Skip to main content
Skip table of contents

When to Use USB Redirection

Document Purpose

In general, USB redirection is not needed for standard functionality such as audio, video, HID input, etc. However, in some special circumstances, a device may need to be redirected into a VDI session for full functionality, or if it requires a specific driver to function.

Use USB redirection ONLY WHEN ABSOLUTELY REQUIRED.

In this document, we will define the best practices for using USB redirection in a VDI environment and go through the process with an example.

The example described here is for VMware Horizon, but it is similar for Citrix, RDS, and most other VDI technologies as well.

Best Practices for USB Redirection

Below are some general rules that, if followed, will provide the best performance and reliability when using USB redirection.

  • ALWAYS set the default rule to "Deny".

  • DO use VID and PID to redirect devices whenever possible. This is the best way to make sure that a device is redirected and that the USB virtual channels are not flooded with excess redirection.

  • Enable USB redirection for the minimal amount of devices required to support user workflows

  • As a rule, the USB classes below should NEVER be redirected. Instead, redirect individual devices in these classes using Device Rules.

    AudioAudio (input)Audio (output)Bluetooth
    HIDBootable HIDImagingUSB Hubs
    PDAPhysicalSecuritySmart Card
    Video (input)WirelessWireless USB

  • The following classes may be redirected in specific circumstances:

    • Printers

      • Only if CUPS configurations or a third party does not fill this requirement

    • Storage

      • Only if mass storage options do not meet the requirements for user workflows or software compatibility

Rules are meant to be broken, right? If redirecting these classes is the only way things work, take a deeper look and see if there is a better way. If there is no obvious better way, then test thoroughly before moving into production.

Example: Redirecting a Nuance Powermic (Dictaphone)

Below we will run through the basic process of redirecting a single device into a Horizon VDI session from an IGEL device.

Some devices, including the Nuance Powermic, require custom split rules in Horizon, which will not be covered in this article. The splitting can be done with Horizon Group Policy on the VM, or as additional settings on IGEL. Please contact your vendor for their best practice for the devices.

Prerequisites

  1. Make sure that Devices > USB Access Control is disabled on IGEL OS devices, or make sure there are no USB access control rules restricting access to the USB device. More information about IGEL USB access can be found under USB Access Control.

  2. USB redirection policies for Horizon/Citrix/RDS must be configured to allow redirection to happen.

  3. The VDI image must have compatible drivers installed for the devices being redirected into the session.

Getting Device Information from IGEL

The first step that needs to be done is to identify the device's vendor ID and product ID which will be used to create our redirection rule.

  1. Plug in the USB device to your endpoint device.

  2. Connect to the IGEL OS device using SSH or IGEL Secure Terminal.

  3. Log in as user with the user password set by the IGEL profile.

  4. Type su to switch to the root account and provide the root password when prompted.

  5. Run lsusb to display a list of devices and locate the device.

  6. Note the ID numbers separated by a colon ":"

    1. In the Dictaphone example, this is 0554 and 1001.

    2. The first number is the vendor ID (VID) and the second is the product ID (PID).

If the device cannot be easily identified by name, then disconnect the device and run lsusb again to see which one disappeared.

Configuring the IGEL Profile

  1. Create a new profile in the UMS called "USB Redirection".

  2. Go to the USB Redirection page for your session.

  3. Set USB Redirection to "on" and set the Default rule to "Deny".

  4. Make sure that both Automatically connect at startup and Automatically connect when inserted are both enabled.

  5. Clear out any existing Class Rules that may have previously existed (if using an existing profile).

  6. Add a Device Rule using the Vendor ID and Product ID collected in the previous section, and set it to "Allow".

    To make it easy, set the name of the rule to match the device name.



  7. Apply the new profile to the device, and reboot for safe measures.
    The device should now be reflected in the Windows Device manager in the VDI session. If so, then the redirection rule is correct and working as expected.

If the device shows up as unknown, then, most likely, a driver will need to be installed in the OS to support the device.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.