USB redirection for remote desktops: A step in the right direction

Remote and virtual desktops run in the data center, giving network administrators full control over every aspect of the computing environment, except for one -- local peripherals.

Local peripherals include any

    Requires Free Membership to View

devices that connect to the endpoint, such as USB drives, mice or printers. They tend to be a common source of help desk calls and problems created by end users, so the ideal remote desktop environment should eliminate any local hardware from the picture. For many administrators, that would solve security, support and data leakage problems.

However, virtual desktop users still need access to scanners, printers, thumb drives, digital cameras and all sorts of USB-based peripherals. Fortunately, USB redirection technology can help admins support and manage these devices in a virtual desktop infrastructure (VDI) environment.

How USB redirection can help

USB redirection allows end users to access USB-based devices without requiring drivers on their actual endpoint machine; the device driver is installed on a server, which redirects the USB to users when they want to access data or store data on that device. There is no physical USB plugged into the endpoint, and administrators don't have to give up too much control of the virtual desktop environment.

If you're adding USB redirection to a VDI environment, first consider the type of virtual machines (VMs) being deployed. Some environments use a layer cake approach, where a new VM is assembled and created when a user accesses it. In those environments, USB devices have to be detected and installed every time a VDI session launches. That can increase boot times and complicate configurations.

More on USB redirection

Enabling USB redirection in XenDesktop

Details on Windows Server 2012 RemoteFX USB Redirection

Printer redirection problem solving in Remote Desktop Services

With persistent virtual desktops, on the other hand, the desktop is saved after every use. That lends itself better to USB redirection, because the USB-based devices only need to be configured once and are available immediately. Nevertheless, there are some other issues to consider when pairing USB redirection with persistent virtual desktops.

Persistent VDI environments normally associate the stored session with the user -- not the device. If the user moves from endpoint to endpoint, such as from an office-based desktop to a laptop located elsewhere, it is best for the preconfigured virtual desktop to follow along. However, the preconfigured USB devices may not be available on the alternate endpoint, so you would have to remove the device or reconfigure it -- once again delaying boot times and reducing the user's productivity.

To solve that problem, you can associate virtual desktops with a physical machine so that the VDI session runs only on a single, physical device. Still, that setup removes desktop portability from the equation and prevents end users from accessing their virtual desktops from anywhere.

USB redirection best practices

Here are a few more considerations that will help you find a compromise between device support, end user productivity and management concerns.

Use the latest USB devices. Today's VDI platforms support many of the newer USB devices. Legacy devices tend to be problematic and lead to help desk calls and failed sessions.

Limit USB redirection to LAN sessions. Trying to incorporate USB support over WAN connections can be difficult, especially with USB devices that create a lot of I/O. Those devices generate a great deal of traffic, which must be squeezed through the WAN connection, creating latency and affecting the end user experience.

Predefine USB devices. Only support IT-approved devices and preinstall the drivers on the base image of the virtual OS. That eliminates many of the manual configuration steps needed to integrate a USB device into a VDI session and avoids support issues.

Use Group Policies. Use Windows Group Policy controls to limit who can use USB devices and where they can be used. That can prevent unauthorized devices from being connected to the VDI platform.

Monitor USB device use. Knowing which USB devices are used and by whom reduces concerns about data leakage and other security issues. The best idea is to limit where, when and how USB direction is available.

Finally, make sure USB redirection technology supports corporate policy, follows security regulations and allows you to fully integrate redirected devices into the management process.

This was first published in May 2013

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.