Getting started with Tehama Installation

Have you completed the Getting Started with Joining Tehama Guide? If not, please go back and do so before proceeding.

Purpose

So far you have joined Tehama, creating your own Tehama organization (if necessary).

This guide provides the basic steps necessary in order to create, configure and connect to a Room running within Tehama Service.

If you need to create a Room:

Read through the Choose a Room type section to help you understand which type of Room to create. Choose the type of Room that applies best to your situation, then proceed to:

If you have received an invitation to connect a Service-provider Room:

If you have received an invitation to join a Standard or a Service-provider Room:


Choose a Room type

Read through these scenarios and identify which Room type fits your organization's needs:

  1. Standard Room

    There are a couple of use-cases that are best served by a Standard Room:

    1. Room for a Remote Workforce
      "I want a Room that my organization owns and that is connected to my private network (either a physical or an internet-based network). My organization is the primary organization doing work in the Room, though I can invite other organizations to join the Room if I need to."

    2. Room for a Service Consumer
      "I want a Room that my organization owns and that is connected to my private network (either a physical or an internet-based network). I will invite my service provider's organization to join the Room. They will be the primary organization doing work in the Room, though I can invite other organizations to join the Room if I need to."
    In a Standard Room, your organization both owns and controls access to the Room. i.e.: Your organization pays for the Room and has control over what services/tools are provisioned in it (the owner responsibilities), and controls which other organizations and members have access and what assets are accessible through the Room (the access/connected responsibilities).

  2. Domain Join Room

    This is the use-case for a Domain Join Room:

    • "I want a Room that I own and that is connected to my physical private network, and that is joined to my network's domain, giving read-only access to the domain's objects, such as users and policies, to the Room. The Room's members' Tehama login usernames (email addresses from my network's domain) will be used as the login usernames for the Desktops in the Room to which they are assigned. Policies in my network's domain will be applied automatically to the Desktops in the Room. I require only Desktops of type "Tehama Windows Desktops" and my organization will be the only organization in the Room."

      NOTE: Read through the Domain Join Room Requirements and Limitations section in the Room Domain Join User Guide to be sure that this type of Room is right for your organization.

      DISCLAIMER: The Domain Join Beta feature is still undergoing development and is provided 'as-is', without any warranties or support, and Tehama will not be liable for any loss of data. See the Room Domain Join User Guide for more information about this new beta Room feature.

    In this type of Room, your organization both owns and controls access to the Room. i.e.: Your organization pays for the Room and has control over what services/tools are provisioned in it (the owner responsibilities), and controls which members have access and what assets are accessible through the Room (the access/connected responsibilities).

  3. Service-provider Room a special case of a Standard Room

    This is the use-case for a Service-provider Room:

    • "I want a Room that my organization owns and that is connected to another organization's private network (either a physical or an internet-based network). This second organization is the consumer of my services and is referred to as the connected organization. If necessary, the connected organization can invite other organizations to join the Room."

    This is a special type of a Standard Room where the responsibilities in the Room are divided between two organizations - the owner organization, that pays for the Room and has control over what services/tools are provisioned in it, and the access/connected-to organization, that controls which other organizations and which members have access and what assets are accessible through the Room.

    There are two steps to create and connect a Service-provider Room:
    1. Create a Service-provider Room
      This step is done by the Service-provider organization, who will own the Room.
    2. Connect a Service-provider Room
      This step is done by the Service-consumer organization, who will control access in the Room.

Create and connect a Standard Room:

Instructions to create a Standard Room and connect my network to it

"I am creating a Room, connecting it to my network, and then (optionally) inviting another organization to join and use the Room."

  • My organization will be responsible for all costs incurred in the Room, and will have control over what services/tools are provisioned in the Room.
  • My organization will control access to my network, which means control over which other organizations _(if any)_ and which members will have access to the Room and what assets are accessible through this Room.
  • I can invite members of my organization to become members of the Room.
  • If desired, I can invite other organizations to join the Room, for example the organization of my service provider; these organizations are referred to as user organizations; they can propose their organization members to become members of the Room; I can approve their proposals and assign them Desktops.
  • Members of the Room will be able to access assets in my network securely through Desktops in the Room.

(If you do not have a Tehama organization account, contact Tehama Support to discuss joining Tehama. Steps to join Tehama can be found in the Getting Started with Joining Tehama Guide.)

Only the Org Admin user and Org/Room Managers of an organization can create a Room and connect to it.

  1. Log in to the Tehama Web UI.

  2. Select the ROOMS tab in the navigation bar.

  3. Click the NEW button at the top right. The CREATE ROOM dialog will appear.

  4. Select Standard Room.

  5. Click CONTINUE. The fields for a Standard Room will appear on the dialog.

  6. Enter a name in the Room Name field.

  7. Select "Your Organization" in the Connect this room to field.

  8. OPTIONAL:    Check the box beside Create Free Trial Room to make this Room a "Trial Room". If you leave this box unchecked, you will be billed for this Room.

    Note: this option is only visible to those organizations who are eligible for a free trial Room. If your organization is not eligible for a free trial Room, then you will not see this option and you will be billed for the Room.

    The TCU usage within a Trial Room is offset by the Trial TCU credits allocated to your organization. If the TCU usage in the Trial Room is over the number of available Trial TCU credits, then you will be billed for the difference.

  9. Select your preferred region in the Region field.

    This is the region in which you want this Room's infrastructure to be provisioned. Select a region that is geographically appropriate for the users of this Room.

    Note: Not all Desktop specifications are available in all regions. Read through the list of supported Desktop specifications by region in the Desktops User Guide before selecting a region.

  10. OPTIONAL:    Check the box beside Include the File Vault in this room to include a File Vault in this Room.

    Note: You can opt to enable/disable this Room feature after the Room is created by contacting Tehama Support for assistance, or through the Room Settings interface. See the Enable/Disable File Vault section in the Rooms User Guide.)

  11. OPTIONAL:    Check the box beside Allow users to download files, except any containing sensitive data as determined by our Data Loss Prevention system, onto their local desktops to allow users to download files from the File Vault to their local desktops through the File Vault interface in the Tehama Web UI.

    Note: This option is only visible if you opted to enable the File Vault in the previous step.

    Note: As with the File Vault feature itself, you can opt to enable/disable this File Vault sub-option after the Room is created by contacting Tehama Support for assistance, or through the Room Settings interface. See the Enable/Disable File Vault section in the Rooms User Guide. Note, you must enable the File Vault feature flag to see this sub-option in the Room Settings interface.

  12. OPTIONAL:    Check the box beside Include the App Vault in this room to include an App Vault in this Room.

    Note: You can opt to enable this Room feature after the Room is created by contacting Tehama Support for assistance, or through the Room Settings interface. See the Enable/Disable App Vault section in the Rooms User Guide.

  13. Click CONTINUE at the bottom of the CREATE ROOM dialog.

    This will start a guided process to configure and create your Room and connect it to your organization's network.

  14. Observe that a page has appeared in the Tehama Web UI with ROOMS -> <your room name> at the top. You will continue to configure your Room on this page.

  15. Under the ENABLE DESKTOP ADMIN RIGHTS heading:

    OPTIONAL:    Check the box beside Give Desktop Administrator privileges to grant desktop administrator privileges to Desktop users of Workspace Desktops. If you leave this box unchecked, your Workspace Desktop users will not have administrator privileges.

    This is an important question that asks whether you want users of Desktops of type Workspace provisioned in the Room to have admin access to their Desktops. This decision is unfortunately not reversible through the Tehama Web UI.

    Attention: This Room Desktop Setting is a global setting for your Room and will impact ALL Workspace Desktop users within your Room, including the Org Admin user for your organization and users with the Tehama Super Admin role from the Tehama Support team.

    Contact Tehama Support to discuss your options if you need to enable this setting in an existing Room.

    Note: In Standard and Service-provider Rooms, Desktop admin rights for Tehama Windows Desktops and Tehama Linux Desktops are not affected by this decision. For these types of Desktops, the decision to grant admin rights for users is made when creating their Desktop templates. In Domain Join Rooms, Tehama Windows Desktops inherit their privileges from the domain.

  16. Under the NETWORK ACCESS CONFIGURATION heading:

    Select one of the options from the dropdown field.
    • You have two options:

      • Tehama Gateway
        Choose this if you want your Room to connect to your organization's private network (as with the 'Internet only' option, constrained by your Room's firewall settings).

        This option requires you to install a Tehama Gateway (at least one) somewhere in your network's infrastructure.

        If you choose this option, proceed to step 18.

    • or

      • Internet only
        Choose this if you only want your Room to connect to applications and services in the cloud (constrained by your Room's firewall settings).
        NOTE: When network access is set to 'Internet Only', Tehama denies all UDP traffic apart from DNS lookup.

        If you choose this option, proceed to step 19.

  17. If you selected Tehama Gateway as your network access method ...

    You will see a CONTINUE button.

    1. Click the CONTINUE button.

      You will see the heading Gateway near the top of the page, followed by the heading Access Key, and the button DONE at the bottom of the page.

      Under the Gateway heading, you will find a text link Show User Guide to the Tehama Gateway User Guide. This guide contains instructions on how to install a Tehama Gateway in your private network.

      Under the Access Key heading, you will find the Access Key for your Room, ready to be copied, downloaded or regenerated. The Access Key is required to connect the Gateway to your Room.

    2. Use one of the following installation methods to install your gateway *:

        Tehama Gateway Network Limitations
      Due to a limitation in the authentication framework used by Tehama, the Tehama Gateway cannot be installed on the 172.31.x.x network. In addition, Tehama cannot connect to resources that are on the 172.31.x.x network directly.
      If you have the following situation:
      • the Tehama Gateway is on a supported network; and
      • a resource is on the 172.31.x.x network
      then a workaround would be to create a NAT on the network to NAT the address of the resource to an address that Tehama can see, like 10.x.x.x or something similar.

      Connecting a Tehama Gateway to your new Room will cause your new Room's infrastructure to begin building.

      You will incur the cost of the Room when you connect it to a Tehama Gateway, causing the Room's infrastructure to begin building.
      * Note that if you're just trying out Tehama you can just install the Tehama Gateway in a temporary location and have your IT people move it later.

      If you're not comfortable installing the Tehama Gateway yourself and need an IT person to help, you can, in a Standard Room, opt to leave installation of the Tehama Gateway until after you have invited another person to your organization so they can help. Just click DONE to move on. See the Organization User Guide if you need help figuring out how to invite someone but it's fairly easy to figure out if you just go to MEMBERS in the navigation bar.

    3. Click DONE.

    4. Proceed to step 20.

  18. If you selected Internet Only as your network access method ...

    You will see a checkbox beside the text Build room when finish button is pressed and a FINISH button.

    1. If you are willing to accept responsibility for the cost of the Room, leave the checkmark in place beside Build room when finish button is pressed.

      Otherwise, click in the checkbox to remove the checkmark.

      Clicking FINISH when this checkbox is checked will cause the Room's infrastructure to begin building.

      You will incur the cost of the Room when the Room's infrastructure begins to build.

      If this checkbox is left un-checked when FINISH is clicked, you can initiate the build of the Room's infrastructure from the Room's STATUS page at a later time.

    2. Click FINISH.

  19. Observe that your Room interface page has sprouted four tabs, MEMBERS, CONNECTION, AUDIT and POLICY.

  20. Click on the Room's CONNECTION tab, then select the STATUS sidebar item to navigate to the Room's STATUS page. This page shows your Room's status and its current 'Network Access' selection.

    At this point your Room status should be one of the following, depending on the choices you made in the previous step:

    • Building or Built (for 'Internet Only' network access mode, if you opted to build above), or
    • Pending Gateway Connection or Connected (for 'Tehama Gateway' network access mode).

    If you opted not to build your 'Internet Only' Room during the Room creation process, you will not see any Room status. Instead you will see a BUILD button. Click this button to build your Room's infrastructure. You will incur the cost of the Room when the Room's infrastructure begins to build.

    If your opted to leave the installation of the Tehama Gateway for your 'Tehama Gateway' Room until after you had invited another person to your organization, direct them to this page. They can begin the installation process by clicking on the View or Regenerate link in the Access Key field to display the Access Key page. That page has a text link, Show User Guide, to the Tehama Gateway User Guide instructions that contains instructions for installing and connecting a Tehama Gateway to your Room, as well as instructions for regenerating the access key. You will incur the cost of the Room when you connect it to a Tehama Gateway, causing the Room's infrastructure to begin building.

    Once your Room's infrastructure has successfully built, your Room interface page will sprout another tab: CONFIGURE.

      Note on the Multiple Gateways Feature:
    • The 'Multiple Gateways' feature provides redundancy for a Room's network access when the selected network access mode is 'Tehama Gateway' and the feature is enabled. It can be enabled/disabled by the owner (user with Org Admin role), Org Managers and Room Managers who are members of the Room who are members of the organization that owns the Room (which is your organization in this case). It allows you to provision a second Tehama Gateway, which you must install in your network's infrastructure. The two Gateways will run simultaneously. Access to this feature is not offered by default. Contact Tehama Support to arrange for access to this feature in your Room.
    From the STATUS page, you can both monitor your Room's status and configure your network access.

    You can change the Room's network access mode between 'Internet Only' and 'Tehama Gateway'.

    If your Room's mode is 'Tehama Gateway', you can regenerate the Room's access key, enable/disable the 'Multiple Gateways' option (see sidebar note), and trigger automated Gateway version updates (if an update is available).

    See the Room Connection Status Monitoring/Management User Guide for help.

  21. Click on the Room's CONFIGURE tab, then select the SETTINGS sidebar item to navigate to the Room's SETTINGS page. This page shows your Room's settings. Proceed to configure the settings in your Room as desired.

    You can find instructions for configuring your Room settings in the Room Desktop Settings section and in the Room Feature Settings section in the Rooms User Guide.

You have now created a Room, connected your network to it, and configured your Room settings.

Your organization is both the Room's owner organization and its connected organization (owner+connected). See the Roles User Guide for more information on organization roles in Rooms.

More information on Rooms can be found in the Rooms User Guide.

Be sure to continue getting started with the Getting Started with Tehama Administration Guide.

Note: The Administration Guide will show you the steps to carry out the following basic and necessary organization and Room set up:

As the organization that created and connected a Standard Room:


Create and connect a Domain Join Room

Instructions to create a Domain Join Room and connect my network to it

"I am creating a Room, connecting it to my organization's network, and then connecting my network's domain to the Room."

  • My organization will be responsible for all costs incurred in the Room, and will have control over what services/tools are provisioned in the Room.
  • My organization will control access to my network.
  • I can invite members of my organization to become members of the Room.
  • Members of the Room will be able to access assets in my network securely through Desktops in the Room.
  • The Room's members' Tehama login usernames (email addresses) are used as the login usernames for the Desktops in the Room to which they are assigned.
  • Any policies found in the Room's organization's network domain will be applied automatically to the Desktops in the Room. Note: Tehama Windows Desktops in domain joined Rooms inherit their privileges from the domain.

DISCLAIMER: The Domain Join Beta feature is still undergoing development and is provided 'as-is', without any warranties or support, and Tehama will not be liable for any loss of data. See the Room Domain Join User Guide for more information about this new beta Room feature.

(If you do not have a Tehama organization account, contact Tehama Support to discuss joining Tehama. Steps to join Tehama can be found in the Getting Started with Joining Tehama Guide.)

Only the Org Admin user and Org/Room Managers of an organization can create a Room and connect to it.

Before starting, read through the Domain Join Room Requirements and Limitations.

  1. Log in to the Tehama Web UI.

  2. Select the ROOMS tab in the navigation bar.

  3. Click the NEW button at the top right. The CREATE ROOM dialog will appear.

  4. Select Domain Join Room.

  5. Click CONTINUE. The Create Room page will appear with the fields for a Domain Join Room.

  6. Enter a name in the Room Name field.

  7. Select your preferred region in the Region field.

    This is the region in which you want this Room's infrastructure to be provisioned. Select a region that is geographically appropriate for the users of this Room.

    Note: Not all Desktop specifications are available in all regions. Read through the list of supported Desktop specifications by region in the Desktops User Guide before selecting a region.

  8. OPTIONAL:    Check the box beside Include the File Vault in this room to include a File Vault in this Room.

    Note: You can opt to enable/disable this Room feature after the Room is created by contacting Tehama Support for assistance, or through the Room Settings interface. See the Enable/Disable File Vault section in the Rooms User Guide.)

  9. OPTIONAL:    Check the box beside Allow users to download files, except any containing sensitive data as determined by our Data Loss Prevention system, onto their local desktops to allow users to download files from the File Vault to their local desktops through the File Vault interface in the Tehama Web UI.

    Note: As with the File Vault feature itself, you can opt to enable/disable this File Vault sub-option after the Room is created by contacting Tehama Support for assistance, or through the Room Settings interface. See the Enable/Disable File Vault section in the Rooms User Guide. Note, you must enable the File Vault feature flag to see this sub-option in the Room Settings interface.

  10. OPTIONAL:    Check the box beside Include the App Vault in this room to include an App Vault in this Room.

    Note: You can opt to enable this Room feature after the Room is created by contacting Tehama Support for assistance, or through the Room Settings interface. See the Enable/Disable App Vault section in the Rooms User Guide.

  11. Click CREATE at the bottom of the CREATE ROOM page. You will see the Room Status page.

    This will start a guided process to configure and create your Room and connect it to your organization's network.

  12. Establish a Gateway Connection:

    The Room Status page gives you the information you need to install a Gateway in your private network.

    Here you will find the Access Key for your Room, ready to be regenerated, downloaded or copied. The Access Key is required to connect the Gateway to your Room.

    1. Use one of the following installation methods to install your gateway

        Tehama Gateway Network Limitations
      Due to a limitation in the authentication framework used by Tehama, the Tehama Gateway cannot be installed on the 172.31.x.x network. In addition, Tehama cannot connect to resources that are on the 172.31.x.x network directly.
      If you have the following situation:
      • the Tehama Gateway is on a supported network; and
      • a resource is on the 172.31.x.x network
      then a workaround would be to create a NAT on the network to NAT the address of the resource to an address that Tehama can see, like 10.x.x.x or something similar.

      Connecting a Tehama Gateway to your new Room will cause your new Room's infrastructure to begin building.

      You will incur the cost of the Room when you connect it to a Tehama Gateway, causing the Room's infrastructure to begin building.

    2. Configure your network firewall (assuming your network has one) to open access in your network's Domain Controller(s) (DC) to the list of ports found in section Ports to open for Room to DC communication of the Room Domain Join User Guide, so that the Domain Join components in your Tehama Room can communicate with your DC(s) (via the Gateway).

  13. Click CONNECT. The Room Status page will display the status and the Room connection information.

    Through the lifetime of your Room, you will be able to access this page by clicking on the Room's CONNECTION tab, then selecting the STATUS sidebar item to navigate to what is now the Room's STATUS page.

    At this point your Room status should be one of the following:

    • Pending Gateway Connection (yellow); or
    • Connected (green).

    When you see the Room Status turn Connected (green), it means that your Room infrastructure has built and the Room is connected to your Tehama Gateway. Wait until the Room Status is green before proceeding to the next step.

      Note on the Multiple Gateways Feature:
    • The 'Multiple Gateways' feature provides redundancy for a Room's network access when the selected network access mode is 'Tehama Gateway' and the feature is enabled. It can be enabled/disabled by the owner (user with Org Admin role), Org Managers and Room Managers who are members of the Room who are members of the organization that owns the Room (which is your organization in this case). It allows you to provision a second Tehama Gateway, which you must install in your network's infrastructure. The two Gateways will run simultaneously. Access to this feature is not offered by default. Contact Tehama Support to arrange for access to this feature in your Room.
    From the STATUS page, you can both monitor your Room's status and configure your network access.

    You can regenerate the Room's access key.

    You can enable/disable the 'Multiple Gateways' option (see sidebar note).

    You can trigger automated Gateway version updates (if an update is available).

    See the Room Connection Status Monitoring/Management User Guide for help.

    This page also provides you with the opportunity to configure the "Domain Information" for the Room. This important step sets up the Trust between your network's domain and your Tehama Room. Continue to the next step to begin setting up the Trust.

  14. Click CONNECT TO DOMAIN. You will see the Connect to Domain page.

  15. Enter your network's domain information in the following fields:

    • Domain name e.g.: name.tehama.io
    • Search base e.g.: DN=Users,DC=onprem,DC=com
    • Admin account name e.g.: myadminuser
    • Admin account password e.g.: adminpassw0rd
    • Service account name e.g.: myserviceuser
    • Service account password e.g.: servicepassw0rd

  16. Click CONNECT. Your Room will connect to your network's domain.

    Note: You will not be able to perform any Room administration, such as adding members or creating/assigning Desktop templates, while you are waiting for the Room to connect to your domain.

  17. Observe that the navigation bar will have changed to display: ROOMS -> <your room name> Your Room interface page will sprout four tabs (in addition to the CONNECTION tab already present), MEMBERS, CONFIGURE, AUDIT and POLICY.

  18. Click on the Room's CONFIGURE tab, then select the SETTINGS sidebar item to navigate to the Room's SETTINGS page. This page shows your Room's settings. Proceed to configure the settings in your Room as desired.

    You can find instructions for configuring your Room settings in the Room Desktop Settings section and in the Room Feature Settings section in the Rooms User Guide.

You have now created a Room, connected your network to it and connected it to your network's domain. Your organization is both the Room's owner organization and its connected organization (owner+connected). See the Roles User Guide for more information on organization roles in Rooms.

More information on Rooms can be found in the Rooms User Guide.

More information on Domain Join Rooms can be found in the Room Domain Join User Guide.

Be sure to continue getting started with the Getting Started with Tehama Administration Guide.

Note: The Administration Guide will show you the steps to carry out the following basic and necessary organization and Room set up:

As the organization that created and connected a Domain Join Room:


Create a Service-provider Room

Instructions to create a Service-provider Room

"I'm creating a Room and requesting another organization, my service-consumer, to connect it to their network."

  • My organization will be responsible for all costs incurred in the Room, and will have control over what services/tools are provisioned in the Room.
  • The connected organization, my service-consumer, will control access to their network, which means control over which other organizations (if any) and which members will have access to the Room and what assets are accessible through this Room.
  • I can propose members of my organization to become members of the Room; the connected organization can approve my proposals.
  • If desired, the connected organization can invite other organizations to join the Room; these organizations are referred to as user organizations; they can propose their organization members to become members of the the Room; the connected organization can approve their proposals; I can assign them Desktops.
  • Members of the Room will be able to access assets in the connected organization's network securely through Desktops in the Room.

(If you do not have a Tehama organization account, contact Tehama Support to discuss joining Tehama. Steps to join Tehama can be found in the Getting Started with Joining Tehama Guide.)

Only the Org Admin user and Org/Room Managers of an organization can create a Room and invite another organization to connect to it.

  1. Log in to the Tehama Web UI.

  2. Select the ROOMS tab in the navigation bar.

  3. Click the NEW button at the top right. The CREATE ROOM dialog will appear.

  4. Select Standard Room.

  5. Click CONTINUE. The fields for a Standard Room will appear on the dialog. (a Service-provider Room is a special case of a Standard Room.)

  6. Enter a name in the Room Name field.

  7. Select "Third-Party Organization (Invite)" in the Connect this room to field.

  8. OPTIONAL:    Check the box beside Create Free Trial Room to make this Room a "Trial Room". If you leave this box unchecked, you will be billed for this Room.

    Note: this option is only visible to those organizations who are eligible for a free trial Room. If your organization is not eligible for a free trial Room, then you will not see this option and you will be billed for the Room.

    The TCU usage within a Trial Room is offset by the Trial TCU credits allocated to your organization. If the TCU usage in the Trial Room is over the number of available Trial TCU credits, then you will be billed for the difference.

  9. Select your preferred region in the Region field.

    This is the region in which you want this Room's infrastructure to be provisioned. Select a region that is geographically appropriate for the users of this Room.

    Note: Not all Desktop specifications are available in all regions. Read through the list of supported Desktop specifications by region in the Desktops User Guide before selecting a region.

  10. OPTIONAL:    Check the box beside Include the File Vault in this room to include a File Vault in this Room.

    Note: You can opt to enable/disable this Room feature after the Room is created by contacting Tehama Support for assistance, or through the Room Settings interface. See the Enable/Disable File Vault section in the Rooms User Guide.)

  11. OPTIONAL:    Check the box beside Allow users to download files, except any containing sensitive data as determined by our Data Loss Prevention system, onto their local desktops to allow users to download files from the File Vault to their local desktops through the File Vault interface in the Tehama Web UI.

    Note: This option is only visible if you opted to enable the File Vault in the previous step.

    Note: As with the File Vault feature itself, you can opt to enable/disable this File Vault sub-option after the Room is created by contacting Tehama Support for assistance, or through the Room Settings interface. See the Enable/Disable File Vault section in the Rooms User Guide. Note, you must enable the File Vault feature flag to see this sub-option in the Room Settings interface.

  12. OPTIONAL:    Check the box beside Include the App Vault in this room to include an App Vault in this Room.

    Note: You can opt to enable this Room feature after the Room is created by contacting Tehama Support for assistance, or through the Room Settings interface. See the Enable/Disable App Vault section in the Rooms User Guide.

  13. Click CONTINUE at the bottom of the CREATE ROOM dialog. You will see the ADD ORGANIZATION dialog.

  14. Enter a name in the Organization Name field. (This is the name of the Tehama organization of your service-consumer. This will be the Room's connected organization. If they do not have an organization yet, do not worry - the process will guide them in creating one.)

  15. Enter a name in the Contact Name field. (This is the name of the Org Admin user or an Org Manager in your service-consumer's organization. If they do not have an organization yet, just use the name of your contact in the service-consumer's company - they will become the Org Admin in the organization when they create it.)

  16. Enter the email for the contact in the Contact Email field. (This is the email that your contact uses to log in to their organization. Again, if they do not have an organization yet, just use the email your contact provided to you.)

  17. Click SEND. An email invitation will be sent to the connected organization (your service-consumer).

  18. Observe that a page has appeared in the Tehama Web UI with ROOMS -> <your room name> at the top. You will continue to configure your Room on this page. This page has sprouted four tabs, MEMBERS, CONNECTION, AUDIT and POLICY.

    The MEMBERS tab should be the default selection. You will see the both your organization and your connected organization listed in the page. Note there is a link Resend invitation next to the connected organization's name. Click on this link if you need to resend the invitation.

    The CONNECTION tab is where your connected organization will be directed to connect their organization to the Room. You can observe their progress connecting to the Room on this tab.

You have now created a Room and invited another organization to finish configuring it by connecting it to their network. Your organization is the Room's owner organization (user-owner). The other organization is (going to be) the Room's connected organization (connected-only). See the Roles User Guide for more information on organization roles in Rooms.

Once the other organization has connected to the Room, they will add members to the Room. As the owner of the Room, you may provision Desktops for them. See Desktops User Guide for more details.

If the other organization has set a policy for your organization, you'll be asked to review and accept it.

More information on Rooms can be found in the Rooms User Guide.

Be sure to continue getting started with the Getting Started with Tehama Administration Guide.

**Note:** The [Administration Guide](administration.md) will show you the steps to carry out the following **basic and necessary** organization and Room set up available to you as the Room's **user+owner** organization:

As the organization that created a Service-provider Room:


Connect a Service-provider Room

Instructions to connect a Service-provider Room

"I've been invited to connect my network to a Room that was created by my service provider."

Only the Org Admin user and Org Managers of an organization can connect their organization to a Room, having received an invitation to do so from the Room's owner organization.

The steps that led you to this point are as follows:

Now:

  1. You will be presented with an ACCEPT INVITE TO ROOM dialog, asking you to accept the invitation to join and connect to the Room. Click I ACCEPT.

  2. Navigate to your organization's ROOMS tab. You will see the name of the Room in your list of Rooms.

  3. Click on the Room name.

    This will start a guided process to configure and create your Room and, if you so choose, connect it to your organization's network.

  4. Observe that a page has appeared in the Tehama Web UI with ROOMS -> <your room name> at the top. You will continue to configure your Room on this page.

  5. Under the ENABLE DESKTOP ADMIN RIGHTS heading:

    OPTIONAL:    Check the box beside Give Desktop Administrator privileges to grant desktop administrator privileges to Desktop users of Workspace Desktops. If you leave this box unchecked, your Workspace Desktop users will not have administrator privileges.

    This is an important question that asks whether you want users of Desktops of type Workspace provisioned in the Room to have admin access to their Desktops. This decision is unfortunately not reversible through the Tehama Web UI.

    Attention: This Room Desktop Setting is a global setting for your Room and will impact ALL Workspace Desktop users within your Room, including the Org Admin user for your organization and users with the Tehama Super Admin role from the Tehama Support team.

    Contact Tehama Support to discuss your options if you need to enable this setting in an existing Room.

    Note: In Standard and Service-provider Rooms, Desktop admin rights for Tehama Windows Desktops and Tehama Linux Desktops are not affected by this decision. For these types of Desktops, the decision to grant admin rights for users is made when creating their Desktop templates. In Domain Join Rooms, Tehama Windows Desktops inherit their privileges from the domain.

  6. Under the NETWORK ACCESS CONFIGURATION heading:

    Select one of the options from the dropdown field.
    • You have two options:

      • Tehama Gateway
        Choose this if you want your Room to connect to your organization's private network (as with the 'Internet only' option, constrained by your Room's firewall settings).

        This option requires you to install a Tehama Gateway (at least one) somewhere in your network's infrastructure.

        If you choose this option, proceed to step 7.

    • or

      • Internet only
        Choose this if you only want your Room to connect to applications and services in the cloud (constrained by your Room's firewall settings).
        NOTE: When network access is set to 'Internet Only', Tehama denies all UDP traffic apart from DNS lookup.

        If you choose this option, proceed to step 8.

  7. If you selected Tehama Gateway as your network access method ...

    You will see a CONTINUE button.

    1. Click the CONTINUE button.

      You will see the heading Gateway near the top of the page, followed by the heading Access Key, and the button DONE at the bottom of the page.

      Under the Gateway heading, you will find a text link Show User Guide to the Tehama Gateway User Guide. This guide contains instructions on how to install a Tehama Gateway in your private network.

      Under the Access Key heading, you will find the Access Key for your Room, ready to be copied, downloaded or regenerated. The Access Key is required to connect the Gateway to your Room.

    2. Use one of the following installation methods to install your gateway *:

        Tehama Gateway Network Limitations
      Due to a limitation in the authentication framework used by Tehama, the Tehama Gateway cannot be installed on the 172.31.x.x network. In addition, Tehama cannot connect to resources that are on the 172.31.x.x network directly.
      If you have the following situation:
      • the Tehama Gateway is on a supported network; and
      • a resource is on the 172.31.x.x network
      then a workaround would be to create a NAT on the network to NAT the address of the resource to an address that Tehama can see, like 10.x.x.x or something similar.

      Connecting a Tehama Gateway to your new Room will cause your new Room's infrastructure to begin building.

      You will incur the cost of the Room when you connect it to a Tehama Gateway, causing the Room's infrastructure to begin building.
      * Note that if you're just trying out Tehama you can just install the Tehama Gateway in a temporary location and have your IT people move it later.

      If you're not comfortable installing the Tehama Gateway yourself and need an IT person to help, you can, in a Standard Room, opt to leave installation of the Tehama Gateway until after you have invited another person to your organization so they can help. Just click DONE to move on. See the Organization User Guide if you need help figuring out how to invite someone but it's fairly easy to figure out if you just go to MEMBERS in the navigation bar.

    3. Click DONE.

    4. Proceed to step 9.

  8. If you selected Internet Only as your network access method ...

    You will see a checkbox beside the text Build room when finish button is pressed and a FINISH button.

    1. If you are willing to accept responsibility for the cost of the Room, leave the checkmark in place beside Build room when finish button is pressed.

      Otherwise, click in the checkbox to remove the checkmark.

      Clicking FINISH when this checkbox is checked will cause the Room's infrastructure to begin building.

      You will incur the cost of the Room when the Room's infrastructure begins to build.

      If this checkbox is left un-checked when FINISH is clicked, you can initiate the build of the Room's infrastructure from the Room's STATUS page at a later time.

    2. Click FINISH.

  9. Observe that your Room interface page has sprouted four tabs, MEMBERS, CONNECTION, AUDIT and POLICY.

  10. Click on the Room's CONNECTION tab, then select the STATUS sidebar item to navigate to the Room's STATUS page. This page shows your Room's status and its current 'Network Access' selection.

    At this point your Room status should be one of the following, depending on the choices you made in the previous step:

    • Building or Built (for 'Internet Only' network access mode, if you opted to build above), or
    • Pending Gateway Connection or Connected (for 'Tehama Gateway' network access mode).

    If you opted not to build your 'Internet Only' Room during the Room creation process, you will not see any Room status. Instead you will see a BUILD button. Click this button to build your Room's infrastructure. You will incur the cost of the Room when the Room's infrastructure begins to build.

    If your opted to leave the installation of the Tehama Gateway for your 'Tehama Gateway' Room until after you had invited another person to your organization, direct them to this page. They can begin the installation process by clicking on the View or Regenerate link in the Access Key field to display the Access Key page. That page has a text link, Show User Guide, to the Tehama Gateway User Guide instructions that contains instructions for installing and connecting a Tehama Gateway to your Room, as well as instructions for regenerating the access key. You will incur the cost of the Room when you connect it to a Tehama Gateway, causing the Room's infrastructure to begin building.

    Once your Room's infrastructure has successfully built, your Room interface page will sprout another tab: CONFIGURE.

      Note on the Multiple Gateways Feature:
    • The 'Multiple Gateways' feature provides redundancy for a Room's network access when the selected network access mode is 'Tehama Gateway' and the feature is enabled. It can be enabled/disabled by the owner (user with Org Admin role), Org Managers and Room Managers who are members of the Room who are members of the organization that owns the Room (which is your organization in this case). It allows you to provision a second Tehama Gateway, which you must install in your network's infrastructure. The two Gateways will run simultaneously. Access to this feature is not offered by default. Contact Tehama Support to arrange for access to this feature in your Room.
    From the STATUS page, you can both monitor your Room's status and configure your network access.

    You can change the Room's network access mode between 'Internet Only' and 'Tehama Gateway'.

    If your Room's mode is 'Tehama Gateway', you can regenerate the Room's access key, enable/disable the 'Multiple Gateways' option (see sidebar note), and trigger automated Gateway version updates (if an update is available).

    See the Room Connection Status Monitoring/Management User Guide for help.

  11. Click on the Room's CONFIGURE tab, then select the SETTINGS sidebar item to navigate to the Room's SETTINGS page. This page shows your Room's settings. Proceed to configure the settings in your Room as desired.

    You can find instructions for configuring your Room settings in the Room Desktop Settings section and in the Room Feature Settings section in the Rooms User Guide.


You have now connected to a Room owned by another organization.

Your organization is the Room's connected organization (connected-only). The organization that invited you to connect to the Room is the Room's owner organization (user+owner). See the Roles User Guide for more information on organization roles in Rooms.

You can add members of your organization to the Room, if desired.

The owner organization can propose some of their organization members become members of the Room. You will get notifications to approve them.

The owner organization can then add Desktop templates for the Room members (both from your organization and from theirs). See Desktops User Guide for more details.

More information on Rooms can be found in the Rooms User Guide.

Be sure to continue getting started with the Getting Started with Tehama Administration Guide.

Note: The Administration Guide will show you the steps to carry out the following basic and necessary organization and Room set up available to you as the Room's connected-only organization:

As the organization that connected a Service-provider Room:


Join a Standard or Service-provider Room

Instructions to join a Standard or a Service-provider Room

"I've been invited to join a Room as a third-party organization."

Your organization has been invited to join a Room of type Standard or Service-provider.

Your organization will be a "user" organization in the Room, with no special privileges.

Only the Org Admin user and Org Managers of an organization can join their organization to a Room, having received an invitation to do so from the Room's connected organization (the organization in the Room that controls access).

The steps that led you to this point are as follows:

Now:

  1. Navigate to your organization's ROOMS tab. You will see the name of the Room in your list of Rooms.

  2. Click on the Room name.

  3. If the Room's connected organization has set a policy for your organization, you'll be asked to review and accept it.

  4. Click the Room's MEMBERS tab. (It should be the default selection.) You should see your organization listed. Propose members from your organization to join your Room, if desired. NOTE that the connected organization will have to approve them after connecting the Room.

You have now joined a Room. Your organization is a user organization in the Room (user-only). The organization that invited you is the Room's connected organization (owner+connected or connected-only). See the Roles User Guide for more information on organization roles in Rooms.

You may propose members from your organization become members of the Room. The Room's connected organization will receive notifications to approve them. The owner organization can then add Desktop templates in the Room for them (or assign them to existing Desktop templates). See Desktops User Guide for more details.

More information on Rooms can be found in the Rooms User Guide.

Be sure to continue getting started with the Getting Started with Tehama Administration Guide.

Note: The Administration Guide will show you the steps to carry out the following basic and necessary organization and Room set up available to you as one of the Room's user-only organizations:

As the organization that joined a Standard or a Service-provider Room: