Single-Pod Broker - Horizon Cloud Pods and the URL Content Redirection Feature

This documentation page describes how the URL content redirection feature works in a Horizon Cloud on Microsoft Azure deployment. The deployment must be configured to use single-pod brokering to have use of the URL content redirection feature.

Brief Introduction

Redirection from a remote desktop or application to a client is called agent-to-client redirection. Redirection from a client to a remote desktop or application is called client-to-agent redirection.

Agent-to-client redirection: With agent-to-client redirection, Horizon Agent sends the URL to Horizon Client, which opens the default application for the protocol in the URL on the client machine. For details about configuring agent-to-client redirection, read this page's sections.
Client-to-agent redirection: With client-to-agent redirection, the system opens a remote desktop or remote application that you specified to handle the URL. For details about configuring client-to-agent redirection, see Single-Pod Broker - Horizon Cloud Pods - Create a URL Redirection Customization and Assign it to Users .

You can redirect some URLs from a remote desktop or application to a client, and redirect other URLs from a client to a remote desktop or application. You can redirect any number of protocols, including HTTP, HTTPS, mailto, and callto.

Configuring Agent-to-Client Redirection

To enable agent-to-client redirection, you perform the following configuration tasks.

Ensure the URL content redirection feature is enabled in Horizon Agent in the image VM, as described in the prerequisites section in Single-Pod Broker - Horizon Cloud Pods - Create a URL Redirection Customization and Assign it to Users.
Apply the URL Content Redirection group policy settings to your remote desktops and applications. See the following section about adding the ADMX template to a GPO.
Configure group policy settings to indicate, for each protocol, how the Horizon Agent should redirect the URL. See the following section about the group policy settings.

Add the URL Content Redirection ADMX Template to a GPO

The URL Content Redirection ADMX template file, called urlRedirection.admx, contains settings that enable you to control whether a URL link is opened on the client (agent-to-client redirection) or in a remote desktop or application (client-to-agent redirection).

To apply the URL Content Redirection group policy settings to your remote desktops and applications, add the ADMX template file to GPOs on your Active Directory server. For rules regarding URL links clicked in a remote desktop or application, the GPOs must be linked to the OU that contains your virtual desktops and RDS hosts.

You can also apply the group policy settings to a GPO that is linked to the OU that contains your Windows client computers, but the preferred method for configuring client-to-agent redirection is to use the vdmutil command-line utility. Because macOS does not support GPOs, you must use vmdutil if you have Mac clients.

Prerequisites

Verify that the URL content redirection feature is included when Horizon Agent is installed in the image VM, as described in Single-Pod Broker - Horizon Cloud Pods - Create a URL Redirection Customization and Assign it to Users.
Verify that Active Directory GPOs are created for the URL Content Redirection group policy settings.
Verify that the MMC and the Group Policy Management Editor snap-in are available on your Active Directory server.

Steps

Download the Horizon GPO Bundle from VMware Customer Connect at Download VMware Horizon Service.
From that URL, navigate into the Horizon Cloud Service on Microsoft Azure downloads location. In that page, you will see a list of downloadable items. Locate the entry named Horizon GPO Bundle and download its ZIP file. All of the ADMX files that provide group policy settings for Horizon-related components are in this file.
Unzip the ZIP file and copy the following files to the indicated locations in your Active Directory server:
1. Copy the urlRedirection.admx file to the C:\Windows\PolicyDefinitions folder.
2. Copy the urlRedirection.adml language resource file to the appropriate subfolder in C:\Windows\PolicyDefinitions.
  For example, for the EN locale, copy the urlRedirection.adml file to the C:\Windows\PolicyDefinitions\en-US folder.
On your Active Directory server, open the Group Policy Management Editor.
The URL Content Redirection group policy settings are installed in Computer Configuration > Policies > Administrative Templates > VMware Horizon URL Redirection.

Then configure the group policy settings in your Active Directory server. See the following section about the group policy settings.

URL Content Redirection Group Policy Settings

The URL Content Redirection template file contains group policy settings that enable you to create rules for configuring the agent-to-client redirection capability for your Horizon Cloud environment. The template file contains only Computer Configuration settings. All of the settings are in the VMware Horizon URL Redirection folder in the Group Policy Management Editor.

Important: Even though the URL Content Redirection template file contains group policy settings related to client-to-agent redirection, in Horizon Cloud, you do not use group policy settings to configure client-to-agent redirection. Instead, you use the Horizon Universal Console to create the rules for client-to-agent redirection. You create rules for client-to-agent redirection when you create a URL redirection assignment in the console. For detailed steps, see Single-Pod Broker - Horizon Cloud Pods - Create a URL Redirection Customization and Assign it to Users.

The following table describes the group policy settings available in the URL Content Redirection template file.

Table 1. URL Content Redirection Group Policy Settings
Setting	Properties
IE Policy: Prevent users from changing URL Redirection plugin loading behavior	Determines whether users can deactivate the URL Content Redirection feature. This setting is not configured by default.
IE Policy: Automatically enable URL Redirection plugin	Determines whether newly installed Internet Explorer plug-ins are automatically activated. This setting is not configured by default.
Url Redirection Enabled	Determines whether the URL Content Redirection feature is enabled. You can use this setting to deactivate the URL Content Redirection feature even if the feature has been installed in the client or agent. This setting is not configured by default.
Url Redirection Protocol 'http'	For all URLs that use the HTTP protocol, specifies the URLs that should be redirected. This setting has the following options: Broker Hostname - IP address or fully qualified name of the Connection Server host to use when redirecting URLs to a remote desktop or application. Remote Item - display name of the remote desktop or application pool that can handle the URLs specified in Agent Rules. Client Rules - the URLs that should be redirected to the client. For example, if you set Client Rules to `..mycompany.com`, all URLs that include the text mycompany.com are redirected to the Windows-based client and are opened in the default browser on the client. Agent Rules - the URLs that should be redirected to the remote desktop or application specified in Remote Item. For example, if you set Agent Rules to `..mycompany.com`, all URLs that include `mycompany.com` are redirected to the remote desktop or application. When you create agent rules, you must also use the Broker Hostname option to specify the IP address or fully qualified domain name of the Connection Server host, and the Remote Item option to specify the display name of the desktop or application pool. Note: The preferred method for configuring client rules is to use the vdmutil command-line utility. This setting is enabled by default.
Url Redirection Protocol '[...]'	Use this setting for any protocol other than HTTP, such as HTTPS, email, or callto. The options are the same as for Url Redirection Protocol 'http'. If you do not need to configure other protocols, you can delete or comment out this entry before adding the URL Content Redirection template file to Active Directory. As a best practice, configure the same redirection settings for the HTTP and HTTPS protocols. That way, if a user types a partial URL into Internet Explorer, such as mycompany.com, and that site automatically redirects from HTTP to HTTPS, the URL Content Redirection feature will work as expected. In this example, if you set a rule for HTTPS but do not set the same redirection setting for HTTP, the partial URL that the user types is not redirected. This setting is not configured by default.