Desktops User Guide

A Tehama Desktop is a shared or individual virtual computer hosted in a Room. It is a workspace from which you can securely work with assets of the connected organization for the Room. A Room can have multiple Tehama Desktops. The Room configures which assets are accessible from its desktops through its encrypted secrets vault and firewall rules.

All work performed using a Tehama Desktop is recorded and auditable.

There are two types of Tehama Desktops.

  • Windows Desktops

    Tehama Windows desktops are built on Amazon Workspaces bundles, which offer a range of hardware and software options. You can choose between a Windows 7 (powered by Windows Server 2008 R2) and a Windows 10 (powered by Windows Server 2016) desktop experience. See Amazon Workspaces - Features for more details.

  • Linux Desktops (You must contact Tehama Support to enable/disable this room-feature.)

    Tehama Linux Desktops provide virtual desktop environments connected via the RDP protocol to Linux-based servers, offered with a range of hardware and software options similar to the Windows desktops. The currently available Operating System is Ubuntu Server 16.04.

Note: 'desktop' vs 'workspace' - Confused?

'Tehama Desktop' or 'desktop' is short-hand for any workspace offered by Tehama, where the term 'workspace' refers to virtual computers with both 'graphical desktop' and 'console' interfaces.

- A 'graphical desktop' interface is a graphical 'windows-like' interface, with icons etc.
- A 'console' (AKA 'terminal') interface is a command line user interface.

At the moment, the only available Tehama Desktops, whether Windows or Linux based, have 'graphical desktop' interfaces. In future Tehama may offer Linux consoles.

You can configure and work with your desktops as follows:

Privileged user: The organization owner (the user with the Admin role) or a manager of the billing organization.
Non-privileged user: Every other member of the room.

Privileged user actions: Non-privileged user actions:
Add a desktop
Request a desktop
Approve or reject a pending desktop request
Edit a desktop
Edit a pending desktop request Edit a pending desktop request
Delete a desktop
Delete a pending desktop request Delete a pending desktop request
Request additional software be added to the desktop images Request additional software be added to the desktop images
Connect to a desktop Connect to a desktop
Request a custom image of a desktop
Restart a desktop (windows only) Restart a desktop (windows only)
Restart a desktop's X server (linux only) Restart a desktop's X server (linux only)
Change the resolution of a desktop (linux only) Change the resolution of a desktop (linux only)
View a desktop's status View a desktop's status

These actions are performed under the CONFIGURE and WORK tabs for a Room.

The CONFIGURE tab for privileged users: Configure Windows Desktops Page for Privileged Users

Note that the desktop list under WINDOWS DESKTOPS in the CONFIGURE tab is filterable on the Status column.

To set/unset a filter:

  • click on dropdown arrow next to the column name to open the filter options menu.
  • click on the "All" filter option to turn it on; to turn it off unset one of the other filter options.
  • click on a filter option to toggle it on or off.

The WORK tab for the privileged users: Work My Desktops Page for Privileged Users

The WORK tab for non-privileged users: Work My Desktops Page for the Non-privileged Users


Add a desktop

Note, only privileged users can add a new desktop directly. Non-privileged users must request a desktop.

Steps to add a desktop vary by type:

Add a Windows Desktop:

To add a new desktop configuration, click on the CONFIGURE tab, select the WINDOWS DESKTOPS sidebar item and select Desktop under the ADD dropdown menu at the top right of the page.

This will display the ADD DESKTOP dialog:

Add Desktop Dialog

In the windows ADD DESKTOP dialog:

  • Enter a Desktop Name.
  • In the Mode drop-down field, select
    EITHER
    Shared, – which requires you to specify the number of people who will have access to the desktop, and provides room access that can be pooled/shared among all users in the access list field, one at a time,
    OR
    Individual, – which gives each user room access (a desktop) that is uniquely available to them.
    (See "Note on Shared Desktops" below.)
  • In the Quantity field if you have chosen a Shared mode, enter the number of desktops that will be shared.
  • In the Users field, enter the name(s) of those who will use this desktop.
  • In the Specification field, choose one of the supported CPU and memory configurations for your virtual machine.1
  • If desired, enable the Always On checkbox. If not enabled, the desktop will be suspended when it is not in use. (Always On is not available for the GPU specification.)

Click CREATE. The new desktop will appear in the list of desktops on the page.

A Note on Shared Windows Desktops

An individual desktop is accessed through a unique username for that desktop. The username is NOT unique to the individual. Multiple users who wish to access the same Windows Desktop will do so using a shared/common username. This will impose the following risks in the Windows environment:

  1. There is no user level local file space on the desktop. All files, application settings and personalization configured within the windows host will be accessible to ALL individuals who access that desktop. For Example:
    1. Application Specific Configuration, Including:
      1. Saved hosts/password settings entered into PuTTY or WinSCP
      2. Personal Details
      3. Browsing Data (Cookies, Cache, History)
    2. Saved usernames and passwords stored in the browser (e.g. Internet Explorer or Google Chrome)
    3. Windows Personalizations
    4. Files added/created
  2. No individual user logging/traceability. Windows log files will be unable to identify a specific individual logged into Windows when searching for a specific event. All user logs will appear from the shared username (unique to the Windows VM).

The Tehama platform DOES however offers the following individual user level feature:
  1. Session Recordings. Stored session recordings are stored and associated to an individual Tehama user. For ease of playback, the recordings are marked with the individual usernames.
If a per-user desktop experience is required, it is recommended to instantiate an Individual Desktop.

Add a Linux Desktop:

To add a new Linux desktop, click on the CONFIGURE tab, select the LINUX DESKTOPS sidebar item and click on the ADD DESKTOP button at the top right of the page.

This will display the ADD DESKTOP dialog:

Add Desktop for Linux Dialog

In the linux ADD DESKTOP dialog:

  • Enter a Desktop Name.
  • If you want this to be a multi-user desktop, select the Multi User Desktop checkbox. WARNING: Once the desktop is created it is not possible to convert a single user desktop to multi-user.
    If selected, the User field changes to Users and a new field, Sudo Users appears. New fields for multi-user linux request desktop
  • If single user:
    • In the User field, enter the name of those who will use this desktop.
    • Note that the single user in the desktop will be given full sudo user capabilities on this desktop.
  • If multi user:
    • In the Users field, enter the names of those who will use this desktop.
    • In the Sudo Users field, enter the name(s) of those users who will be given the ability to perform certain operations with elevated privileges, such as using the package manager, on this desktop.
  • In the Operating System field, choose one of the supported operating systems.
  • In the Specification field, choose one of 'Personal', 'Standard', 'Professional' or 'High Performance Computing'. Once a value has been selected, values for it will appear in the dialog.

Click CREATE. The new Linux desktop will appear in the list of desktops on the page.


Request a desktop

Note, only non-privileged users may request a desktop configuration. Privileged users can directly add a desktop.

As a non-privileged user, you can request a new desktop configuration. The request is sent to the organization owner (the user with the Admin role) and the managers of the billing organization (that is, the privileged users), who can either approve or reject your request.

Click on the WORK tab, select either the MY DESKTOPS sidebar item or the PENDING DESKTOPS sidebar item, then select Desktop under the REQUEST dropdown menu at the top right of the page.

This will display the REQUEST DESKTOP dialog:

Request Desktop Dialog

In the REQUEST DESKTOP dialog, select the type of desktop you wish to request from the MODE dropdown field, then click on CONTINUE.

For "Windows Desktop" desktops:

The REQUEST DESKTOP dialog for windows will appear.

Request Desktop Windows Dialog

In the windows REQUEST DESKTOP dialog:

  • Enter a Desktop Name.
  • In the Mode drop-down field, select
    EITHER
    Shared, – which requires you to specify the number of people who will have access to the desktop, and provides room access that can be pooled/shared among all users in the access list field, one at a time,
    OR
    Individual, – which gives each user room access (a workspace) that is uniquely available to them.
    (See Note on Shared Desktops found under the "Add a desktop" section.)
  • In the Quantity field if you have chosen a Shared mode, enter the number of desktops that will be shared.
  • In the Users field, enter the name(s) of those who will use this desktop.
  • In the Specification field, choose one of the supported CPU and memory configurations for your virtual machine.2
  • In the Description field, type in the description of this proposed desktop. (This description is what the billing organization will base their decision to approve or reject your request on.)
  • If desired, enable the Always On checkbox. If not enabled, the desktop will be suspended when it is not in use. (Always On is not available for the GPU specification.)

Click REQUEST.

Your newly requested desktop configuration will appear to you, as a non-privileged user, in the list of pending desktop configurations under the PENDING DESKTOPS sidebar item in the WORK tab. It will appear to the organization owner (the user with the Admin role) and the managers of the billing organization (that is, the privileged users) under the DESKTOPS sidebar item in the CONFIGURE tab, marked as a proposed desktop configuration, awaiting review.

If approved, your requested desktop configuration will move to the list of desktop configurations under the MY DESKTOPS sidebar item. If rejected, you will be sent a message with the reason for the rejection and the entry will be removed from the list of pending requests.

For "Linux Desktop" desktops:

The REQUEST DESKTOP dialog for linux will appear.

Request Desktop Linux Dialog

In the linux REQUEST DESKTOP dialog:

  • Enter a Desktop Name.
  • If you want this to be a multi-user desktop, select the Multi User Desktop checkbox. WARNING: Once the desktop is created it is not possible to convert a single user desktop to multi-user.
    If selected, the User field changes to Users and a new field, Sudo Users appears. New fields for multi-user linux request desktop
  • If single user:
    • In the User field, enter the name of those who will use this desktop.
    • Note that the single user in the desktop will be given full sudo user capabilities on this desktop.
  • If multi user:
    • In the Users field, enter the names of those who will use this desktop.
    • In the Sudo Users field, enter the name(s) of those users who will be given the ability to perform certain operations with elevated privileges, such as using the package manager, on this desktop.
  • In the Operating System field, choose one of the supported operating systems.
  • In the Specification field, choose one of 'Personal', 'Standard', 'Professional' or 'High Performance Computing'. Once a value has been selected, values for it will appear in the dialog.

Click REQUEST.

Your newly requested desktop configuration will appear to you, as a non-privileged user, in the list of pending desktop configurations under the PENDING DESKTOPS sidebar item in the WORK tab. It will appear to the organization owner (the user with the Admin role) and the managers of the billing organization (that is, the privileged users) under the DESKTOPS sidebar item in the CONFIGURE tab, marked as a proposed desktop configuration, awaiting review.

If approved, your requested desktop configuration will move to the list of desktop configurations under the MY DESKTOPS sidebar item. If rejected, you will be sent a message with the reason for the rejection and the entry will be removed from the list of pending requests.


Approve or reject a pending desktop request

Note, only privileged users can approve or reject a pending desktop request.

Requested desktop configurations will show up in the list of desktop configurations as "Pending" and the name of the desktop configuration will be followed by the phrase "(Proposed request by <the name of the non-privileged user that made the request>)".

You can approve or reject a requested (proposed) desktop configuration by clicking on the name in the entry of the proposed desktop configuration.

The REVIEW DESKTOP dialog will appear.

For pending windows desktops:

Review Desktop Windows Dialog

For pending linux desktops (left for single-user, right for multi-user):

Review Desktop Linux Dialog

Browse the desktop details in the request, including the the description field containing the reason for the request. (Note that the name and user fields are editable (and sudo users for pending linux multi-user desktops), but any changes will only take effect if you exit the dialog by clicking the APPROVE button.)

Click APPROVE to approve the desktop.

OR

Click REJECT to reject it.

This will display the REJECT DESKTOP dialog:

Reject Desktop Dialog

Enter the reason you want to reject the pending desktop request into the dialog, then click REJECT.


Edit a desktop

Note, only privileged users can edit a desktop.

To edit an existing desktop configuration, click on the name of the desktop configuration that you wish to edit.

This will display the EDIT DESKTOP dialog for windows desktops:

Edit Windows Desktop Dialog

Or the EDIT LINUX DESKTOP dialog for linux desktops (left for single-user, right for multi-user):

Edit Linux Desktop Dialog

Make your changes in the dialog, then click SAVE.


Edit a pending desktop request

Note, both privileged and non-privileged can edit a pending desktop request, though privileged users are restricted in what fields they can edit.

To edit a pending desktop request - non-privileged users:

Click on the WORK tab, select the PENDING DESKTOPS sidebar item and click on the name of the pending desktop configuration that you wish to edit.

This will display the EDIT DESKTOP REQUEST dialog for windows desktops:3

Edit Windows Desktop Request Dialog

Note: The Always On option is not available for the GPU specification.

Or the EDIT DESKTOP REQUEST dialog for linux desktops (left for single-user, right for multi-user):

Edit Linux Desktop Request Dialog

Make your changes in the dialog, then click SAVE.

To edit a pending desktop request - privileged users:

Changes to a pending desktop request are possible to a few fields (name and users) by privileged users immediately prior to approving the request.

Follow the initial steps for approving/rejecting a pending desktop request until you see the REVIEW DESKTOP dialog.

Make your changes to the editable fields in the dialog, then click APPROVE to approve the changed request.


Delete a desktop

Note, only privileged users can delete a desktop.

  1. Click CONFIGURE.
  2. Click on the WINDOWS DESKTOPS or LINUX DESKTOPS sidebar item, depending on what type of desktop you want to delete.
  3. Select the desktop you wish to delete by clicking in the checkbox to the left of the desktop's name.
    Select multiple desktops for bulk deletions.
    selected desktop row in rooms configure desktop page
  4. At the bottom of the page, click the Trash Can Delete icon. You will see the DELETE DESKTOPS dialog.
    • For windows desktops:
      Delete Windows Desktop Dialog
    • For linux desktops:
      Delete Linux Desktop Dialog
  5. Type the name of the Virtual Desktop to confirm deletion (case sensitive).
  6. Click DELETE.

Delete a pending desktop request

Note, both privileged and non-privileged users can delete a pending desktop request.

To delete a pending desktop configuration - privileged users:

  1. Click CONFIGURE.
  2. Click on the WINDOWS DESKTOPS or LINUX DESKTOPS sidebar item, depending on what type of pending desktop you want to delete.
  3. Select the pending desktop you wish to delete by clicking in the checkbox to the left of the desktop's name.
    selected desktop row in rooms configure desktop page
  4. At the bottom of the page, click the Trash Can Delete icon. You will see the REJECT CONFIGURATION dialog.
    Reject Desktop Dialog
  5. Enter the reason you want to delete the pending desktop (which is actually a rejection of the request) into the dialog.
  6. Click REJECT.

To delete a pending desktop configuration - non-privileged users:

  1. Click WORK.
  2. Click on the PENDING DESKTOPS sidebar item.
  3. Select the pending desktop you wish to delete by clicking in the checkbox to the left of the desktop's name.
    selected desktop row in rooms configure desktop page
  4. At the bottom of the page, click the Trash Can Delete icon. You will see the DELETE DESKTOP REQUEST dialog.
    Delete Request Dialog
  5. Click DELETE.

Request additional software be added to the default desktop images

Members may require additional desktop software in their desktops to perform their functions. If the desired software is not available in the default desktop images, you can send a request to the Tehama Concierge to add it to your catalogue.

NOTE: Make this request for additional software to add software to the desktop images which are used to create desktop configurations (desktop instances). Tehama Support will process your request and update the images. Create a new desktop configuration from one of these updated images in order to access the additional software.

If you need to add additional software to one of your existing desktop configurations, you may install it on the desktop yourself but ONLY IF your room was created with desktop admin privileges enabled.

From within the Room:

  1. Click CONFIGURE
  2. Click DESKTOPS
  3. Select the Desktop Applications item from the ADD drop-down menu in the top right corner of the page.
  4. This will take you to the Tehama Support Portal, where you can request your application.
  5. In your request, type the name of the application desired and any additional information on the software you are requesting, including:
    • Licensing
    • Software vendor
    • Desired Configuration Options
  6. Submit your request.

Connect to a desktop

Note, both privileged and non-privileged users can connect to a desktop.

The steps to connect to a desktop vary by type:

Connect to a "Windows Desktop" desktop

Click on the WORK tab, select the MY DESKTOPS sidebar item, then click on either the name of the desktop or on the CONNECT button in its entry.

This will display the ACCESS DESKTOP dialog. (The left image shows the dialog when "Web Client" is selected and the right image shows the dialog when "Desktop Client" is selected.)

Access Desktop Dialog

Connect to your desktop using the information displayed in the ACCESS DESKTOP dialog:

Either:
Use the "Desktop Client" option

This connection method generates a simple, custom link for your desktop that launches the desktop client application pre-populated with the Registration Code and Username authentication information (which you can see displayed on the dialog when viewing the "Web Client" option). You only have to paste in the Password.

  1. Open a pre-populated instance of the Amazon Workspaces® Client as follows:
    • A. Select the "Desktop Client" option in the dropdown at the top of the ACCESS DESKTOP dialog.
    • B. Click on the words Download desktop client in the ACCESS DESKTOP dialog to download the application to your host machine (if you haven't already).
      • Make sure the version of the application is at least 2.4.9.837. (Older versions of the application do not support the API used to pre-populate the authentication data.)
    • C. Click on the LAUNCH button in the ACCESS DESKTOP dialog to launch your desktop, via a custom link.
    • D. Note the link will open in a new tab and the desktop client application will be launched. Also, the contents of the Password field will be automatically copied to the clipboard.
  2. Paste the Password value into the application from the clipboard.
  3. Click Sign In.

Or:
Use the "Web Client" option

This connection method requires you to open the Amazon Workspaces® Web Client and manually populate it with the Registration Code, Username and Password authentication information displayed on the dialog (only displayed when you are viewing the "Web Client" option).

  1. Open an instance of the Amazon Workspaces® Client.
    • A. Select the "Web Client" option in the dropdown at the top of the ACCESS DESKTOP dialog.
    • B. Click on the LAUNCH button in the ACCESS DESKTOP dialog to launch the Amazon Workspaces® Web Client.
      • Alternative: You may also use the desktop client installed on your host machine instead of launching the web client. (Use the Download desktop client link found on the ACCESS DESKTOP dialog when viewing the "Desktop Client" to install it, if necessary.) Open the application on your host machine and proceed just as if you were using the web client.
  2. In the Amazon WorkSpaces® Client, ensure there is a green checkmark beside Network at the lower right corner.
  3. Note the Registration Code, the Username and the Password values in the ACCESS DESKTOP dialog. Refresh if expired.
  4. Copy the registration code from the ACCESS DESKTOP dialog and paste it into the Amazon Workspaces® Client as indicated.
    • Click Register.
  5. Copy the Username and Password from the ACCESS DESKTOP dialog and paste them into the Amazon Workspaces® Client as indicated.
    • Click Sign In.
  6. If you are prompted with a Remember Me option, click No.

Your desktop session will begin.

Important Notes:

  • Your desktop may be restarting or rebooting. If so, wait a few minute and try again.
  • For Windows users, if prompted to allow firewall access, click Allow Access.
    The connection can take a minute to be fully established.
  • Upon launch, your desktop will begin initializing/starting, resulting after a brief delay in the Workspace-Agent window being displayed, maximized with the desktop running behind it. If the Workspace-Agent detects an update, it will be downloaded automatically and the Workspace-Agent will restart.
Note: For convenience, in Tehama, copy buttons are available that automatically place the Registration Code, Username or Password into the clipboard.

Connect to a "Linux Desktop" desktop

Click on the WORK tab, select the MY DESKTOPS sidebar item, then click on the CONNECT button in your desktop's entry.

This will launch the desktop in a new tab in your browser.

Once the desktop is visible, the first thing you will see is the options menu:

Linux Desktop Options Menu

You can choose to change the resolution of your desktop's X server (see 'Change the resolution of your desktop's X server)or simply to close the options menu.


Request a custom image of a Desktop

Note, only privileged users may request the creation of desktop custom images and specifications.

This is available for "Windows Desktops" only.

Read the Custom Specifications User Guide to learn what a custom specification is and how to prepare your desktop before requesting the creation of a custom image and specification.

Briefly, click on the WORK tab, select the MY DESKTOPS sidebar item, then locate the entry for the targeted desktop. Click on the custom-spec request icon Custom Spec Request Button in the desktop's entry.

This will display the CUSTOM SPECIFICATION dialog.

Custom Spec Request Dialog

In the CUSTOM SPECIFICATION dialog:

  • Enter a name, for example "Project ACME Custom Spec 1", and a description for your custom specification, then click on REQUEST.
  • A popup will appear that lets you know your request is in progress.

It will take up to the end of the next business day for your custom specification to become available. You will be notified once it is ready for use.


Restart a desktop

Note, both privileged and non-privileged users can restart a desktop.

This is available for "Windows Desktops" only.

Click on the WORK tab, select the MY DESKTOPS sidebar item, then locate the entry for the desktop. Click on the restart icon Desktop Restart Icon in the desktop's entry.

This will display the confirmation dialog.

Desktop Restart Confirmation Dialog

If you wish to proceed with the restart (reboot) of your desktop, select OK. Otherwise select Cancel.

Note that the restart may take 5 - 10 minutes to complete.


Restart a desktop's X server

Note, both privileged and non-privileged users can restart a Linux desktop's X server, which .

This is available for "Linux Desktops" only.

Click on the WORK tab, select the MY DESKTOPS sidebar item, then locate the entry for the desktop. Click on the restart icon Desktop Restart X Server Icon in the desktop's entry.

This will display the RESTART YOUR X SERVER dialog.

Desktop Restart X Server Dialog

If you wish to proceed with the restart of your desktop's X server, select RESTART. Otherwise close the dialog.


Change the resolution of your desktop's X server

Note, both privileged and non-privileged users can change the resolution of a desktop's X server.

This is available for "Linux Desktops" only, while connected to a desktop.

(See instructions to connect to a Linux desktop here: Connect to a "Linux Desktop" desktop.)

Click on the menu icon menu icon in the top right corner of the display to open the options menu.

Once the desktop is visible, the first thing you will see is the options menu:

Linux Desktop Options Menu

Click on the Change Desktop Resolution button in the options menu.

This will display the change resolution dialog.

Desktop Change Resolution Dialog

Note that changing the resolution of your desktop will end your currently active session. If you are logged in you may lose unsaved work.

If you wish to cancel the operation, select the X in the top right corner of the dialog to dismiss it.

If you wish to proceed, enter the new resolution and select UPDATE AND RESTART.

You will see the following screen:

Linux Reconnect Dialog

Click on RECONNECT to change your desktop's resolution and reconnect.

Click on RETURN TO TEHAMA to return to the Tehama WebApp.


View a desktop's status

Note, both privileged and non-privileged users can view the status of a desktop.

Click on the WORK tab, select the MY DESKTOPS sidebar item, then locate the entry for the desktop. Look for the status icon at the far right of the entry.

For "Windows Desktop" desktops:

You can see from the status icon in a desktop's entry whether the desktop is:

  • in use: in use status icon

or

  • not in use: not in use status icon

For "Linux Desktop" desktops:

You can see from the status icon in a desktop's entry whether the desktop is:

  • active: active status icon

or

  • not active: not active status icon

  1. Note that while the Personal specification for a Windows Desktop is suitable for work such as terminal work, it is not suitable if you intend to run many applications. 

  2. See footnote 1

  3. See footnote 1