Getting started with Tehama Administration

Have you completed the Getting Started with Tehama Installation Guide? If not, please go back and do so before proceeding.

Purpose

This guide provides the basic steps necessary in order to set up:

When you have completed all the steps and tasks outlined in this guide, Tehama will be operational, and desktop users and service providers will have configured accounts.

Authorized Service Providers will be able to manage resources and customers will have full control over access to their data and their Room in Tehama including Tehama session recordings.

See the Rooms User Guide for more details.


Step 1: Organization Member Administration

Tehama provides an intuitive user administration interface allowing an administrator to perform the following tasks that are necessary for getting started:

Create New Teams

After the installation and configuration for Tehama is completed, the first task is to create a new Team for your members.

  • From the Team tab:
  • Click the View as teams button
  • Click ADD NEW TEAM
  • Type in a name for the team (e.g., DB Admins)
  • Click CREATE

Repeat these steps for each team needed.

Create New Members

After creating a new Team, the next task is to invite new members to the Organization.

From the Team tab:

  1. Click the View as members button (if available)
  2. Click ADD NEW MEMBER
  3. Enter the member information
    • Name
    • Email Address
    • Role (Staff or Manager)
    • Team (Select the team created in the previous step)
  4. Click INVITE

Repeat these steps for each team needed.

Once invited, new members will receive an invitation email to the address specified. The invitation email contains a link which each new team member must action to gain access to Tehama.

Note: Managers have elevated privileges in Tehama. In addition to using the services available to ‘Staff’, Managers are also able to create policies, create and delete team member accounts and create additional desktops.




Step 2: Room Member Administration

To begin using a room, the next task will be to grant members and/or Organizations access to the room. There are two ways of granting Room access:

Grant Room Access to Members

With members (and teams) now created, the next task is to grant member access to your room, either to individual members, or to entire Teams. Choose one method below to add members or teams to the Room.

Grant Access to Individual Members

From the Rooms tab:

  1. Click the name of the room for which member access is to be granted
  2. In the resulting screen, click MEMBERS

    A list of available organizations appears. The initial setup shows only one Organization Name.

  3. To the left of the Organization name, Click the drop-down arrow dropdown-down-arrow-icon icon to show the list of members for the Organization.
  4. At the top of the drop-down, click the + MEMBER button.
  5. From the ADD dialog, choose Staff Members.
  6. Select the Staff Member (or multiple members) from the list to add to the room.
  7. Click the ADD button.
  8. Close the list of members by clicking on the drop-down arrow dropdown-up-arrow-icon icon

Grant Access to an Entire Team

From the Rooms tab:

  1. Click the name of the room for which member access is to be granted
  2. In the resulting screen, click MEMBERS

    A list of available organizations appears. The initial setup, shows only one Organization Name

  3. To the left of the Organization name, click the drop-down arrow dropdown-arrow-icon icon to show the list of members for the Organization.
  4. At the top of the drop-down, click the + MEMBER button.
  5. From the ADD dialog, choose Teams.
  6. Select the Team (or multiple teams) from the list to add to the room.
  7. Click the ADD button.
  8. Close the list of members by clicking on the drop-down arrow dropdown-up-arrow-icon icon
Note: See the Additional Administrative Functions section below for information on how to invite other authorized organizations to assist in the Room

Step 3: Room Administration

After assigning Staff Members (or whole teams) to the room, the next task is to create Desktops, enable connectivity (through the creation of firewall rules) and request applications to provide to Staff Members within Tehama. Configuration Options are:

Note: All Room administration functions are performed within the ROOMS tab, with the desired room selected.


Create a Virtual Desktop

Members require a desktop to perform their functions.

From within the Room:

  1. Click CONFIGURE
  2. Click DESKTOPS
    • A list of previously configured desktop configurations appears. On initial configuration, there will be no desktop configurations displayed
  3. Click ADD DESKTOP CONFIGURATION
  4. Enter the requested information:
    • Name of desktop (friendly name used to identify the desktop function or owner)
    • Specification (Hardware specifications)
    • Always On (Choose if the desktop needs to remain powered on idle)
    • Mode (Choose if multiple login functionality is enabled)
    • Quantity (Choose how many desktops are to be instantiated)
    • Users (Choose the user(s) who will have access to the Virtual Desktop)
  5. Click CREATE
Note:
The Amazon Workspaces Application Manager® (WAM) service does not support Windows 10. For a more robust experience, we recommend using Windows 7 whenever possible.

Both the Windows 7 and Windows 10 desktops are based on a Windows Server platform. Although the two desktops offer the same user experience as their consumer counterparts, some features of Windows 10 may be missing, such as: Windows Subsystem for Linux


Add Additional Software

Members may require additional desktop software to perform their functions. If the desired software is not available in the default desktop configuration, you can send a request to the Tehama Concierge to add it to your catalogue.

From within the Room:

  1. Click CONFIGURE
  2. Click DESKTOPS
  3. Select the Desktop Applications item from the ADD drop-down menu in the top right corner of the page.
  4. This will take you to the Tehama Support Portal, where you can request your application.
  5. In your request, type the name of the application desired and any additional information on the software you are requesting, including:
    • Licensing
    • Software vendor
    • Desired Configuration Options
  6. Submit your request.

See the Desktops User Guide for more information on configuring and working with desktops.

Create a Firewall Rule

Before the Room can communicate with network resources, you need to configure firewall rules. By default, all outbound traffic is restricted. Configuring a secret (below) also allows the creation of a firewall exception.

From within the Room:

  1. Click CONNECTION
  2. Click FIREWALL RULES
  3. Click ADD FIREWALL RULE
  4. In the resulting screen, enter the following information:
    • Rule Name (a friendly name for the firewall exception)
    • IPv4 CIDR block (IP addresses to expose with Subnet Prefix). E.g.: 127.0.0.1/32)
    • Port Single or Range (choose one)
    • Port (enter the port number or Port range required for the application
Note: Click the ALLOW ACCESS TO WAM button to allow instant room access to the Amazon Workspaces Application Manager® (WAM) service.

Using the CIDR block of 0.0.0.0/0 will disable the firewall and expose the workspace to the internet. While this may be desirable to install software packages, it is not recommended to operate normally with this configuration.


Configure the Secret/Password store

To avoid sharing network resource credentials insecurely, Tehama provides access to an encrypted Secret Password store used to securely store, encrypt, and grant authorized members access to credentials and other sensitive information.

From within the Room:

  1. Click CONFIGURE
  2. Click SECRETS
    You will see a list of secret types, (Cassandra, Generic, MongoDB, etc)
  3. Click the type of secret you wish to add
    The secret view is organized by:
    • asset (secret, e.g. Database credentials)
    • folder (for logical storage of assets)

  4. Create a Folder to organize the secrets
    1. Click the ADD secret type FOLDER button
    2. In the resulting screen, enter the desired Folder name and fill in the required fields. e.g: a firewall exception may need to be specified. (See the Secrets User Guide for more guidance)
    3. Click CREATE
  5. Create an Asset
    1. Double-click the folder name where the Asset is to be filed
      If no folder is specified, the root folder will be used
    2. Click the ADD ASSET button
      In the resulting screen, enter the following:
      • Asset Name (friendly name for your asset/secret) and fill in any required fields. (See the Secrets User Guide for more guidance)
    3. Click CREATE

Authorized staff members can click the asset name to access the asset under the Secrets tab within the Room. They may also access the asset from the Workspace Agent's SECRETS tab with one of the Room's desktops.


Step 4: Desktop Management

Now that the configuration of your Room and Desktop is completed, you are ready (almost) to use your new Desktop.

To use your Desktop you need to:

Access your Desktop's credentials

You access your Desktop's credentials by following these steps:

From within the Room:

  1. Click WORK.
  2. Click MY DESKTOPS.
    • A list of previously configured desktops appears.
  3. Click the CONNECT button adjacent to the desired desktop instance.
    The resulting window displays all necessary information required to log in:
    • Registration Code
    • Username
    • Password

Desktop credentials are dynamic and are only valid for five minutes after they are generated. If the password expires prior to login, a Password expired message is displayed. Close the window and try again or click the REFRESH button.

Download and Install the Amazon Workspaces® Client

Before we can connect to any Desktop, the Amazon WorkSpaces® Client must be installed by following these steps:

  1. Follow the steps to access your Desktop's credentials.
  2. On the resulting window, click the DOWNLOAD CLIENT button.
    A new tab opens to Amazon WorkSpaces® Client.
  3. Click on the correct icon for your device to begin installation.
  4. Follow the installation wizard (for Windows Users) to install the client.
Note: As an alternative to using the installed client, you can use Amazon WorkSpaces® Web Access through your browser. Simply click on the Web Access icon.


Connect to a Virtual Desktop

To connect to a Virtual Desktop, perform the following steps:

  1. Follow the steps to access your Desktop's credentials.
  2. Note the registration code, username and password on the resulting window (Tehama Window). Refresh if expired.
  3. Open the Amazon WorkSpaces® Client app previously installed on your workstation (or Tablet).
    • Ensure there is a green checkmark beside Network at the lower right corner of the Amazon WorkSpaces® app.
  4. Copy the registration code from the Tehama Window and paste it into the Amazon Workspaces® Client application as indicated.
    • Click Register.
  5. Copy the Username and Password from the Tehama Window, and paste them into the Amazon Workspaces® window as indicated.
    • Click Sign In.
  6. If you are prompted with a Remember Me option, Click No.
  7. For Windows users, if prompted to allow firewall access, click Allow Access.
    The connection can take a minute to be fully established.
  8. Upon Launch, the Desktop will begin initializing/starting, resulting after a brief delay in the Workspace-Agent window being displayed, maximized with the desktop running behind it. If the Workspace-Agent detects an update, it will be downloaded automatically and the Workspace-Agent will restart.
Note: For convenience, in Tehama, copy buttons are available that automatically place the Registration Code, Username or Password into the clipboard.




Additional Administrative Functions

These tasks are performed only as needed, and are not necessary to begin using Pythian Tehama.

They are included here in this getting started guide since they are commonly performed tasks.

User Management

Resend an Invite

In the event the original email invitation link has expired, a new invite may be generated and sent. Follow these steps to resend an invite:
From the Team tab:

  1. Click name of the invited member you wish to resend an invite to
  2. In the resulting screen, Click the blue RESEND INVITE button
    • If there is a need to send the link manually, you can use the invitation link presented

Delete Existing Members

Should you need to delete existing members, follow these steps:
From the Team tab:

  1. Click the row of the member you wish to delete
    • Click multiple rows for bulk deletions
  2. In the top-left corner of the list, click the Trash Can icon

Room Management

Grant Room Access to other Organizations

As an alternative to adding individual members or teams from your organization, you can add users from other invited Organizations:
From the Room tab:

  1. Click the name of the room where member access will be granted
  2. In the resulting screen, click MEMBERS

    A list of available organizations appears. On the initial setup, only one Organization Name will be displayed

  3. At the bottom of the list, click the ADD ORGANIZATION button
  4. Select the desired Organization from the list to invite to the Room
Note: Only authorized Organizations are available in this list. If no additional Organizations have been previously authorized, the option to invite a new organization is available.


Edit or Delete a Virtual Desktop

If you need to modify the Virtual Desktop (Desktop Name or Member permissions only) or to delete the desktop completely, follow these steps:

To Edit the Desktop:

From within the Room:

  1. Click CONFIGURE
  2. Click on the Desktops sidebar item
    • A list of previously configured desktops appears
  3. Click the name of the desktop you wish to modify
    In the resulting dialog:
  4. Modify the name of the desktop
  5. Modify the authorized users by clicking in the drop-down list at the bottom of the page
    • Add or remove members as necessary
  6. Click SAVE

To Delete the Desktop:

From within the Room:

  1. Click CONFIGURE
  2. Click on the Desktops sidebar item
    • A list of previously configured desktops appears
  3. Select the entry for the desktop you wish to delete
  4. Click the trashcan icon.
  5. In the resulting screen:
    • Type the name of the Virtual Desktop to confirm deletion (case sensitive)
    • Click DELETE