PCoIP Zero Client and Host Administrator Guide (Issue 5)
6.6 Security Considerations
6.6.1 PCoIP Zero Client Security Overview
PCoIP zero clients are ultra-secure, easy to manage devices that offer a rich user
experience. Based on the TERA chipset by Teradici, they are available in a variety of form
factors from a number of trusted OEMs. For example, PCoIP zero clients can be standalone
desktop devices, integrated monitors, touch screen displays, and IP phones. With embedded
hardware support for PCoIP and no local storage, they are the most trusted client wherever
security and performance are critical.
Data Control
When control and lockdown of sensitive data are a primary objective, PCoIP zero clients
enable an environment where no application data ever leaves the data center. The virtual
machine sends only encrypted PCoIP data to the client. PCoIP zero clients have no local
storage, and no sensitive application data is ever processed or stored on the client.
Zero clients also have many security-related settings that are frequently used in high
security deployments.
User Authentication
PCoIP zero clients support a number of third-party, hardware-based, user authentication
methods including the following:
l SIPR hardware tokens
l Common Access Card (CAC) and Personal Identity Verfication (PIV) smart cards
l SafeNet eToken
l RSA SecurID
l Proximity cards (Imprivata)
For a complete list of supported authentication methods, see Knowledge Base support topic
15134-299 on the Teradici support site.
Encryption
PCoIP zero clients support the following encryption types.
Session negotiation security:
l TLS 1.0 with AES-128-CBC-SHA
l TLS 1.0 with AES-256-CBC-SHA
l Suite B (in hardware host environments only)
Session security:
l AES-128-GCM
l AES-256-GCM
l Salsa20-256-Round12
TER1206003 Issue 5 80
PCoIP® Zero Client and Host Administrator Guide