Remote and virtual desktops run in the data center, giving network administrators full control over every aspect of the computing environment, except for one -- local peripherals.
Local peripherals include any
However, virtual desktop users still need access to scanners, printers, thumb drives, digital cameras and all sorts of USB-based peripherals. Fortunately, USB redirection technology can help admins support and manage these devices in a virtual desktop infrastructure (VDI) environment.
How USB redirection can help
USB redirection allows end users to access USB-based devices without requiring drivers on their actual endpoint machine; the device driver is installed on a server, which redirects the USB to users when they want to access data or store data on that device. There is no physical USB plugged into the endpoint, and administrators don't have to give up too much control of the virtual desktop environment.
If you're adding USB redirection to a VDI environment, first consider the type of virtual machines (VMs) being deployed. Some environments use a layer cake approach, where a new VM is assembled and created when a user accesses it. In those environments, USB devices have to be detected and installed every time a VDI session launches. That can increase boot times and complicate configurations.
More on USB redirection
Enabling USB redirection in XenDesktop
Details on Windows Server 2012 RemoteFX USB Redirection
Printer redirection problem solving in Remote Desktop Services
With persistent virtual desktops, on the other hand, the desktop is saved after every use. That lends itself better to USB redirection, because the USB-based devices only need to be configured once and are available immediately. Nevertheless, there are some other issues to consider when pairing USB redirection with persistent virtual desktops.
Persistent VDI environments normally associate the stored session with the user -- not the device. If the user moves from endpoint to endpoint, such as from an office-based desktop to a laptop located elsewhere, it is best for the preconfigured virtual desktop to follow along. However, the preconfigured USB devices may not be available on the alternate endpoint, so you would have to remove the device or reconfigure it -- once again delaying boot times and reducing the user's productivity.
To solve that problem, you can associate virtual desktops with a physical machine so that the VDI session runs only on a single, physical device. Still, that setup removes desktop portability from the equation and prevents end users from accessing their virtual desktops from anywhere.
USB redirection best practices
Here are a few more considerations that will help you find a compromise between device support, end user productivity and management concerns.
Use the latest USB devices. Today's VDI platforms support many of the newer USB devices. Legacy devices tend to be problematic and lead to help desk calls and failed sessions.
Limit USB redirection to LAN sessions. Trying to incorporate USB support over WAN connections can be difficult, especially with USB devices that create a lot of I/O. Those devices generate a great deal of traffic, which must be squeezed through the WAN connection, creating latency and affecting the end user experience.
Predefine USB devices. Only support IT-approved devices and preinstall the drivers on the base image of the virtual OS. That eliminates many of the manual configuration steps needed to integrate a USB device into a VDI session and avoids support issues.
Use Group Policies. Use Windows Group Policy controls to limit who can use USB devices and where they can be used. That can prevent unauthorized devices from being connected to the VDI platform.
Monitor USB device use. Knowing which USB devices are used and by whom reduces concerns about data leakage and other security issues. The best idea is to limit where, when and how USB direction is available.
Finally, make sure USB redirection technology supports corporate policy, follows security regulations and allows you to fully integrate redirected devices into the management process.
This was first published in May 2013