Getting started with Tehama Installation

Have you completed the Getting Started with Joining Tehama Guide? If not, please go back and do so before proceeding.

Purpose

This guide provides the basic steps necessary in order to create, configure and connect to a Room running within Tehama Service.

Here are some typical scenarios to help you understand the flexibility provided by Tehama PSM. Choose one that applies best to your situation.

  1. Typical room creation scenarios
  2. Typical room configuration scenarios

Typical room creation scenarios

These scenarios result from your organization wanting to create a Room and invite another organization to either complete the configuration of the room or to join it to deliver services.

  1. I am a buyer of services and want to create a room and invite a provider to deliver services where they need access to assets or services running on my infrastructure.
    See Creation Scenario #1.

  2. I am a service provider and I want to invite my buyer to create a room that I will use to deliver service.
    See Creation Scenario #2.

Room Creation Scenario 1:

"I am creating a room connected to my organization and then inviting another organization to join and use the room"

  1. Select the ROOMS tab in the top navigation bar.
  2. Click the NEW button at the top right or the CREATE NEW ROOM button at the end of the room list.

    Note, if your organization has not specified a payment method, you will be prevented from proceeding. You will see a dialog requesting that this be done instead of the CREATE ROOM dialog.

    The CREATE ROOM dialog will appear.

    • In the CREATE ROOM dialog:

      • Give the room a name
      • Select Connect this room to --> "Your Organization"
      • You may opt to select the Create Free Trial Room option. If you leave this option unselected, you will be billed for this room. (This option is only visible to those organizations who are eligible for a free trial room.)
      • Click CONTINUE
        You will be directed to the page for your new Room
        (with "ROOMS > your room name" displayed in the navigation bar).

        A dialog displaying the following message will appear:
        "Before you can start using the room, you need to connect it to your network."

  3. Click CONTINUE.
    This will start a guided process to connect your newly created Room to your Organization's network.
  4. The Desktop Settings dialog will appear.

    spacer

    This dialog prompts you to answer an important question that asks whether you want users of desktops provisioned in the Room to have admin access to their desktops. This decision is unfortunately not reversible.

    spacer

    Attention: This setting is a global setting for your room and will impact ALL desktop users within your room, including the organization owner (the user with the Admin role for your organization) and users with the Tehama Admin role from the Tehama Support team.

    spacer

    • If you wish to grant administrator privileges to desktop users, place a checkmark beside Give Desktop Administrator Privileges. (Please read the information on the screen carefully before making this decision.)
    • If you do not wish to grant administrator privileges to desktop users, leave the check box blank.

      spacer

  5. Click NEXT
    You should see now that your Room page has sprouted three tabs. The current tab should be the CONNECTION tab.
  6. Select the STATUS sidebar item.
    Here you should see the status of your Room and the options for the Room's Network Access
    You have two options for network access:

    • Internet only
      Choose this if you only want your Room to connect to an internet based network (constrained by your Room's firewall settings).
      This requires no further action.
      NOTE: When network access is set to 'Internet Only', Tehama denies all UDP traffic apart from DNS lookup.

      or

    • Tehama Gateway
      Choose this if you want your Room to connect to your organization's private network (as with the 'Internet only' option, constrained by your Room's firewall settings).
      This requires you to install the Tehama Gateway somewhere in your network's infrastructure. You can either:
      1. Proceed to install the TEHAMA GATEWAY now using the Tehama Gateway User Guide instructions, which you can access by clicking on the SHOW USER GUIDE button

        NOTE: Due to a limitation in the authentication framework used by Tehama, the Tehama Gateway cannot be installed on the 172.31.x.x network.

        In addition, Tehama cannot connect to resources that are on the 172.31.x.x network directly.

        If you have the following situation:

        • the Tehama Gateway is on a supported network; and
        • a resource is on the 172.31.x.x network


        then a workaround would be to create a NAT on the network to NAT the address of the resource to an address that Tehama can see, like 10.x.x.x or something similar.


        or if you're not comfortable doing that and need an IT person to help...

      2. Opt to leave installation of the TEHAMA GATEWAY until after you have invited another person to your organization so they can help.
        • See the Organization User Guide if you need help figuring out how to invite someone but it's fairly easy to figure out if you just go to Team in the top navigation bar.
        • Note that if you're just trying out Tehama you can also just install the Tehama Gateway in a temporary location and have your IT people move it later.
  7. At this point you should be on your Room page (with "ROOMS > your room name" displayed in the navigation bar). Your CONNECT status (as seen from the CONNECTION tab's STATUS sidebar item) should be either pending or connected depending on the choice you made in the previous step.
  8. Click the MEMBERS tab. You should see your organization listed.
  9. Click ADD ORGANIZATION and use it to invite your contact from the 3rd party organization.
  10. Optionally, you can apply a policy for that organization. See Policy User Guide for details.

You've now got a Room and invited a third party organization to use it. Once the third party requests access for individual members, you should get notifications to approve them.

  • NOTE: You may want to set things up so that you auto approve members in the room proposed by the other organization. This is tied to the policy you have assigned to the other organization. Click on the MEMBERS tab, then click on the policy for the other organization. You will see the ASSIGN POLICY dialog. Toggle the "Auto approve proposed members" switch to "On". If you don't do this, every member added to the room by the other organization will result in an approval request. If you do, you are trusting the other organization to add/remove members to the room.

You can then either provision tools for them or approve their requests. See Rooms User Guide for more details.

You can now check out the other scenarios in this guide or continue getting started with the Getting Started with Tehama Administration Guide.


Room Creation Scenario 2:

"I'm creating a room and requesting another organization to connect it to their network"

  1. Select the ROOMS tab in the top navigation bar.

  2. Click the NEW button at the top right or the CREATE NEW ROOM button at the end of the room list.

    Note, if your organization has not specified a payment method, you will be prevented from proceeding. You will see a dialog requesting that this be done instead of the CREATE ROOM dialog.

    The CREATE ROOM dialog will appear.

    • In the CREATE ROOM dialog:

      • Give the room a name
      • Select Connect this room to --> "Another organization that I will invite"
      • You may opt to select the Create Free Trial Room option. If you leave this option unselected, you will be billed for this room. (This option is only visible to those organizations who are eligible for a free trial room.)
      • Click CONTINUE
        You will be directed to the page for your new Room (with "ROOMS > your room name" displayed in the navigation bar).

  3. Click the MEMBERS tab.
  4. Invite members from your organization to use the Room. NOTE that the other organization will have to approve them after connecting the room.
  5. You can now optionally go and request or create Desktop configurations. See Rooms User Guide for more details.

You've now created a Room and invited another organization to finish configuring it by connecting it to their network.

You can now check out the other scenarios in this guide or continue getting started with the Getting Started with Tehama Administration Guide.


Typical room configuration scenarios

These scenarios result from another organization creating a Room definition and inviting you to either complete the configuration of the room or to join it to deliver services.

  1. I am a buyer of services and have been invited by my service provider to finish connecting to a room.
    See Configuration Scenario #1.

  2. I am a service provider and I have been invited to join a room by my service buyer. See Configuration Scenario #2.

Room Configuration Scenario #1

You've been invited to finish connecting a room, most likely by your service provider.

  1. You will be asked to connect the room to your network. Click CONTINUE.
    This will start a guided process to connect your newly created Room to your Organization's network.
  2. The Desktop Settings dialog will appear.

    spacer

    This dialog prompts you to answer an important question that asks whether you want users of desktops provisioned in the Room to have admin access to their desktops. This decision is unfortunately not reversible.

    spacer

    Attention: This setting is a global setting for your room and will impact ALL desktop users within your room, including the organization owner (the user with the Admin role for your organization) and users with the Tehama Admin from the Tehama Support team.

    spacer

    • If you wish to grant administrator privileges to desktop users, place a checkmark beside Give Desktop Administrator Privileges. (Please read the information on the screen carefully before making this decision.)
    • If you do not wish to grant administrator privileges to desktop users, leave the check box blank.

      spacer

  3. Click NEXT
    The current tab on your Room page should be the CONNECTION tab.
  4. Select the STATUS sidebar item.
    Here you should see the status of your Room and the options for the Room's Network Access
    You have two options for network access:

    • Internet only
      Choose this if you only want your Room to connect to an internet based network (constrained by your Room's firewall settings).
      This requires no further action.
      NOTE: When network access is set to 'Internet Only', Tehama denies all UDP traffic apart from DNS lookup.

      or

    • Tehama Gateway
      Choose this if you want your Room to connect to your organization's private network (as with the 'Internet only' option, constrained by your Room's firewall settings).
      This requires you to install the Tehama Gateway somewhere in your network's infrastructure. You can either:
      1. Proceed to install the TEHAMA GATEWAY now using the Tehama Gateway User Guide instructions, which you can access by clicking on the SHOW USER GUIDE button

        NOTE: Due to a limitation in the authentication framework used by Tehama, the Tehama Gateway cannot be installed on the 172.31.x.x network.

        In addition, Tehama cannot connect to resources that are on the 172.31.x.x network directly.

        If you have the following situation:

        • the Tehama Gateway is on a supported network; and
        • a resource is on the 172.31.x.x network


        then a workaround would be to create a NAT on the network to NAT the address of the resource to an address that Tehama can see, like 10.x.x.x or something similar.


        or if you're not comfortable doing that and need an IT person to help...

      2. Opt to leave installation of the TEHAMA GATEWAY until after you have invited another person to your organization so they can help.
        • See the Organization User Guide if you need help figuring out how to invite someone but it's fairly easy to figure out if you just go to Team in the top navigation bar.
        • Note that if you're just trying out Tehama you can also just install the Tehama Gateway in a temporary location and have your IT people move it later.
  5. You can now go into the Members tab and approve proposed members from the other organization for access.
    • NOTE: You may want to set things up so that you auto approve members in the room proposed by the other organization. This is tied to the policy you have assigned to the other organization. Click on the MEMBERS tab, then click on the policy for the other organization. You will see the ASSIGN POLICY dialog. Toggle the "Auto approve proposed members" switch to "On". If you don't do this, every member added to the room by the other organization will result in an approval request. If you do, you are trusting the other organization to add/remove members to the room.

Once connected, you will have to go into the CONFIGURE tab to configure what resources are accessible from the room. See Secrets User Guide and Rooms User Guide for more details.

You can now check out the other scenarios in this guide or continue getting started with the Getting Started with Tehama Administration Guide.

Room Configuration Scenario #2

Your organization has been invited to join a room, most likely by your service buyer.

  1. If the other organization set a policy, you'll be asked to review and accept it.
  2. Click the MEMBERS tab.
  3. Invite members from your organization to use the Room. NOTE that the other organization will have to approve them after connecting the room.
  4. You can now optionally go and request desktop configurations. See Rooms User Guide for more details.

You can now check out the other scenarios in this guide or continue getting started with the Getting Started with Tehama Administration Guide.