Page tree


Praim Agile Latest – This documentation is related to "Praim Agile" software version 2.6.1.
For documentation on previous versions of Praim Agile or for documentation related to other software see Wiki Praim.


Skip to end of metadata
Go to start of metadata

VMware USB Redirection

In this section we analyse the USB redirection features with a VMware virtualisation farm. 


This section will cover...


ONLY for VMware USB Redirection

This section is for VMware virtualisation infrastructures.


The VMware USB Redirection panel is divided in two sections: the Options section (highlighted in red in the image below) and the Rules section (highlighted in blue in the image below).

In the option section are placed two options groups that will define global behaviours of VMware USB Redirection and Device splitting.

In the lower rules section are listed the USB device redirection and Auto device splitting rules, defining the redirection action for a specific device or class.

USB Redirection and Auto splitting device Options

Two options are available in the VMware USB device redirection panel: Device redirection and Auto device splitting option.

These options will determine the USB redirection behaviour and security requirements.


USB Redirection and Auto Device Splitting option's effectiveness

After a USB device Redirection or Auto device splitting option modification, the end point device must be rebooted to apply the settings.

VMware provides two groups of rules:

  • Redirection rule.
  • Split device rule.

With these two types of rules, two default fallback actions are available, these values are set in the Option section of the VMware USB Redirection tab.

Device Redirection

This option defines the USB redirection behaviour.  If no rule in the rules list has matched the USB devices connected to the end point it reverts to the fallback option

The definitions for setting Device Redirection options are Allow or Deny:

  • Allow: All devices not expressly denied will be allowed to USB redirect (more open behaviour). A rule needs to be written for every device you want to be denied. 
  • Deny: All devices not expressly allowed, will be denied in USB redirection (more closed behaviour). A rule needs to be written for the devices you want to be redirected.


Device Redirection Option fallback action implication

Be aware of the fallback implications when setting the Device Redirection Option to Allow or as Deny:

  • Choosing Allow as the Device Redirection Option fallback action means that an unlisted device in the rules list will be redirected meaning more reliability, but less control.
  • Choosing Deny as the Device Redirection Option fallback action means that an unlisted device in rules list will not be redirected meaning more control, but less reliability.


VMware Device Redirection Option default

By default, the Device Redirection Option is set to Allow.

Auto Device Splitting

This option is for USB composite devices that can be split into separate interfaces or not.

It defines the Auto device splitting behaviour. If no rule in the device splitting rules list has matched the USB devices connected to the end point it reverts to the fallback option.

The definitions for setting Auto Device Splitting Option are Allow, Deny or Undefined.

  • Allow: All composite devices not expressly denied will be split automatically into its different interfaces. A rule is required for every device to remain joined.
  • Deny: All composite devices not expressly allowed, will remain joined. A rule is required for all devices you to be split into its separate interfaces.
  • Undefined: The splitting action applied to composite devices not expressly allowed or denied by a specific rule, will prompt the user. A rule is required for each device that will require asking the user about its split status.


Auto device splitting vs. Device redirection

Auto Device Splitting options define only an operation mode for a composite device, whether allow or deny the redirection for the USB device depends only on redirection rules and fallback redirection options.

USB Redirection and Device Splitting Rules

The VMware USB Redirection involves, in addition to the previously described, two lists of rules.

The VMware USB Redirection, offers two different kinds of rule grouped in two distinct lists:

  • Device redirection rules.
  • Device split rules.

These lists are placed in the lower section of the VMware USB Redirection Tab.


The lower Rules section is partitioned in Redirection rules list (highlighted in blue in the previous image) and in Split Devices rules list (highlighted in purple in the previous image).

The Redirection Rules list is placed over the Split Devices Rules list: slide the scroll bar down in order to display the Split Device Rules list.


VMware Predefined USB Redirection rules

The VMware client does not include any predefined USB redirection or Split Devices rules. Both USB Redirect and Split Devices Rules lists are empty.


Any new USB redirection or Split Devices rule will be always inserted at the bottom of the related list.

Each type of rule, redirection and split, either can be defined as Allow or Deny. The action of rule is distinguished by an icon on the left of the description:

  • The Allow rules are characterised by a green circle with a white check mark.
  • The Deny rules are characterised by a red circle with a white cross.


VMware USB redirection rules position

For both USB Redirection and Split Devices rules, the rules position in the list is meaningless as only one rule can be present for each device in the rules list.

For this reason, rearranging or the drag and drop feature for VMware rules lists are not available.

USB Redirection Rule

A USB Redirection rule consists of parameters which are specified in order to define it.

These parameters are either:

  • Actions
  • Parameters characterising the object of a rule.

Redirection Rule Actions


Initially the rule action must be set, either to Allow or Deny.

VMware Default Redirection Rule Action

Caution: The default value for the rule action is Allow


Parameters characterising the object of a Redirection Rule

Parameters characterising the object of a USB redirection rule are:

  • VID (Vendor ID).
  • PID (Product ID).
  • VMware class.

Use the scroll bar to access all parameters. For more details on VID and PID parameters, refer to the following link.


Class term meaning in VMware implementation

The meaning of Class is defined by USB-IF (USB Implementers Forum) (see https://www.usb.org) and the can be found at https://www.usb.org/defined-class-codes.

VMware use a proprietary definition of the term Class in USB redirection. Classes are identified by a text label, not by a number.

The VMware USB device classes list is published at: https://docs.vmware.com/en/VMware-Horizon-7/7.5/horizon-remote-desktop-features/GUID-890C33DC-6E3B-4E01-8A6F-6E3AE4DB0390.html.


VMware device identification parameter constraints for redirection rules

With VMware USB redirection rule definitions, the device is identified in two different ways: using VID AND PID, OR using a VMware Class.

In VMware redirection rules, when using VID and PID, both values must be specified: It is not possible to use only VID or only PID as the device identifier.

VID and PID or the VMware Class are mutually exclusively.

Selecting VID or PID will disable the VMware class field and vice versa.

In a USB Redirection rule, a specific device is defined uniquely through the VID and PID. If a new rule attempts to use the same VID and PID it will report an error: a red message appears on the bottom of the NEW USB redirection rule window, as shown in the picture below. 












A USB Redirection rule which uses the VMware Class, the VMware client will allow the definition of multiple rules with the same class, without rising any error. This is not recommended.

Split Device Rule

A VMware USB Split device rule is intended to define, whether a USB redirected composite device must be split into their different interfaces or not.

The split device rule consists of parameters which are specified to define it.

These parameters are either:

  • Actions.
  • Parameters characterising the object of a rule.

Split Rule Actions


Initially the rule action must be set to either Allow or Deny.

VMware Default Splitting Rule Action

Caution: The default value for the rule action is Allow.


Parameters characterising the object of a split device rule

The parameters characterising the object of a USB redirection rule are:

  • VID.
  • PID.


VMware device identification parameter constraints for splitting rules

With a VMware USB splitting rule definition, the device can ONLY be identified using VID and PID. It is not possible to define a splitting rule for a VMware class.

In a VMware splitting device rule, the VID and PID must specify both values: you cannot define only VID or only PID as device identifier.

In a splitting device rule, a specific device is uniquely defined through the VID and PID. If a new rule attempts to set the same VID and PID which is already used in an existing splitting rule an error will occur: A red message appears on the bottom of the NEW USB redirection rule window, as shown in the image below. 


How to create a USB Redirection or a Split Device Rule for a specific device connected to the end point

The simplest way to create a USB redirection or a Split device rule for a specific device is to connect it to the end point.

In order to create a new rule, click on ADD REDIRECTION RULE or ADD SPLIT RULE button on the top of the rules section in the VMware USB Redirection TAB.



Because the rule creation steps for USB redirection or Split device rules are very similar, the procedure will show screenshots which will apply to both redirection and split rules.

Opening the rule USB redirection or Split device rule configuration windows displays all configurable rule parameters.

 

First define the rule action, choosing either Allow and Deny.

For more detail about rule action refer to the Redirect Rule Actions and Split Rule Actions paragraph.

Default rule action

Caution: The default value for the Redirection and Split rule actions are Allow.


Open the Available devices drop-down connected device list, clicking on the down arrow on the right.


The connected devices list appears.


Scroll through the list until to locate the device to define the rule for and select it from the list. Note that the keyboard and mouse, when present, are listed as USB connected devices.

The device choice will automatically complete the Description, VID and PID fields with the correspondent values present in the devices list.

If the Description field text is modified and associated with a device from the Available devices list, the customised description will be prioritised over the default device system name. 


Rule description

The rule Description field is displayed in the rule list. Using a significant name permits easy identification for each rule.

When an item is selected from the Available devices list, the description field is filled out with the system USB device name, which might have a limited meaning.

To edit, select the Description field and modify it with a more relevant descriptor. The rule Description field is a mandatory parameter.

For more details about rule object parameters refer to  the link Parameters characterising the object of a redirection rule and Parameters characterising the object of a split device rule.


Press OK to save the new rule.

OK button enabling

If all the required parameters to create a rule have not been defined, the OK button remains disabled.

How create a USB Redirection or a Split Device Rule for devices not connected to the end point

To create a USB redirection or a Split device rule for a device not actually connected to the end point or for a VMware class of device that cannot use the Available devices list.

Click on the ADD REDIRECTION RULE or ADD SPLIT RULE button on the top of the rules section in the VMware USB Redirection TAB.


Because the rule creation steps for USB redirection or Split device rules are very similar, the procedure will show screenshots which will apply to both redirection and split rules.

The USB redirection or Split device rule configuration window opens showing all configurable rule parameters.

 

Initially define the rule action, choosing between Allow and Deny.

For more detail about rule action refer to Redirect Rule Actions and Split Rule Actions paragraph.

Default rule action

Caution: The default value for the rule action is Allow.


Type in the Description field, the text that will identify the rule in the rules list; this is a mandatory parameter.

Rule description

The rule Description field will represent the information that will be displayed in the rule list.  Make the description significant to help identify each rule.


For the USB redirection rule, the rule object identification is selected: either using VID and PID, or a group of devices using VMware Classes.

For the Split device rule, the object of the rule is identified only by PID and VID.

For more details about rule object parameters refer to  the link Parameters characterising the object of a redirection rule and Parameters characterising the object of a split device rule.


Press OK to save the new rule.

OK button enabling

If all the required parameters to create a rule have not been defined, the OK button remains disabled.

Modify and Delete USB Redirection or Split Device Rules

Once a USB Redirection or a Split Device rule has been created, it cannot be modified. To modify a rule, it must be deleted and then create a new rule.

To delete a rule, drag the mouse pointer on the right side of the rule list item until a red trash can appears inside a red circle.


Click on the icon. The rule will be deleted immediately, without a confirmation request.