Installing and configuring the Browser Redirection feature involves installing the Google Chrome or Microsoft Edge (Chromium) browser, enabling the Browser Redirection feature on the agent machine, and specifying the URLs for redirection.
Optionally, you can specify the URLs that users can navigate to from redirected URLs and customize fallback behavior for allow list violations. You can also configure client-side group policy settings for microphone and camera use, certificate error handing, and browser cache storage.
To enable Browser Redirection and specify the URLs for redirection, you must configure agent-side group policy settings on your Active Directory server. Compile a list of the URLs for websites that can be redirected and, optionally, for the websites that users can navigate to from redirected URLs. Include the http:// or https:// prefix in the URLs. You can use match patterns in the URLs. For example, to redirect all Yahoo content, enter https://www.yahoo.com/*. For more information, see https://developer.chrome.com/extensions/match_patterns.
Prerequisites
- Verify that you can log in as an Administrator domain user on the machine that hosts your Active Directory server.
- Verify that the MMC and the Group Policy Object Editor snap-in are available on your Active Directory server.
- Add the VMware View Agent Configuration ADMX template file (vdm_agent.admx) to a GPO that is linked to the OU for the virtual desktop or to the RDS host for the published desktop. If you plan to configure any of the optional client-side group policy settings, also add the Horizon Client Configuration ADMX template file (vdm_client.admx). For installation instructions, see Add the ADMX Template Files to Active Directory.
- Compile a list of URLs for websites that can use the Browser Redirection feature.
Procedure
- Install the Google Chrome or Microsoft Edge (Chromium) browser on the remote desktop.
- On your Active Directory server, open the Group Policy Management Editor.
- Navigate to the folder.
- Open the Enable VMware HTML5 Features setting, select Enabled, and click OK.
- Navigate to the folder.
- Open the Enable VMware Browser Redirection setting, select Enabled, and click OK.
- To enable the Browser Redirection feature for the Google Chrome browser, perform these steps.
- Navigate to the folder
- Open the Enable VMware Browser Redirection for Chrome Browser, select Enabled, and click OK.
- To enable the Browser Redirection feature for the Microsoft Edge (Chromium) browser, perform these steps.
- Navigate to the folder
- Open the Enable VMware Browser Redirection feature for Microsoft Edge (Chromium) Browser, select Enabled, and click OK.
- Specify the URLs for the Browser Redirection feature.
Users can visit these URLs by entering them in either the Chrome address bar or the custom address bar. Users can also visit these URLs by navigating to them starting from another URL in the list, or from any agent-side rendered page. Only the URLs that you specify are redirected. No URLs are added by default.
- Open the Enable URL list for VMware Browser Redirection setting and select Enabled.
- Click Show, enter the URLs in the Value name column, and click OK.
Leave the Value column blank.
- To save the policy setting, click OK.
- (Optional) Configure one or more of the optional agent-side group policy settings.
The following table describes the optional agent-side group policy settings.
Option |
Description |
Enable Navigation URL list for VMware Browser Redirection |
You can use this setting to specify the URLs that a user is allowed to navigate to from a URL specified in the Enable URL list for VMware Browser Redirection list, either by entering the URL directly in the custom address bar, or by navigating to the URL starting from a URL specified in the list. Users cannot visit these URLs directly by entering them into the Chrome address bar or by navigating to them from an agent-side rendered page. To specify the URLs, click Show, enter the URLs in the Value name column, and click OK. Leave the Value column blank. |
Enable automatic fallback after a whitelist violation |
When you activate this setting, if a user navigates to a URL that is not specified in one of the Browser Redirection allow lists, either by entering it in the custom address bar or by navigating to it starting from a URL in either allow list, redirection stops for that tab and the URL is fetched and displayed on the agent instead.
Note: If a user attempts to navigate to a URL that is not specified in the
Enable URL list for VMware Browser Redirection setting, the tab always falls back to fetching and rendering the URL on the agent, regardless of whether this setting is activated.
|
Show a page with error information before automatic fallback |
When you activate this setting, and a allow list violation occurs, a page appears that shows a five-second count down. After five seconds have elapsed, the tab falls back to fetching and rendering the URL that caused the violation on the agent. If this setting is deactivated, the five-second warning page does not appear. This setting takes effect only if the Enable automatic fallback after a whitelist violation setting is also activated. |
- (Optional) To configure one or more of the optional client-side group policy settings, navigate to the folder.
The following table describes the client-side group policy settings.
Option |
Description |
Enable WebRTC camera and microphone access for browser redirection |
When you activate this setting, redirected pages that use WebRTC have access to the client system's camera and microphone. This setting is activated by default. |
Ignore certificate errors for browser redirection |
When you activate this setting, certificate errors that occur in a redirected page are ignored and browsing proceeds. This setting is deactivated by default. |
Enable cache for browser redirection |
When you activate this setting, the browsing history, including cookies, is stored on the client system. This setting is activated by default.
Note: Deactivating this setting does not clear the cache. If you deactivate and then re-activate this setting, the cache is reused.
|
Example
https://play.google.com and
https://news.google.com have a common sign-in page,
https://accounts.google.com.
In following example, https://play.google.com/* and https://accounts.google.com/* are included in Enable URL list for VMware Browser Redirection. The following table describes the behavior that occurs in this scenario.
A user visits https://play.google.com |
- https://play.google.com is redirected to the client machine.
- When the user signs in, https://accounts.google.com opens on the client machine and the user authenticates on the client machine.
- After successful authentication, the website redirects back to https://play.google.com on the client machine and the user is logged in correctly.
|
A user visits https://news.google.com |
- https://news.google.com is rendered on the agent machine.
- When the user signs in, https://accounts.google.com is redirected to the client machine and the user authenticates on the client machine.
- After successful authentication, the user is not logged in correctly because https://news.google.com is rendered on the agent machine, but authentication occurred on the client machine.
|
A user opens https://accounts.google.com directly in the address bar |
https://accounts.google.com is redirected to the client machine. |
In the next example, https://play.google.com/* is included in Enable URL list for VMware Browser Redirection and https://accounts.google.com/* is included in Enable Navigation URL list for VMware Browser Redirection. The following table describes the behavior that occurs in this scenario.
A user visits https://play.google.com |
- https://play.google.com is redirected to the client machine.
- When the user signs in, https://accounts.google.com opens on the client machine and the user authenticates on the client machine.
- After successful authentication, the website redirects back to https://play.google.com on the client machine and the user is logged in correctly.
|
A user visits https://news.google.com |
- https://news.google.com is rendered on the agent machine.
- When the user signs in, https://accounts.google.com is rendered on the agent machine and the user authenticates on the agent machine.
- After successful authentication, the website redirects back to https://news.google.com on the agent machine and the user is logged in correctly.
|
A user opens https://accounts.google.com directly in the address bar |
https://accounts.google.com is rendered on the agent machine. |