Citrix ICA virtual channels

Warning

Editing the registry incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.

What are ICA virtual channels?

A large portion of the functionality and communication between the Citrix Workspace app and the Citrix Virtual Apps and Desktops servers occurs over virtual channels. Virtual channels are a necessary part of the remote computing experience with the Citrix Virtual Apps and Desktops servers. Virtual channels are used for:

  • Audio
  • COM ports
  • Disks
  • Graphics
  • LPT ports
  • Printers
  • Smart cards
  • Third-party custom virtual channels
  • Video

New virtual channels are sometimes released with new versions of the Citrix Virtual Apps and Desktops servers and Citrix Workspace app products to provide more functionality.

Virtual channels

A virtual channel consists of a client-side virtual driver that communicates with a server-side application. Citrix Virtual Apps and Desktops ship with various virtual channels included. They’re designed to allow customers and third-party vendors to create their own virtual channels by using one of the provided Software Development Kits (SDKs).

Virtual channels provide a secure way to accomplish various tasks. For example, an application that is running on a Citrix Virtual Apps server that is communicating with a client-side device or an application that is communicating with the client-side environment.

On the client side, virtual channels correspond to virtual drivers. Each virtual driver provides a specific function. Some are required for normal operation, and others are optional. Virtual drivers operate at the presentation layer protocol level. There can be several protocols active at any time by multiplexing channels that are provided by the Windows Station (WinStation) protocol layer.

The following functions are contained in the VirtualDriver registry value under this registry path:

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICA 3.0

or

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICA 3.0 (for 64-bit)

  • Thinwire3.0 (Required)
  • ClientDrive
  • ClentPrinterQueue
  • ClentPrinterPort
  • Clipboard
  • ClientComm
  • ClientAudio
  • LicenseHandler (Required)
  • TWI (Required)
  • SmartCard
  • ICACTL (Required)
  • SSPI
  • TwainRdr
  • UserEXperience
  • Vd3d

Note:

You can disable specific client functionality by removing one or more of these values from the registry key. For example, if you wanted to remove the Client Clipboard, remove the word Clipboard.

This list contains the client virtual driver files and their respective functions. Citrix Virtual Apps and Citrix Workspace app for Windows use these files. They are in the form of Dynamic Link Libraries (user mode), and not Windows drivers (kernel mode) except for Generic USB as described in Generic USB virtual channel.

  • vd3dn.dll – Direct3D virtual channel used for desktop composition redirection
  • vdcamN.dll – Bidirectional audio
  • vdcdm30n.dll – Client drive mapping
  • vdcom30N.dll - Client COM port mapping
  • vdcpm30N.dll – Client printer mapping
  • vdctln.dll – ICA controls channel
  • vddvc0n.dll – Dynamic virtual channel
  • vdeuemn.dll - End user experience monitoring
  • vdflash2.dll (vdflash.dll) – Flash virtual channel
  • vdgusbn.dll – Generic USB virtual channel
  • vdkbhook.dll – Transparent key pass-through
  • vdlfpn.dll – Framehawk display channel over UDP like transport
  • vdmmn.dll – Multimedia support
  • vdmrvc.dll – Mobile Receiver virtual channel
  • vdmtchn.dll - Multi-touch support
  • vdscardn.dll – Smartcard support
  • vdsens.dll – Sensors virtual channel
  • vdspl30n.dll – Client UPD
  • vdsspin.dll – Kerberos
  • vdtuin.dll – Transparent UI
  • vdtw30n.dll – Client Thinwire
  • vdtwin.dll – Seamless
  • vdtwn.dll – Twain

Some virtual channels are compiled into other files. For example Clipboard Mapping is available in wfica32.exe

64-bit compatibility

Citrix Workspace app for Windows is 64-bit compatible. As with most of the binaries compiled for 32 bit, these client files have 64-bit compiled equivalents:

  • brapi64.dll
  • confmgr.dll
  • ctxlogging.dll
  • ctxmui.dll
  • icaconf.exe
  • icaconfs.dll
  • icafile.dll
  • pnipcn64.dll
  • pnsson.dll
  • ssoncom.exe
  • ssonstub.dll
  • vdkbhook64.dll

Generic USB virtual channel

Generic USB virtual channel implementation uses two kernel mode drivers along with virtual channel driver vdgusbn.dll:

  • ctxusbm.sys
  • ctxusbr.sys

How ICA virtual channels work

Wfshell.exe loads the user mode virtual channel support on the server side and PicaShell.exe for the workstation VDA. For example, EUEM, Twain, Time Zone, Clipboard, Multimedia, and Seamless Session Sharing.

Others are loaded as kernel mode, for example:

  • CtxDvcs.sys – Dynamic virtual channel
  • Icausbb.sys – Generic USB redirection
  • Icardd.dll (vdtw30.dll legacy) – Graphics redirection driver for Terminal Server based session
  • Picadm.sys – Client drive mapping
  • Vd3dk.sys – Direct 3D virtual channel and WDD display driver for workstation based session
  • Picaser.sys – COM port redirection
  • Picapar.sys – LPT port redirection

Graphics virtual channel on the server side

Starting with XenApp 7.0 and XenDesktop7.0, ctxgfx.exe hosts the graphics virtual channel for both workstation and terminal server based sessions. Ctxgfx hosts platform specific modules that interact with the corresponding driver (Icardd.dll for RDSH and vd3dk.sys for workstation).

For XenDesktop 3D Pro deployments an OEM graphics driver is installed for the corresponding GPU on the VDA. Ctxgfx loads specialized adaptor modules to interact with the OEM graphics driver.

Hosting specialized channels in Windows services

On Citrix Virtual Apps and Desktops servers, various channels are hosted as Windows services. Such hosting provides one-to-many semantics for multiple applications in a session and multiple sessions on the server. Examples of such services include:

  • Citrix Device Redirector Service
  • Citrix Dynamic Virtual Channel Service
  • Citrix End User Experience Monitoring Service
  • Citrix HDX MediaStream for Flash Service
  • Citrix Location and Sensor Virtual Channel Service
  • Citrix MultiTouch Redirection Service
  • Citrix Print Manager Service
  • Citrix Smartcard Service
  • Citrix Audio Redirection Service (Citrix Virtual Desktops only)

The audio virtual channel on Citrix Virtual Apps is hosted using Windows Audio service.

On the server side, all client virtual channels are routed through the WinStation driver, Wdica.sys. On the client side, the corresponding WinStation driver, built into wfica32.exe, polls the client virtual channels. This image illustrates the virtual channel client-server connection.

Virtual channel connections

This overview contains a client-server data exchange using a virtual channel.

  1. The client connects to the Citrix Virtual Apps and Desktops server. The client passes information about the virtual channels it supports to the server.
  2. The server-side application starts, obtains a handle to the virtual channel, and optionally queries for additional information about the channel.
  3. The client virtual driver and server-side application pass data using the following two methods:

    • If the server application has data to send to the client, the data is sent to the client immediately. When the client receives the data, the WinStation driver de-multiplexes the virtual channel data from the ICA stream and immediately passes it to the client virtual driver.
    • If the client virtual driver has data to send to the server, the data is sent the next time the WinStation driver polls it. When the server receives the data, it is queued until the virtual channel application reads it. There is no way to alert the server virtual channel application that data was received.
  4. When the server virtual channel application is completed, it closes the virtual channel and frees any allocated resources.

Creating your own virtual channel using the Virtual Channel SDK

Creating a virtual channel using the Virtual Channel SDK requires intermediate programming knowledge. Use this method to provide a major communication path between the client and the server. For example, if you are implementing usage of a device on the client side, such as a scanner, to be used with a process in the session.

Notes:

  • The Virtual Channel SDK requires the WFAPI SDK to write the server side of the virtual channel.

  • Because of enhanced security for Citrix Virtual Apps and Desktops and Citrix Workspace app for Windows, you must take an extra step when installing a custom virtual channel.

Creating your own virtual channel using the ICA Client Object SDK

Creating a virtual channel using the ICA Client Object (ICO) is easier than using the Virtual Channel SDK. You do this by creating a named object in your program using the CreateChannels method.

Important:

Because of enhanced security starting with the 10.00 version of the Citrix Receiver for Windows and later (and Citrix Workspace apps for Windows), you must take an extra step when creating an ICO virtual channel.

For more information, see Client Object API Specification Programmer’s Guide.

Pass-through functionality of virtual channels

Most virtual channels that Citrix provides operate unmodified when you use the Citrix Workspace app for Windows within an ICA session (also known as a pass-through session). Be aware that there are considerations when using the client in additional hops.

The following functions operate the same way in single or multiple hops:

  • Client COM port mapping
  • Client drive mapping
  • Client printer mapping
  • Client UPD
  • End user experience monitoring
  • Generic USB
  • Kerberos
  • Multimedia support
  • Smartcard support
  • Transparent key pass-through
  • Twain

As the inherent nature of latency and factors such as compression and decompression and rendering being performed at each hop, performance might be affected with each additional hop that the client undergoes. The affected areas are:

  • Bidirectional audio
  • File transfers
  • Generic USB redirection
  • Seamless
  • Thinwire

Important:

By default, the client drives mapped by an instance of the client running in a pass-through session are restricted to the client drives of the connecting client.

Pass-through functionality of virtual channels between a Citrix Virtual Desktop session and a Citrix Virtual App session

Most virtual channels provided by Citrix operate unmodified when you use Citrix Workspace app for Windows within an ICA session on a Citrix Virtual Desktops server (also known as a pass-through session).

Specifically, on the Citrix Virtual Desktops server, there is a VDA hook that runs picaPassthruHook. This hook makes the client think it’s running on a CPS server, and placing the client into its traditional pass-through mode.

We support the following traditional virtual channels and their functionality:

  • Client
  • Client COM port mapping
  • Client drive mapping
  • Client printer mapping
  • Generic USB (limited due to performance)
  • Multimedia support
  • Smartcard support
  • SSON
  • Transparent key pass-through

Security and ICA virtual channels

Securing usage is an important part of planning, developing, and implementing virtual channels. There are several references to specific areas of security located throughout this document.

Best practices

Keep this in mind when using virtual channels:

Open virtual channels when you Connect and Reconnect. Close virtual channels when you log off and Disconnect.

Keep the following guidelines in mind when you create scripts that use virtual channel functions.

Naming the Virtual Channels:

You can create a maximum of 32 virtual channels. Seventeen of the 32 channels are reserved for special purposes.

  • Virtual channel names must not be more than seven characters in length.

  • The first three characters are reserved for the vendor name, and the next four for the channel type. For example, CTXAUD represents the Citrix audio virtual channel.

Virtual channels are referred to by a seven-character (or shorter) ASCII name. In some previous versions of the ICA protocol, virtual channels were numbered. The numbers are now assigned dynamically based on the ASCII name, making implementation easier. Users who are developing virtual channel code for internal use only can use any seven-character name that does not conflict with existing virtual channels. Use only numbers and upper and lowercase ASCII. Follow the existing naming convention when adding your own virtual channels. There are several predefined channels. The predefined channels begin with the OEM identifier CTX and are for use only by Citrix.

Double-Hop Support:

Virtual Channel Is double hop supported?
Audio No
Browser Content Redirection Yes
CDM Yes
CEIP No
Clipboard Yes
Continuum (MRVC) No
Control VC Yes
Flash Redirection No
HTML5 Video Redirection (v1) Yes
Keyboard, Mouse Yes
MultiTouch No
NSAPVC No
Printing Yes
SensVC No
Smartcard Yes
Twain Yes
USB VC Yes
WAYCOM devices -K2M using USB VC Yes
Webcam Video Compression Yes
Windows Media Redirection Yes

See also

  • ICA Virtual Channel SDK
  • The Citrix Developer Network is the home for all technical resources and discussions involving the use of Citrix SDKs. In this network, you can find access to SDKs, sample code and scripts, extensions and plug-ins, and SDK documentation. Also included are the Citrix Developer Network forums, where technical discussions take place around each of the Citrix SDKs.