On July 25, 2017, Adobe announced End of Life (EOL) for Flash. Adobe plans to stop updating and distributing the Flash Player at the end of 2020.
Microsoft announced that they are phasing out Flash support in Internet Explorer before the Adobe date. They are removing Flash from Windows by the end of 2020. When that happens, users can no longer enable or run Flash in Internet Explorer.
Citrix aligns with Microsoft policy and continues to maintain and support HDX Flash redirection until the end of 2020. We haven’t decided in which versions of Citrix Virtual Apps and Desktops to exclude the Flash redirection code, but we recommend that you switch to HTML5 video Redirection whenever possible. HTML5 video redirection is ideal to control the multimedia content. For example, corporate communications videos, training videos, or when a third party hosts the content.
For more information about HTML5 video redirection, see HTML5 multimedia redirection.
Flash redirection offloads the processing of most Adobe Flash content (including animations, videos, and applications) to users’ LAN- and WAN-connected Windows and 32-bit Linux x86 devices. Flash redirection reduces server and network load and results in greater scalability while ensuring a high definition user experience. Configuring Flash redirection requires both server-side and client-side settings.
Flash redirection involves significant interaction between the user device and server components. Use this feature only in environments where security separation between the user device and server is not required. Also, configure user devices to use this feature only with trusted servers. Because Flash redirection requires the Adobe Flash Player to be installed on the user device, enable this feature only if the Flash Player itself is secured.
Flash redirection is supported on both clients and servers. If the client supports second generation Flash redirection, Flash content renders on the client. Flash redirection features include support for user connections over WAN, intelligent fallback, and a URL compatibility list; see below for details.
Flash redirection uses Windows event logging on the server to log Flash events. The event log indicates whether Flash redirection is being used and provides details about issues. The following are common to all events logged by Flash redirection:
- Flash redirection reports events to the Application log.
- On Windows 10, Windows 8 and Windows 7 systems, a Flash redirection-specific log appears in the Applications and Services Logs node.
- The Source value is Flash.
- The Category value is None.
For the latest updates to HDX Flash compatibility, see CTX136588.
Configure Flash redirection on the server
To configure Flash redirection on the server, use the following Citrix policy settings. For details, see Flash redirection policy settings.
- By default, Flash redirection is enabled. To override this default behavior for individual webpages and Flash instances, use the Flash URL compatibility list setting.
- Flash intelligent fallback. Detects instances of small Flash “movies” (such as those frequently used to play advertisements) and renders them on the server instead of redirecting them for rendering on the user device. This optimization does not cause any interruption or failure in the loading of the web page or the Flash application. By default, Flash intelligent fallback is enabled. To redirect all instances of Flash content for rendering on the user device, disable this policy setting. Some Flash content might not be successfully redirected.
- Flash server-side content fetching URL list. Allows you to specify websites that has Flash content to be downloaded to the server and then transferred to the user device for rendering. (By default, Flash redirection downloads Flash content directly to the user device with client-side fetching.) This setting supports (and requires) the Enable server-side content fetching setting on the user device. The setting is intended primarily for use with Intranet sites and internal Flash applications. See below for details. It also supports most Internet sites and can be used when the user device does not have direct access to the Internet. For example, when the Citrix Virtual Apps and Desktops server provides that connection. Server-side content fetching does not support Flash applications using Real Time Messaging Protocols (RTMP). Instead, server-side rendering is used, which supports HTTP and HTTPS.
- Flash URL compatibility list. Specifies where Flash content from listed websites is rendered: on the user device, on the server, or blocked.
- Flash background color list. Enables you to match the colors of webpages and Flash instances, which improves the appearance of the webpage when using Flash redirection.
Configure Flash redirection on the user device
Install Citrix Workspace app and Adobe Flash Player on the user device. No more configuration is required on the user device.
You can change the default settings using Active Directory Group Policy Objects. Import and add the HDX mediaStream Flash redirection - Client administrative template (HdxFlashClient.adm), which is available in the following folders:
- For 32-bit computers: %Program Files%\Citrix\ICA Client\Configuration\language
- For 64-bit computers: %Program Files (x86)%\Citrix\ICA Client\Configuration\language
The policy settings appear under Administrative Templates > Classic Administrative Templates (ADM) > HDX MediaStream Flash redirection - Client. See the Microsoft Active Directory documentation for details about GPOs and templates.
Change when Flash Redirection is used:
The Enable HDX MediaStream Flash redirection on the user device policy setting, along with server-side settings, controls whether Adobe Flash content is redirected to the user device for local rendering. By default, Flash redirection is enabled and uses intelligent network detection to determine when to play Flash content on the user device.
If no configuration is set and Desktop Lock is used, Flash redirection is enabled on the user device by default.
To change when Flash redirection is used or to disable Flash redirection on the user device:
- From the Setting list, select Enable HDX MediaStream Flash redirection on the user device and choose policy setting.
- Select Not Configured, Enabled (the default), or Disabled.
- If you select Enabled, choose an option from the Use HDX MediaStream Flash redirection list:
To use the latest Flash redirection functionality when the required configuration is present, and revert to server-side rendering when it is not, select Only with Second Generation.
To use Flash redirection always, select Always. Flash content plays on the user device.
To never use Flash redirection, select Never. Flash content plays on the server.
To use intelligent network detection to assess the security level of the client-side network to determine when using Flash redirection is appropriate, select Ask (the default). If the security of the network cannot be determined, the user is asked whether to use Flash redirection. If the network security level cannot be determined, the user is prompted to choose whether to use Flash redirection.
The following illustration indicates how Flash redirection is handled for various network types.
Users can override intelligent network detection from the Citrix Workspace app - Desktop Viewer Preferences dialog box by selecting Optimize or Don’t Optimize in the Flash tab. The choices available vary depending on how Flash redirection is configured on the user device, as shown in the following illustration.
Synchronize client-side HTTP cookies with the server-side:
Synchronization of the client-side HTTP cookies with the server-side is disabled by default. Enable synchronization to download HTTP cookies from the server. Those HTTP cookies are then used for client-side content fetching and are available as needed by sites containing Flash content.
Client-side cookies are not replaced during the synchronization. They remain available even if the synchronization policy is later disabled.
- From the Setting list, select Enable synchronization of the client-side HTTP cookies with the server-side and click policy setting.
- Select Not Configured, Enabled, or Disabled (the default).
Enable server-side content fetching:
By default, Flash redirection downloads Adobe Flash content directly to the user device, where it is played. Enabling server-side content fetching causes the Flash content to download to the server and then be sent to the user device. Unless there is an overriding policy (such as a site blocked with the Flash URL compatibility list policy setting), the Flash content plays on the user device.
Server-side content fetching is frequently used when the user device connects to internal sites through NetScaler Gateway and when the user device does not have direct access to the Internet.
Server-side content fetching does not support Flash applications using Real Time Messaging Protocols (RTMP). Instead, server-side rendering is used for such sites.
Flash redirection supports three enabling options for server-side content fetching. Two of these options include the ability to cache server-side content on the user device. Doing so improves performance because content that is reused is already available on the user device for rendering. The contents of this cache are stored separately from other HTTP content cached on the user device.
Fallback to server-side content fetching begins automatically when any of the enabling options is selected and client-side fetching of .swf files fails.
Enabling server-side content fetching requires settings on both the client device and the server.
From the Setting list, select Enable server-side content fetching and select policy setting.
Select Not Configured, Enabled, or Disabled (the default). If you enable this setting, choose an option from the Server-side content fetching state list:
Option Description Disabled Disables server-side content fetching, overriding the Flash server-side content fetching URL list setting on the server. Server-side content fetching fallback is also disabled. Enabled Enables server-side content fetching for web pages and Flash applications identified in the Flash server-side content fetching URL list. Server-side content fetching fallback is available, but Flash content is not cached. Enabled (persistent caching) Enables server-side content fetching for webpages and Flash applications identified in the Flash server-side content fetching URL list. Server-side content fetching fallback is available. Content obtained through server-side fetching is cached on the user device and stored from session to session. Enabled (temporary caching) Enables server-side content fetching for webpages and Flash applications identified in the Flash server-side content fetching URL list. Server-side content fetching fallback is available. Content obtained through server-side fetching is cached on the user device and deleted at the end of the session.
On the server, enable the Flash server-side content fetching URL list policy setting and populate it with target URLs.
Redirect user devices to other servers for client-side content fetching:
To redirect an attempt to obtain Flash content, use the URL rewriting rules for client-side content fetching setting, which is a second generation Flash redirection feature. When configuring this feature, you provide two URL patterns. When the user device attempts to fetch content from a website matching the first pattern (the URL match pattern), it is redirected to the website specified by the second pattern (the rewritten URL format).
You can use this setting to compensate for content delivery networks. Some websites delivering Flash content use content delivery networks redirection to enable the user to obtain the content from the nearest of a group of servers containing the same content. When using Flash redirection client-side content fetching, the Flash content is requested from the user device. The rest of the webpage on which the Flash content resides is requested by the server. If the content delivery network is in use, the server request is redirected to the nearest server. The user device request follows to the same location. This location might not be the closest to the user device. Depending on distance, there might be a noticeable delay between the loading of the webpage and the playing of the Flash content.
- From the Setting list, select URL rewriting rules for client-side content fetching and choose policy setting.
- Select Not Configured, Enabled, or Disabled. Not Configured is the default. Disabled causes any URL rewriting rules specified in the next step to be ignored.
- If you enable the setting, select Show. Using Perl regular expression syntax, type the URL match pattern in the Value name box and the rewritten URL format in the Value box.
Minimum version checking for Flash redirection
Editing the Registry incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.
You can add registry settings to specify the minimum version required for Flash redirection for client devices accessing VDAs using Citrix Workspace app for Windows or Citrix Workspace app for Linux. This security feature ensures that an outdated Flash version is not used.
ServerFlashPlayerVersionMinimum is a string value that specifies the minimum version of the Flash Player required on the ICA Server (VDA).
ClientFlashPlayerVersionMinimum is a string value that specifies the minimum version of the Flash Player required on the ICA Client (Citrix Workspace app).
These version text strings can be specified as “10” or “10.2” or “10.2.140.” Only the major, minor, and build numbers are compared. The revision number are ignored. For example, for a version string specified as “10” that has only the major number specified, the minor and build numbers are assumed to be zero.
FlashPlayerVersionComparisonMask is a DWORD value that when set to zero, disables comparing the version of the Flash Player on the ICA Client against the Flash Player on the ICA Server. The comparison mask has other values, but don’t use them because the meaning of any non-zero mask might change. We recommend that you only set the comparison mask to zero for the desired clients. We don’t recommend that you set the comparison mask under the client agnostic settings. If a comparison mask is not specified, Flash redirection requires that the ICA Client has a Flash Player with greater or equal version to the Flash Player on the ICA Server. It does so by comparing only the major version number of the Flash Player.
For redirection to occur, the client and server minimum checks must be successful in addition to the check using the comparison mask.
The subkey ClientID0x51 specifies Citrix Workspace app for Linux. The subkey ClientID0x1 specifies Citrix Workspace app for Windows. This subkey is named by appending the hexadecimal Client Product ID (without any leading zeros) to the text string “ClientID.”
32-bit VDA example registry configuration:
[HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\HdxMediaStreamForFlash\Server\PseudoServer] Client agnostic settings
“ClientFlashPlayerVersionMinimum”=”13.0” Minimum version required for the ICA client “ServerFlashPlayerVersionMinimum”=”13.0” Minimum version required for the ICA server [HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\HdxMediaStreamForFlash\Server\PseudoServer\ClientID0x1] Windows ICA Client settings
“ClientFlashPlayerVersionMinimum”=”16.0.0” This setting specifies the minimum version of the Flash Player required for the Windows client [HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\HdxMediaStreamForFlash\Server\PseudoServer\ClientID0x51] Linux ICA Client settings
“FlashPlayerVersionComparisonMask”=dword:00000000 This setting disables the version comparison-check for the linux client (checking to see that the client has a more recent Flash Player than the server) “ClientFlashPlayerVersionMinimum”=”11.2.0” This setting specifies the minimum version of the Flash Player for the Linux client.
64-bit VDA example registry configuration: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\HdxMediaStreamForFlash\Server\PseudoServer]