has sprouted four tabs, MEMBERS, CONNECTION, AUDIT and POLICY.
   
   Proceed as follows:
   
   
   1. Click on the Room's CONNECTION tab, then select the STATUS sidebar item to navigate to the Room's STATUS page. You may be directed there automatically.
      
      The purpose of this page is to show your Room's infrastructure details and network connection details and status.
      
      See the Room/Desktop Connectivity - Types, Status and Settings guide for more information about this page.
      
      Initially, you will see a BUILD ROOM INFRASTRUCTURE button.
      
      
   2. Click the BUILD ROOM INFRASTRUCTURE button to build your Room's infrastructure.
      
      You will incur the cost of the Room when the Room's infrastructure begins to build.
      
      After clicking on the button, you will see the following Room status while the infrastructure is building:
      
      
      • Creating Room
      
      After the Room has completed building, that status will disappear, and the infrastructure details, like the Room IP and ports, will appear, along with lists of the network connections and DNS resolvers in the Room.
      
      Initially, the lists of network connections and DNS resolvers on the page will be empty. Without connections, your Room will only be able to provide access to the internet (controlled by your Room's firewall rules).
      
      
   3. Add connections to your private network(s) to your Room. See the Multi-Path Room - Add and Manage Connections guide for guidance. ^*
      
      
      *If you're not comfortable configuring the Multi-Path IPSec VPN connections in your network yourself and need an IT person to help, you can, in a Standard Room, opt to add connections/DNS resolvers until after you have invited another person to your organization, so they can help. See the Organization User Guide if you need help figuring out how to invite someone, but it's fairly easy to figure out if you just go to MEMBERS in the navigation bar. ↩
      
      
      
   4. Add DNS Resolvers to your Room. See the Multi-Path Room - Add and Manage DNS Resolvers guide for guidance. ^**
      
      
      **Similarly, you can wait for an IT person to help you add DNS resolvers. ↩
      
      
      
   5. Proceed to step 8.
   
   
   
6. If you selected Tehama Gateway as your network access method ...
   
   Observe the GATEWAY modal appear on the Room interface page.
   
   It has the heading Gateway near the top of the page, followed by the heading Access Key, and the button DONE at the bottom of the modal.
   
   Under the Gateway heading, you will find a text link Show User Guide to the Tehama Gateway - Installation and Management. This guide contains instructions on how to install a Tehama Gateway in your private network.
   
   Under the Access Key heading, you will find the Access Key for your Room, ready to be copied, downloaded or regenerated. The Access Key is required to connect the Gateway to your Room.
   
   Proceed as follows:
   
   
   1. Install a Tehama Gateway in your private network, and connect it to your Room, using one of the following installation methods: ^*
      
      You will incur the cost of the Room when you connect a Tehama Gateway to it, causing the Room's infrastructure to begin building.
      
      
      • Install the Tehama Gateway from an AWS AMI
      • Install the Tehama Gateway from an automated-script
      • Install the Tehama Gateway using Docker
      
      When these instructions tell you retrieve the Access Key, copy or download it from the GATEWAY modal.
      
      
      * Note that if you're just trying out Tehama you can just install the Tehama Gateway in a temporary location and have your IT people move it later.
      
      If you're not comfortable installing the Tehama Gateway yourself and need an IT person to help, you can, in a Standard Room, opt to delay the installation of the Tehama Gateway until after you have invited another person to your organization, so they can help. Just click DONE to move on. See the Organization User Guide if you need help figuring out how to invite someone, but it's fairly easy to figure out if you just go to MEMBERS in the navigation bar. ↩
      
      
        Tehama Gateway Network Limitations
      Due to a limitation in the authentication framework used by Tehama, the Tehama Gateway cannot be installed on the 172.31.x.x network. In addition, Tehama cannot connect to resources that are on the 172.31.x.x network directly.
      If you have the following situation:

      • the Tehama Gateway is on a supported network; and
      • a resource is on the 172.31.x.x network

      then a workaround would be to create a NAT on the network to NAT the address of the resource to an address that Tehama can see, like 10.x.x.x or something similar.
   2. Click DONE.
      
      Observe that your Room interface page has sprouted four tabs, MEMBERS, CONNECTION, AUDIT and POLICY.
      
      
   3. Click on the Room's CONNECTION tab, then select the STATUS sidebar item to navigate to the Room's STATUS page. You may be directed there automatically.
      
      The purpose of this page is to show your Room's infrastructure details and network connection details and status.
      
      See the Room/Desktop Connectivity - Types, Status and Settings guide for more information about this page.
      
      Your Room status will be one of the following, depending on how far along your gateway installation is:
      
      
      • Pending Gateway Connection, while waiting for your installed gateway to attempt a connection.
      • Creating Room, while the Room's infrastructure is building, triggered by the first gateway connection attempt it receives.
      • Connected, after the Room's infrastructure has completed building, and a successful gateway connection has been made.
      
      
        Note on the Multiple Gateways Feature:

      • The 'Multiple Gateways' feature provides redundancy for a Room's network access when the selected network access mode is 'Tehama Gateway' and the feature is enabled. It can be enabled/disabled by the owner (user with Org Admin role), Org Managers and Room Managers who are members of the Room who are members of the organization that owns the Room (which is your organization in this case). It allows you to provision a second Tehama Gateway, which you must install in your network's infrastructure. The two Gateways will run simultaneously. Access to this feature is not offered by default. Contact Tehama Support to arrange for access to this feature in your Room.
      After your Room is successfully built and connected to a Tehama Gateway, you can choose to enable the 'Multiple Gateways' option (see sidebar note) and install and connect a second gateway. Follow the same gateway installation instructions found in step a, above.
      
      Note: The Access Key asked for by the installation instructions in step a is now available from this STATUS page, through the View or Regenerate link. Use the same Access Key for both your primary gateway and, if you choose to install one, your second gateway.
      
      
      Observe that your Room interface page will sprout another tab: CONFIGURE (You may need to refresh your browser page to see it.)
      
      See the Tehama Gateway Room Connectivity User Guide for more information about Rooms with this network access type.
      
      
   4. Proceed to step 8.
   
   
   
7. If you selected Internet Only as your network access method ...
   
   Observe a new checkbox appear on the NETWORK ACCESS CONFIGURATION modal, with the text:
   
   
   • Build room when finish button is pressed
   
   and notice the text on the button at the bottom of the modal is now FINISH, instead of CONTINUE.
   
   Proceed as follows:
   
   
   1. Decide whether or not to build the Room at this time.
      
      You will incur the cost of the Room when the Room's infrastructure begins to build.
      
      
      • • Leave the checkmark in place beside Build room when finish button is pressed, if you are willing to accept responsibility for the cost of the Room at this point. Clicking FINISH when this checkbox is checked will cause the Room's infrastructure to begin building.
        or
        • Click in the checkbox to remove the checkmark, if you want to delay the creation of the Room. You can initiate the build of the Room's infrastructure from the Room's STATUS page at a later time.
      
      
      
   2. Click FINISH.
      
      Observe that your Room interface page has sprouted four tabs, MEMBERS, CONNECTION, AUDIT and POLICY.
      
      
   3. Click on the Room's CONNECTION tab, then select the STATUS sidebar item to navigate to the Room's STATUS page. You may be directed there automatically.
      
      The purpose of this page is to show your Room's infrastructure details and network connection details and status.
      
      See the Room/Desktop Connectivity - Types, Status and Settings guide for more information about this page.
      
      
      Note: If you did not opt to build the room in step a, you will see a BUILD button.
      
      

      • Click the BUILD ROOM INFRASTRUCTURE button to build your Room's infrastructure.
        
        You will incur the cost of the Room when the Room's infrastructure begins to build.
      
      While the Room is building, you will see the following Room status:
      
      
      • Creating Room
      
      After the Room has completed building, you will see the following Room status:
      
      
      • Built
      
      After the Room has completed building, the page will display the ROOM INFORMATION, including infrastructure details, like the Room IP and ports.
      
      Observe that your Room interface page will sprout another tab: CONFIGURE (You may need to refresh your browser page to see it.)
      
      See the Internet-Only Room Connectivity User Guide for more information about Rooms with this network access type.
   
   
   
8. OPTIONAL: Configure your Room and Desktop settings.
   
   You will need to configure your Room and Desktop settings to provide, or deny, your users access to Tehama features. Settings include access to Tehama features like Windows or Linux Desktops, or Desktop session recordings.
   
   You can choose to do this later.
   
   Navigate to the Room's SETTINGS page:
   
   
   1. Click on the Room's CONFIGURE tab.
   2. Select the SETTINGS sidebar item
   3. Proceed to configure the settings in your Room as desired.
      • set the Desktop idle session timeout.
      • enable/disable the Multi-Gateway feature.
      • enable/disable Linux Desktops.
      • enable/disable Windows Desktops.
      • enable/disable Desktop session recordings.
      • enable/disable the App Vault. You may have already configured this when you created your Room.
      • enable/disable the File Vault. You may have already configured this when you created your Room.
   
   
   You can find instructions for configuring your Room settings in the Room Desktop Settings section and in the Room Feature Settings section in the Rooms User Guide.
   
   

You have now connected to a Room owned by another organization.

Your organization is the Room's connected organization (connected-only). The organization that invited you to connect to the Room is the Room's owner organization (user+owner). See the Roles User Guide for more information on organization roles in Rooms.

You can add members of your organization to the Room, if desired.

The owner organization can propose some of their organization members become members of the Room. You will get notifications to approve them.

The owner organization can then add Desktop templates for the Room members (both from your organization and from theirs). See Desktops User Guide for more details.

More information on Rooms can be found in the Rooms User Guide.

Be sure to continue getting started with the Getting Started with Tehama Administration Guide.

Instructions to join a Standard or a Service-provider Room

"I've been invited to join a Room as a third-party organization."

Your organization has been invited to join a Room of type Standard or Service-provider.

Your organization will be a "user" organization in the Room, with no special privileges.

The steps that led you to this point are as follows:

• You received an email telling you that your organization has been added to a Room. This email contains a link.
• You opened this link in a browser; and then either
  • logged in to your existing organization in the Tehama Web UI; or
  • joined Tehama, creating a new user and organization account, which you then logged in to.

Now:

1. Navigate to your organization's ROOMS tab. You will see the name of the Room in your list of Rooms.
   
   
2. Click on the Room name.
   
   
3. If the Room's connected organization has set a policy for your organization, you'll be asked to review and accept it.
   
   
4. Click the Room's MEMBERS tab. (It should be the default selection.) You should see your organization listed. Propose members from your organization to join your Room, if desired. NOTE that the connected organization will have to approve them after connecting the Room.

You have now joined a Room. Your organization is a user organization in the Room (user-only). The organization that invited you is the Room's connected organization (owner+connected or connected-only). See the Roles User Guide for more information on organization roles in Rooms.

You may propose members from your organization become members of the Room. The Room's connected organization will receive notifications to approve them. The owner organization can then add Desktop templates in the Room for them (or assign them to existing Desktop templates). See Desktops User Guide for more details.

More information on Rooms can be found in the Rooms User Guide.

Be sure to continue getting started with the Getting Started with Tehama Administration Guide.