Browser content redirection

Browser content redirection prevents the rendering of whitelisted webpages on the VDA side. This feature uses Citrix Workspace app to instantiate a corresponding rendering engine on the client side, which fetches the HTTP and HTTPS content from the URL.

Note

You can specify that webpages be redirected to the VDA side (and not redirected on the client side) by using a blacklist.

This overlay web layout engine runs on the endpoint device instead of on the VDA and uses the endpoint CPU, GPU, RAM, and Network.

Only the browser viewport is redirected. The viewport is the rectangular area in your browser where content displays. The viewport doesn’t include things like the Address Bar, Favorites Toolbar, Status Bar. Those items are in the user interface, which are still running on the browser in the VDA.

viewport example

  1. Configure a Studio policy that specifies an Access Control List containing the URLs whitelisted for redirection or the blacklist that disables redirection for specific URL paths. For the browser on the VDA to detect that the URL that the user is navigating to matches the whitelist or does not match a blacklist, a browser extension performs the comparison. The browser extension (BHO) for Internet Explorer 11 is included in the installation media and is installed automatically. For Chrome, the browser extension is available in the Chrome Web Store, and you can deploy it using the Group Policies and ADMX files. Chrome extensions are installed on a per-user basis. Updating a golden image to add or remove an extension is not required.
  2. If a match is found in the whitelist (for example https://www.mycompany.com/), and there is no match to a URL in the blacklist (for example https://www.mycompany.com/engineering), a virtual channel (CTXCSB) instructs Citrix Workspace app that a redirection is required and relays the URL. Citrix Workspace app then instantiates a local rendering engine and displays the website.
  3. Citrix Workspace app then blends back the website into the virtual desktop browser content area seamlessly.

Browser viewport redirection example image

Here are scenarios of how Citrix Workspace app fetches content:

  • Server fetch and server render: There is no redirection because you didn’t whitelist the site or the redirection failed. We fall back to rendering the webpage on the VDA and use Thinwire to remote the graphics. Use policies to control the fallback behavior. High CPU, RAM, and bandwidth consumption on the VDA.
  • Server fetch and client render: Citrix Workspace app contacts and fetches content from the web server through the VDA using a virtual channel (CTXPFWD). This option is useful when the client doesn’t have internet access (for example, thin clients). Low CPU and RAM consumption on the VDA, but bandwidth is consumed on the ICA virtual channel.
  • Client fetch and client render: Because Citrix Workspace app contacts the web server directly, it requires internet access. This scenario offloads all the network, CPU, and RAM usage from your XenApp and XenDesktop Site.

Browser viewport redirection scenarios image

Fallback mechanism:

There might be times when client redirection fails. For example, if the client machine does not have direct internet access, an error response might go back to the VDA. In such cases, the browser on the VDA can then reload and render the page on the server.

You can suppress server rendering of video elements by using the existing Windows media fallback prevention policy. Set this policy to Play all content only on client or Play only client-accessible content on client. These settings block video elements from playing on the server if there are failures in client redirection. This policy takes effect only when you enable browser content redirection and the he Access Control List policy contains the URL that falls back. The URL can’t be in the blacklist policy.

System Requirements:

Windows endpoints:

  • Windows 7, 8.x, or 10
  • Citrix Workspace app 1808 or later
  • Citrix Receiver for Windows 4.10 or later

Linux endpoints:

  • Citrix Workspace app 1808 for Linux or later
  • Citrix Receiver for Linux 13.9 or later
  • Thin client terminals must include WebKitGTK+

Citrix Virtual Apps and Desktops 7 1808 and XenApp and XenDesktop 7.18, 7.17, 7.16:

  • VDA operating system: Windows 10 (minimum version 1607), Windows Server 2012 R2, Windows Server 2016

  • Browser on the VDA:

    • Google Chrome v66 or higher (Chrome requires Citrix Workspace app 1809 for Windows on the user endpoint, Citrix Virtual Apps and Desktops 7 1808 VDA, and the browser content redirection extension)

    • Internet Explorer 11 and configure these options:

      • Clear Enhanced Protected Mode under: Internet Options > Advanced > Security
      • Check Enable third-party browser extensions under: Internet Options > Advanced > Browsing

Troubleshooting:

For troubleshooting information, see https://support.citrix.com/article/CTX230052

Browser content redirection Chrome extension

To use browser content redirection with Chrome, add the browser content redirection extension from the Chrome Web Store. Click Add to Chrome in the Citrix Virtual App and Desktop 7 1808 environment.

Important

The extension is not required on the user’s client machine – only in the VDA.

System requirements

  • Chrome v66 or higher
  • Browser content redirection extension
  • Citrix Virtual Apps and Desktops 7 1808 or higher
  • Citrix Workspace app 1809 for Windows or higher

Browser content redirection extension

This method works for individual users. To deploy the extension to a large group of users in your organization, deploy the extension using Group Policy.

Deploy the extension using Group Policy

  1. Import the Google Chrome ADMX files into your environment. For information about downloading policy templates and installing and configuring the templates into your Group Policy Editor, see https://support.google.com/chrome/a/answer/187202?hl=en.
  2. Open your Group Policy Management console and go to User Configuration \ Administrative Templates\Classic Administrative Templates (ADM) \ Google\ Google Chrome \ Extensions. Enable the Configure the list of force-installed apps and extensions setting. Browser content redirection extension
  3. Click Show and type the following string, which corresponds to the extension ID. Update the URL for the browser content redirection extension.

    hdppkjifljbdpckfajcmlblbchhledln; https://clients2.google.com/service/update2/crx

    Browser content redirection show

  4. Apply the setting and after a gpudate refresh, the user automatically receives the extension. If you launch the Chrome browser in the user’s session, the extension is already applied and they cannot remove it.

    Any updates to the extension are automatically installed on the users’ machines through the update URL that you specified in the setting.

    If the Configure the list of force-installed apps and extensions setting is set to Disabled, the extension is automatically removed from Chrome for all users.

Client side optimization for Citrix Receiver for Windows 4.10

HdxBrowser.exe is the overlay browser on the endpoint that is responsible for client-side rendering of Internet Explorer 11. To enable HdxBrowser.exe to use the GPU resources on the client, set these registry keys on the Windows endpoint.

Warning

Editing the registry incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.

\HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING (create if not present)

And

\HKEY_CURRENT_USER)\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING (create if not present)

Value name: HdxBrowser.exe Value data: 00000001 Type: DWORD

Browser content redirection