Getting started with Tehama Administration

Have you completed the Getting Started with Tehama Installation Guide? If not, please go back and do so before proceeding.

Purpose

This guide provides the basic steps necessary in order to set up:

When you have completed all the steps and tasks outlined in this guide, Tehama will be operational, and desktop users and service providers will have configured accounts.

Authorized Service Providers will be able to manage resources and customers will have full control over access to their data and their Room in Tehama including Tehama session recordings.

See the Rooms User Guide for more details.


Step 1: Organization Member Administration

Tehama provides an intuitive user administration interface allowing an administrator to perform the following tasks that are necessary for getting started:

Create New Teams

After the installation and configuration for Tehama is completed, the first task is to create a new Team for your members.

  • From the TEAM tab:
  • Click on the three vertical dots next to the team-selector field. Depending on whether you have "All Members" selected or an existing team selected, you will see
    either Team Page menu open when All Members selected
    or Team Page menu open when team selected

  • Select Add New Team.

  • Type in a name for the team (e.g., DB Admins).
  • Click CREATE.

Repeat these steps for each team needed.

Create New Members

After creating one or more new Teams, the next task is to invite new members to the Organization.

From the TEAM tab:

  1. Click the NEW dropdown menu to open it.
  2. Select Add New Member.
  3. Enter the member information
    • Name
    • Email Address
    • Role (Staff or Manager)
    • Team (Select one of the team created in the previous step or leave this blank)
  4. Click INVITE.

Repeat these steps for each member you need to invite.

Once invited, new members will receive an invitation email to the address specified. The invitation email contains a link which each new team member must action to gain access to Tehama.

Note: Managers have elevated privileges in Tehama. In addition to using the services available to ‘Staff’, Managers are also able to create policies, create and delete team member accounts and create additional desktops.




Step 2: Room Member Administration

To begin using a room, the next task will be to grant members and/or Organizations access to the room. There are two ways of granting Room access:

Grant Room Access to Members

With members (and teams) now created, the next task is to grant member access to your room, either to individual members, or to entire Teams. Choose one method below to add members or teams to the Room.

Grant Access to Individual Members

From the Rooms tab:

  1. Click the name of the room for which member access is to be granted
  2. In the resulting screen, click MEMBERS

    A list of available organizations appears. The initial setup shows only one Organization Name.

  3. To the left of the Organization name, Click the drop-down arrow dropdown-down-arrow-icon icon to show the list of members for the Organization.
  4. At the top of the drop-down, click the + MEMBER button
    (or the + PROPOSE button if you are not part of the connected Organization).
  5. From the ADD dialog, choose Staff Members.
  6. Select the Staff Member (or multiple members) from the list to add to the room.
  7. Click the ADD button.
  8. Close the list of members by clicking on the drop-down arrow dropdown-up-arrow-icon icon.

Grant Access to an Entire Team

From the Rooms tab:

  1. Click the name of the room for which member access is to be granted
  2. In the resulting screen, click MEMBERS

    A list of available organizations appears. The initial setup, shows only one Organization Name

  3. To the left of the Organization name, click the drop-down arrow dropdown-arrow-icon icon to show the list of members for the Organization.
  4. At the top of the drop-down, click the + MEMBER button
    (or the + PROPOSE button if you are not a part of the connected Organization).
  5. From the ADD dialog, choose Teams.
  6. Select the Team (or multiple teams) from the list to add to the room.
  7. Click the ADD button.
  8. Close the list of members by clicking on the drop-down arrow dropdown-up-arrow-icon icon
Note: See the Additional Administrative Functions section below for information on how to invite other authorized organizations to assist in the Room

Step 3: Room Administration

After assigning Staff Members (or whole teams) to the room, the next task is to create Desktops, enable connectivity (through the creation of firewall rules) and request applications to provide to Staff Members within Tehama. Configuration Options are:

Note: All Room administration functions are performed within the ROOMS tab, with the desired room selected.


Create a Virtual Desktop

Members require a desktop to perform their functions.

From within the Room:

  1. Click CONFIGURE.
  2. Click WINDOWS DESKTOPS or LINUX DESKTOPS.
    • A list of previously configured desktop configurations appears. On initial configuration, there will be no desktop configurations displayed.
  3. Click ADD DESKTOP CONFIGURATION if there are no existing pre-desktop configurations.
    Otherwise:
    • For Windows desktops:
      Select the Desktop item from the ADD drop-down menu in the top right corner of the page.
    • For Linux desktops:
      Click ADD DESKTOP in the top right corner of the page.
  4. Enter the requested information:
    • For Windows desktops:
      • Name of desktop (friendly name used to identify the desktop function or owner)
      • Specification (Hardware specifications)
      • Always On (Choose if the desktop needs to remain powered on idle)
      • Mode (Choose if multiple login functionality is enabled)
      • Quantity (Choose how many desktops are to be instantiated)
      • Users (Choose the user(s) who will have access to the Virtual Desktop)
    • For Linux desktops:
      • Name of desktop (friendly name used to identify the desktop function or owner)
      • Users (Choose the user(s) who will have access to the Virtual Desktop)
      • Sudo Users (Choose the user(s) who will have sudo privileges in the Virtual Desktop)
      • Operating System
      • Specification (Hardware specifications)
  5. Click CREATE.
Note:
The Amazon Workspaces Application Manager® (WAM) service does not support Windows 10. For a more robust experience, we recommend using Windows 7 whenever possible.

Both the Windows 7 and Windows 10 desktops are based on a Windows Server platform. Although the two desktops offer the same user experience as their consumer counterparts, some features of Windows 10 may be missing, such as: Windows Subsystem for Linux


Add Additional Software

Members may require additional desktop software to perform their functions. If the desired software is not available in the default desktop configuration, you can send a request to the Tehama Concierge to add it to your catalogue.

From within the Room:

  1. Click CONFIGURE.
  2. Click WINDOWS DESKTOPS.
  3. Select the Desktop Applications item from the ADD drop-down menu in the top right corner of the page.
  4. This will take you to the Tehama Support Portal, where you can request your application.
  5. In your request, type the name of the application desired and any additional information on the software you are requesting, including:
    • Licensing
    • Software vendor
    • Desired Configuration Options
  6. Submit your request.

See the Desktops User Guide for more information on configuring and working with desktops.

Create a Firewall Rule

Before the Room can communicate with network resources, you need to configure firewall rules. By default, all outbound traffic is restricted. Configuring a secret (below) also allows the creation of a firewall exception.

From within the Room:

  1. Click CONNECTION.
  2. Click FIREWALL RULES.
  3. Click ADD RULE.
  4. In the resulting screen, enter the following information:
    • Rule Name (a friendly name for the firewall exception)
    • IPv4 CIDR block (IP addresses to expose with Subnet Prefix). E.g.: 127.0.0.1/32)
    • Port Single or Range (choose one)
    • Port (enter the port number or Port range required for the application
  5. Click CREATE.
Note: Click the ALLOW ACCESS TO WAM button to allow instant room access to the Amazon Workspaces Application Manager® (WAM) service.

Using the CIDR block of 0.0.0.0/0 will disable the firewall and expose the workspace to the internet. While this may be desirable to install software packages, it is not recommended to operate normally with this configuration.


Configure the Secret/Password store

To avoid sharing network resource credentials insecurely, Tehama provides access to an encrypted Secret Password store used to securely store, encrypt, and grant authorized members access to credentials and other sensitive information.

From within the Room:

  1. Click CONFIGURE.
  2. Click SECRETS.
    You will see a list of secret types, (Cassandra, Generic, MongoDB, etc)
  3. Click the type of secret you wish to add.
    The secret view is organized by:
    • asset (secret, e.g. Database credentials)
    • folder (for logical storage of assets)

  4. Create a Folder to organize the secrets.
    1. Click the ADD secret type FOLDER button.
    2. In the resulting screen, enter the desired Folder name and fill in the required fields. e.g: a firewall exception may need to be specified. (See the Secrets User Guide for more guidance.)
    3. Click CREATE
  5. Create an Asset.
    1. Double-click the folder name where the Asset is to be filed.
      If no folder is specified, the root folder will be used.
    2. Click the ADD ASSET button.
      In the resulting screen, enter the following:
      • Asset Name (friendly name for your asset/secret) and fill in any required fields. (See the Secrets User Guide for more guidance.)
    3. Click CREATE.

Authorized staff members can click the asset name to access the asset under the Secrets tab within the Room. They may also access the asset from the Workspace Agent's SECRETS tab with one of the Room's desktops.


Step 4: Desktop Management

Now that the configuration of your Room and Desktop is completed, you are ready (almost) to use your new Desktop.

To use your Desktop you need to:

Access your Desktop's credentials

You access your Desktop's credentials by following these steps:

From within the Room:

  1. Click WORK.
  2. Click MY DESKTOPS.
    • A list of previously configured desktops appears.
  3. Click the CONNECT button adjacent to the desired desktop instance.
    The resulting window displays all necessary information required to log in:
    • Registration Code
    • Username
    • Password

Desktop credentials are dynamic and are only valid for five minutes after they are generated. If the password expires prior to login, a Password expired message is displayed. Close the window and try again or click the REFRESH button.

Download and Install the Amazon Workspaces® Client

Before we can connect to any Desktop, the Amazon WorkSpaces® Client must be installed by following these steps:

  1. Follow the steps to access your Desktop's credentials.
  2. On the resulting window, click the DOWNLOAD CLIENT button.
    A new tab opens to Amazon WorkSpaces® Client.
  3. Click on the correct icon for your device to begin installation.
  4. Follow the installation wizard (for Windows Users) to install the client.
Note: As an alternative to using the installed client, you can use Amazon WorkSpaces® Web Access through your browser. Simply click on the Web Access icon.


Connect to a Virtual Desktop

To connect to a Virtual Desktop, perform the following steps:

  1. Follow the steps to access your Desktop's credentials.
  2. Note the registration code, username and password on the resulting window (Tehama Window). Refresh if expired.
  3. Open the Amazon WorkSpaces® Client app previously installed on your workstation (or Tablet).
    • Ensure there is a green checkmark beside Network at the lower right corner of the Amazon WorkSpaces® app.
  4. Copy the registration code from the Tehama Window and paste it into the Amazon Workspaces® Client application as indicated.
    • Click Register.
  5. Copy the Username and Password from the Tehama Window, and paste them into the Amazon Workspaces® window as indicated.
    • Click Sign In.
  6. If you are prompted with a Remember Me option, Click No.
  7. For Windows users, if prompted to allow firewall access, click Allow Access.
    The connection can take a minute to be fully established.
  8. Upon Launch, the Desktop will begin initializing/starting, resulting after a brief delay in the Workspace-Agent window being displayed, maximized with the desktop running behind it. If the Workspace-Agent detects an update, it will be downloaded automatically and the Workspace-Agent will restart.
Note: For convenience, in Tehama, copy buttons are available that automatically place the Registration Code, Username or Password into the clipboard.




Additional Administrative Functions

These tasks are performed only as needed, and are not necessary to begin using Pythian Tehama.

They are included here in this getting started guide since they are commonly performed tasks.

User Management

Resend an Invite

In the event the original email invitation link has expired, a new invite may be generated and sent. Follow these steps to resend an invite:
From the TEAM tab:

  1. Click name of the invited, but still pending, member you wish to resend an invite to.
  2. In the resulting screen, Click the blue RESEND INVITE button.
    • If there is a need to send the link manually, you can use the invitation link presented.

Delete Existing Members

Should you need to delete existing members, follow these steps:
From the TEAM tab:

  • Option 1 (allows for bulk deletions):

    1. Select the member you wish to delete by clicking in the checkbox to the left of the member's name. Select multiple members for bulk deletions.
      selected member row in team page
    2. At the bottom of the page, click the Trash Can icon. You will see the DELETE STAFF MEMBER(S)) dialog.
    3. Confirm that you want to continue with the deletion and click DELETE.
  • Option 2:

    1. In the row for the member you wish to delete, click on the three vertical dots menu under the Actions column.
      member row in team page actions menu open
    2. Select the Delete Member item. You will see the DELETE STAFF MEMBER(S)) dialog.
    3. Confirm that you want to continue with the deletion and click DELETE.

Room Management

Grant Room Access to other Organizations

As an alternative to adding individual members or teams from your organization, you can add users from other invited Organizations:
From the ROOM tab:

  1. Click the name of the room where member access will be granted.
  2. In the resulting screen, click MEMBERS.
    • A list of available organizations appears. On the initial setup, only one Organization Name will be displayed.
  3. At the bottom of the list, click the ADD ORGANIZATION button,
    or select Organization from the ADD dropdown menu in the top right corner of the page.
    You will see the ADD ORGANIZATION dialog.
  4. Select the desired Organization from the list to invite to the Room.
  5. Select the desired Policy for the Organization.
  6. Click INVITE.
Note: Only authorized Organizations are available in this list. If no additional Organizations have been previously authorized, the option to invite a new organization is available.


Edit or Delete a Virtual Desktop

If you need to modify the Virtual Desktop (Desktop Name or Member permissions only) or to delete the desktop completely, follow these steps:

To Edit the Desktop:

From within the Room:

  1. Click CONFIGURE.
  2. Click on the WINDOWS DESKTOPS or LINUX DESKTOPS sidebar item.
    • A list of previously configured desktops appears.
  3. Click the name of the desktop you wish to modify.
    In the resulting dialog:
  4. Modify the name of the desktop.
  5. Modify the authorized users (and sudo users for Linux desktops) by clicking in the drop-down list for the field.
    • Add or remove members as necessary.
  6. Click SAVE.

To Delete the Desktop:

From within the Room:

  1. Click CONFIGURE.
  2. Click on the WINDOWS DESKTOPS or LINUX DESKTOPS sidebar item.
    • A list of previously configured desktops appears.
  3. Select the desktop you wish to delete by clicking in the checkbox to the left of the desktop's name.
    Select multiple desktops for bulk deletions.
    selected desktop row in rooms configure desktop page
  4. At the bottom of the page, click the Trash Can icon. You will see the DELETE DESKTOPS dialog1.
  5. Type the name of the Virtual Desktop to confirm deletion (case sensitive).
  6. Click DELETE.

1. If at least one of the selected desktops you intend to delete is in a pending state, you will see the REJECT CONFIGURATION dialog. Enter a reason to reject the desktop and click REJECT.