Whitepaper: Setup Guide IGEL Linux and USB Redirection Page 1

Whitepaper

Setup Guide IGEL Linux and USB Redirection

Version 1.00

Sponsored by:

Blog: blog.cloud-client.info

Website: www.cloud-client.info

This document can be distributed / used free of charge and has no commercial background.

It’s not allowed to use parts of this document in other documentations, articles or any other way without the permission by the

author. For questions related to the document contact blog@cloud-client.info

The author is not responsible for any damage related to this document incl. usage of 3rd Party Software or configuration

suggestions provided by this document. Please test any provided information in advance!

© Michael Hoting 2014

Whitepaper: Setup Guide IGEL Linux and USB Redirection Page 2

Task

You want to use USB devices together with a Terminal Server / VDI? Here is how to go…

Requirements

- A Thin Client/PC with the IGEL Linux (OS/LX) installed

- A supported environment, support solutions (native) are:

- Remote Desktop Services (Windows Server 2012 / 2012 R2, Windows 8 / 8.1 / 7, attention Windows 7

based VDI’s must be running on Hyper-V with an assigned RemoteFX Graphic Card)

- Citrix XenDesktop Version 4 and higher

- Citrix XenApp Version 7.5 and higher

- VMWare View with enabled and used PCOIP protocol, other protocols are not support.

For other none native solutions you can also use Fabulatech USB for Remote Desktop, this solutions

require the installed Fabulatech USB for Remote Desktop server component at the Terminal Server or

VDI. Please note: Only USB for Remote Desktop is supported, extra Fabulatech license fees do apply. If

you want to buy Fabulatech Licenses don’t forget to mention to be an IGEL customer, it will reduce the

fees a little bit. A trial version is also available and should be used to verify the solution in advance.

Important

Server Operating Systems require pre-installed device drivers! You can’t use USB redirection with a Server OS

if drivers for devices are not available and installed on the Server, this is by design and it must work in this

way. Just think about what happens on a Terminal Server with 20 Users or more and a User is able to install a

driver… Reboot and all Users are offline. Great!

Prevent extremely stupid things, here are the Top 10:

1) Do never map USB based Network devices, this will drop established connections you know?

2) Do never map DVD or Blue Ray drives to create/write DVD’s or Blue Ray, can your network handle the

full USB Speed? Mostly no and the result will be a lot of damaged DVD’s or Blue Ray discs.

3) Do never map devices which can’t deal with latency, this could be Smart Cards, Imaging devices (like

Swiss PayPen or some Business Card scanners); you will get crazy results..

4) Be careful with Human Interface Devices (Mouse, Keyboard and Display Touch Panel), it will be not

available anymore for local Applications at the Client.

5) USB Redirection is not supported by any Mobile Phone Vendor, for some Vendors like Apple or

Microsoft it’s forbidden thru the EULA. If something happens here you may lost any support and

warranty so check this for all devices you want to redirect in advance!!!

Whitepaper: Setup Guide IGEL Linux and USB Redirection Page 3

6) Always be aware what you are doing, you map a hardware thru the Network to a server/desktop and a

driver is a very sensible thing. It might happen that this will result in: Blue Screens, Server freezes and

similar negative effects. Test everything in advance, use USB redirection only if really required and

never use it in general or for a large group of devices or users! Consider if using a WiFi connection that

also the device is now connected thru the Air and not thru a cable. Depending on the device this can

result in funny effects on the server site if the connection is not stable. Compare it to plug in / plug off

the USB cable very fast on a local PC.

7) Be aware that USB redirection can create a huge amount of network traffic by design (USB 2.0 Specs up

to 480mb/s=60mb/s effective per device, USB 3.0 Specs up to 5gb/s = 625mb/s effective per device).

Your network must be able to deal with it…

8) Do never ever use USB redirection with USB based Display Adapters! This will create fun in the network

and on the backend and this will often result in nice Blue Screens in your sever backend.

9) Be aware that some Vendors don’t deal with the USB Power Specs (5v with 0,5a=2,5w for USB 2.0),

Thin Clients by design are low voltage devices (20w power supply) and are not able to handle USB

devices which consumes much more power like defined in the USB specifications. It might be required

to use a Y-cable or an extra power supply for the USB device you want to redirect. This issue always

pops up after the driver is installed and the driver try so grant more power to the USB port. Typical

behavior, you plug in a device and you see the driver installs. After the driver is available the device is

not available anymore or listed as none working device, if this happens very often the device got

insufficient power.

10) Don’t try to get support from a Hard- or Software vendor for a device which is not working thru USB

redirection, they will not provide you any support. USB Redirection will never be 100% compatible and

be aware that everything you are doing is on your own risk.

At least….

Only a complete moron will perform a USB firmware device update thru USB

redirection! I just want to make this very clear!

Please Note

This Whitepaper is provided for free without any warranty or support from Citrix, VMWare, Microsoft,

Fabulatech, IGEL Technology, BCD-Sintrag AG or cloud-client.info. All configuration tasks are done at your own

risk, we are not responsible for any damage related to the use of this whitepaper.

Do not perform these configurations in a running production environment! User might by disconnected from

session or the infrastructure cannot be available during the configuration steps.

This Whitepaper covers only the basic and most important configuration settings which are required to get it

running. Special configurations, Tweaks and similar are not part of this Whitepaper.

Whitepaper: Setup Guide IGEL Linux and USB Redirection Page 4

Where are USB redirection setting’s located

For VMWare View, Microsoft RDP/Remote Desktop Services and Citrix Sessions you will always find the

settings/configurations in the session global configuration.

For example for Citrix Sessions:

Native USB redirection always means it’s the USB redirection coming with the solution itself, so in this case the

USB redirection coming with XenDesktop 4/5.x/7.x or XenApp 7.5.

As alternative you have also for Citrix and

Microsoft the Fabulatech USB redirection

available. Be aware that Fabulatech USB

redirection requires an add-on component

installed on the server. Do not mix native and

Fabulatech USB redirection or enable both at the

same time!

Why Fabulatech? Fabulatech is useful in

scenarios where the Terminal Server/VDI solution

do not offer a “native” USB redirection, as

example Windows Server 2008R2 RDS or Citrix XenApp 6.5. So it provides an add-on feature, Fabulatech is

licensed per User that uses USB Redirection.

One thing is important to know for the Fabulatech USB redirection setup, a change made in ICA Global-

>Fabulatech USB Redirection will also apply in RDP Global->Fabulatech USB Redirection. This behavior is

related to the fact that two times the same Fabulatech solution is used and this solutions is available for Citrix

ICA and Microsoft RDS.

Whitepaper: Setup Guide IGEL Linux and USB Redirection Page 5

Difference between Class- and Devicerules

Class Rules do apply for a USB device class, this means if you enable USB redirection for the USB Mass Storage

Device class all devices assigned to this class will be redirected. It’s a simple way to allow a bunch of different

devices for USB redirection but it could be also dangerous. As example if you allow the Class Human Interface

Device to redirect a Sign Pad or a Drawboard this will result also in a USB redirection for the Mouse and the

Keyboard, so the Mouse and the Keyboard are redirected and can’t be used with local available Application

running on the local Thin Client (like IGEL Setup, Firefox Browser or another Terminal Server/VDI session).

A device rule is based on a unique Vendor (VID) and Product ID (PID), this means all devices coming with the

same VID and PID will be redirected. Typical this is only one device Modell like a Fingerprint Reader (see

sample), dealing with the PID and VID will provide you a very detailed control about the redirected devices.

The screenshot is from the Windows Device Manager

(sorry, it’s in German) but here yon can see the Vendor

ID marked in red and the Product ID marked in green.

Important for PID and VID, if different revisions of a

device type are available it could be that these different

revisions are coming with different PID’s. This means,

you might have to create several configurations for one

device type. If dealing with a Server OS as Terminal

Server/VDI you might also be forced to install several

drivers in this case, Vendors sometimes provide single

drivers for different revisions for one device model.

For low budget memory devices you can also see that a

couple of different devices always came with the same

PID and VID, so it’s not a solution to add USB Storage

security at his point.

Note: If you want to add USB device security (has nothing to do with USB redirection) please refer to our Blog

article: http://blog.cloud-client.info/?p=384 The article is already more than one year old but the procedure is

still valid for current IGEL Linux based Firmware’s.

Whitepaper: Setup Guide IGEL Linux and USB Redirection Page 6

USB 3.0 Redirection

Some IGEL devices are coming with USB 3.0 Ports and devices connected to these Ports can be used thru drive

mapping redirection, this doesn’t mean that these Ports can be also used for USB redirection!

Products currently supporting USB 3.0 on the Server Site:

VMWare View min. Version 5.3.x with Limitations, see VMWare Knowledgebase.

Citrix XenDesktop/XenApp min. Version 7.6.

Microsoft RemoteFX, no real Information’s available but it seems to be unsupported at the moment (Windows

8.1 / Windows Server 2012 R2 and earlier) or produces a lot if issues. Source: Microsoft Technet Forum’s

Fabulatech USB for Remote Desktop Version 5.0.4.

Please note: This doesn’t mean that the current Agent for Linux do support this feature out of the box! Please

verify this in advance.

How can you test this? Just setup USB Redirection and connect the device to a USB 3.0 port (Blue connector)

and start a session, if the device is available in the session USB 3.0 is supported. If the device is not available

close the session and plugin the device to a USB 2.0 Port (Black connector), now start the session again. If the

device is available now, USB 3.0 is not supported. In case that you see no device again verify your

configuration at the Client and the Server.

Left: USB 2.0 Ports in Black Right: USB 3.0 Port

If you have migrated some none IGEL devices with the Universal Desktop Converter to the IGEL Linux, please

note that some vendors also use black connectors for the USB 3.0 ports: In this case refer to the device

manual where the USB 3.0 ports are located.

Whitepaper: Setup Guide IGEL Linux and USB Redirection Page 7

Special Notes related to Microsoft RemoteFX

There are some notes we want to add to RemoteFX based USB Redirection.

First of all USB Redirection with RemoteFX is not available for Windows 2008R2 in general and virtual

Windows 7 based VDI’s without a assigned RemoteFX GFX Card.

Also if you are using Windows 8.x based VDI’s or Windows 2012 R2 you should know that a USB device is not

always a USB device for RemoteFX.

One sample: You can redirect a WiFi Dongle, Bluetooth Token (to Windows 7/8 only, Windows Server OS do

not support Bluetooth!), Keyboard, Flatbed Scanner, Webcam or a XBOX 360 Controller but it will not work for

MTP based devices. Here Microsoft seems to handle the devices different and this is currently not supported

with the IGEL Linux RDS Client or better explained, we never got it to work with a Smart Phone (tested with

Windows Phone 8.1 and some Android based devices) with communication based on MTP. So a bunch of

Smart Phones will not work and/or are not supported, this is not directly mentioned by Microsoft but If you

read TechNet or some RemoteFX related Blogs you will see that Microsoft often describes USB Devices and

MTP based devices in relationship with Plug and Play device support for RemoteFX. This different wording

points to different handling with RemoteFX.

So if you want to deal with MTP communication based USB devices please note: It will currently not work with

the IGEL Linux and you have to use a Windows based client or Fabulatech USB redirection.

Remember: For Windows Server OS install the driver first!

If USB redirection is not working with one or more USB devices together with a Windows Server OS (2012 or

2012 R2 only) check the Windows Device Manager, for example if you redirect a XBOX 360 Controller to a

Server OS and the driver was not installed in advance it will look in this way:

The picture is in german but if you open the device you will get more details, the

error message will be “Device driver is not installed (Code 28)”. It’s not possible to

install the driver for the device at this point thru the device manager!

For Windows Desktop OS Versions the behavior is different, here the driver will be installed similar to a regular

Desktop/Laptop.

If you don’t see any USB device in the Windows device manager verify that USB redirection is enabled on the

Server or search the Web for a solution, USB redirection is very tricky and different solutions can create

different results. A device working with VMWare based USB redirection don’t have to work with another one

and so on… There is no guarantee at all!

Whitepaper: Setup Guide IGEL Linux and USB Redirection Page 8

A sample Setup

Here is one sample how a setup can look like, the sample is based on Microsoft RemoteFX but for Citrix

XenDeskop or XenApp (7.5) and Fabulatech the Setup will be similar so one sample should be enough.

Target:

USB Redirection for two devices, a XBOX 360 Game Controller and a Western Digital MyPassport HDD with

enabled Password protection, the last device do require USB redirection regarding the fact that WD don’t

offer a Linux Application to unlock the device. Only these two devices should be used with USB redirection,

USB class redirection for a bunch of devices should not be used at all.

Step1

First of all you need to do your basic session setup and to make sure that USB redirection is available for your

Terminal Server VDI’s. This is already done in my setup and do not require any special steps for the IGEL Linux.

Step 2

Gain the USB device ID’s, this can be done in several ways.

1) Thru a Windows Device Manager, see page 5.

2) Open the local IGEL Setup and browse to Devices->Hardware Info and start the Hardware Info Tool.

Now select USB Device and scoll down the list for the wanted USB devices, select a USB device and

write down the Vendor and Product ID (see screen below). Red=Vendor ID/Green=Product ID

Whitepaper: Setup Guide IGEL Linux and USB Redirection Page 9

3) Open a Linux Terminal (command line) and execute the command “lsusb”.

Red=Vendor ID/Green=Product ID

Do this for all devices you want to use with USB redirection, of course you can also deal with the class id

but I don’t recommend this at all.

Step 3

Open the IGEL Setup or the UMS Profile where you have done the global session setup, in my case it’s

Sessions->RDP->RDP Global->Native USB Redirection.

Create a new device rule by selecting the star in the device rules

panel and enter the first rule like the sample shown to the right.

If you got the PID and/or VID as three digit number like 45e or 28e

add a leading zero like 045e or 028e.

Repeat this for all devices you want to use with USB redirection.

The result should look like the picture below.

Whitepaper: Setup Guide IGEL Linux and USB Redirection Page 10

Step 4

Now start the configured session to the VDI or Terminal Server and login with your credentials. If

connecting thru the Remote Desktop Gateway for Remote Desktop Services make sure that Plug and Play

devices are also enabled in the RD Gateway resource policy too!

Step 5

In the Session I can now see three devices, one the XBOX

360 Controller which is working fine.

The WD Harddisk is shown as two device, one working

and none one working. This behavior is related to the fact

that the Harddisk mounts a virtual CD-ROM Drive which

contains the un-lock Software and this device is not

working at all. If I open the device to get more details in

the device manager the following error is shown:

The device could not be started (code 10)

STATUS_DEVICE_POWER_FAILURE

This issue can happen and currently it can’t be fixed, this

should demonstrate that a device can be redirected but

still it can’t be used in the session; there is no way to fix it

at this point. Of course the result could be different with

another solution…

Please test everything in advance, USB redirection could

be a great help but it’s not easy to setup and it’s also no

guarantee that you can use a device in a session.

The End