Accessing websites with rich media content over Citrix has historically resulted in a less than perfect user experience. For example, trying to play video content results in what could be best described as choppy playback, often with broken audio. You certainly wouldn’t have much luck trying to watch Netflix over Citrix or watching a training video. The fundamental issue relates to streaming this content over the Citrix virtual channel. In addition to the poor user experience all of the rendering is taking place on the VDA, which impacts on the system performance since all of the video processing is done by the CPU (unless you have GPU’s in your hosts).
Citrix’s second attempt was introduced in XenDesktop 7.16 when they added Browser Content Redirection (BCR). The goal of BCR is that for selected websites you can choose to offload the entire viewport section of the browser to the client device so that processing would take place there instead of the VDA. The offloading appears seamless to the user. The result is that rich media content plays back just as it would directly on a user’s device. BCR has been further improved in the later versions and even back ported to 7.15 LTSR (a rare move for Citrix since LTSRs are intended to only address bugs).
The aim of this post is not to cover how BCR works since that has been well covered by Citrix, but instead to look at our experience implementing it.
The first step is to ensure that the client device is running Citrix Workspace 1809 or higher. If you are on a lower version, then BCR will not work and you will need to update the Workspace app first.
If you are running on XenDesktop 7.16 or above you will already have BCR installed by default, but if you are running 7.15 LTSR and want to use it then you need to do a few steps:
- In your master image uninstall the VDA
- Install 7.15 LTSR CU3 or later VDA with the option to disable the HTML5 video redirection feature “XenDesktopVDASetup.exe /FEATURE_DISABLE_HTML5″
- Install the Browser Content Redirection MSI (BCR.msi available from Citrix Downloads)
- Check that the Citrix Browser Content Redirection service is installed and running in services (services.msc).
Next you need to ensure that the browser extension or addin is enabled within your chosen browser on the VDA. The browser extension is not required on the client device. There are slightly different steps to enable the extension or addin depending on your web browser, again these steps have been covered by Citrix.
Once BCR is installed then you need to configure the sites you want to redirect. This is all done through group policy or Citrix Studio (for 7.15 LTSR use the ADMX file available from Citrix Downloads). There are 3 key settings:
Browser Content Redirection
Browser Content Redirection ACL Configuration
Whitelist of sites to redirect
Browser Content Redirection Authentication Sites
Whitelist of sites where a site which is already redirected may itself perform a URL redirection to, but you want browser content redirection to remain in place and not fall back to the VDA
The Browser Content Redirection Authentication Sites setting is useful if a web page you want to redirect utilises an authentication service to verify the user login. The setting specifies the URLs for which BCR remains active (redirected) when navigating away from a URL in the allow list. For example, if you do BCR on https://teams.microsoft.com this URL will redirect to https://login.microsoftonline.com, so you should include https://login.microsoftonline.com as an authentication site, otherwise it will fall back to rendering on the VDA.
Our experience has been that after setting up BCR it often didn’t perform the redirection as expected due to browser settings preventing it. If it’s not working for you then you should check the below settings within the browser or group policy:
‘Third Party Browser extensions’ should be enabled
‘Enable Enhanced Protected Mode’ should be disabled
var DEBUG_ONLY = false;
var DEBUG_ONLY = true;
After doing this, open your browser with developer tools enabled and browse the page you want to do BCR on the VDA. Check the developer tools console for any output messages.
Two common issues we have seen are below.
‘WebSocket’ is undefined
- WebSockets are disabled through local or group policy. Within policy check Windows Components/Internet Explorer/Security Features/AJAX, ensure that the option ‘Turn off the WebSocket Object’ is Disabled or Not Configured.
Exception connecting to WebSocket: SecurityError
This error occurs because of Internet Explorer’s zone elevation restrictions preventing a site classified within the internet zone from connecting to a site in the intranet zone. Since BCR creates a WebSocket connection to a port on localhost, Internet Explorer’s automatic detection of the intranet associates this call with being within the intranet and so if the website being redirected is within the internet zone then Internet Explorer blocks the request. To resolve the issue, you need to disable automatic detection of the intranet and use the site to zone assignment list to specify what URLs are within the intranet zone.
The polices you should be looking to set are:
Windows Components/Internet Explorer/Internet Control Panel/Security Page
Include Sites that Bypass proxy server – Disabled
Turn on Automatic Detection of Intranet – Disabled
Site to Zone Assignment List
If everything is working, your developer tools console window should contain a similar output to that in the screenshot below:
We’ve found that BCR works well for most sites, but we have encountered a few that fallback to the VDA no matter what we configure. After speaking with Citrix support and providing all the usual traces they found elements of these sites which hadn’t been considered within BCR. The end result was an enhancement request which we hope will get implemented in the future. So, if you are having issues getting a site to redirect then make sure you raise a ticket with Citrix support and get it looked at.
We think that BCR is good addition to the Citrix HDX Multimedia portfolio giving Citrix system architects another way to further improve the user experience. It’s not going to be the right choice for every situation, but where you have to deliver rich media content such as audio and video it is a very good option.