The standard approach for NICE DCV console sessions is to have a session created statically for a specific user. In some cases it is preferred to enable users to connect to NICE DCV and dynamically be able to use the DCV Console Session.
To implement this we automatically create a console sessions for a specific standard user and set the maximal number of connection to the DCV console session to 1 so no other user can connect and allow all users to connect to the session in the permissions file.
Below are the steps to enable Dynamic DCV Sessions on Windows and Linux NICE DCV Servers.
Linux NICE DCV Dynamic Console Sessions
In /etc/dcv/dcv.conf we apply the following settings (here is more background: https://docs.aws.amazon.com/dcv/latest/adminguide/config-param-ref.html#session_management):
# In /etc/dcv/dcv.conf in the session management section we apply the following settings
[session-management]
# Specify the maximum number of concurrent clients per session. Limit to 1 in this case.
max-concurrent-clients = 1
# Property "create-session" requests to automatically create a console session
# (with ID "console") at DCV startup.
create-session = true
[session-management/automatic-console-session]
# Property "owner" specifies the username of the owner of the automatically
# created "console" session. You can set this to a standard service user.
owner = "centos"
# owner = "ubuntu"
[connectivity]
# Property "idle-timeout" specifies a timeout in minutes after which
# a client that does not send keyboard or mouse events is considered idle
# and hence disconnected. Default is 60 minutes.
# You can adapt this setting to your needs to free the console session e.g. after 30 minutes.
# idle-timeout=30
# Number of seconds to warn via notification before idle-timeout
# idle-timeout-warning=300
# Whether the clients are disconnected on OS session lock
# Enable this to force client disconnection when the remote OS session is locked.
# You can set the OS auto lock to be shorter than the idle-timeout so that connections
# are closed automatically (idle time default is 60 minutes)
disconnect-on-lock=true
# The following setting should be enabled by default which controls whether to
# lock the OS session when the last client connection ends
# [security]
# os-auto-lock = true
In /etc/dcv/default.perm we allow all users to connect (here is more background: https://docs.aws.amazon.com/dcv/latest/adminguide/security-authorization-file-create.html):
; In /etc/dcv/default.perm in the permissions section we apply the following setting to allow all users
; Permissions can be adjusted for the respective purposes, builtin enables all permissions
[permissions]
%any% allow builtin
After one user has connected the following users will see a message similar to this:
Windows NICE DCV Dynamic Console Sessions
Here are the settings to enable dynamic console session for NICE DCV on Windows configuring the NICE DCV Server.
# Set the maximum number of concurrent clients per session to 1
New-ItemProperty -Path "HKLM:\Software\GSettings\com\nicesoftware\dcv\session-management" `
-Name "max-concurrent-clients" -PropertyType DWord -Value 1 -Force
# Enable automatic creation of a console session at DCV startup
New-ItemProperty -Path "HKLM:\Software\GSettings\com\nicesoftware\dcv\session-management" `
-Name "create-session" -PropertyType DWord -Value 1 -Force
# Set the owner of the automatically created "console" session, e.g. Administrator
New-ItemProperty -Path "HKLM:\Software\GSettings\com\nicesoftware\dcv\session-management\automatic-console-session" `
-Name "owner" -PropertyType String -Value "Administrator" -Force
# Set the idle timeout (in minutes) after which a client is considered idle and disconnected
# New-ItemProperty -Path "HKLM:\Software\GSettings\com\nicesoftware\dcv\connectivity" `
-Name "idle-timeout" -PropertyType DWord -Value 30 -Force
# Set the number of seconds to warn via notification before idle timeout, e.g. 5 minutes
# New-ItemProperty -Path "HKLM:\Software\GSettings\com\nicesoftware\dcv\connectivity" `
-Name "idle-timeout-warning" -PropertyType DWord -Value 300 -Force
# Enable client disconnection when the remote OS session is locked
New-ItemProperty -Path "HKLM:\Software\GSettings\com\nicesoftware\dcv\connectivity" `
-Name "disconnect-on-lock" -PropertyType DWord -Value 1 -Force
# Enable locking the OS session when the last client connection ends, default is enabled
# New-ItemProperty -Path "HKLM:\Software\GSettings\com\nicesoftware\dcv\security" `
-Name "os-auto-lock" -PropertyType DWord -Value 1 -Force
To allow all users to connect we specify in the default.perm file using Powershell with Admin rights:
$filePath = "C:\Program Files\NICE\DCV\Server\conf\default.perm"
$fileContent = @"
; In /etc/dcv/default.perm in the permissions section we apply the following setting to allow all users
; Permissions can be adjusted for the respective purposes, builtin enables all permissions
[permissions]
%any% allow builtin
"@
New-Item -ItemType File -Path $filePath -Force
Set-Content -Path $filePath -Value $fileContent
After one user has connected the following users will see a message similar to this:
More information about NICE DCV. For a managed approach to DCV session management NICE DCV Session Manager is the right solution including the NICE DCV Connection Gateway Proxy integration in case of interest.