Skip to main content
Versa Networks

Configure a Terminal Server Agent

  1. Last updated
  2. Save as PDF

versa-logo-release-icon.pngFor supported software information, click here.

In a multi-user virtual desktop environment, it is difficult to identify users when many users share the same IP address. A Versa terminal server agent (TSA) identifies users from virtual desktops instances, such as Windows-based terminal servers, by allocating a unique port range to each user. The terminal server agent then notifies each connected firewall about the allocated port range. The firewall then creates an IP-address-to-port user mapping table and enables user-based and group-based security policy enforcement.

To create user-based and group-based security policy for the terminal server agent, you configure a terminal server agent profile, which is used to synchronize the agent with VOS devices and to allocate port ranges for users. You can then use the terminal server agent profile in terminal server agent services to enforce policies for user authentication. After a user installs a terminal server agent on a Windows device, the agent starts sending user events to the associated Versa Operating SystemTM (VOSTM) device.

This article describes how to configure a terminal server agent profile and terminal server agent services.

Configure Terminal Server Agent Profiles

  1. In Director view:
    1. Select the Administration tab in the top menu bar.
    2. Select Appliances in the left menu bar.
    3. Select a device in the main pane. The view changes to Appliance view.
  2. Select the Configuration tab in the top menu bar.
  3. Select Services > Secure Access > TSA > TSA Profiles the left menu bar.

    tsa-menu.png
  4. Click the + Add icon. In the Add TSA Profiles popup window, enter information for the following fields.

    add-tsa-profiles.png
     
    Field Description
    Name (Required) Enter a name for the terminal server agent profile.
    Description Enter a text description for the terminal server agent profile.
    Synchronize Interval

    Enter how often, in minutes, to synchronize the configuration with the terminal server agent.
    Default: 360 minutes
    Fail Mode

    Select the traffic mode if the terminal server agent server connection fails:

    • Close—Deny traffic if the terminal server agent server connection fails. This is the default.
    • Open—Allow traffic if the terminal server agent server connection fails.

    Default: Close
    Username Format

    Select the username format to have the terminal server agent recognize:

    • userPrincipleName—User principle name. A user principle name consists of a prefix (user account name), followed by the @ symbol and a suffix (DNS domain name). For example, someone@my-company.com.
    Port Allocation (Group of Fields)  
    • Source Range
    		 Enter the source port allocation range for user sessions.
    • Reserved Range
    		 Enter the reserved port allocation range for user sessions.
    • Start Size
    		 Enter the initial port allocation size for each user.
    • Maximum Size
    		 Enter the maximum port allocation size for each user.
    • Fail Mode

    Select action that the agent uses to block flows when the user exhausts their allocated ports:

    • Close—Deny traffic if the user exhausts allocated ports. This is the default.
    • Open—Allow traffic if the user exhausts allocated ports.

    Default: Close
  5. Click OK.

Configure Terminal Server Agent Services

You can configure services to associate with a terminal server agent, such as TSA profiles, authentication, and device authentication that the terminal server agent uses to identify and authenticate users.

To configure terminal server agent services:

  1. In Director view:
    1. Select the Administration tab in the top menu bar.
    2. Select Appliances in the left menu bar.
    3. Select a device in the main pane. The view changes to Appliance view.
  2. Select the Configuration tab in the top menu bar.
  3. Select Services > Secure Access > TSA > General the left menu bar.

    tsa-general-main.png
  4. Click theedit-icon.PNGEdit icon. In the Add Services popup window, enter information for the following fields.

    tsa-add-services.png
     
    Field Description
    URI This field displays the uniform resource identifier as TSA, and you cannot edit it.
    Service Type This field displays the service type as TSA, and you cannot edit it.
    TSA Profile Select the terminal server agent profile to associate with the terminal server agent service. The profiles listed are those that you created, as described in Configure TSA Profiles, above.
    Authentication Select an authentication profiles to associate with the terminal server agent. For more information, see Configure an Authentication Profile.
    Device Authentication Profile Select a certificate authentication profile for the terminal server agent to authenticate users and devices. For more information, see Configure Certificate Authentication Profile.
    LEF Profile Select an LEF profile to use to register logs for the terminal server agent.

    Default LEF Profile

    		 Click to mark the LEF profile as the default profile.
  5. Click OK.

Supported Software Information

Releases 22.1.1 and later support all content described in this article.