Rooms User Guide
A Tehama Room provides an isolated set of tools and services, so you can collaborate securely. Organizations work together using a shared Room with access governed by policies. A Room is connected to a network, either a private or a public network (e.g., resources in the cloud) in which remote people work. All work performed in the connected network through the Room is audited.
What is a Room?
A Room is a container with a set of tools and services running within it.
Tools and services in a Tehama Room:
- Firewall Rules, a set of rules that constrain access to the 'connected network' and the internet.
(See the description of the 'connected network' below.) - DNS Filtering, an optional layer of access control to the 'connected network' and the internet on top of the firewall rules that takes the form of a list of allowed domains. (This is only available in 'Multi-Path Rooms').
- Secrets Vault, secure storage of access credentials for assets in the connected network.
- File Vault, a secure transfer mechanism for files between the users local environment and the connected network.
- App Vault, a way to securely transfer application installation files to the Room's desktops.
- Desktops, both Windows and Linux Virtual Machines (VMs), used by Room members to interact with the connected network. Rooms contain Desktop templates from which Desktop instances are generated. A Desktop template contains the description of the Desktop configuration and the users assigned to it - those Room members who can connect to the template's generated Desktop instances. There can be as many as 500 Desktop instances in a Room. Each Desktop instance runs a 'Tehama Desktop Agent' application (AKA Workspace Agent) which provides access to tools/services in the Room. A Room member connects (logs in) to a Desktop instance to run a Desktop session. There can be a maximum of 75 concurrent Desktop sessions per Room when the Recordings Room feature is enabled and up to 200 concurrent Desktop sessions when the Recordings Room feature is disabled. (See the Desktop Session Auditing/Recordings User Guide for more details.)
- Audit, a set of audit tools including live Desktop session viewing, Desktop session recording, an activity stream of events occurring in the Room and reports.
The firewall rules (and optionally DNS Filtering in Multi-Path Rooms), secrets vault, the file vault and the audit capabilities, are managed through the Tehama Web UI and accessible from the Tehama Desktop Agent in the Desktops. The app vault is managed through the Tehama Web UI and the files it contains are accessible from mapped drives in the Desktops.
Each Room is owned by a Tehama organization, the 'owner organization', and is connected to the network of a Tehama organization, the 'connected organization'. (These can be the same organization.) Other organizations can be invited to use the Room as well. These are known as 'user organizations'.
A Room has Desktops (as described in the list of Tools and Services above), used to interact with the connected network through Desktop sessions. The Room's owner organization manages the creation and lifecycle of Desktops in the Room, and controls the number of Desktop instances.
A Room has members. Members are users from the Tehama organizations in the Room. Members must comply with the access policy set for their organization in the Room. Only members in a Room can be assigned to Desktop templates in the Room. Typically, a Desktop instance is created from a template for each member that is assigned to it. Members access their Desktop instances through the Tehama Web UI. The Room's connected organization controls which members can be added to the Room, while the Room's owner organization is in charge of assigning/removing members to/from Desktop templates.
Note: The owner organization must, when constructing and assigning members to Desktop templates in the Room, take into consideration the number of concurrent Desktop sessions they expect to have running. While a Room can contain as many as 500 Desktop instances and unlimited members, to ensure optimum performance the maximum number of concurrent Desktop sessions per Room is limited to 75 when the Recordings Room feature is enabled and limited to 200 concurrent Desktop sessions when the Recordings Room feature is disabled. (See the Desktop Session Auditing/Recordings User Guide for more details.) If a higher number of concurrent sessions is expected, multiple Rooms may be required. Room owner organizations are encouraged to contact Tehama Support if they would like assistance in optimizing their Room environment for performance and availability, taking your auditing/recording needs into consideration.
A Room is connected to a network, either a private network or a public network (e.g. resources in the cloud) that is controlled by the Room's 'connected organization'. This is referred to as the 'connected network'. The only way the tools and services in the Room can access the connected network is through the connection the Room provides, isolating access to the connected network's access to Room members.
Since it is the confidentiality of their network and data that is at stake, the connected organization in the Room manages the network settings for the Room in addition to the Room membership.
The character of the 'connected network' depends on the 'Network Access' setting chosen by the Room's 'connected to' organization. It can be set to 'Multi-Path', or to 'Tehama Gateway' or 'Internet Only'.
- Multi-Path
When set to 'Multi-Path', your Room's 'connected network' is zero or more private networks managed by the Room's connected organization (as well as desired resources in the cloud), constrained by your Room's firewall settings and its DNS Filtering. IPSec VPN connections must be made to each private network. Rooms with this network access setting are called 'Multi-Path Rooms'. (See the Multi-Path Room Connectivity User Guide for more information on Multi-Path Rooms.) - Tehama Gateway
When set to 'Tehama Gateway', your Room's 'connected network' is a private network managed by the Room's connected organization (as well as desired resources in the cloud), constrained by your Room's firewall settings. A Tehama Gateway must be installed in a private network. Rooms with this network access setting are called 'Tehama Gateway Rooms'. (See the Tehama Gateway Room Connectivity User Guide for more information on Tehama Gateway Rooms.) - Internet Only
When set to 'Internet Only', your Room's 'connected network' is a set of applications and services in the cloud constrained by your Room's firewall settings. Rooms with this network access setting are called 'Internet-Only Rooms'. (See the Internet-Only Room Connectivity User Guide for more information on Internet Only Rooms.)
The following images show how the architecture achieves the isolation that Rooms provide.
Image of the Tehama security architecture with Tehama Gateway connectivity
Image of the Tehama security architecture with Multi-Path connectivity
More information on the Room concept is available in the 'Room' section of the Introduction.
Room Regions
A Room's infrastructure is provisioned within a given region.
Regions that Tehama supports include:
- US East (N. Virginia)
- US West (Oregon)
- EU (Ireland)
- EU (Frankfurt)
- EU (London)
- Asia Pacific (Sydney)
- Asia Pacific (Singapore)
- Asia Pacific (Mumbai)
- Canada (Montreal)
- Brazil (São Paulo)
Org Roles and Responsibilities in a Room
Each organization plays a 'role' or 'function' in a Room. This organization 'Room role/function' is different from a user's role in their organization (Org Admin, Org Manager, Room Manager, Staff, or Custom). It describes the purpose of the organization in the Room and defines what responsibilities the organization has in the Room.
Each organization in a Room has one of the following 'roles', or 'functions', each coming with its own set of allotted responsibilities:
- owner+connected: The organization created the Room (i.e.: they are paying for it) and connected it (i.e.: they configured the network access for the Room to connect to their private (or public) network). (The organization will have both the icon and the icon under its name in the Room's MEMBERS tab.)
- user-only: The organization has been added (invited to join) to a Room and has no particular responsibilities in the Room.
- user+owner: The organization created and is paying for the Room but the Room is connected to by another organization. (The organization will have the icon under its name in the Room's MEMBERS tab.)
- connected-only: The organization connected to the Room that another organization is paying for. (The organization will have the icon under its name in the Room's MEMBERS tab.)
A connected organization in a Room is either an owner+connected organization or a connected-only organization.
Similarly, an owner organization in a Room is either an owner+connected organization or a user+owner organization.
The management responsibilities in a Room are available to users with one of the manager roles (Org Admin, Org Manager and Room Manager). These will be different depending on which of the above 'Room roles' their organization plays in a Room.
Room management responsibilities are divided as follows:
⦿ In your role as the Org Admin user or an Org Manager or a Room Manager (who is a member of the Room) of the Room's connected organization (owner+connected or connected-only), it is your responsibility to:
- in Multi-Path Rooms, configure and manage the VPN IPSec connections to the connected networks, zero or more.
- in Tehama Gateway Rooms, configure and monitor the connection to the Tehama Gateway installed in the connected network.
- in Tehama Gateway Rooms, keep the Tehama Gateway in the Room up-to-date.
- set up firewall rules.
- in Multi-Path Rooms, set up DNS Filtering (optional).
- add/remove secrets.
- grant membership to the Room to users from your own and other organizations.
- monitor and audit the actions users perform when accessing and using resources on the connected network. (See note below.) Actions you can audit include user sessions, users' use of access credentials, the transfer of files in and out of your systems, and much more.
⦿ In your role as the Org Admin user or an Org Manager or a Room Manager (who is a member of the Room) of the Room's owner organization (owner+connected or user+owner), it is your responsibility to:
- add Desktop templates for Room members.
- in Tehama Gateway Rooms, enable/disable the Multiple Gateways option for the Room.
- monitor and audit Room activity.
In addition ...
⦿ In your role as the Org Admin or an Org Manager or a Room Manager (who is a member of the Room) of an organization in the Room that IS NOT the organization that is connected to the Room (user+owner or user-only), you can:
- request/propose users from your organization for membership in the Room.
⦿ In your role as a Staff member of an organization in the Room that has been approved as a member of the Room, you can:
- be assigned to Desktop templates in the Room.
- connect to and work in Desktops in the Room - Desktops generated from the Desktop templates that you have been assigned to.
All of the above responsibilities are handled through the Tehama Web UI.
The Roles User Guide provides an overview of the responsibilities of the manager roles in Rooms, broken down by the roles/functions of an organization in a Room. See the section 'User Management Roles vis-a-vis Org Functions/Roles in a Room' in the guide.
Typical Room workflow
First a Room has to be created.
Once a Room has been created, it must be set up properly. Between them, the Org Admin users and Org Managers and Room Managers (who are members of the Room) of a Room's connected organization and its owner organization will:
- set and monitor the connection to the connected network.
(See Room/Desktop Connectivity - Types, Status and Settings.) - set up firewall rules to constrain the Room's access to the connected network.
(See the Firewall Rules User Guide.) - set up DNS Filtering on top of the firewall rules (optional - for Multi-Path Rooms only).
(See the DNS Filtering guide.) - set up secrets to generate credentials for assets in the connected network.
(See the Secrets Vault User Guide.) - add members to work in the Room's Desktops.
(See the Room Membership User Guide.) - configure Desktop templates for those members.
(See the Desktops User Guide.)
After that, as a member of a Room, you can start to work as follows:
- Log in to one of your Desktops.
- You can launch a Desktop directly from the Tehama Web UI, logging in with temporary access credentials automatically passed along for you by the UI. (See section 'Connect to a Desktop (single click)' in the Desktops User Guide.)
- Or, you can launch a Desktop from the Teradici PCoIP Client, logging in with temporary access credentials that you can obtain from the Tehama Web UI. (See section 'Connect to a Desktop (with credentials)' via Teradici PCoIP Client in the Desktops User Guide.)
Through the Desktop, you have access to the Room's connected network. This is where you perform your tasks on the connected network.
To help you in your work, you can:
-
transfer files between your local environment and the connected network using the Room's file vault.
(See the File Vault User Guide.)- use the Tehama Web UI to upload files from and download files to your local environment.
- use the Tehama Desktop Agent (Workspace Agent) to upload files from and download files to your Desktop (and from there to the connected network).
-
use the secrets from the Room's secrets vault to access assets in the connected network.
(See the Secrets Vault User Guide.)- access the secrets in the secrets vault (from either the Tehama Web UI or the Tehama Desktop/Workspace Agent) to generate temporary credentials that you can use to gain access to password protected assets/resources in the Room's connected network.
View list of Rooms
All roles in all organizations can access the list of Rooms. The Org Admin user and Org Managers in an organization will see all Rooms the organization has a stake in. Room Managers and Staff members will only see those Rooms of which they are a member.
Check the description of your custom role, to see what Rooms you can see in the Rooms list.
View the list of Rooms you have access to as follows:
- Log in to the Tehama Web UI.
- Click on the ROOMS tab.
An organization's Org Admin user and its Org Managers will see all the Rooms the organization has a stake in - that is all the Rooms they own, are connected to or otherwise use.
An organization's Room Managers and Staff members will see all the Rooms that they are a member of.
The list displays the following information for each Room:
- Room: the name of the Room and its description.
- Members:* the number of members in the Room.
- Desktops:<sup*</sup the number of Desktops in the Room.
- In Use:* the number of Desktops in the Room that are currently in use.
- TCU This Month: the TCU usage for the Room. Only visible to the Org Admin and TCU Usage Auditor users in the Room's owner organization. (See the TCU Usage reports under REPORTS for more information on TCU Usage.)
- Region: the region in which the Room's infrastructure is provisioned.
- Status: the status of the Room (Healthy, Unhealthy, Pending, Impaired or Updating, Archived).
* User (third-party) organizations in a Room can only see numbers of members/Desktops for their own members in the Room.
Click on the 'Refresh' icon at the top right of the list to refresh the contents of the list.
Note if the text for an entry overruns the column width, it can be viewed in a tooltip by hovering over the text.
Create and connect a Standard Room
Only the Org Admin user and Org/Room Managers of an organization can create a Room and connect it. Check the description of your custom role, to see if you can perform these actions.
Use cases for creating and connecting a Standard Room:
- Room for a Remote Workforce
"I want a Room that my organization owns and that is connected to my private network (either a physical or an internet-based network). My organization is the primary organization doing work in the Room, though I can invite other organizations to join the Room if I need to." - Room for a Service Consumer
"I want a Room that my organization owns and that is connected to my private network (either a physical or an internet-based network). I will invite my service provider's organization to join the Room. They will be the primary organization doing work in the Room, though I can invite other organizations to join the Room if I need to."
In a Standard Room, your organization both owns and controls access to the Room. i.e.: Your organization pays for the Room and has control over what services/tools are provisioned in it (the owner responsibilities), and controls which other organizations and members have access and what assets are accessible through the Room (the access/connected responsibilities). Your organization will be the Room's owner+connected organization.
See the Create and connect a Standard Room section in the Getting Started with Tehama Room Creation guide for instructions to create and connect to a Standard Room.
Once your Room is created, it will appear in the list of Rooms in the Tehama Web UI.
Create and connect a Domain Join Room
Only the Org Admin user and Org/Room Managers of an organization can create a Room and connect it. Check the description of your custom role, to see if you can perform these actions.
Use case for creating and connecting a Domain Join Room:
- "I want a Room that I own and that is connected to my physical private network, and that is joined to my network's domain, giving read-only access to the domain's objects, such as users and policies, to the Room. The Room's members' Tehama login usernames (email addresses from my network's domain) will be used as the login usernames for the Desktops in the Room to which they are assigned. Policies in my network's domain will be applied automatically to the Desktops in the Room. I require only Desktops of type "Tehama Windows Desktops" and my organization will be the only organization in the Room."
NOTE: Read through the Domain Join Room Requirements and Limitations section in the Room Domain Join User Guide to be sure that this type of Room is right for your organization.
DISCLAIMER: The Domain Join Beta feature is still undergoing development and is provided 'as-is', without any warranties or support, and Tehama will not be liable for any loss of data. See the Room Domain Join User Guide for more information about this new beta Room feature.
By default, the ability to create a Domain Join Room is disabled. Submit a support ticket to Tehama Support expressing your wish to create a Room of this type. Tehama Support will enable the feature and assist you through the Room creation process.
In this type of Room, your organization both owns and controls access to the Room. i.e.: Your organization pays for the Room and has control over what services/tools are provisioned in it (the owner responsibilities), and controls which members have access and what assets are accessible through the Room (the access/connected responsibilities). Your organization will be the Room's owner+connected organization.
See the Create and connect a Domain Join Room section in the Getting Started with Tehama Room Creation guide for instructions to create and connect to a Domain Join Room.
Once your Room is created, it will appear in the list of Rooms in the Tehama Web UI.
Create a Service-Provider Room and invite another organization to connect it
Only the Org Admin user and Org/Room Managers of an organization can create a Room and invite another organization to connect to it. Check the description of your custom role, to see if you can perform these actions.
Use case for creating a Service-provider Room: (a special case of a Standard Room)
- "I want a Room that my organization owns and that is connected to another organization's private network (either a physical or an internet-based network). This second organization is the consumer of my services and is referred to as the connected organization. If necessary, the connected organization can invite other organizations to join the Room."
This is a special type of Standard Room where the responsibilities in the Room are divided between two organizations - the owner organization, that pays for the Room and has control over what services/tools are provisioned in it, and the access/connected-to organization, that controls which other organizations and which members have access and what assets are accessible through the Room. Your organization will be the Room's user+owner organization and the other organization will be the Room's connected-only organization.
See section Create a Service-provider Room in the Getting Started with Tehama Room Creation guide for instructions to create a Service-provider Room and invite another organization to connect it.
Once your Room is created, it will appear in the list of Rooms in the Tehama Web UI.
Connect a Service-provider Room via invitation
Only the Org Admin user and Org Managers of an organization can connect their organization to a Room, having received an invitation to do so from the Room's owner organization. Check the description of your custom role, to see if you can perform this action.
Use case for connecting a Service-provider Room: (a special case of a Standard Room)
- "I've been invited to connect my network to a Room that was created by my service provider."
In this configuration scenario, your organization will be the Room's connected organization and the other organization will be its owner. (i.e.: Your organization will be the Room's connected-only organization and the organization that invited you will be the Room's user+owner organization.)
See section Connect a Service-provider Room in the Getting Started with Tehama Room Creation guide for instructions to connect a Service-provider Room, having received an invitation to do so.
Join a Room via invitation
Only the Org Admin user and Org Managers of an organization can join their organization to a Room, having received an invitation to do so from the Room's connected organization. Check the description of your custom role, to see if you can perform this action.
Use case for joining a Standard Room or a Service-provider Room:
- "I've been invited to join a Room as a third-party organization."
In this configuration scenario, your organization will not have any particular management responsibilities in the Room. _(i.e.: Your organization will be (one of) the Room's user-only organization(s).)
See the Join a Standard or Service-provider Room section in the Getting Started with Tehama Room Creation guide for instructions to join a Standard or a Service-provider Room, having received an invitation to do so.
Delete or archive a Room
Only the Org Admin user and Org Managers and Room Managers (who are members of the Room) of a Room's owner organization (owner+connected or user+owner) in a Room can delete or archive the Room. Check the description of your custom role, to see if you can perform these actions.
WARNING: A Room, once deleted, cannot be recovered. Connections associated to the Room are also deleted and cannot be recovered. Archiving the Room will preserve recordings.
Delete or archive a Room as follows:
- Log in to the Tehama Web UI.
- Click on the ROOMS tab.
- Locate the entry for the Room you wish to delete or archive.
- Click on the three vertical dots under the Actions column for the entry.
- Select the "Delete" menu item. You will see the DELETE ROOM dialog.
- Acknowledge the warning and type the name of the Room into the dialog.
- If you want to delete the Room:: Click DELETE.
- If you want to archive the Room:: Click ARCHIVE.
View a Room's interface
The Org Admin user and Org Managers in an organization can access the interface of all Rooms the organization has a stake in. Room Managers and Staff members of an organization will only be able to access the interface of those Rooms of which they are a member. Check the description of your custom role, to see what Rooms you are able to access.
Essentially, if you can see a Room in the list of Rooms under the ROOMS tab, you can access its interface.
Be aware that you must accept the policy assigned as the "conditions of use" for your organization in the Room, in order to work in the Room. See section "Accept a policy/condition-of-use for an organization in a Room" in the Policies (Conditions of Use for Rooms) User Guide for more information.
Access the interface for a Room in the Tehama Web UI as follows: (Choose A or B.)
A: find the Room in the list of Rooms that you have access to
- Log in to the Tehama Web UI.
- Click on the ROOMS tab. You will see a list of all the Rooms that you have access to. (For Room Managers and Staff members, this will only be those Rooms of which they are members.)
- Click on the name of the Room you want to access. You will see the interface page for the Room.
B: find the Room in the list of all your Desktops in the organization
Note, this method will only let you find Rooms that have at least one Desktop. If you are a Staff member, this method will only let you find Rooms in which you yourself have an assigned Desktop.
- Log in to the Tehama Web UI.
- Click on the DESKTOPS tab.
- Verify that the DESKTOPS option at the top of the page is selected. You will see a table of Desktop instances. (NOTE: If you are a Staff member in the organization, you will not see options at the top of the DESKTOPS page; the page you see is the equivalent of the DESKTOPS option. Otherwise, your options are DESKTOPS and IMAGES. DESKTOPS is the default option.)
- Either:
- List your assigned Desktops: Click the My Desktops radio button at the top of the page. Your Desktop instances will be uniquely identified by the template name and the Room name. Note, this list will not contain any entries with Rooms in which you are not assigned to a Desktop template. (NOTE: If you are a Staff member in the organization, you will not see this radio button. The list will be restricted to only your assigned Desktops by default.)
- List all Desktop instances in the organization: Click the All Desktops radio button at the top of the page.* The Desktop instances listed will be uniquely identified by the template name, the Room name, and the name of the assigned user. Note, this list will not contain any entries with Rooms that do not have any Desktop templates. (NOTE: If you are a Staff member in the organization, you will not see this radio button. You are unable to see Desktops that are not your own.)
- Click on the name of the Room you want to access, in any of the entries with that Room name. You will see the interface page for the Room.
Here is the Room interface with the WORK tab selected for a member of a Room's third-party organization who is not currently assigned to a Desktop template in the Room:
Here is the Room interface with the WORK tab selected for an Org Manager of a Room's owner organization who is assigned to a couple of Desktop templates in the Room:
View/Edit a Room's name
Only the Org Admin user and Org Managers and Room Managers (who are members of the Room) of a Room's owner organization (owner+connected or user+owner) can edit the Room's name.
The Org Admin user and Org Managers in an organization can view Rooms (identified by name) of all Rooms the organization has a stake in. Room Managers and Staff members of an organization will only be able to view Rooms of which they are a member.
Check the description of your custom role, to see if you can view/edit a Room's name.
Essentially, if you can see a Room in the list of Rooms under the ROOMS tab, you can access its interface and see references to it, by name, in other parts of the UI.
View Room names:
Rooms are identified by name, in whatever context they appear. For each entry in the Rooms list or the Desktops list or various Reports, the value found under the "Room" column is always the name of the Room.
If you are viewing a Room's interface, (see Access the Room's interface), you will see the name of the Room whose interface is being displayed in the breadcrumbs at the top left of the page.
Edit a Room's name as follows: (This functionality is not available to all users.)
- Log in to the Tehama Web UI.
- Click on the ROOMS tab. You will see a list of all the Rooms that you have access to.
- Locate the Room in the list of Rooms to which you have access.
- Click on the three vertical dots under the Actions column for the entry.
- Select the "Edit Room info" menu item. You will see the EDIT ROOM INFORMATION dialog.
- Edit the "Room Name" field.
- Click SAVE.
Alternatively:
- Access the Room's interface.
Note it does not matter which subpage in the Room's interface is currently displayed. - Click on the Room name in the breadcrumbs at the top of the page. You will see the EDIT ROOM INFORMATION dialog.
- Edit the "Room Name" field.
- Click SAVE.
Note that a Room's name can only be modified if the Room has not been archived.
Note that a Room's name can be modified by a 'Tehama Super Admin' user (a superuser belonging to the Tehama Support team) if necessary.
View/Edit a Room's description
The Org Admin user and Org Managers and Room Managers (who are members of the Room) of a Room's owner organization (owner+connected or user+owner) can both view and edit the Room's description.
The Org Admin user and Org Managers and Room Managers (who are members of the Room) of a Room's connected organization (connected-only) can only view the Room's description.
Check the description of your custom role, to see if you can view/edit a Room's description.
Staff members who are members of the Room, regardless of their organization's role in the Room, can only view the Room's description.
View a Room's description as follows:
- Log in to the Tehama Web UI.
- Click on the ROOMS tab. You will see a list of all the Rooms that you have access to.
- Locate the Room in the list of Rooms to which you have access. The description will be under the name in the Room column.
Alternatively:
- Access the Room's interface.
The description will be under the Room name in the breadcrumbs at the top of the page.
Edit a Room's description as follows: (This functionality is not available to all users.)
- Log in to the Tehama Web UI.
- Click on the ROOMS tab. You will see a list of all the Rooms that you have access to.
- Locate the Room in the list of Rooms to which you have access.
- Click on the three vertical dots under the Actions column for the entry.
- Select the "Edit Room info" menu item. You will see the EDIT ROOM INFORMATION dialog.
- Edit the "Description" field.
- Click SAVE.
Alternatively:
- Access the Room's interface.
Note it does not matter which page in the Room's interface is currently displayed. - Click on the Room name in the breadcrumbs at the top of the page. You will see the EDIT ROOM INFORMATION dialog.
- Edit the "Description" field.
- Click SAVE.
Note that a Room's description can be modified by a 'Tehama Super Admin' user (a superuser belonging to the Tehama Support team) if necessary.
Room Desktop Settings
Only the Org Admin user and Org Managers and Room Managers (who are members of the Room) of a Room's owner organization (owner+connected or user+owner) and the Org Admin user and Room Managers (who are members of the Room) of the Room's connected organization (owner+connected or connected-only) can configure the Room's Desktop settings. Check the description of your custom role, to see if you can perform this action.
A Room has a collection of Desktop settings that are applied to all the Desktops that belong to the room. These settings can be set from your Room's CONFIGURE -> SETTINGS page.
Set Idle Session Timeout
The idle session timeout setting is the length of time a desktop session will idle before disconnecting (and no longer using TCU).
Change a Room's idle session timeout setting as follows:
- Access the Room's interface.
- Click the Room's CONFIGURE tab.
- Click on the SETTINGS sidebar item.
- Click on the EDIT button at the top right of the DESKTOP SETTINGS section.
- Locate the dropdown field to the right of the "Idle Session Timeout" desktop-setting.
- Click on the dropdown field to display the preconfigured idle timeout options.
- Select the idle timeout option you wish for your Room's desktop sessions.
- Click SAVE.
Room Feature Settings (Enable/Disable)
Only the Org Admin user and Org Managers and Room Managers (who are members of the Room) of a Room's owner organization (owner+connected or user+owner) and the Org Admin user and Org Managers and Room Managers (who are members of the Room) of the Room's connected organization (owner+connected or connected-only) can configure the Room's Feature settings. Check the description of your custom role, to see if you can perform this action.
A Room has a collection of features that can be enabled or disabled for the room. These features can be enabled or disabled from your Room's CONFIGURE -> SETTINGS page. Note that only one feature can be enabled/disabled at a time, to allow the Room's infrastructure to update before the next change is made.
App Vault
The App Vault Room feature provides a way to securely transfer application installation files to the Room's Tehama Desktops, through the Tehama Web UI and mapped drives on the Room's desktops. See the App Vault User Guide for more details.
When it is enabled, the Org Admin user and Org Managers and Room Managers (who are members of the Room) in the Room's owner organization will be able to see the APP VAULT page under the Room's CONFIGURE tab; and all Room members assigned to a desktop will be able to see the corresponding mapped drive for the App Vault feature in their desktops.
When it is disabled, the APP VAULT page under the Room's CONFIGURE tab will not be available, nor will the mapped drives on the Room's desktops.
Enable or disable the App Vault Room feature as follows:
- Access the Room's interface.
- Click the Room's CONFIGURE tab.
- Click on the SETTINGS sidebar item.
- Click on the EDIT button at the top right of the ROOM SETTINGS section.
- Locate the toggle to the right of the "App Vault" feature.
- Enable the feature as follows:
- Click on the left of the toggle to disable the feature. (The toggle will display an 'x'.)
- Click on the right of the toggle to enable the feature. (The toggle will display a checkmark.)
- Click SAVE to save your change, or CANCEL to cancel your change. (Note that the SAVE and CANCEL buttons only become visible once you have changed the toggle's currently saved value.)
File Vault
The File Vault Room feature secures the transfer of files between your local environment & the Room's Tehama Desktops. See the File Vault User Guide for more details.
When it is enabled, all users with access to the Room will be able to see the FILE VAULT page under the Room's WORK tab.
When it is disabled, the FILE VAULT page under the Room's WORK tab will not be available.
When enabled, a sub-option exists that allows users in the Room to download files from the File Vault to their local desktops from the File Vault interface in the Tehama Web UI. (See SUB-OPTION in step 6 below.)
Enable or disable the File Vault Room feature as follows:
- Access the Room's interface.
- Click the Room's CONFIGURE tab.
- Click on the SETTINGS sidebar item.
- Click on the EDIT button at the top right of the ROOM SETTINGS section.
- Locate the toggle to the right of the "File Vault" feature.
- Enable or disable the feature as follows:
- Click on the left of the toggle to disable the feature. (The toggle will display an 'x'.)
- Click on the right of the toggle to enable the feature. (The toggle will display a checkmark.)
SUB-OPTION: Once the file vault feature toggle has been enabled, you will see another option, the "Allow users to download files, except any containing sensitive data as determined by our Data Loss Prevention system, onto their local desktops" sub-option. Proceed to enable or disable this sub-option as follows:- Check the box to the left of the sub-option to enable it.
- Once saved, the users will be able to download files from the File Vault to their local desktops, (except any containing sensitive data as determined by the Data Loss Prevention system - unless they have been explicitly released for download by an administrator). - Un-check the box to the left of the sub-option to disable it.
- Once saved, the users will not be able to download files from the File Vault to their local desktops.
- Check the box to the left of the sub-option to enable it.
- Click SAVE to save your change, or CANCEL to cancel your change. (Note that the SAVE and CANCEL buttons only become visible once you have changed the toggle's currently saved value, or its sub-option value.)
Multi-Gateway
The Multi-Gateway Room feature allows you to connect multiple Tehama Gateways (to a maximum of 2) to your Tehama Gateway Rooms to provide redundancy for the network access.
When the Multi-Gateway Room feature is enabled, a Tehama Gateway Room's owner organization will be able to see the feature and to turn it on or off in the Room's CONNECTION -> STATUS page. The Room's connected organization will be able to see the feature. See both the "View the 'Multiple Gateways' option for a Room" section and the "Enable/Disable the 'Multiple Gateways' option for a Room" section in Room/Desktop Connectivity - Types, Status and Settings for more details.
Note, ensure that the 'Multiple Gateways' option in the Room's CONNECTION -> STATUS page is turned off before attempting to disable the Multi-Gateway Room feature.
Note that enabling the 'Multi-Gateway' feature here in the Room Settings does not incur any cost for your Room, however, subsequently enabling it (turning it on) under the room's CONNECTION -> STATUS page does incur an added expense for your room.
Enable or disable the Multi-Gateway Room feature as follows:
- Access the Room's interface.
- Click the Room's CONFIGURE tab.
- Click on the SETTINGS sidebar item.
- Click on the EDIT button at the top right of the ROOM SETTINGS section.
- Locate the toggle to the right of the "Multi-Gateway" feature.
- Enable or disable the feature as follows:
- Click on the left of the toggle to disable the feature. (The toggle will display an 'x'.)
- Click on the right of the toggle to enable the feature. (The toggle will display a checkmark.)
- Click SAVE to save your change, or CANCEL to cancel your change. (Note that the SAVE and CANCEL buttons only become visible once you have changed the toggle's currently saved value.)
Linux Desktops
The Linux Desktop Room feature provides virtual Desktop environments connected via PCoIP to Linux-based servers. These are known as Tehama Linux Desktops. It is offered with a range of hardware and software options similar to a Windows Desktop. The currently available Operating System is Ubuntu Server 18.04.
The Linux Desktop Room feature, when enabled, allows the creation of Tehama Linux Desktops in the Room.
When enabled, Tehama Linux Desktops can be created in the room, and the LINUX DESKTOPS page found under the Room's CONFIGURE tab in the Tehama Web UI will be present.
When disabled, Tehama Linux Desktops cannot be created in the room, and the LINUX DESKTOPS page found under the Room's CONFIGURE tab in the Tehama Web UI will be absent.
Note any Tehama Linux desktops that have been created for the room will continue to exist after the feature has been disabled and will be accessible through the Tehama Web UI (although note that the ability to add new Tehama Linux desktops will be unavailable).
Enable or disable the Linux Desktop Room feature as follows:
- Access the Room's interface.
- Click the Room's CONFIGURE tab.
- Click on the SETTINGS sidebar item.
- Click on the EDIT button at the top right of the ROOM SETTINGS section.
- Locate the toggle to the right of the "Linux Desktop" feature.
- Enable or disable the feature as follows:
- Click on the left of the toggle to disable the feature. (The toggle will display an 'x'.)
- Click on the right of the toggle to enable the feature. (The toggle will display a checkmark.)
- Click SAVE to save your change, or CANCEL to cancel your change. (Note that the SAVE and CANCEL buttons only become visible once you have changed the toggle's currently saved value.)
Windows Desktops
The Windows Desktop Room feature provides virtual Desktop environments connected via PCoIP to Windows-based servers. These are known as Tehama Windows Desktops. It is offered with a range of hardware and software options. The currently available Operating System is Windows Server 2019.
The Windows Desktop Room feature, when enabled, allows the creation of Tehama Windows Desktops in the Room.
When enabled, Tehama Windows Desktops can be created in the room, and the WINDOWS DESKTOPS page found under the Room's CONFIGURE tab in the Tehama Web UI will be present.
When disabled, Tehama Windows Desktops cannot be created in the room, and the WINDOWS DESKTOPS page found under the Room's CONFIGURE tab in the Tehama Web UI will be absent.
If your Room was created prior to March 1st 2022, your Room may have the legacy 'Workspace Desktops' feature enabled (Tehama's other Windows-based Desktop offering). If so, the WINDOWS DESKTOPS page found under the Room's CONFIGURE tab will still be present when the Windows Desktops feature is disabled, to allow you to create Workspace Desktop templates.
- Workspace Desktops are approaching end-of-life, and you should consider disabling them in your Room. See Workspace Desktops (Legacy) for more details.
Note any Tehama Windows desktops that have been created for the room will continue to exist after the feature has been disabled and will be accessible through the Tehama Web UI (although note that the ability to add new Tehama Windows desktops will be unavailable).
Enable or disable the Windows Desktop Room feature as follows:
- Access the Room's interface.
- Click the Room's CONFIGURE tab.
- Click on the SETTINGS sidebar item.
- Click on the EDIT button at the top right of the ROOM SETTINGS section.
- Locate the toggle to the right of the "Windows Desktop" feature.
- Enable or disable the feature as follows:
- Click on the left of the toggle to disable the feature. (The toggle will display an 'x'.)
- Click on the right of the toggle to enable the feature. (The toggle will display a checkmark.)
- Click SAVE to save your change, or CANCEL to cancel your change. (Note that the SAVE and CANCEL buttons only become visible once you have changed the toggle's currently saved value.)
Recordings
The Recordings Room feature provides recordings of the Room's Desktop sessions.
From the time it is enabled, any subsequent desktop sessions in the room will be recorded.
From the time it is disabled, any subsequent desktop sessions in the room will not be recorded.
Recordings are available in the Room's SESSIONS page under the AUDIT tab. See the Desktop Session Auditing/Recordings User Guide for more details.
Note, any recordings that are already present will continue to be available once the feature is disabled.
This Room feature is a useful capability, but it does come with a cost in Desktop performance and availability. When Recordings are enabled in a Room, the Room can support a maximum of 75 concurrent Desktop sessions. When Recordings are disabled, the Room can support up to 200 concurrent Desktop sessions. Room owner organizations are encouraged to contact Tehama Support if they would like assistance in optimizing their Room environment for performance and availability, taking your auditing needs into consideration.
IMPORTANT: Before enabling the Recordings feature for a Room, confirm that the current number of concurrent Desktop sessions in the Room is at most 75. Enabling Recordings while the number of concurrent Desktop sessions is higher than this maximum will result in undefined behaviour. You can view a list of the "in-use" Desktop Templates in your Room on the DESKTOPS page. (See section View list of in-use Desktop templates in your Organization in the Desktops User Guide.)
Enable or disable the Recordings Room feature as follows:
- Access the Room's interface.
- Click the Room's CONFIGURE tab.
- Click on the SETTINGS sidebar item.
- Click on the EDIT button at the top right of the ROOM SETTINGS section.
- Locate the toggle to the right of the "Recordings" feature.
- Enable or disable the feature as follows:
- Click on the left of the toggle to disable the feature. (The toggle will display an 'x'.)
- Click on the right of the toggle to enable the feature. (The toggle will display a checkmark.)
- Click SAVE to save your change, or CANCEL to cancel your change. (Note that the SAVE and CANCEL buttons only become visible once you have changed the toggle's currently saved value.)
DIA
The Desktop Intelligence and Automation (DIA) diagnostic tool monitors, troubleshoots, and gathers intelligence across all Desktops in Rooms that have enabled DIA, through an agent installed on each Desktop.
NOTE: Access to Tehama's DIA diagnostic tool is not available to all organizations by default. Access to the tool is an optional organization feature that Tehama Support will set up for your organization upon request. Contact Tehama Support for more details.
Enabling the DIA Room feature will trigger the installation of the DIA agent on all Desktops in the Room. (Desktops in-use at the time the feature is enabled will be updated after the session ends.) The agents will link the Desktops to the DIA tenant for your organization in the DIA diagnostic tool, adding entries for the Desktops in its Devices list. Access the DIA diagnostic tool to view data on the Desktops.
Disabling the DIA Room feature will trigger the uninstallation of (will remove) the DIA agent from all Desktops in the Room. (Desktops in-use at the time the feature is disabled will be updated after the session ends.) The Desktops will no longer be linked to the DIA diagnostic tool.
WARNING: If you enable, disable, then re-enable this feature, your Desktops will have new entries in DIA diagnostic tool.
For information on how to access and use Tehama's DIA diagnostic tool, see the Desktop Intelligence and Automation (DIA) user guide.
Enable or disable the DIA Room feature as follows:
- Obtain the credentials required to enable DIA for your Room. You will need the "Tenant name" and "device registration code" for your organization in DIA.
- Get this information from your organization's DIA user (a user with a user account in DIA); or
- Contact Tehama Support, who will pass this information along to you.
- Access the Room's interface.
- Click the Room's CONFIGURE tab.
- Click on the SETTINGS sidebar item.
- Click on the EDIT button at the top right of the ROOM SETTINGS section.
- Locate the toggle to the right of the "Desktop Intelligence and Automation (DIA)" feature.
- Enable or disable the feature as follows:
- Click on the left of the toggle to disable the feature. (The toggle will display an 'x'.)
- Click on the right of the toggle to enable the feature. (The toggle will display a checkmark.)
- Enter the name given to you for your organization in the Tenant name field. (e.g.: "example.dia.tehama.io)
- Enter the device registration code given to you for your organization in the Registration code field. (e.g.: 1234567890abcdef1234567890abcdef12345678)
- Click SAVE to save your change, or CANCEL to cancel your change. (Note that the SAVE and CANCEL buttons only become visible once you have changed the toggle's currently saved value; and the SAVE button will be inactive unless there are values in both fields.)