Rooms User Guide

A Tehama Room provides an isolated set of tools and services so you can collaborate securely. Organizations work together using a shared room with access governed by a policy. As a room owner (the organization owner (the user with the Admin role for the organization) or a manager of the organization that owns the room), you can monitor and audit the actions users perform when accessing and using resources on the connected network1. Actions you can audit include their sessions, use of access credentials, transferring files in and out of your systems, and much more. More information on the room concept is available in the Introduction.

1. The character of the 'connected network' depends on the 'Network Access' setting chosen by the room's 'connected to' organization. It can be set to either 'Internet Only' or 'Tehama Gateway'. When set to 'Internet Only', the 'connected network' is the internet based network that the room's firewall settings allow access to. When set to 'Tehama Gateway', the 'connected network' is the organization's private network where the Tehama Gateway is installed, constrained by the room's firewall settings.

For more information on various scenarios regarding creating a room see the Getting Started Guide.

The graphic that follows provides a display of the architecture of the isolation that rooms provide in the scenario where a service buyer (customer) has two rooms in Tehama connected to their network.

PSM


Depending on what type of user (administrator, manager, staff) you are and organization you belong to, a room can contain all or a subset of the following six tabs:

  • CONNECTION – Use to manage, view and test status of the connection, to view/configure your firewall rules and, if you are your organization's owner (the user with the Admin role for your organization), to view/update the version of your room's Tehama Gateway.
  • MEMBERS – Use to manage who has access to the room.
  • CONFIGURE – Use to add and configure tools such as Windows or Linux desktops to a room, or control access to your assets in a secrets vault (read-write). Also use to view/upgrade/downgrade your room's configuration details.
  • WORK – Use to access the tools available in the room, such as your desktops, the file vault and the secrets vault (read-only). This is the main tab for end users of the room.
  • AUDIT – Use to view the activity stream for your Room, and also to view both live sessions and recordings of your Room's desktop sessions
  • POLICY – Use to view or accept the compliance policy that governs access to assets accessible from the room

NOTE: Depending on the status of your room you may or may not see all of these tabs. For example, the Work and Audit tabs are only available after you successfully connect and provision your room.


Connection

The CONNECTION tab gives you control over the connection for your room. It provides you with the Status, Firewall Rules, Connection Test and Update sidebar items.

Status

The Status page provides three important capabilities.

The top of the page displays the connection status showing you whether or not your room is currently connected.

Below that, the page displays the 'Network Access' setting for the room. Options are:

  • Internet Only
    Choose this if you only want your room to connect to an internet based network (constrained by your room's firewall settings).
  • Tehama Gateway
    Choose this if you want your room to connect to your organization's private network (as with the 'Internet only' option, constrained by your room's firewall settings).

If your room has 'Network Access' set to 'Tehama Gateway', then ...

Your room's connectivity will depend on a Tehama Gateway being installed for your room.

The middle of the page will provide you with a link to the Tehama Gateway User Guide for information on setting up the Tehama Gateway and connecting it to your room.

The bottom of the page will display a button with which to regenerate the Access Key for your room's Tehama Gateway, if required. Again see the Tehama Gateway User Guide for more information on managing this key.

Firewall Rules

The Firewall Rules page allows you to customize access to the room's Desktops from remote applications/services through the room's Tehama Gateway.

Connection Test

The Connection Test page provides access to the Connection Test Tool. This tool allows you to test connections to specified targets through your room's Tehama Gateway. See the Connection Test Tool User Guide for more details.

Update

The Update page is available only if your room has 'Network Access' set to 'Tehama Gateway'. (Note that only an organization owner (the user with the Admin role for your organization) can see this page.) This page provides a view of your room's Tehama Gateway's version and status. For Tehama Gateways with version 3.0 or higher, you can trigger an automated-update of the Tehama Gateway from this page, when a pending update exists. See the Tehama Gateway User Guide's update section for more details.


Members

The MEMBERS tab is used to request or approve who has access to the room. It groups users by organization.

As the user organization you can:

  • Request that teams or members be granted access to the room. Request access for a team or member by clicking on the PROPOSE button in the top right corner of the page or by expanding your organization in the list and clicking the + PROPOSE button. These requests will be approved by the connected organization if they did not choose the automatic approval method.
  • Remove (delete) your member's access.
    Removing (deleting) your member's access will delete the member's individual desktops and revoke their access to the room.

As the connected organization you can:

  • Add your own members to the room by expanding your organization in the list and clicking the + MEMBER button, or by clicking the ADD button in the top right corner of the page and selecting Member from the drop-down.i
  • If you own the room (are paying for it) you can invite another organization by using the ADD button and selecting Organization from the drop-down.
  • Approve or deny requests for access from other organizations you've invited by expanding that organization, selecting the proposed member or team and selecting the "check box"/"x" button found at the bottom of the page.
  • Remove (delete) a user's access by selecting the user's entry then clicking the trash can Delete User Icon icon found at the bottom of the page.
    Removing (deleting) a user's access will delete the user's individual desktops and revoke their access to the room.
  • Reject a user' s access by selecting the user's entry then clicking the Reject User Icon icon.
    Rejecting a user's access will revoke their access to the room and to their individual desktops, but does not delete the actual desktop instances nor removes them from the desktop configuration list under the CONFIGURE tab.

Configure

Note, only the connected organization has access to the CONFIGURE tab.

You can use the CONFIGURE tab to view/change your room's configuration details and to add/configure tools such as Desktops and the Secrets Vault.

Room name

Click on the room name in the breadcrumbs in order to make it editable. Save your change by selecting the checkmark or discard it by selecting the cross.

Note that the name field (the name of the room) may only be modified by the billing organization's owner (the user with the Admin role for the billing organization) or a Tehama Admin (a super user belonging to the Tehama Support team), and only if it has not been archived.

Note that the ability to change the room name is available from any tab in the room (only for the billing organization and only if the room has not been archived).

Details

Click the Details sidebar item to view your room's current configuration. Click on the upgrade/downgrade button to select a different room configuration.

Windows Desktops

Click the Windows Desktops sidebar item to view your room's current list of Windows Desktop configurations.

From here you can add new Windows desktop configurations, view/edit existing Windows desktop configurations or approve/reject proposed Windows desktop configurations. See more information in the Desktops User Guide.

Linux Desktops

Click the Linux Desktops sidebar item to view your room's current list of Linux Desktop configurations.

From here you can add new Linux desktop configurations, view/edit existing Linux desktop configurations or approve/reject proposed Linux desktop configurations. See more information in the Desktops User Guide.

Secrets

From the Secrets sidebar item under the CONFIGURE tab, you can add/configure secrets as described in the Secrets User Guide.


Work

The work tab is the main interaction point for most daily users of Tehama. It provides you with links to the available tools for the room to actually deliver the work you are doing in the room.

My Desktops

The list of the desktops that you have been granted access to in the room. The status icon for each desktop shows you whether the desktop is in use or not.

To use a desktop, click the Desktop name. For "Windows Desktop" desktops, you will be provided with login information you can use to access the desktop. For "Linux Desktop" desktops, the desktop will be launched in a new browser tab immediately. See more information in the Desktops User Guide.

If you are part of the user organization, you can also request new desktop configurations from here. Click on the REQUEST DESKTOP CONFIGURATION button. See more information in the Desktops User Guide.

Pending Desktops

Note, only the user organization sees the Pending Desktops sidebar item.

Here you see the list of requested (proposed) desktop configurations. Once a desktop configuration has been approved, it will move into the list of desktops under the My Desktops sidebar item.

You can also request new desktop configurations from here. Click on the REQUEST DESKTOP CONFIGURATION button. See more information in the Desktops User Guide.

File Vault

The file vault tab is used to transfer files in and out of the desktops. Any files you upload to the file vault will be available:

  • in the z:\ drive of Windows desktops.
  • under the /media/filevault folder of Linux desktops, which is accessible through the 'filevault' desktop icon and through the 'filevault' drive in the file explorer.

Secrets

From the Secrets sidebar item under the WORK tab, you can view secrets as described in the Secrets User Guide.


Audit

Note, only the connected organization has access to the AUDIT tab.

The audit tab is used to access the auditing and monitoring capabilities of the room.

Live Sessions

View live desktop sessions in real time.

Note that live sessions are available to view ONLY by those having appropriate permissions for the room. (See Roles User Guide.)

To View Live Sessions

  1. In Tehama, click the ROOMS tab.
  2. Click the AUDIT tab.
  3. Click the LIVE SESSIONS sidebar item.
  4. Select the session(s) you want to view from the list of live sessions that appears.

Activity Stream

The activity stream for a room shows all the activity that has taken place on or to the room since its creation.

See more information in the Activity Stream User Guide.

Session Recording

View recordings of all desktop sessions in the room, both past and current/live. Remote session recordings securely capture activity related to the type of work and actions performed on assets in Tehama. While the virtual desktops are being used, they are also being recorded.

Note that recordings of live sessions are available to view ONLY by those having appropriate permissions for the room. (See Roles User Guide.)

The following procedures describe how to view a recorded session (either past and current/live):

To View Recorded Sessions

  1. In Tehama, click the ROOMS tab.
  2. Click the AUDIT tab.
  3. Click the RECORDINGS sidebar item.
  4. Select the session recording you want to view from the list of recordings that appears.
  5. Locate the session to view.
    NOTE: Saved recordings are associated with an ID number.
  6. To display details about a session, click the Information Information icon.
  7. Use the Play Play icon to start viewing the recording.

Plugins required for Microsoft native browsers:

To view a recorded session in a Windows 10 environment while using an Edge browser:

  1. Install https://tools.google.com/dlpage/webmmf
  2. Install "Web media extensions"
  3. Restart the machine
    User should be able to view recordings using Edge.

To view a recorded session in a Windows 7 environment while using an Internet Explorer (IE) browser:

  1. Install https://tools.google.com/dlpage/webmmf
    User should be able to view recordings using IE.

Policy

Rooms optionally support having a Policy associated with them. This is managed through the POLICY tab.

If you are the organization connecting the room you will be prompted to configure a Policy or have "no policy" that governs the use of the room. More information on policies can be found in the Policy User Guide.

If you have been invited to the room you will be prompted to accept the Policy if one is set before your first access. This will occur every time the Policy is changed.