Sometimes an endpoint device is required to run mandatory software executables as per the end user's organization policy. Horizon Clients support the ability to download and run such executables. Administrators can upload these executable files on Unified Access Gateway by configuring the client custom executables settings in the admin UI.

The software executable file can be uploaded to Unified Access Gateway as a local file or by providing a URL reference. In the URL reference upload method, you place the executable file in a file server and specify the corresponding file server location URL when configuring the settings on the admin UI. With this URL reference, Unified Access Gateway can download the file from the configured URL.

The upload capability provides the option for the Horizon Client to automatically download and run the executables on the endpoint device after the user has successfully authenticated.

Prerequisites

For the local file upload method, ensure that you can access the software executable file on your local system.

For the URL reference upload method, ensure that you place the executable file in a file server that Unified Access Gateway can access without Authentication.

Procedure

  1. Log into the Admin UI and in the Configure Manually section, click Select.
  2. Go to Advanced Settings > Client Custom Executables and click the gear box icon.
  3. In the Client Custom Executables window, click Add.
  4. Enter the name of the custom executable.
  5. Select the OS type which is compatible for the executable.
    Currently, the supported OS type is Windows.
  6. Select the File Upload Type.
  7. Depending on the file upload type selected previously, enter the following executable file information:
    File Upload Type Procedure
    Local
    1. Locate the executable file on your system and select the file.
      • For Windows, the file must be in .exe or .msi format.
      • Ensure that the file has only ASCII characters. The file must not have the following invalid characters: \n, \r, \t, \0, \f, `, ?, *, \, <, >, |, /, and :.
    2. Enter the Parameters.
    3. Upload the Trusted Code Signing Certificate for the software executable.
    URL Reference
    1. Enter the URL of the file server location from where Unified Access Gateway can download the executable file.
    2. Enter the following additional information: Parameters, File URL ThumbPrints, Trusted Code Signing Certificate, Trusted Certificates, and File refresh interval (in seconds).
    The following information helps you understand the settings provided for uploading the executable file to Unified Access Gateway:
    Parameters
    Command-line parameters used by the Horizon Client to run the executable on the endpoint.

    For information about the commands required to run the executable, see the executable's documentation.

    Flags
    Enter the flag used by the Horizon Client to run the executable on different environments with customized run-time attributes. If more than one flag values are required, separate them by comma or space. For more information about flag options, see OPSWAT Integration Requirements in the VMware Horizon Client for Windows Product Documentation at VMware Docs.
    Example
    • RUN_AS_USER flag allows to run in the User context.
    • RUN_AS_SYSTEM flag allows to run in the System context. This includes the copy to the program files area.
    File refresh interval (in seconds)
    The periodic time interval, in seconds, at which the executable file is fetched from the URL, which is specified in the File URL text box.
    File URL Thumbprints
    Enter the list of File URL thumbprints. If you do not provide a list of thumbprints, ensure that the server certificates are issued by a trusted CA. Enter the hexadecimal thumbprint digits. For example, sha1= C3 89 A2 19 DC 7A 48 2B 85 1C 81 EC 5E 8F 6A 3C 33 F2 95 C3.
    Trusted Code Signing Certificate
    Code Signing Certificate for the software executable downloaded and run by the Horizon Client on the endpoint device. The certificate is supported in PEM format.

    To select a certificate in PEM format and add to the trust store, click +. To remove a certificate from the trust store, click -.

    By default, the alias name is the filename of the PEM certificate. To provide a different name, edit the alias text box.

    Trusted Certificates

    If the File URL server certificate is not issued by a trusted public CA, you can specify that certificate (in PEM format) to be trusted by Unified Access Gateway when communicating to the File URL for downloading the custom executable file. This is an alternative to File URL Thumbprints.

    To select a certificate in PEM format and add to the trust store, click +. To remove a certificate from the trust store, click -. By default, the alias name is the filename of the PEM certificate. To provide a different name, edit the alias text box.

  8. Click Save.

What to do next

For the Horizon Client to download and run the executable after successful user authentication, the executable must be added to Horizon settings in the admin UI.
  1. In the Unified Access Gateway Admin UI, navigate to the Horizon Settings window.
  2. On this window, locate the Client Custom Executables option.
  3. Select the custom executable that must be run on the endpoint device.
  4. To add the executable to these settings, click the + icon.
  5. Click Save.