-
-
Integrate Citrix Virtual Apps and Desktops with Citrix Gateway
-
Virtual channel security
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Virtual channel security
By default, the Virtual channel allow list feature is enabled. As a result, only Citrix virtual channels are allowed to open in virtual apps and desktops sessions. If there is a need to use custom virtual channels, whether homegrown or from a third party, then explicitly add the virtual channels to the allow list.
Adding virtual channels to the allow list
To add a virtual channel to the allow list, you need:
-
The virtual channel name as defined in the code, which can be up to seven characters long. For example,
CTXCVC1
. -
The paths to the processes that open the virtual channel on the VDA machine. For example,
C:\Program Files\Application\run.exe
.
Once you have the required information, you must add the virtual channel to the allow list using the Virtual channel allow list policy setting. To add a virtual channel to the list, enter the virtual channel name followed by a comma, and then the path to the process that accesses the virtual channel. If there are multiple processes, these can be added separated by commas.
Using the previous examples, you would add the following to the list:
CTXCVC1,C:\Program Files\Application\run.exe
If there are multiple processes, add the following to the list:
CTXCVC1,C:\Program Files\Application\run.exe,C:\Program Files\Application\run2.exe
The use of wildcards (*) is supported. You can use wildcards when the names of directories or executables change based on the version of the application, or if the third-party component is installed in the users’ profiles.
You can use wildcards for the following:
- To replace the full directory name. For example:
C:\Program Files\Application\*\run1.exe
- To replace part of the directory name. For example:
C:\Program Files\Application\v*\run1.exe
- To replace the executable’s name. For example:
C:\Program Files\Application\v1.2\*.exe
- To replace part of the executable’s name. For example:
C:\Program Files\Application\v1.2\run*.exe
The following restrictions apply:
- The wildcard can only be used to replace a single directory. For example, if the executable is located in
C:\Program Files\Application\v1.2\run1.exe
- Allowed:
C:\Program Files\Application\*\run1.exe
- Not allowed:
C:\Program Files\*\run1.exe
- Allowed:
- Entries must contain the file extension.
- Allowed:
C:\Program Files\Application\v1.2\*.exe
- Not allowed:
C:\Program Files\Application\v1.2\*
- Allowed:
- All paths must be local.
Note:
Network paths are not allowed from Citrix Virtual Apps and Desktops 2109 release onwards.
Citrix virtual channel considerations
All built-in Citrix virtual channels are trusted and allowed to open without further configuration. However, there are two features that require explicit entries in the allow list because of external dependencies:
- Multimedia Redirection
- HDX RealTime Optimization Pack for Skype for Business
Multimedia Redirection
This information is required for the allow list entry:
- Virtual channel name: CTXMM
- Process: Path to the media player used in your VDA machine. For example, C:\Program Files (x86)\Windows Media Player\wmplayer.exe
- Allow list entry:
CTXMM,C:\Program Files (x86)\Windows Media Player\wmplayer.exe
HDX RealTime Optimization Pack for Skype for Business
This information is required for the allow list entry:
- Virtual channel name: CTXRMEP
- Process: Path to the Skype for Business executable in your VDA machine, which can vary based on the version of Skype for Business or if you used a custom installation path. For example, C:\Program Files\Microsoft Office\root\Office16\lync.exe.
- Allow list entry:
CTXRMEP,C:\Program Files\Microsoft Office\root\Office16\lync.exe
Obtain virtual channel names and processes
The easiest way to obtain the name of the virtual channel and the process that opens it on the VDA machine is to get the information from the developer or third-party vendor that provided the virtual channel.
Alternatively, this information can be obtained by applying the feature’s logs and following these steps:
- Once the client and server components of the custom virtual channel are in place, launch a virtual application or virtual desktop.
- In the VDA machine’s System event log, look for the custom virtual channel’s name and the process that tried to open it in the following event:
- In a single-session VDA, event ID 2002 from source Picadd.
- In a multi-session VDA, event ID 14 from source Rpm.
- Log off from the session.
- Add an entry in the Virtual channel allow list policy setting for the identified virtual channel and process.
- Launch the virtual application or virtual desktop to validate that the custom virtual channel opens successfully.
Virtual channel allow list logging
The following events are logged in the single session VDA machine’s event log:
Log Name | System | |
Id | 2001 | |
Source | Picadd | |
Level | Information | |
Description | Custom virtual channel <vcName> has been opened by process <processName>
|
Log Name | System | |
Id | 2002 | |
Source | Picadd | |
Level | Warning | |
Description | Custom virtual channel <vcName> cannot be opened by process <processName>
|
Log Name | System | |
Id | 2003 | |
Source | Picadd | |
Level | Information | |
Description |
<username> opened custom virtual channel <vcName>
|
Log Name | System | |
Id | 2004 | |
Source | Picadd | |
Level | Warning | |
Description |
<username> tried to open custom virtual channel <vcName>
|
The following events are logged in the multi session VDA machine’s event log:
Log Name | System | |
Id | 13 | |
Source | Rpm | |
Level | Information | |
Description | Custom virtual channel <vcName> has been opened by process <processName>
|
Log Name | System | |
Id | 14 | |
Source | Rpm | |
Level | Warning | |
Description | Custom virtual channel <vcName> cannot be opened by process <processName>
|
Log Name | System | |
Id | 15 | |
Source | Rpm | |
Level | Information | |
Description |
<username> opened custom virtual channel <vcName>
|
Log Name | System | |
Id | 16 | |
Source | Rpm | |
Level | Warning | |
Description |
<username> tried to open custom virtual channel <vcName>
|
Known third-party virtual channels
The following are known third-party solutions that use custom Citrix virtual channels. This list does not include every solution that uses a custom Citrix virtual channel.
- Cerner
- Cisco WebEx Teams
- Cisco WebEx Meetings Virtual Desktop Software
- Epic Slingshot
- Epic Warp Drive
- Midmark IQPath Client Extensions
- Nuance PowerMic Client Extensions
- Nuance Dragon Medical Network Edition 360 vSync
- Zoom Meetings for VDI
- Ultima IA-Connect
To obtain details for adding the associated virtual channels to the allow list, reach out to the solutions’ vendors. Alternatively, follow the steps outlined in the Obtaining virtual channel names and processes section.
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.