Sometimes an endpoint device is required to run mandatory software executables as per the end user's organization policy. Horizon Clients support the ability to download and run such executables. Administrators can upload these executable files on Unified Access Gateway by configuring the client custom executables settings in the admin UI.
The software executable file can be uploaded to Unified Access Gateway as a local file or by providing a URL reference. In the URL reference upload method, you place the executable file in a file server and specify the corresponding file server location URL when configuring the settings on the admin UI. With this URL reference, Unified Access Gateway can download the file from the configured URL.
The upload capability provides the option for the Horizon Client to automatically download and run the executables on the endpoint device after the user has successfully authenticated.
Prerequisites
For the local file upload method, ensure that you can access the software executable file on your local system.
For the URL reference upload method, ensure that you place the executable file in a file server that Unified Access Gateway can access without Authentication.
Procedure
- Log into the Admin UI and in the Configure Manually section, click Select.
- Go to and click the gear box icon.
- In the Client Custom Executables window, click Add.
- Enter the name of the custom executable.
- Select the OS type which is compatible for the executable.
Currently, the supported OS type is Windows.
- Select the File Upload Type.
- Depending on the file upload type selected previously, enter the following executable file information:
File Upload Type |
Procedure |
Local |
- Locate the executable file on your system and select the file.
- For Windows, the file must be in .exe or .msi format.
- Ensure that the file has only ASCII characters. The file must not have the following invalid characters:
\n , \r , \t , \0 , \f , ` , ? , * , \ , < , > , | , / , and : .
- Enter the Parameters.
- Upload the Trusted Code Signing Certificate for the software executable.
|
URL Reference |
- Enter the URL of the file server location from where Unified Access Gateway can download the executable file.
- Enter the following additional information: Parameters, File URL ThumbPrints, Trusted Code Signing Certificate, Trusted Certificates, and File refresh interval (in seconds).
|
The following information helps you understand the settings provided for uploading the executable file to
Unified Access Gateway:
-
Parameters
-
Command-line parameters used by the
Horizon Client to run the executable on the endpoint.
For information about the commands required to run the executable, see the executable's documentation.
-
Flags
-
Enter the flag used by the
Horizon Client to run the executable on different environments with customized run-time attributes. If more than one flag values are required, separate them by comma or space. For more information about flag options, see
OPSWAT Integration Requirements in the
VMware Horizon Client for Windows Product Documentation at
VMware Docs.
-
Example
- RUN_AS_USER flag allows to run in the User context.
- RUN_AS_SYSTEM flag allows to run in the System context. This includes the copy to the program files area.
-
File refresh interval (in seconds)
-
The periodic time interval, in seconds, at which the executable file is fetched from the URL, which is specified in the
File URL text box.
-
File URL Thumbprints
-
Enter the list of File URL thumbprints. If you do not provide a list of thumbprints, ensure that the server certificates are issued by a trusted CA. Enter the hexadecimal thumbprint digits. For example, sha1= C3 89 A2 19 DC 7A 48 2B 85 1C 81 EC 5E 8F 6A 3C 33 F2 95 C3.
-
Trusted Code Signing Certificate
-
Code Signing Certificate for the software executable downloaded and run by the
Horizon Client on the endpoint device. The certificate is supported in PEM format.
To select a certificate in PEM format and add to the trust store, click +. To remove a certificate from the trust store, click -.
By default, the alias name is the filename of the PEM certificate. To provide a different name, edit the alias text box.
-
Trusted Certificates
-
If the File URL server certificate is not issued by a trusted public CA, you can specify that certificate (in PEM format) to be trusted by Unified Access Gateway when communicating to the File URL for downloading the custom executable file. This is an alternative to File URL Thumbprints.
To select a certificate in PEM format and add to the trust store, click +. To remove a certificate from the trust store, click -. By default, the alias name is the filename of the PEM certificate. To provide a different name, edit the alias text box.
- Click Save.
What to do next
For the
Horizon Client to download and run the executable after successful user authentication, the executable must be added to
Horizon settings in the admin UI.
- In the Unified Access Gateway Admin UI, navigate to the Horizon Settings window.
- On this window, locate the Client Custom Executables option.
- Select the custom executable that must be run on the endpoint device.
- To add the executable to these settings, click the + icon.
- Click Save.