About Peter Brown

Working as Director of R&D in the End User Computing business unit based in London, UK, with an amazing team. Working at the speed of life, on next generation products with a cloud first strategy. Previous projects have includes Serial and Scanner Redirection, USB Redirection, RTAV, Persona Management, Horizon Workspace integration and Linux Desktops among other things!

Serial Port Redirection for Virtual Desktops in Horizon 6

By Peter Brown, Director of R&D, VMware, London, UK

In December 2014, we gave a sneak peak of the serial port redirection feature in View virtual desktops which we have been working on. We are delighted to announce that we have officially made this function available with our June 2015 Horizon 6 release.

The new serial port redirection feature allows serial ports, either physical COM ports or USB-to-serial adapters, to be redirected from a Windows client machine to a Windows VDI desktop. The ports can then be used by third-party applications to communicate with legacy serial devices such as printers or scanners.

Continue reading

Scanner Redirection in Horizon with View

By Peter Brown, Senior R&D Manager, VMware, London, UK

Over the years, I have worked with many devices that were connected remotely to a virtual desktop infrastructure (VDI) using USB redirection. Scanners are often problematic with USB redirection—scans take a long time to complete or do not complete at all.  Scanner redirection over USB requires a large amount of bandwidth and is sequential, so can be very slow over a latent or lossy network link (such as wifi or a WAN). Solving this problem required a similar solution as for webcam remoting (solved using RTAV).

I am delighted to announce that in our latest release we have added scanner redirection to Horizon with View for use with both VDI desktops and Remote Desktop Session Host (RDSH) applications and desktops. The new scanner redirection functionality in View works by capturing the entire image at the client with the scanning device, compressing the image, and sending that compressed image to the guest in the data center, where the image is presented by a “virtual scanner device” to the application that requested the image capture. Continue reading

VMware Development Labs Sneak Peek: Serial Redirection in Horizon with View

By Peter Brown, Senior R&D Manager, VMware, London, UK


With this blog, we introduce a new series of occasional End-User-Computing blogs called Sneak Peeks, where we discuss features and functionality we are working on in the Development labs. This gives us a chance to share the kinds of things we are thinking about and, in turn, to hear your ideas. We hope you find this new series informative and thought-provoking.

Over the years, I have worked with many devices that were connected remotely to VDI desktops using USB redirection. Some of these devices can be troublesome when using USB with a remote connection—due either to bandwidth requirements (for example, webcams) or latency sensitivity (for example, serial ports).

I am delighted to announce that we have recently been working in the labs on adding serial port redirection to Horizon with View. Similar to webcam redirection, we can solve the problem for serial ports by capturing the serial data at the client side, packaging it and delivering it to the guest, and presenting it back by way of a virtual COM port.

We are progressing well, and the functionality is looking great. We would, however, like to engage with our users, who have real-world experience with serial devices, for their thoughts about this functionality. Some devices are simple (for example, GPS receivers) and periodically send a burst of data to a terminal, whereas others are much more complicated. Many serial devices are quite old, and were designed to be connected by way of a few meters of cable to the computer. They certainly were not designed to be used remotely over tens or hundreds of miles!

Therefore the devices or applications used are often sensitive to the timing of the messages received. Also, many of the applications need bespoke applications that are often tightly coupled with a company’s internal applications and processes (for example, banking systems or production lines), making testing with such devices difficult for VMware engineers. Such devices often also have “dip” switches to change the mode of the device, and, as a result, the VMware solution may also require a number of different configuration settings to enable specific features in certain environments. These would likely be enabled through either the registry or by way of the port properties UI (for example, see the tool tray pop-up UI in Figure 1 which allows the mapping of physical to virtual com ports).


Figure 1: Tool Tray Pop-Up User Interface

Therefore, we would like to hear from you about which serial devices and which applications you would like to use remotely with View desktops. To facilitate this, we have set up a community forum thread on Serial Port Redirection in Horizon with View, where we can discuss some of the devices and apps that you would expect to work with this functionality. We want to do as much pre-validation of such devices and apps as possible so that when the functionality is launched, “it just works”! So, do visit the forum and tell us what you think.

I will keep you updated with progress, and will let you know when we launch this new functionality.

How Bad Is BadUSB with USB Redirection in VMware Horizon with View?

By Peter Brown, Senior Research & Development Manager, VMware, London, United Kingdom

BadUSB has been getting a lot of press lately. For those of you who have not heard, this is a new security threat in which the firmware on some USB devices can be hijacked and replaced with malware. For example, a device can be made to redirect network traffic, or emulate a keyboard and capture keystrokes, or worse. A number of Web pages are talking about BadUSB, for example When Good USB Devices Go Bad, The Unpatchable Malware That Infects USBs Is Now on the Loose, and the original Blackhat presentation, BadUSB—On accessories that turn evil.

Scary stuff, and unfortunately we have no magic cure. We have all been using USB devices for years, and we all probably have many such devices at home and in the office. So how can an enterprise using VMware Horizon with View for VDI protect itself, or what can it do to minimize the risk? This blog post aims to answer those questions!

Disabling All USB Devices

For the ultimate protection, all USB devices should be disabled. This is quite hard to do on desktop machines, especially if the enterprise has a desktop machine on every user’s desk. However, when using View, this is relatively easy to achieve in one of three ways.

Do Not Install the USB Component on the View Agent

You can configure the desktop guest image (in the data center) so that the View Agent has the USB component “not installed.” This entirely prevents USB devices from being used in that desktop image. Then refresh all your desktop images so that the USB component is removed.

Disable USB Devices for Specific Desktop Pools

If you do not want to change the desktop image, from the View Administrator UI, navigate to Desktop Pools and select a specific pool. Next, select Policies within that pool. Finally, select Desktop Pool Policies and click Edit Policies, and disable USB redirection for a specific pool or pools.


You can also apply user overrides to enable or disable USB redirection on a per user basis in a specific pool. This is also done by way of the same View Administrator window, with the User Overrides choice (next to Desktop Pool Policies in the window).

Use GPOs to Disable All USB Devices on the View Agent

Alternatively, you can apply the ExcludeAllDevices configuration option on the View Agent by way of GPO configuration to prevent any devices from being forwarded.

Disabling Specific USB Devices

Disabling USB devices entirely is certainly the best way to completely avoid the risk of BadUSB. In some cases, however, disabling USB devices entirely might not be feasible because you may need specific USB devices to function for your use cases; an example might be doctors using Dictaphone-type USB devices to record patients’ records. In this case, it is not possible to entirely block USB devices, and so the following strategies should be employed to help mitigate the risk.

Educate Employees About Types of USB Devices to Connect

It is important that you completely trust any device connected to your enterprise, regardless of settings, and that includes trusting your supply chain and ideally having some sort of chain of custody as well. You should educate your employees to ensure that they do not connect devices from unknown sources. If possible, try to restrict the devices used in the environment to devices that accept only signed firmware updates, are ideally FIPS 140-3 Level 3-certified, and do not support any kind of field-updatable firmware. These types of USB devices are definitely hard to source and, depending on your specific device requirements, may be impossible to find. This may not be a practical solution to the problem, but certainly worth considering.

Exclude Some Devices Through the Group Policy Editor

You can allow only specific USB devices to be used. Each USB device has its own vendor and product ID that uniquely identifies it to the computer. Rather than allowing View to forward any USB device into the guest virtual machine, you set an Include policy for known device types. Then you can remove the risk of unknown devices being inserted, which might compromise the system. Of course, there will be ways around this, but you do reduce that risk.

Here is an example of how you can configure View to block all devices from being forwarded to the View virtual desktop, except for a known device vendor and product ID (vid/pid = 0123/abcd in this case):

ExcludeAllDevices   Enabled

IncludeVidPid       o:vid-0123_pid-abcd

Note: We should point out that while this sample configuration provides some protection, a compromised device can report any vid/pid, and so there is still a possible attack vector here.

You set these Global Policy Object (GPO) values in the View Agent Group Policy editor.

Note: By default, View blocks certain device families from being forwarded to the View desktop, for example, HID (human interface devices) and keyboards. So with the default filter policy enabled in View, such keyboard devices would be automatically blocked from appearing in the guest. Some of the released BadUSB code targets USB keyboard devices, and this default in View already protects these devices from the malware.

Specific device families can instead be blocked if required. For example, the following GPO value would block all video, audio, and mass storage devices:

ExcludeDeviceFamily o:video;audio;storage

Another configuration example is to block all devices, but only allow a specific device family (whitelist). For example, block all devices, but enable storage devices. This could be done as follows:

ExcludeAllDevices       Enabled

IncludeDeviceFamily     o:storage

Another risk might be someone from outside your office logging in to a desktop and infecting it. Again, this cannot be seen as a complete mitigation, but you can block USB access completely to any View connections that originate from outside the company firewall. The USB device could be used internally, but not externally.

To do this, block the TCP port 32111 from the View security server to the View desktops. Zero clients are slightly different, as the USB traffic for those is embedded inside a virtual channel on UDP port 4172. Because port 4172 is not used only for USB (it also carries the display protocol), it is not possible to block that port. You can disable USB on zero clients if required. Look at the zero client product literature or contact the zero client vendor for specific details.

Blocking certain device families or specific devices can help to mitigate the risk of BadUSB malware, but not completely solve it.

If you want to know more about USB redirection in View, check out my white paper USB Device Redirection, Configuration, and Usage in VMware Horizon with View.

USB 3 Device Redirection Now Available with VMware Horizon with View Virtual Desktops

By Alexander West, Technical Writer, End-User-Computing Technical Marketing, VMware, and Peter Brown, Senior R&D Manager, VMware

We are all familiar with using USB devices on our laptops and desktops. With the USB device redirection capabilities of VMware Horizon with View, end users can use those same USB devices with their View virtual desktops.

But that is old news. Here is the exciting part: In addition to USB 1 and 2 devices, USB 3 devices are now supported with a combination of View Agent 6.0.1 and Horizon Client 3.1.

But before we get to USB 3 device redirection, let us take a look at USB device redirection in View. Continue reading

USB Device Redirection in VMware Horizon with View: White Paper and Video

By Peter Brown, Senior R&D Manager, VMware, London, UK

We are all accustomed to using USB devices with desktop PCs and laptops in the form of mass storage devices, headsets, webcams, scanners, printers, and more. In the virtual world, where your actual desktop may be many miles away from your client device, physically plugging in a USB device is not possible. VMware Horizon with View supports using USB devices in the virtual desktop by using USB device remoting. View 5.1 and later introduced some complex configuration options for the usage and management of USB devices in a View virtual desktop session.

In order to assist users with these remoting options, I have published a white paper that gives a high-level overview of USB redirection, discusses the configuration options, and provides some practical worked examples to illustrate how these options can be used. USB Device Redirection, Configuration, and Usage in VMware Horizon with View is now available. I hope that this white paper will help you navigate some of the difficulties, options, and configurations to maximize the VDI end-user experience.

As a supplement to the paper, I have helped put together a video, Using Composite USB Devices in Horizon View Desktops, which talks viewers through USB-device splitting, and shows a worked example of how to configure splitting for a USB dictation audio-device.

Download the white paper: USB Device Redirection, Configuration, and Usage in VMware Horizon with View

View the USB device-splitting video: Using Composite USB Devices in Horizon View Desktops

If you have any USB-related questions for Horizon with View, please visit our forum to check out other discussions for help, or to post your own questions:

VMware View USB Community

Real-Time Audio-Video Has New Virtual Webcam Driver in Horizon 6.0!

By Peter Brown, Senior R&D Manager, VMware

In my previous blog posts on Real-Time Audio-Video (Part 1, Part 2, and Part 3), I talked about using RTAV on Windows, Linux, and OS X clients. We have had loads of really positive feedback about the functionality, and it has been great to hear how well received the feature is. We did however get some reports that some third-party applications did not work with the virtual webcam driver that we previously released. Typically these were in-house bespoke applications which of course we had been unable to test. Applications such as Skype, WebEx, and Google Hangouts worked very well with the driver, but we also found some web-based applications worked, but not with later versions of Internet Explorer (for example, IE10, IE11) and Chrome with the built-in PepperFlash. Continue reading

Real-Time Audio-Video (RTAV) for Horizon View, Part 3

By Peter Brown, Senior R&D Manager, VMware

In my first Real-Time Audio-Video (RTAV) blog post, I introduced RTAV for Horizon View virtual desktops and discussed configuration primarily on the Windows platform. Then, in my second RTAV blog post, I talked about the added support for RTAV on Linux View Clients in Horizon View Client version 2.2. The new View Client version 2.3 has just been released, and I am excited to announce that we now also support RTAV on the Mac OS X View Client! I want to take this opportunity to provide some details about RTAV with respect to OS X and how it can be installed, used, and configured.

Continue reading…

Real-Time Audio-Video Test Application for Horizon View Released As a VMware Fling

By Peter Brown, Senior R&D Manager, and Tarique Chowdhury, Senior Member of the Technical Staff, VMware

We have just released our Real-Time Audio-Video test application for Horizon View as a VMware Fling. This is a tool that we have used internally during the development of RTAV and which has proven very useful for quick tests, and also longer-term scale-and-performance testing in Quality Engineering. We have also held a number of internal demos and training events, and we have frequently been asked by the Systems Engineers if the application is available for them to use externally either for demos or for customers to use for qualification. As a result of high demand, we decided to release the tool as a Fling!

This application is useful for verifying correct installation and operation of the Horizon View Real-Time Audio-Video functionality. It provides a “player” application which will display the “virtual webcam” feed, and also loop back the audio-in if required. This allows testing to be done without the need for a 3rd-party app (which often requires user accounts to be created such as Skype, WebEx, etc.). The app can also be useful for performing load testing, by forcing the video and audio stream to continuously run (without a 3rd-party app dropping the call or ending it after a period of time). The application can also be used on a Windows Client OS to show that the physical webcam and microphone are correctly configured and installed. (On Linux clients, we used an application called “Cheese” for this purpose.) Note that if you loop back the audio, then the audio and video will not be synchronized. This is expected behavior due to the way the loopback is done. When using RTAV with a real 3rd-party app such as Skype or WebEx, the audio and video are synchronized. It is, however, still useful to have the loopback enabled so that you can verify the bandwidth requirements for a RTAV session in your environment.

The application

  • Displays webcam pictures at 1:1 resolution
  • Automatically starts streaming images, on launching the application (and audio will be looped back, if selected)
  • Loops the audio-in (e.g., from VMware Virtual Microphone) back out to the audio-out
  • Tests RTAV functionality without the need to create user accounts
  • Supports the VMware Virtual Webcam and Physical Webcams
  • Runs on x86 and x64 Windows OSes

Sample screenshot below, with a cheesy still image showing Peter and Tarique!


The application requires that the Microsoft 2008 C++ x86 (SP1) runtime components be installed. These are already installed on a Horizon View desktop, but if you want to run the application on a physical client machine without having Horizon View installed, then you may need to download and install these first. You can get them from the Microsoft Download Center.

Once the runtime components are installed, then the application can be run directly–it is a standalone executable which does not need installing or configuration. This makes it very easy to deploy for quick testing.

If you want to use the RTAV test application, download it from our Flings page.

Real-Time Audio-Video (RTAV) For Horizon View, Part 2

By Peter Brown, Senior R&D Manager, VMware

In my last Real-Time Audio-Video (RTAV) blog, I talked about the support we added for webcams and microphone devices in VMware Horizon View Feature Pack 2. Feature packs are installed alongside the View Agent on the virtual desktops in the datacenter, and View Clients are installed on the devices used to interact with those desktops. Horizon View 5.3, Horizon View 5.3 Feature Pack 1, and the Horizon View Clients version 2.2 have just been released, and with these come support for RTAV in Linux Clients, and also a new Windows Client. I want to take this opportunity to provide some details about RTAV with respect to these new client and feature pack releases.

Linux Support for RTAV

Continue reading