Product Documentation

Configure Flash Redirection

May 09, 2015
Flash Redirection offloads the processing of most Adobe Flash content (including animations, videos, and applications) to users' LAN- and WAN-connected Windows devices. By moving the processing to the user device rather than using server resources, Flash Redirection reduces server and network load. This results in greater scalability while ensuring a high definition user experience. Configuring Flash Redirection requires both server-side and client-side settings.
Caution: Flash Redirection involves significant interaction between the user device and server components. This feature should be used only in environments where security separation between the user device and server is not required. Additionally, user devices should be configured to use this feature only with trusted servers. Because Flash Redirection requires the Flash Player to be installed on the user device, this feature should be enabled only if the Flash Player itself is secured.

The legacy and second generation versions of Flash Redirection are independent solutions and run in separate virtual channels.

  • Legacy Flash Redirection features are supported on the client side only. If an earlier version of the Flash Player is installed on the user device, or if the Flash Player cannot be installed, Flash content renders on the server.
  • Second generation Flash Redirection is supported on both clients and servers. If the client supports second generation Flash Redirection, Flash content renders on the client. Second generation Flash Redirection features include:
    • Support for user connections over WAN.
    • Intelligent Fallback, which determines on a per-instance basis when it is more efficient to render the Flash content on the server.
    • Flash URL Compatibility List, which controls whether specific URLs should be rendered on the client, rendered on the server, or blocked.

For the latest updates to HDX Flash Compatibility, refer to CTX136588.

 

Flash event logging

Flash Redirection uses Windows event logging on the server to log Flash events. The event log indicates whether Flash Redirection is being used and provides details about issues. The following are common to all events logged by Flash Redirection:
  • Flash Redirection reports events to the Application log.
  • On Windows 8 and Windows 7 systems, a Flash Redirection-specific log appears in the Applications and Services Logs node.
  • The Source value is Flash.
  • The Category value is None.

Configure Flash Redirection on the server

Updated: 2014-08-11

To configure Flash Redirection on the server, use the following Citrix Policy settings:

  • Flash default behavior
  • Flash intelligent fallback
  • Flash server-side content fetching URL list
  • Flash URL compatibility list
  • Flash background color list

Set the Flash default behavior

The Citrix policy setting Flash default behavior establishes the default behavior of Flash acceleration. By default, Flash Redirection is enabled.

To override this default behavior for individual web pages and Flash instances, use the Flash URL compatibility list setting.

Three options are available:

Option Behavior
Block Flash player Flash Redirection and server-side rendering are not used. The user cannot view any Flash content.
Disable Flash acceleration Flash Redirection is not used. The user can view server-side rendered Flash content if a version of Adobe Flash Player for Windows Internet Explorer compatible with the content is installed on the server.
Enable Flash acceleration Flash Redirection is used; this is the default.
Important: This option requires that the Enable HDX MediaStream Flash Redirection on the user device Group Policy Objects policy setting is enabled on the user device.

Control Flash intelligent fallback

Flash intelligent fallback is enabled by default, to detect instances of small Flash movies (such as those frequently used to play advertisements) and to render them on the server instead of redirecting them for rendering on the user device.

Flash intelligent fallback does not cause any interruption or failure in the loading of the web page or the Flash application.

To redirect all instances of Flash content for rendering on the user device, disable the Flash intelligent fallback policy setting.

Identify websites for server-side content fetching

By default, Flash Redirection downloads Flash content to the user device, where it is played. The Flash server-side content fetching URL list policy setting allows you to specify websites whose Flash content can instead be downloaded to the server and then transferred to the user device for rendering. This setting works with the Enable server-side content fetching setting on the user device and is primarily intended for use with Intranet sites and internal Flash applications. It also works with most Internet sites and can be used when the user device does not have direct access to the Internet (for example, when the XenApp or XenDesktop server provides that connection).

Note: Server-side content fetching does not support Flash applications using Real Time Messaging Protocols (RTMP); instead, server-side rendering is used, which supports HTTP and HTTPS.
To create the list of allowed URLs, add the Flash server-side content fetching URL list setting to a policy and click New to add URLs to the list. When configuring the Flash server-side content fetching URL list setting:
  • Add the URL of the Flash application, not the top-level .html page that instantiates the Flash Player.
  • Use an asterisk character at the beginning or end of the URL as a wildcard to expand your list.
  • Use a trailing wildcard to allow all child URLs, for example http://www.sitetoallow.com/*.
  • The prefixes http:// or https:// are not required, but are used if present.
Important: On the user device, be sure to enable the Enable server-side content fetching policy setting.

Specify where Flash content renders

The Flash URL compatibility list policy setting lets you specify whether Flash content from listed websites is:
  • Rendered on the user device
  • Rendered on the server
  • Blocked from rendering
When configuring the Flash URL compatibility list setting:
  • Prioritize the list, placing the most important URLs, actions, and rendering locations at the top.
  • Add sites containing Flash content that does not render correctly on the user device, specifying the Render on Server or Block option.
  • Use an asterisk character at the beginning or end of the URL as a wildcard to expand your list.
  • Use a trailing wildcard to refer to all child URLs, for example http://www.sitetoblock.com/*.
  • The prefixes http:// or https:// are not required, but are used if present.
To add the Flash URL compatibility list setting to a policy:
  1. Click New to open the Add Flash URL Compatibility list entry dialog box.
  2. Select an Action: Render on Client, Render on Server, or Block.
  3. In the URL Pattern box, type the URL of the website.
  4. Select the Flash instance you want to serve as a trigger:
    • Select Any to have the action occur any time any Flash instance connects with the listed website.
    • Select Specific and specify the Flash player ID to have the action occur only when this specific Flash instance connects with the listed website.

Enable color matching between the web page and Flash instances

To improve the appearance of the web page when using Flash Redirection, use the Flash background color list policy setting. This enables you to match the colors of web pages and Flash instances.

When configuring the Flash background color list setting:
  • For best results, consider using a color not typically used on the web page, such as black.
  • Use a trailing wildcard to enable matching in all child URLs, for example, http://www.sitetomatch.com/* FF0000.
When adding the Flash background color list setting to a policy:
  1. Click New and type the website URL followed by the appropriate 24-bit Web color hexadecimal number (for example, http://www.sitetomatch.com/ FF0000).
  2. Click the Accept button.

Configure Flash Redirection on the user device

To use Flash Redirection, install Citrix Receiver and the Adobe Flash Player on the user device. No further configuration is required on the user device. However, you can change the default settings using Group Policy Objects as described in this section.

Use Group Policy Objects to configure Flash Redirection on the user device

  1. Create or select an existing Group Policy Object.
  2. Import and add the HDX MediaStream Flash Redirection - Client administrative template (HdxFlash-Client.adm), available in:
    • For 32-bit computers: %Program Files%\Citrix\ICA Client\Configuration\language
    • For 64-bit computers: %Program Files (x86)%\Citrix\ICA Client\Configuration\language
The policy settings appear under Administrative Templates > Classic Administrative Templates (ADM) > HDX MediaStream Flash Redirection - Client.
Note: For details on creating Group Policy Objects and importing and adding templates, see the Microsoft Active Directory documentation at http://www.microsoft.com.

Change when Flash Redirection is used

In conjunction with server-side settings, the Enable HDX MediaStream Flash Redirection on the user device policy setting controls whether Adobe Flash content is redirected to the user device for local rendering.
Note: If no configuration is set and Desktop Lock is used, Flash Redirection is enabled on the user device by default.
By default, Flash Redirection is enabled and uses intelligent network detection to determine when to play Flash content on the user device. To change when Flash Redirection is used or to disable Flash Redirection on the user device:
  1. From the Setting list, select Enable HDX MediaStream Flash Redirection on the user device and click policy setting.
  2. Select Not Configured, Enabled (the default), or Disabled.
  3. If you selected Enabled, choose an option from the Use HDX MediaStream Flash Redirection list:
    • To use the latest Flash Redirection functionality when the required configuration is present, and revert to server-side rendering when it is not, select Only with Second Generation.
    • To always use Flash Redirection, select Always. Flash content plays on the user device.
    • To never use Flash Redirection, select Never. Flash content plays on the server.
    • To use intelligent network detection to assess the security level of the client-side network to determine when using Flash Redirection is appropriate, select Ask (the default). If the security of the network cannot be determined, the user is asked whether to use Flash Redirection. If the network security level cannot be determined, the user is prompted to choose whether to use Flash Redirection.

The following illustration indicates how the Flash Redirection is handled for various network types.


Intelligent network detection for Flash Redirection
Note: Users can override intelligent network detection from the Citrix Receiver - Desktop Viewer Preferences dialog box by selecting Optimize or Don't Optimize in the Flash tab. The choices available vary depending on how Flash Redirection is configured on the user device, as shown in the following illustration.

User control of Flash Redirection

Synchronize client-side HTTP cookies with the server-side

Synchronization of the client-side HTTP cookies with the server-side is disabled by default. Enable synchronization to download HTTP cookies from the server. These HTTP cookies are then used for client-side content fetching and are available as needed by sites containing Flash content.
Note: Client-side cookies are not replaced during the synchronization; they remain available even if the synchronization policy is later disabled.
  1. From the Setting list, select Enable synchronization of the client-side HTTP cookies with the server-side and click policy setting.
  2. Select Not Configured, Enabled, or Disabled (the default).

Enable server-side content fetching

By default, Flash Redirection downloads Adobe Flash content to the user device, where it is played. Enabling server-side content fetching causes the Flash content to download to the server and then be sent to the user device. Unless there is an overriding policy (such as a site blocked through the Flash URL compatibility list policy setting), the Flash content plays on the user device.

Server-side content fetching is frequently used when:
  • The user device connects to internal sites through Citrix NetScaler Gateway.
  • The user device does not have direct access to the Internet.
Note: Server-side content fetching does not support Flash applications using Real Time Messaging Protocols (RTMP). Instead, server-side rendering is used for such sites.
Second generation Flash Redirection supports three enabling options for server-side content fetching, as described in the following table. Two of these options include the ability to cache server-side content on the user device; this improves performance because content that is reused is already available on the user device for rendering.
Note: The contents of this cache are stored separately from other HTTP content cached on the user device.
Option Description
Disabled Disables server-side content fetching, overriding the Flash server-side content fetching URL list setting on the server. Server-side content fetching fallback is also disabled.
Enabled Enables server-side content fetching for web pages and Flash applications identified in the Flash server-side content fetching URL list. Server-side content fetching fallback is available, but Flash content is not cached.
Enabled (persistent caching) Enables server-side content fetching for web pages and Flash applications identified in the Flash server-side content fetching URL list. Server-side content fetching fallback is available. Content obtained through server-side fetching is cached on the user device and stored from session to session.
Enabled (temporary caching) Enables server-side content fetching for web pages and Flash applications identified in the Flash server-side content fetching URL list. Server-side content fetching fallback is available. Content obtained through server-side fetching is cached on the user device and deleted at the end of the session.
Note: With second generation Flash redirection, fallback to server-side content fetching begins automatically when any of the above enabling options is selected and client-side fetching of .swf files fails.

Enabling server-side content fetching requires settings on both the client device and the server:

  1. From the Setting list, select Enable server-side content fetching and click policy setting.
  2. Select Not Configured, Enabled, or Disabled (the default). If you are enabling this setting, choose an option from the Server-side content fetching state list:
    • Disabled
      Note: This setting is preserved in the Registry.
    • Enabled
    • Enabled (persistent caching)
    • Enabled (temporary caching)
  3. On the server, enable the Flash server-side content fetching URL list policy setting and populate it with target URLs.

Redirect user devices to other servers for client-side content fetching

You can redirect an attempt to obtain Flash content using the URL rewriting rules for client-side content fetching setting, which is a second generation Flash Redirection feature. When configuring this feature, you provide two URL patterns using Perl regular expressions. If the user device attempts to fetch content from a website matching the first pattern (the URL match pattern), it is redirected to the website specified by the second pattern (the rewritten URL format).

You can use this setting to compensate for content delivery networks (CDN). Some websites delivering Flash content use CDN redirection to enable the user to obtain the content from the nearest of a group of servers containing the same content. When using the Flash Redirection client-side content fetching feature, the Flash content is requested from the user device, while the rest of the web page on which the Flash content resides is requested by the server. If CDN is in use, the server request is redirected to the closest server, and the user device request follows to the same location. Note that this may not be the location closest to the user device; depending on distance, there could be a noticeable delay between the loading of the web page and the playing of the Flash content.

  1. From the Setting list, select URL rewriting rules for client-side content fetching and click policy setting.
  2. Select Not Configured, Enabled, or Disabled. Not Configured is the default; Disabled causes any URL rewriting rules configured in the next step to be ignored.
  3. If you selected Enabled, click Show. Using Perl regular expression syntax, type the URL match pattern in the Value name box and the rewritten URL format in the Value box.