In my little corner of Citrix, when someone mentions the HTML5 Receiver, the first thought that pops up in most peoples internal word association is Chromebooks. Yes, even after the release of the Receiver for Chrome, the HTML5 receiver remains a good way to get your Windows applications and Desktops on Chrome OS devices.
There are however other uses for the HTML5 Receiver that have nothing to do with Chromebooks.
In the US Federal Government, the area that I have most contact with, as in other areas of business, there are various third parties who may need access to corporate applications and data. Contractors, partners and other temporary employees come to mind.
Every spring, as many of the agencies I work with start the planning process for summer, they need to know how to handle the influx of interns that will soon arrive. This year, they will be asking and answering questions like, “Do we dust of those old PC’s in storage and prep them or allow them to use their own devices?” Or, “If we go BYOD, how do we protect agency data, and what are we responsible for, if we install agency software on personally owned devices?” While in this example I’m talking about interns, I have heard questions like these come up, in reference to other types of temporary workers.
The HTML5 Receiver can help get Windows Desktop and Applications to temporary and contract workers by pointing existing devices to a URL without a need to download a plugin.
Part of the problem with re-provisioning old desktops off of the shelf, or allowing contractors and interns to bring their own device, is distributing software. Another problems: How to deliver the productive applications they will use in their day to day tasks.
Traditionally, after wiping the machine and re-installing a desktop OS, you had to roll out agents and plugins, agents for security, System hardware and software inventory, and agents to distribute software.
If you go BYOD, do you even want agency software and licenses running on that device?
At Citrix we would say, publish your applications, publish your desktops via XenDesktop and XenApp to solve issue of deploying software to endpoints. But, you still need to deliver a Citrix Receiver to do that.
The process of actually delivering an agent aside, delivering a Citrix plugin isn’t difficult. I have seen agencies struggle with the concept of putting any agent on a device not owned by the agency. Questions arise like, “Do we have to support it, now that we put something on the machine?” Or, “Is the agency liable if something goes wrong with the device?”
The Citrix HTML5 Receiver can help provide truly secure client-less access to Windows Apps and Desktops.
The most current version of the HTML5 receiver is 1.5, which adds support for HDX Insight and support for CloudBridge.
The previous release (1.4) added:
- Print to PDF
- Improved Clipboard Operations
- Secure WebSockets connections
- End User Experience Metrics, and Unique ID per device
The HTML5 Receiver requires StoreFront 2.6 or 2.5 and at least one of the following: XenDesktop 7.5, 7.6, XenApp 7.x and 6.5 (hotfix rollup 3 or higher) on the server end. On client side an HTML5 compliant browser on a supported desktop operating system is required (Discover the specifics http://support.citrix.com/proddocs/topic/receiver-html5-15/receiver-html5-sys-req.html . A NetScaler Gateway is recommended for secure remote connections. Unless you are exclusively running Web Interface with no StoreFront servers in your Citrix environment you have all the components you need to enable the HTML5 receiver.
Having StoreFront set up in your environment isn’t only a requirement. It represents most of the effort in setting up the HTML5 Receiver (Assuming you have a traditional Citrix environment stood up already), there are no additional infrastructure components to set up. The HTML5 receiver is accessed through StoreFront. The overall process once StoreFront is set up boils down to 3 steps. More detailed instructions can be found in the XenDesktop 7.6 Reviewers Guide.
Enable Citrix Receiver for HTML5, in StoreFront
The options “Use Receiver for HTML5 if local install fails” and “Always use Receiver for HTML5”, will activate Citrix Receiver.
Enable Websockets in Citrix Group Policy
Test the HTML5 Receiver, by going to the Receiver for Website you set up in StoreFront
Note: in order to test the HTML5 receiver from a device that can install Citrix Receiver skip the install and click logon.
Normally at this point I’d tell you congrats, you now can deploy the HTML5 Receiver. But, referring back to our use cases of contractors, interns and other third party access, you may want to “lock it down.” Locking down can mean different things to different audiences and is a subject for a separate article or series of articles. In this case, my meaning is keeping data from being copied from the virtual desktop session to the users endpoint. If you want secure the Virtual desktop itself, I would recommend those in the Federal Government to check out Robert Huie’s blog USGCB modifications with XenDesktop for a starting point. When it comes to data transfer the HTML5 Receiver leaves you with one avenue to be mindful of. The HTML5 receiver doesn’t have USB redirection, Client drive mapping, so really the only way that HTML5 receiver has pass data from the virtual desktop/application to the endpoint is through the clipboard. Disabling the clipboard for the HTML5 receiver is the same process as other receiver clients, with Citrix policy.
In Citrix Studio under policy search for client clipboard redirection policy and prohibit clipboard redirection
The Clipboard tool will not appear to the end user after the policy change, below are before and after screenshots.
With clipboard enabled
With clipboard prohibited.
The Citrix HTML5 Receiver is a great way to give secure access to third parties, without installing a client on an endpoint that isn’t owned by your organization. It doesn’t require any more infrastructure components than you already have in your Citrix environment. It is easy to configure, and it works with most desktop operating systems and HTML compliant browsers.