{"id":947,"date":"2021-10-11T16:52:29","date_gmt":"2021-10-11T23:52:29","guid":{"rendered":"https:\/\/www.xh86.me\/?p=947"},"modified":"2021-10-11T16:52:29","modified_gmt":"2021-10-11T23:52:29","slug":"installing-the-cloud-access-connector","status":"publish","type":"post","link":"https:\/\/www.xh86.me\/?p=947","title":{"rendered":"Installing the Cloud Access Connector"},"content":{"rendered":"<h1>System Requirements<\/h1>\n<p>Connector is software that runs within an Ubuntu server and enables secure connectivity between users and the remote workstations. Connector runs in the customer environment such as on-premises, AWS and Google Cloud. The Connector communicates with the CAS Manager which orchestrates and manages Cloud Access deployments.<\/p>\n<h2 id=\"creating-the-connector-server\">Creating the Connector Server<a class=\"headerlink\" title=\"Permanent link\" href=\"https:\/\/www.teradici.com\/web-help\/cas_manager\/21.07\/cloud_access_connector\/cas_connector_server\/#creating-the-connector-server\">\u00b6<\/a><\/h2>\n<p>The Connector runs on an Ubuntu server (called the Connector server).<\/p>\n<p>Create a dedicated Ubuntu server with the following specifications:<\/p>\n<ul>\n<li>Ubuntu Server 18.04.<\/li>\n<li>At least 4GB RAM.<\/li>\n<li>30GB available storage or more.<\/li>\n<li>2 vCPUs or more.<\/li>\n<\/ul>\n<p>Once you have setup a dedicated virtual machine for the Connector, please ensure the following environment conditions are met:<\/p>\n<ul>\n<li>You must have access to the internet.<\/li>\n<li>You must have an Active Directory (AD) user account located in the designated Connector domain admins group, in order to log into the Admin Console.<\/li>\n<li>The server must be able to resolve the AD domain.<\/li>\n<li>You must be able to access the server using SSH.<\/li>\n<li>You must have superuser (sudo) privileges on the server.<\/li>\n<li>The networking information of the server (including the IP address) must not change while the Connector is operational.<\/li>\n<li>The server must have a single network interface and IP address. If the server has multiple network interfaces, the Connector will fail to install.<\/li>\n<li>If you are deploying Ubuntu on ESXi, you must install open-vm-tools to enable the ESXi host to communicate with the Connector server.<\/li>\n<li>The Connector runs on the following supported domain controller servers:\n<ul>\n<li>Windows 2016 Server with secure LDAP (LDAPS) enabled.<\/li>\n<li>Windows 2012 R2 Server with secure LDAP (LDAPS) enabled.<\/li>\n<li>Windows 2019 Server with secure LDAP (LDAPS) enabled.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>For information on the session establishment and session bandwidth limits when working with external connections, see\u00a0<a href=\"https:\/\/www.teradici.com\/web-help\/cas_manager_as_a_service\/reference\/system_scaling_limits\/\">here<\/a>.<\/p>\n<div class=\"admonition note\">\n<p class=\"admonition-title\">Creating a DNS record<\/p>\n<p>If you want to create a DNS record for the Connector, you need to obtain an SSL certificate with its FQDN and provide it (along with the key) when installing the Connector. This will avoid SSL certificate verification warnings.<\/p>\n<\/div>\n<h2 id=\"verifying-the-connector-server\">Verifying the Connector Server<a class=\"headerlink\" title=\"Permanent link\" href=\"https:\/\/www.teradici.com\/web-help\/cas_manager\/21.07\/cloud_access_connector\/cas_connector_server\/#verifying-the-connector-server\">\u00b6<\/a><\/h2>\n<p>To verify your Connector server network configuration, SSH into the machine and ping the domain and a remote workstation in the domain. You should get a positive response from both attempts:<\/p>\n<div id=\"__code_0\" class=\"codehilite\"><button class=\"md-clipboard\" title=\"Copy to clipboard\" data-clipboard-target=\"#__code_0 pre, #__code_0 code\"><\/button><\/p>\n<pre>ping &lt;domain FQDN&gt;\r\nping &lt;remote workstation FQDN&gt;\r\n<\/pre>\n<\/div>\n<p>If any of your attempts to verify these components fails, the DNS settings on the Connector server might be misconfigured. For more information on DNS configuration, see\u00a0<a href=\"https:\/\/www.serverlab.ca\/tutorials\/linux\/administration-linux\/how-to-configure-network-settings-in-ubuntu-18-04-bionic-beaver\/\">Configuring Network Settings in Ubuntu 18.04<\/a>.<\/p>\n<p>The following section outlines how to download and install the Connector. There are three steps involved in this process:<\/p>\n<ul>\n<li>Downloading the Connector installer files.<\/li>\n<li>Obtaining an authorization token.<\/li>\n<li>Installing the Connector.<\/li>\n<\/ul>\n<h3 id=\"prerequisite-steps\">Prerequisite Steps<a class=\"headerlink\" title=\"Permanent link\" href=\"https:\/\/www.teradici.com\/web-help\/cas_manager\/21.07\/cloud_access_connector\/cas_connector_install\/#prerequisite-steps\">\u00b6<\/a><\/h3>\n<p>For instructions and documentation on the Connector prerequisite steps, see\u00a0<a href=\"https:\/\/www.teradici.com\/web-help\/cas_manager\/21.07\/cloud_access_connector\/cloud_access_connector\/cac_server.md\">Connector System Requirements<\/a>.<\/p>\n<p>It is important to read and address all the prerequisites outlined.<\/p>\n<h3 id=\"1-downloading-the-connector\">1. Downloading the Connector<a class=\"headerlink\" title=\"Permanent link\" href=\"https:\/\/www.teradici.com\/web-help\/cas_manager\/21.07\/cloud_access_connector\/cas_connector_install\/#1-downloading-the-connector\">\u00b6<\/a><\/h3>\n<p>The following section outlines how to download the installer files for the Connector. First, connect to the machine and download the Connector files. The commands below will download the Connector archive, and extract it.<\/p>\n<p>You need to ensure that you have a customer account created on teradici.com to access the download information.<\/p>\n<h4 id=\"downloading-the-installer-from-teradicicom\">Downloading the Installer from teradici.com<a class=\"headerlink\" title=\"Permanent link\" href=\"https:\/\/www.teradici.com\/web-help\/cas_manager\/21.07\/cloud_access_connector\/cas_connector_install\/#downloading-the-installer-from-teradicicom\">\u00b6<\/a><\/h4>\n<p>The following steps outline the current process that enables you to download the installer directly from teradici.com as a tar.gz file or else run the shell script from teradici.com:<\/p>\n<ol>\n<li>SSH into the machine:\n<div id=\"__code_0\" class=\"codehilite\"><button class=\"md-clipboard\" title=\"Copy to clipboard\" data-clipboard-target=\"#__code_0 pre, #__code_0 code\"><\/button><\/p>\n<pre>ssh &lt;username&gt;@&lt;server-ip-address&gt;\r\n<\/pre>\n<\/div>\n<\/li>\n<li>Download the installer from Teradici:\n<ul>\n<li>Open a web browser and navigate to the\u00a0<a href=\"https:\/\/docs.teradici.com\/find\/product\/cloud-access-software\/current\/cloud-access-connector\" target=\"_blank\" rel=\"noopener\">Downloads and Scripts<\/a>\u00a0tab on the Teradici support site.<\/li>\n<li>Download the installer and upload it to the machine or run the shell script provided to download the installer to the machine.<\/li>\n<\/ul>\n<\/li>\n<li>Unpackage the installer:\n<ul>\n<li>Previously the installer was extracted into the ~\/v2connector directory. This location has now changed. Run the following command to extract the installer to \/usr\/sbin\/:\n<div id=\"__code_1\" class=\"codehilite\"><button class=\"md-clipboard\" title=\"Copy to clipboard\" data-clipboard-target=\"#__code_1 pre, #__code_1 code\"><\/button><\/p>\n<pre>sudo tar xzvf &lt;PATH TO FILE&gt;\/cloud-access-connector_&lt;version&gt;_Linux.tar.gz -C \/\r\n<\/pre>\n<\/div>\n<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h3 id=\"2-obtaining-the-connector-token\">2. Obtaining the Connector Token<a class=\"headerlink\" title=\"Permanent link\" href=\"https:\/\/www.teradici.com\/web-help\/cas_manager\/21.07\/cloud_access_connector\/cas_connector_install\/#2-obtaining-the-connector-token\">\u00b6<\/a><\/h3>\n<p>You are required to have a Connector token when installing the Connector. You need to create or have created a deployment prior to obtaining a token. For information on how to log into the Admin Console, see\u00a0<a href=\"https:\/\/www.teradici.com\/web-help\/cas_manager\/21.07\/admin_console\/admin_console_connection\/\">Admin Console Connection<\/a>. The following section outlines how to obtain a Connector token using the Admin Console:<\/p>\n<ol>\n<li>Click\u00a0<strong>Connectors<\/strong>\u00a0from the console sidebar.<\/li>\n<li>Click the add connector button (<strong>+<\/strong>\u00a0sign located beside\u00a0<strong>Connectors<\/strong>\u00a0heading) to display the connector creation panel.<\/li>\n<li>Enter the following information:\n<ul>\n<li>Select the deployment you want to add the Connector to. If you do not have an existing deployment you need to create one.<\/li>\n<li>Enter the name of the Connector.<\/li>\n<li>Follow the step by step instructions outlined below.\u00a0<div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/www.teradici.com\/web-help\/cas_manager\/21.07\/Images\/creating_connector_1.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"https:\/\/www.teradici.com\/web-help\/cas_manager\/21.07\/Images\/creating_connector_1.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"Alt Text\" \/><\/div><\/li>\n<\/ul>\n<\/li>\n<li>Click\u00a0<strong>GENERATE<\/strong>.<\/li>\n<li>Copy the Connector token by click the copy icon.<\/li>\n<li>Click\u00a0<strong>CLOSE<\/strong>\u00a0the exit the panel.<\/li>\n<\/ol>\n<p>You can now use this Connector token when prompted during installation.<\/p>\n<h3 id=\"3-installing-the-connector\">3. Installing the Connector<a class=\"headerlink\" title=\"Permanent link\" href=\"https:\/\/www.teradici.com\/web-help\/cas_manager\/21.07\/cloud_access_connector\/cas_connector_install\/#3-installing-the-connector\">\u00b6<\/a><\/h3>\n<p>Once the files are downloaded and the access token is set, you can install the Connector. If you are not already connected, connect to the machine via SSH and navigate to the\u00a0<samp>\/usr\/sbin<\/samp>\u00a0directory.<\/p>\n<div class=\"admonition important\">\n<p class=\"admonition-title\">Latest Installer Version<\/p>\n<p>Ensure that you are using the latest installer prior to installing or upgrading the Connector. If you are not using the latest installer, you may see one of the following errors or warnings:<\/p>\n<ul>\n<li>The installer is out of date. Please obtain the latest version and try again. See\u00a0<a href=\"https:\/\/www.teradici.com\/web-help\/cas_manager\/21.07\/cloud_access_connector\/cas_connector_install\/cac_install.md\">Downloading the Connector<\/a>\u00a0for instructions.<\/li>\n<li>The installer is out of date. Please download the latest version from teradici.bintray.com\/cloud-access-connector\/cloud-access-connector-0.1.1.tar.gz and try again.<\/li>\n<li>A newer version is available. Please go to\u00a0<a href=\"https:\/\/www.teradici.com\/web-help\/cas_manager\/21.07\/cloud_access_connector\/cas_connector_install\/cac_install.md\">Downloading the Connector<\/a>\u00a0to obtain the latest.<\/li>\n<\/ul>\n<p>For information on troubleshooting Connector installer issues related to this distribution change, see\u00a0<a href=\"https:\/\/www.teradici.com\/web-help\/cas_manager\/21.07\/troubleshooting\/installer_issues\/\">Installer Issues<\/a>.<\/p>\n<p>&nbsp;<\/p>\n<\/div>\n<div class=\"admonition important\">\n<p class=\"admonition-title\">DNS and Name Resolution<\/p>\n<p>You must ensure that you can resolve your AD domain and controller. For information on how to install and edit resolve.conf, and configure DNS name resolution, see\u00a0<a href=\"https:\/\/www.teradici.com\/web-help\/cas_manager\/21.07\/troubleshooting\/dns_name_resolution\/\">Configuring DNS Name Resolution<\/a>.<\/p>\n<\/div>\n<h4 id=\"31-installing-the-connector-for-cas-manager\">3.1 Installing the Connector for CAS Manager<a class=\"headerlink\" title=\"Permanent link\" href=\"https:\/\/www.teradici.com\/web-help\/cas_manager\/21.07\/cloud_access_connector\/cas_connector_install\/#31-installing-the-connector-for-cas-manager\">\u00b6<\/a><\/h4>\n<p>Once you have downloaded the Connector installer and have obtained a Connector token, run the following command to install Connector to the CAS Manager instance you have just installed. The first line of this command maps the Connector token to a variable in the shell:<\/p>\n<div id=\"__code_2\" class=\"codehilite\"><button class=\"md-clipboard\" title=\"Copy to clipboard\" data-clipboard-target=\"#__code_2 pre, #__code_2 code\"><\/button><\/p>\n<pre><span class=\"nb\">export<\/span> <span class=\"nv\">token<\/span><span class=\"o\">=<\/span>&lt;token from CAS Manager admin console&gt;\r\nsudo cloud-access-connector install <span class=\"se\">\\<\/span>\r\n-t <span class=\"nv\">$token<\/span> <span class=\"se\">\\<\/span>\r\n--casm-url<span class=\"o\">=<\/span>https:\/\/ip-address-of-cas-manager <span class=\"se\">\\<\/span>\r\n--external-pcoip-ip public.ipv4.clients.connect.to <span class=\"se\">\\<\/span>\r\n--casm-insecure\r\n<\/pre>\n<\/div>\n<p>&nbsp;<\/p>\n<ul>\n<li>When you are installing the Connector for CAS Manager you need to ensure that you enable and specify the\u00a0<code class=\"codehilite\">--casm-url<\/code>\u00a0flag. This flag specifies the CAS Manager URL that the Connector connects to. If it is not specified by default it will point to\u00a0<a href=\"https:\/\/cas.teradici.com\/\">https:\/\/cas.teradici.com<\/a>.<\/li>\n<li>The\u00a0<code class=\"codehilite\">--external-pcoip-ip<\/code>\u00a0flag is highly recommended to use in order to explicitly set the public IP that PCoIP Clients will connect to during PCoIP sessions. This is the public IP that the Connector is listening to on port 4172. The installer will reach out to cas.teradici.com and first try to automatically resolve the external IP; if this fails, or is not able to resolve the correct IP, this flag is required. In the case that the Connector machine doesn&#8217;t have an internet connection, for example in a dark site environment, or the ingress and egress internet traffic are running through different public IPs, this flag is required.<\/li>\n<li>The\u00a0<code class=\"codehilite\">--casm-insecure<\/code>\u00a0flag is only required when the Connector is connecting to a CAS Manager that is using self-signed certificates. If CAS Manager is using trusted TLS certificates signed by a public CA, then users will not need to use the\u00a0<code class=\"codehilite\">--casm-insecure<\/code>\u00a0command. For more information on configuring custom trusted certificates for CAS Manager, see\u00a0<a href=\"https:\/\/www.teradici.com\/web-help\/cas_manager\/21.07\/troubleshooting\/tls_certificates\/\">TLS Certificates<\/a>.<\/li>\n<li>The\u00a0<code class=\"codehilite\">-casm-ca-cert<\/code>\u00a0flag can used to provide the PEM formatted public certificate for the private CA used to sign the CAS Manager certificate. This flag is useful if the Connector fails to fetch a certificate from the CAS Manager.<\/li>\n<\/ul>\n<p>Ensure that you use the options and flags that best suit your system architecture and requirements. If required values are not provided on the command line, you will be prompted for them. For additional flags and options, see\u00a0<a href=\"https:\/\/www.teradici.com\/web-help\/cas_manager\/21.07\/cloud_access_connector\/cas_connector_install\/#installation-flags-and-options\">Installation Flags and Options<\/a>.<\/p>\n<h4 id=\"32-installing-the-connector-for-cas-manager-as-a-service\">3.2 Installing the Connector for CAS Manager as a Service<a class=\"headerlink\" title=\"Permanent link\" href=\"https:\/\/www.teradici.com\/web-help\/cas_manager\/21.07\/cloud_access_connector\/cas_connector_install\/#32-installing-the-connector-for-cas-manager-as-a-service\">\u00b6<\/a><\/h4>\n<p>Install the Connector for CAS Manager as a Service by running the following command:<\/p>\n<div id=\"__code_3\" class=\"codehilite\"><button class=\"md-clipboard\" title=\"Copy to clipboard\" data-clipboard-target=\"#__code_3 pre, #__code_3 code\"><\/button><\/p>\n<pre><span class=\"nb\">cd<\/span> \/usr\/sbin\r\nsudo .\/cloud-access-connector install\r\n<\/pre>\n<\/div>\n<p>Ensure that you use the options and flags that best suit your system architecture and requirements. If required values are not provided on the command line, you will be prompted for them. For additional flags and options, see\u00a0<a href=\"https:\/\/www.teradici.com\/web-help\/cas_manager\/21.07\/cloud_access_connector\/cas_connector_install\/#installation-flags-and-options\">Installation Flags and Options<\/a>.<\/p>\n<h4 id=\"installing-the-connector-for-testing-with-cas-manager\">Installing the Connector for Testing with CAS Manager<a class=\"headerlink\" title=\"Permanent link\" href=\"https:\/\/www.teradici.com\/web-help\/cas_manager\/21.07\/cloud_access_connector\/cas_connector_install\/#installing-the-connector-for-testing-with-cas-manager\">\u00b6<\/a><\/h4>\n<p>To install the Connector with MFA enabled and in insecure mode for testing, you would run this command (note that we are providing the\u00a0<code class=\"codehilite\">--enable-mfa<\/code>\u00a0flag but not the RADIUS server information, so prompts will appear to collect it):<\/p>\n<div id=\"__code_4\" class=\"codehilite\"><button class=\"md-clipboard\" title=\"Copy to clipboard\" data-clipboard-target=\"#__code_4 pre, #__code_4 code\"><\/button><\/p>\n<pre>sudo .\/cloud-access-connector install -t <span class=\"nv\">$token<\/span> --enable-mfa --self-signed\r\n<\/pre>\n<\/div>\n<p>When the installer completes, the IP address of the Connector will be displayed and you will be directed to go to\u00a0<a href=\"https:\/\/cas.teradici.com\/\">https:\/\/cas.teradici.com<\/a>\u00a0to begin managing your deployments, connectors and remote workstations.<\/p>\n<div class=\"admonition note\">\n<p class=\"admonition-title\">Cloud Access Connector &#8211; Troubleshooting<\/p>\n<p>If there is an issue installing the Cloud Access Connector or an existing Connector is failing, please see the troubleshooting section on\u00a0<a href=\"https:\/\/www.teradici.com\/web-help\/cas_manager\/21.07\/troubleshooting\/cas_manager_diagnose\/\">Cloud Access Connector Connectivity<\/a>. Within this section there are steps to check the following:<\/p>\n<ul>\n<li>Remote Workstation connections<\/li>\n<li>Active Directory connections<\/li>\n<li>Cloud Access Connector component information<\/li>\n<\/ul>\n<\/div>\n<h4 id=\"installation-flags-and-options\">Installation Flags and Options<a class=\"headerlink\" title=\"Permanent link\" href=\"https:\/\/www.teradici.com\/web-help\/cas_manager\/21.07\/cloud_access_connector\/cas_connector_install\/#installation-flags-and-options\">\u00b6<\/a><\/h4>\n<p>The following flags can be used to provide values at the command line. If they are omitted from the command and are required, you will be prompted for them:<\/p>\n<div class=\"md-typeset__scrollwrap\">\n<div class=\"md-typeset__table\">\n<table>\n<thead>\n<tr>\n<th>Flag<\/th>\n<th>Type<\/th>\n<th>Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>CAS Manager<\/strong><\/td>\n<td><\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">--casm-url<\/code><\/td>\n<td>String<\/td>\n<td>Required for CAS Manager, Specifies the CAS Manager URL that the Connector connects to. If this is not specified it will point to\u00a0<a href=\"https:\/\/cas.teradici.com\/\">https:\/\/cas.teradici.com<\/a>\u00a0by default, which is the URL for CAS Manager as a Service.<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">--casm-ca-cert<\/code><\/td>\n<td>String<\/td>\n<td>Enables users to supply a CA certificate for CAS Manager to enable the Connector to connect to a CAS Manager instance using self-signed certificates.<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">--casm-insecure<\/code><\/td>\n<td>String<\/td>\n<td>Is required when the Connector is connecting to a CAS Manager instance that is using self-signed certificates. If CAS Manager is using trusted TLS certificates signed by a public CA, then users will not need to use the this command.<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">--ldaps-ca-cert<\/code><\/td>\n<td>String<\/td>\n<td>Enables users to supply a CA certificate for the connection to Active Directory over LDAPS.<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">\u2011\u2011self-signed<\/code><\/td>\n<td>String<\/td>\n<td>Installs the Connector with self-signed certificates.<br \/>\nThis mode is not secure and is intended for testing.<br \/>\nThe\u00a0<code class=\"codehilite\">--insecure<\/code>\u00a0flag is still supported.<\/td>\n<\/tr>\n<tr>\n<td><strong>Connector<\/strong><\/td>\n<td><\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">--token<\/code>\u00a0(<code class=\"codehilite\">-t<\/code>)<\/td>\n<td>String<\/td>\n<td>Required. The token generated for CAS Manager.<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">\u2011\u2011accept\u2011policies<\/code><\/td>\n<td>\u2014<\/td>\n<td>Automatically accept the\u00a0<a href=\"https:\/\/docs.teradici.com\/reference\/eula\/teradici-end-user-license-agreement\">EULA<\/a>\u00a0and\u00a0<a href=\"https:\/\/www.teradici.com\/privacy-policy\">Privacy Policy<\/a>.<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">--force-install<\/code><\/td>\n<td>String<\/td>\n<td>Replaces any existing Connector installation.<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">--debug<\/code><\/td>\n<td>String<\/td>\n<td>This flag can be run if you initial install of the Connector fails. It provides a detailed output of the Connector installation. This is useful for self-troubleshooting or to provide to the Teradici support team when logging a support ticket.<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">--local-license-server-url<\/code><\/td>\n<td>String<\/td>\n<td>Sets the URL for PCoIP License Server to be used for PCoIP Sessions. If this is not provided, ensure that the Cloud License Server is registered on the PCoIP Agent. Example:\u00a0<em>&#8211;local-license-server-url\u00a0<a href=\"http:\/\/10.10.10.10:7070\/request\">http:\/\/10.10.10.10:7070\/request<\/a><\/em>. For more information on the PCoIP License Server, see\u00a0<a href=\"https:\/\/www.teradici.com\/web-help\/cas_manager_as_a_service\/reference\/pcoip_license_server\/\">PCoIP License Server<\/a>.<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">--add-pool-group<\/code><\/td>\n<td>String<\/td>\n<td>Specifies one or more Active Directory groups, by entering the distinguished name (DN), to be assigned to pools for remote workstation management (eg, &#8211;pool-group &#8216;CN=GroupPool1,CN=Users,DC=sample,DC=com&#8217; &#8211;pool-group &#8216;CN=GroupPool2,CN=Users,DC=sample,DC=com&#8217;). By providing all the existing pools groups in the Connector settings would get replaced by the user specified ones. When running this command you need to run it with\u00a0<strong>adconfig<\/strong>. Example:\u00a0<em>sudo .\/cloud-access-connector adconfig &#8211;add-pool-group<\/em>.<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">--setup-docker-image<\/code><\/td>\n<td>String<\/td>\n<td>Specifies the docker image to be used from the setup container. This is intended to be used for debugging purposes and is not recommended to be used without guidance from Teradici support. Usage without guidance could result in failed installations.<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">--docker-registry<\/code><\/td>\n<td>String<\/td>\n<td>This is an optional flag that enables users to specify the docker image registry that they want to use when installing or updating a Connector. If an option is not specified, the default registry\u00a0<em>docker.cloudsmith.io\/teradici\/cloud-access-connector<\/em>\u00a0will be used. This is intended to be used for debugging purposes and is not recommended to be used without guidance from Teradici support. Usage without guidance from Teradici could result in failed installations.<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">--prune-image<\/code><\/td>\n<td>Boolean<\/td>\n<td>Removes all unused docker images on this machine to reclaim more disk space.\u00a0<strong>Warning:<\/strong>\u00a0This command will remove all unused images under Connector and other services, if any. This is equivalent to the\u00a0<code class=\"codehilite\">docker image prune<\/code>\u00a0command.<\/td>\n<\/tr>\n<tr>\n<td><strong>Firewall<\/strong><\/td>\n<td><\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">--https-proxy<\/code><\/td>\n<td>String<\/td>\n<td>Specify the URL for a HTTPS proxy<br \/>\n(overrides related proxy settings in environment variables)<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">--connector-network-cidr<\/code><\/td>\n<td>String<\/td>\n<td>This is the CIDR to use for the Connector&#8217;s docker network. The default docker network subnet is 10.101.0.0\/16.<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">--internal-client-cidr<\/code><\/td>\n<td>String<\/td>\n<td>The CIDR for PCoIP Clients that connect to remote workstations directly. It is possible to specify multiple\u00a0<code class=\"codehilite\">--internal-client-cidr<\/code>\u00a0networks.<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">--external-client-cidr<\/code><\/td>\n<td>String<\/td>\n<td>The CIDR for PCoIP Clients that connect to remote workstations through the Security Gateway. If external CIDRs settings are set, internal settings must be explicitly set. It is possible to specify multiple\u00a0<code class=\"codehilite\">--external-client-cidr<\/code>\u00a0networks.<\/td>\n<\/tr>\n<tr>\n<td><strong>PCoIP Software Client<\/strong><\/td>\n<td><\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">--retrieve-agent-state<\/code><\/td>\n<td>Boolean<\/td>\n<td>Enables the broker to retrieve the agent state for unmanaged and managed remote workstations.<br \/>\nThe default value for this flag is false.<br \/>\nThe available states are\u00a0<em>In Session<\/em>,\u00a0<em>Ready<\/em>,\u00a0<em>Starting<\/em>,\u00a0<em>Stopping<\/em>,\u00a0<em>Stopped<\/em>\u00a0and\u00a0<em>Unknown<\/em>.<br \/>\nThe value of this flag can either be true or false.<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">--show-agent-state<\/code><\/td>\n<td>Boolean<\/td>\n<td>Controls if the agent state is displayed as part of the remote workstation name in the PCoIP Client.<br \/>\nThe default value for this flag is true.<br \/>\nSetting the value of this flag to true and the\u00a0<code class=\"codehilite\">--retrieve-agent-state<\/code>\u00a0flag to false will result in no agent state displaying.<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">--external-pcoip-ip<\/code><\/td>\n<td>String<\/td>\n<td>Sets the public IP for PCoIP Client to PCoIP Agent connection. This is the public IP that the Connector is listening to on port 4172. The installer will reach out to cas.teradici.com and first try to automatically resolve the external IP; if this fails, or is not able to resolve the correct IP, this flag is required. In the case that the Connector machine doesn&#8217;t have an internet connection, for example in a dark site environment, or the ingress and egress internet traffic are running through different public IPs, this flag is required. For more information on external network access, see\u00a0<a href=\"https:\/\/www.teradici.com\/web-help\/cas_manager\/21.07\/cloud_access_connector\/external_network_access\/\">Enabling External Network Access<\/a>.<\/td>\n<\/tr>\n<tr>\n<td><strong>Domain<\/strong><\/td>\n<td><\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">\u2011\u2011domain<\/code><\/td>\n<td>String<\/td>\n<td>The AD domain that remote workstations will join.<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">\u2011\u2011sa\u2011user<\/code><\/td>\n<td>String<\/td>\n<td>The Active Directory service account username.<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">\u2011\u2011sa\u2011password<\/code><\/td>\n<td>String<\/td>\n<td>The Active Directory service account password.<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">--domain-controller<\/code><\/td>\n<td>String<\/td>\n<td>Specifies one or more domain controllers to use with the Connector.<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">--users-filter<\/code><\/td>\n<td>String<\/td>\n<td>The filter to search for users within Active Directory. Specify multiple filters with multiple options. Default user filter: (&amp;(objectCategory=person)(objectClass=user)).<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">--computers-filter<\/code><\/td>\n<td>String<\/td>\n<td>The filter to search for computers within Active Directory. Specify multiple filters with multiple options. Default computer filter: (&amp;(primaryGroupID=515)(objectCategory=computer)).<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">\u2011\u2011users-dn<\/code><\/td>\n<td>StringArray<\/td>\n<td>The base DN to search for users within AD. Specify multiple DNs with multiple options. Newly provided base DN(s) will automatically replace previous base DN(s). This field is looking for user&#8217;s within the user-defined DN and SGs.<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">--computers-dn<\/code><\/td>\n<td>StringArray<\/td>\n<td>The base DN to search for computers within AD. Specify multiple DNs with multiple options. Newly provided base DN(s) will automatically replace previous base DN(s).<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">--sync-interval<\/code><\/td>\n<td>uint8<\/td>\n<td>The interval (in minutes) for how often to sync AD users and computers with the CASM Service.<\/td>\n<\/tr>\n<tr>\n<td><strong>MFA<\/strong><\/td>\n<td><\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">\u2011\u2011enable\u2011mfa<\/code><\/td>\n<td>String<\/td>\n<td>Installs with multi-factor authentication enabled.<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">\u2011\u2011radius\u2011server<\/code><\/td>\n<td>String<\/td>\n<td>The FQDN or IP address of the RADIUS server to use for MFA.<br \/>\nThis flag is optional.<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">\u2011\u2011radius\u2011port<\/code><\/td>\n<td>String<\/td>\n<td>The RADIUS server port.<br \/>\nIf not specified, the default port (1812) is used.<br \/>\nIf\u00a0<code class=\"codehilite\">--radius-server<\/code>\u00a0is specifed then this flag is optional.<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">\u2011\u2011radius\u2011secret<\/code><\/td>\n<td>String<\/td>\n<td>The shared secret used for configuring RADIUS authentication.<br \/>\nIf\u00a0<code class=\"codehilite\">--radius-server<\/code>\u00a0is specifed then this flag is required.<\/td>\n<\/tr>\n<tr>\n<td><strong>Certificates<\/strong><\/td>\n<td><\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">\u2011\u2011ssl\u2011key<\/code><\/td>\n<td>String<\/td>\n<td>The full path and filename of the SSL key to use.<br \/>\nThe\u00a0<code class=\"codehilite\">--self-signed<\/code>\u00a0flag overrides this flag.<\/td>\n<\/tr>\n<tr>\n<td><code class=\"codehilite\">\u2011\u2011ssl\u2011cert<\/code><\/td>\n<td>String<\/td>\n<td>The full path and filename of the SSL certificate (in PEM format) to use.<br \/>\nThe\u00a0<code class=\"codehilite\">--self-signed<\/code>\u00a0flag overrides this flag.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<div class=\"admonition note\">\n<p class=\"admonition-title\">Troubleshooting the Connector<\/p>\n<p>If you encounter issues when attempting to install the Connector, please see the Troubleshooting section for information on how to potentially diagnose the specific issue. You can also view the following KB article\u00a0<a href=\"https:\/\/help.teradici.com\/s\/article\/3853\">here<\/a>\u00a0which provides a list of troubleshooting steps for common issues related to installing the Connector. For information on installer errors related to a change in the distribution system, see\u00a0<a href=\"https:\/\/www.teradici.com\/web-help\/cas_manager\/21.07\/troubleshooting\/installer_issues\/\">Installer Issues<\/a>.<\/p>\n<\/div>\n<h3 id=\"4-connecting-to-a-remote-workstation-with-a-pcoip-client\">4. Connecting to a Remote Workstation with a PCoIP Client<a class=\"headerlink\" title=\"Permanent link\" href=\"https:\/\/www.teradici.com\/web-help\/cas_manager\/21.07\/cloud_access_connector\/cas_connector_install\/#4-connecting-to-a-remote-workstation-with-a-pcoip-client\">\u00b6<\/a><\/h3>\n<p>After successfully installing a Connector, you can initiate a session to connect to a remote workstation with a PCoIP Software Client. Teradici enables customers to use multi-factor authentication for these PCoIP Client sessions. The following steps outline how to connect to a remote workstation using the PCoIP Software Client:<\/p>\n<ol>\n<li>Double-click the PCoIP Client desktop icon or program file\u00a0<samp>PCoIPClient<\/samp>\u00a0to launch the application.<\/li>\n<li>In the\u00a0<em>Host Address or Code<\/em>\u00a0field, enter one of the following:\n<ul>\n<li>For direct connections, provide the address of the host machine.<\/li>\n<li>For managed connections, provide the address of the connection manager.<\/li>\n<\/ul>\n<\/li>\n<li>Click\u00a0<strong>NEXT<\/strong>.<\/li>\n<li>Select your domain and enter the credentials for the remote workstation. If you have enabled MFA then you will be prompted for the 2<sup>nd<\/sup>\u00a0factor passcode. The method of how this passcode is communicated depends on the provider you used. It is usually either a One Time Password or push notification.<\/li>\n<li>Click\u00a0<strong>LOGIN<\/strong>.<\/li>\n<li>If your login is successful you should be able to select the remote workstation and connect to it. Please note that if you have a single remote workstation, that remote workstation is automatically selected and the connection is initiated immeadiately. In this case you will not be presented with a remote workstation selection screen.<\/li>\n<\/ol>\n<h1>Scaling and PCoIP Session Limits<\/h1>\n<p>When using CAS Manager there are certain session establishment and session bandwidth limits when dealing with external connections.<\/p>\n<p>The following table outlines the RAM, vCPU and correlated estimated bandwidth support:<\/p>\n<div class=\"md-typeset__scrollwrap\">\n<div class=\"md-typeset__table\">\n<table>\n<thead>\n<tr>\n<th>vCPUs<\/th>\n<th>RAM<\/th>\n<th>Estimated Bandwidth<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>2vCPU<\/td>\n<td>7.5 GB RAM<\/td>\n<td>~ 365 Mbit\/s<\/td>\n<\/tr>\n<tr>\n<td>4vCPU<\/td>\n<td>15 GB RAM<\/td>\n<td>~ 830 Mbit\/s<\/td>\n<\/tr>\n<tr>\n<td>8vCPU<\/td>\n<td>30 GB RAM<\/td>\n<td>~ 1100 Mbit\/s<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>System Requirements Connector is software that runs wit [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"class_list":["post-947","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/947","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=947"}],"version-history":[{"count":2,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/947\/revisions"}],"predecessor-version":[{"id":949,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/947\/revisions\/949"}],"wp:attachment":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=947"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=947"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=947"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}