Rooms User Guide

A Tehama Room provides an isolated set of tools and services so you can collaborate securely. Organizations work together using a shared room with access governed by a policy. As a room owner (the organization owner (the user with the Admin role for the organization) or a manager of the organization that owns the room), you can monitor and audit the actions users perform when accessing and using resources on the connected network (See note below). Actions you can audit include their sessions, use of access credentials, transferring files in and out of your systems, and much more. More information on the room concept is available in the Introduction.

Note: The character of the 'connected network' depends on the 'Network Access' setting chosen by the room's 'connected to' organization. It can be set to either 'Internet Only' or 'Tehama Gateway'. When set to 'Internet Only', the 'connected network' is the set of applications and services in the cloud that the room's firewall settings allow access to. When set to 'Tehama Gateway', the 'connected network' is the organization's private network where the Tehama Gateway is installed (as well as desired resources in the cloud)), constrained by the room's firewall settings.

For more information on various scenarios regarding creating a room see the Getting Started Guide.

The following image shows how the architecture achieves the isolation that rooms provide. It shows the scenario where a service buyer (customer) has two rooms in Tehama connected to their network where:

  • Whiteroom X is a room with 'Network Access' set to 'Tehama Gateway' and with the 'Multiple Gateways' option disabled.
  • Whiteroom Y is a room with 'Network Access' set to 'Internet Only'.

PSM

--

View rooms

Log in to the Tehama Web UI and click on the ROOMS tab to see the list of rooms for your organization.

Rooms list

Filter the displayed room list

The list displays the following information for each room:

  • Room: the name of the room
  • Policy: the policy that members of the room must comply with
  • Status: the status of the room (Active, Pending or Deactivated)

--

Access a room

Click on the room name under the Room column to view the room.

Room landing page

--

Delete a room

WARNING: A room, once deleted, cannot be recovered. Connections associated to the room are also deleted and cannot be recovered. Archiving the room will preserve recordings.

  1. Select the room you wish to delete or archive by clicking in the checkbox to the left of the room's name.
    selected room row in rooms list page
  2. At the bottom of the page, click the Trash Can Delete icon. You will see the DELETE ROOM dialog.
    Delete Room Dialog
  3. Acknowledge the warning and type the name of the room into the dialog.
  4. If you want to delete the room:: Click DELETE.
  5. If you want to archive the room:: Click ARCHIVE.

--

Manage a room through its tabs

Once you have accessed a room, you can start to use and/or manage it through its interface. The interface is divided into different tabs.

Depending on what type of user (administrator, manager, staff) you are and organization you belong to, a room can contain all or a subset of the following six tabs:

  • CONNECTION – Use to configure, view and test status of the connection, to view/configure your firewall rules and, if you are your organization's owner (the user with the Admin role for your organization), to view/update the version of your room's Tehama Gateway instance(s).
  • MEMBERS – Use to manage who has access to the room.
  • CONFIGURE – Use to add and configure tools such as Windows or Linux desktops to a room, or control access to your assets in a secrets vault (read-write). Also use to view/upgrade/downgrade your room's configuration details.
  • WORK – Use to access the tools available in the room, such as your desktops, the file vault and the secrets vault (read-only). This is the main tab for end users of the room.
  • AUDIT – Use to view the activity stream for your Room, and also to view both live sessions and recordings of your Room's desktop sessions
  • POLICY – Use to view or accept the compliance policy that governs access to assets accessible from the room

NOTE: Depending on the current state of your room you may or may not see all of the tabs that you are supposed to see in your role in the room. For example, the Work and Audit tabs are only available after you successfully connect and provision your room.

--

Connection tab

The CONNECTION tab gives you control over the connection for your room. It provides you with the Status, Firewall Rules and Connection Test sidebar items.

Status

The Status page provides five important capabilities.

  1. View/Change your room's Network Access
  2. Enable/Disable the 'Multiple Gateways' option for your room
  3. View/Regenerate the 'Access Key' for your room
  4. View Status of and Update a 'Tehama Gateway' for your room
  5. Build your 'Internet Only' room

(1) View/Change your room's Network Access

The status page displays the 'Network Access' setting for the room. Options are:

  • Internet Only
    Choose this if you only want your room to connect to applications and services in the cloud (constrained by your room's firewall settings).
  • Tehama Gateway
    Choose this if you want your room to connect to your organization's private network (as with the 'Internet only' option, constrained by your room's firewall settings). With this option, your room's connectivity will depend on a Tehama Gateway for your room (at least one) being installed in your private network.

Only an organization owner (the user with the Admin role) or manager of the room's connected organization can change the room's network access.

Change the room's network access as follows:

  • Click the CHANGE button.
  • Select the network access you want from the dropdown menu.
  • Click the checkmark to proceed (or the X to dismiss the change). A confirmation dialog will appear.
  • Click CONFIRM to to proceed (or the X in the dialog to dismiss the change).

The status page shows the room's connection details, which differ depending on which network access option you chose.

  • If your room has 'Network Access' set to 'Internet Only', then this section shows:

    • the room's IPs

      These are the IP addresses of machines in the room's infrastructure that support connectivity.

  • If your room has 'Network Access' set to 'Tehama Gateway', then this section shows:

    • the Multiple Gateways option's current setting

      See Note on the Multiple Gateways Feature below.
      The Multiple Gateways feature allows you to install a second Tehama Gateway in your private network on a different host from the first. With the 'Multiple Gateways' feature enabled, network connectivity to your room will be maintained if one of the Tehama Gateways crashes. This can be enabled/disabled by the organization that owns the room and viewed by the room's connected organization.

    • the room's IPs

      These are the IP addresses of machines in the room's infrastructure that support connectivity. You must ensure that the Tehama Gateway(s) in your private network can reach these IPs at the ports shown through your network's firewall.

    • the room's Ports

      These are the ports used in the hosts in the room's infrastructure that support connectivity.

    • a link that you can click to view or regenerate the room's Access Key

      Use this link to view/copy/download/regenerate the access key. This is only visible to the room's connected organization.

    • a table of the room's Tehama Gateway connections.

      This table contains data on the Tehama Gateway connection(s) to your room. There is an entry for each Tehama Gateway connected to your room. Each entry provides:

      • the IP of the host machine of the Tehama Gateway
      • the version of the Tehama Gateway. If an update is pending or in progress, text indicating that will be displayed next to the version.
      • the status of the Tehama Gateway's connection to your room
        • Connected no issues icon: indicates the gateway is successfully connected to the room and is the latest available version. and is successfully connected to the room.
        • Connected warning icon: indicates that the gateway is successfully connected to the room but is not the latest available version.
        • Connected error icon: indicates that the gateway is successfully connected to the room but failed to update to the latest available version (after three attempts).
        • Disconnected error icon: indicates that the gateway is not connected to the room. (It may or may not be the latest available version.)
      • a menu of actions that can be performed on the Tehama Gateway, depending on its current status, such as:
        • 'Update': This action is available when the gateway is not the latest available version. Select this action to display a dialog listing the details of the latest available update. Click UPDATE in this dialog to trigger the update. See the Tehama Gateway User Guide's update section for more details on how to update a gateway.
        • 'Show error': This action is available when the gateway is not connected to the room or when an attempt to update the gateway failed. It displays the error text in a dialog.

Note on the Multiple Gateways Feature:

  • The 'Multiple Gateways' feature provides redundancy for a room's network access when the selected network access mode is 'Tehama Gateway' and the feature is enabled. It allows you to provision a second Tehama Gateway, which you must install in your network's infrastructure. The two gateways will run simultaneously. Access to this feature is not offered by default. Contact Tehama Support to arrange for access to this feature in your room.

(2) Enable/Disable the 'Multiple Gateways' option for your room

See Note on the Multiple Gateways Feature above.

This option is only available if your room has 'Network Access' set to 'Tehama Gateway'.

Only an organization owner (the user with the Admin role) or manager of the room's owner organization can enable or disable this option.

To enable:

  • Verify that your current Tehama Gateway instance has version greater or equal to 4.0.4. An Incompatible Gateway icon icon will be visible next to the 'Multiple Gateways' toggle to alert you should your gateway not have the minimum required version.
  • Click on the toggle in the 'Multiple Gateways' field. The ENABLE MULTIPLE GATEWAYS dialog will appear.
  • Be sure that you want to incur the cost of this option and that you are prepared for some downtime for your room while it modifies its infrastructure to support the option.
  • Click ENABLE.

NOTE: If for some reason the availability of the 'Multiple Gateways' feature is removed from your room while the feature is enabled, you will see the Feature Disabled icon beside the 'Multiple Gateways' toggle. Your room will continue to have 'Multiple Gateways' enabled and working as before, but the toggle will be greyed out and its value will not be changeable. Contact Tehama Support to determine why the feature is no longer available in your room.

To disable:

  • Click on the toggle in the 'Multiple Gateways' field. The DISABLE MULTIPLE GATEWAYS dialog will come up.
  • Be sure that you want to reduce your connections to one and that you are prepared for some downtime for your room while it modifies its infrastructure to remove support for the option.
  • Select the Tehama Gateway instance you want to remove.
  • Click DISABLE.

(3) View/Regenerate the 'Access Key' for your room

You can view and regenerate the access key for the Tehama Gateways provisioned in your room.

  • Click on the room's CONNECTION tab.
  • Click on the STATUS sidebar item.
  • Click the 'View' text link in the 'Access Key' field to display the ACCESS KEY dialog.
    The field is only visible when 'Network Access' is set to 'Tehama Gateway'.
  • If desired, click REGENERATE KEY to generate a new access key. It will be shown in text box.
  • You can copy the key to your host's clipboard or download it in a file.
  • Click on the Show User Guide link to view the Tehama Gateway User Guide for more information on using the access key to set up a Tehama Gateway and connect it to your room.

(4) View Status of and Update a 'Tehama Gateway' for your room

Tehama displays a table of the gateways in the room. Navigate to the table as follows:

  • Click on the room's CONNECTION tab.
  • Click on the STATUS sidebar item.
  • Locate the entry for the Tehama Gateway instance in the gateway table.
    The table is only visible when 'Network Access' is set to 'Tehama Gateway'.

The Status column shows the current status of the gateway.

  • Connected no issues icon: indicates the gateway is successfully connected to the room and is the latest available version. and is successfully connected to the room.
  • Connected warning icon: indicates that the gateway is successfully connected to the room but is not the latest available version.
  • Connected error icon: indicates that the gateway is successfully connected to the room but failed to update to the latest available version (after three attempts).
  • Disconnected error icon: indicates that the gateway is not connected to the room. (It may or may not be the latest available version.)

Note, if you are already viewing the above page, you may need to refresh the page to see most current status..

When the status indicates that the gateway is not the latest available version, you will find the 'Update' action under the three vertical dots menu in the last column. Select this action to display a dialog listing the details of the latest available update. Click UPDATE in this dialog to trigger the update. See the Tehama Gateway User Guide's update section for more details on how to update a gateway. Note that only the organization owner (the user with the Admin role) of the connected organization can trigger the update of a Tehama Gateway.

When the status shows an error or warning state for the gateway, for example, when the gateway is not connected to the room of when an attempt to update the gateway failed, you will find the 'Show error' action under the three vertical dots menu in the last column. It displays the error text in a dialog.

(5) Build your 'Internet Only' room

This option is only available if your room has 'Network Access' set to 'Internet Only' and the building of your room's infrastructure has yet to be triggered.

Only an organization owner (the user with the Admin role) or manager of the room's owner organization can perform this action.

You will incur the cost of the room when the room's infrastructure begins to build.

If you are willing to accept responsibility for the cost of the room, click the BUILD button to proceed.

Firewall Rules

The Firewall Rules page allows you to customize access to the room's Desktops from remote applications/services through the room's Tehama Gateway.

See the Firewall Rules User Guide for more details.

Connection Test

The Connection Test page provides access to the Connection Test Tool. This tool allows you to test connections to specified targets through your room's Tehama Gateway.

See the Connection Test Tool User Guide for more details.


Members tab

The MEMBERS tab is used to request or approve who has access to the room. It groups users by organization.

As the user organization you can:

  • Request that teams or members be granted access to the room. Request access for a team or member by clicking on the PROPOSE button in the top right corner of the page or by expanding your organization in the list and clicking the + PROPOSE button. These requests will be approved by the connected organization if they did not choose the automatic approval method.
  • Remove (delete) your member's access by selecting the user's entry then clicking the trash can Delete User Icon icon found at the bottom of the page. You will see a DELETE dialog. It lists the name of the member (or members if more than one member entry is selected) and the names of the desktops to be deleted when the member is deleted. Click to place a checkmark in the "I Acknowledge" checkbox, then click the DELETE button to proceed.
    Removing (deleting) your member's access will delete the member's individual desktops and any of their shared desktops that have no other users and revoke their access to the room.

As the connected organization you can:

  • Add your own members to the room by expanding your organization in the list and clicking the + MEMBER button, or by clicking the ADD button in the top right corner of the page and selecting Member from the drop-down.
  • If you own the room (are paying for it) you can invite another organization by using the ADD button and selecting Organization from the drop-down.
  • Approve or deny requests for access from other organizations you've invited by expanding that organization, selecting the proposed member or team and selecting the "check box"/"x" button found at the bottom of the page.
  • Remove (delete) a user's access by selecting the user's entry then clicking the trash can Delete User Icon icon found at the bottom of the page. You will see a DELETE dialog. It lists the name of the user (or users if more than one user entry is selected) and the names of the desktops to be deleted when the user is deleted. Click to place a checkmark in the "I Acknowledge" checkbox, then click the DELETE button to proceed.
    Removing (deleting) a user's access will delete the user's individual desktops and any of their shared desktops that have no other users and revoke their access to the room.
  • Reject a user's access by selecting the user's entry then clicking the Reject User Icon icon. You will see a REJECT dialog. Click to place a checkmark in the "I Acknowledge" checkbox, then click the REJECT button to proceed.
    Rejecting a user's access will revoke their access to the room and to their individual desktops and to any of their shared desktops, but does not delete the actual desktop instances nor removes them from the desktop configuration list under the CONFIGURE tab.

Configure tab

Note, only the connected organization has access to the CONFIGURE tab.

You can use the CONFIGURE tab to view/change your room's configuration details and to add/configure tools such as Desktops and the Secrets Vault.

Room name

Click on the room name in the breadcrumbs in order to make it editable. Save your change by selecting the checkmark or discard it by selecting the cross.

Note that the name field (the name of the room) may only be modified by the billing organization's owner (the user with the Admin role for the billing organization) or a Tehama Admin (a super user belonging to the Tehama Support team), and only if it has not been archived.

Note that the ability to change the room name is available from any tab in the room (only for the billing organization and only if the room has not been archived).

Details

Click the Details sidebar item to view your room's current configuration.

Windows Desktops

Click the Windows Desktops sidebar item to view your room's current list of Windows Desktop configurations.

Note that the list is filterable on the Status column.

To set/unset a filter:

  • click on dropdown arrow next to the column name to open the filter options menu.
  • click on the "All" filter option to turn it on; to turn it off unset one of the other filter options.
  • click on a filter option to toggle it on or off.

From here you can add new Windows desktop configurations, view/edit existing Windows desktop configurations or approve/reject proposed Windows desktop configurations. See more information in the Desktops User Guide.

Linux Desktops

Click the Linux Desktops sidebar item to view your room's current list of Linux Desktop configurations.

From here you can add new Linux desktop configurations, view/edit existing Linux desktop configurations or approve/reject proposed Linux desktop configurations. See more information in the Desktops User Guide.

Secrets

From the Secrets sidebar item under the CONFIGURE tab, you can add/configure secrets as described in the Secrets User Guide.


Work tab

The work tab is the main interaction point for most daily users of Tehama. It provides you with links to the available tools for the room to actually deliver the work you are doing in the room.

My Desktops

The list of the desktops that you have been granted access to in the room. The status icon for each desktop shows you whether the desktop is in use or not.

To use a desktop, click on the CONNECT button for the desktop. (For "Windows Desktop" desktops, you can also click the desktop's name to use a desktop.) For "Windows Desktop" desktops, you will be provided with login information you can use to access the desktop. For "Linux Desktop" desktops, the desktop will be launched in a new browser tab immediately. See more information in the Desktops User Guide.

If you are part of the user organization, you can also request new desktop configurations from here. Select Desktop in the REQUEST dropdown menu at the top right of the page. See more information in the Desktops User Guide.

Pending Desktops

Note, only the user organization sees the Pending Desktops sidebar item.

Here you see the list of requested (proposed) desktop configurations. Once a desktop configuration has been approved, it will move into the list of desktops under the My Desktops sidebar item.

You can also request new desktop configurations from here. Select Desktop in the REQUEST dropdown menu at the top right of the page. See more information in the Desktops User Guide.

File Vault

A room's file vault provides a method of securely transferring files between a room member's local environment and the room's connected organization's network.

See more information in the File Vault User Guide.

Secrets

From the Secrets sidebar item under the WORK tab, you can view secrets as described in the Secrets User Guide.


Audit tab

Note, only the connected organization has access to the AUDIT tab.

The audit tab is used to access the auditing and monitoring capabilities of the room.

Live Sessions

View live desktop sessions in real time.

Note that live sessions are available to view ONLY by those having appropriate permissions for the room. (See Roles User Guide.)

To View Live Sessions

  1. In Tehama, click the ROOMS tab.
  2. Click the AUDIT tab.
  3. Click the LIVE SESSIONS sidebar item.
  4. Select the session(s) you want to view from the list of live sessions that appears.

Activity Stream

The activity stream for a room shows all the activity that has taken place on or to the room since its creation.

See more information in the Activity Stream User Guide.

Session Recording

View recordings of all desktop sessions in the room, both past and current/live. Remote session recordings securely capture activity related to the type of work and actions performed on assets in Tehama. While the virtual desktops are being used, they are also being recorded.

Note that recordings of live sessions are available to view ONLY by those having appropriate permissions for the room. (See Roles User Guide.)

The following procedures describe how to view a recorded session (either past and current/live):

To View Recorded Sessions

  1. In Tehama, click the ROOMS tab.
  2. Click the AUDIT tab.
  3. Click the RECORDINGS sidebar item.
  4. Locate the session recording you want to view from the list of recordings that appears.
    NOTE: Saved recordings are associated with an ID number.
  5. Use the Play ![Play] (images/tehama-icons/arrow-icon.png) icon to start viewing the recording.

Plugins required for Microsoft native browsers:

To view a recorded session in a Windows 10 environment while using an Edge browser:

  1. Install https://tools.google.com/dlpage/webmmf
  2. Install "Web media extensions"
  3. Restart the machine
    User should be able to view recordings using Edge.

To view a recorded session in a Windows 7 environment while using an Internet Explorer (IE) browser:

  1. Install https://tools.google.com/dlpage/webmmf
    User should be able to view recordings using IE.

Policy tab

Rooms optionally support having a Policy associated with them. This is managed through the POLICY tab.

If you are the organization connecting the room you will be prompted to configure a Policy or have "no policy" that governs the use of the room. More information on policies can be found in the Policy User Guide.

If you have been invited to the room you will be prompted to accept the Policy if one is set before your first access. This will occur every time the Policy is changed.