BIG-IP APM with Horizon 7.x HTML5 gets a Hotfix For Updated Code

Technical update on some new hotfixes that were rolled out to resolve some issues with HTML5 connectivity with VMware Horizon 7.1/7.2 with BIG-IP Access Policy Manager.

What is VMware Horizon HTML Access?

VMware Horizon HTML Access provides the ability for employees to access applications and desktops via web browsers (HTML5 compliant) and without the need for additional plugins or native client installations. This method of access provides advantages to customers who utilize very strict software installation requirements and require access to their internal resources, as well as customers who utilize BYOD based implementations. VMware Horizon HTML Access is an alternative way of accessing company internal resources without the requirement of software installation.

What does the Hotfix Do?

The Hotfix is designed to allow the newer version of the VMware Horizon HTML Access Clients which were upgraded with new URI information to be accessible via APM. Without this hotfix, customers who upgrade to the Horizon 7.1/7.2 code may experience an issue where HTML5 will not connect to the VDI Resource (blank or grey screen.)

The easiest way to determine if you are affected by the issue is within the URL. If you do not see the string

f5vdifwd
within the URL then you are most likely affected by this issue.

Here is an example of a working configuration. Notice the

f5vdifwd
string in the URL:

https://test.test.local/f5vdifwd/vmview/68a5058e-2911-4316-849b-3d55f5b5cafb/portal/webclient/index.html#/desktop

The Hotfix Information Details

Note that the fixes are incorporated into Hotfixes. F5 recommends to use the Hotfix builds over the iRules listed in the below article. If the iRules are in place when upgrading to a build with the incorporated fix, make sure that the iRule is removed.

638780-3

Handle 302 redirects for VMware Horizon View HTML5 client

Component

Access Policy Manager

Symptoms

Starting from v4.4, Horizon View HTML5 client is using new URI for launching remote sessions, and supports 302 redirect from old URI for backward compatibility.

Conditions

APM webtop with a VMware View resource assigned.
HTML5 client installed on backend is of version 4.4 or later.

Impact

This fix allows for VMware HTML5 clients v4.4 or later to work properly through APM.

Workaround for versions 11.6.x and 12.x

priority 2
when HTTP_REQUEST {
    regexp {(/f5vdifwd/vmview/[0-9a-f\-]{36})/} [HTTP::uri] vmview_html5_prefix dummy
}

when HTTP_RESPONSE {
    if { ([HTTP::status] == "302") && ([HTTP::header exists "Location"]) } {
        if { [info exists vmview_html5_prefix] } {
            set location [HTTP::header "Location"]
            set location_path [URI::path $location]
            if { $location_path starts_with "/portal/" } {
                set path_index [string first $location_path $location]
                set new_location [substr $location $path_index]
                regsub "/portal/" $new_location $vmview_html5_prefix new_location
                HTTP::header replace "Location" $new_location
            }
            unset vmview_html5_prefix
        }
    }
}

Workaround for version 13.0

priority 2
when HTTP_REQUEST {
    regexp {(/f5vdifwd/vmview/[0-9a-f\-]{36})/} [HTTP::uri] dummy vmview_html5_prefix
}

when HTTP_RESPONSE {
    if { ([HTTP::status] == "302") && ([HTTP::header exists "Location"]) } {
        if { [info exists vmview_html5_prefix] } {
            set location [HTTP::header "Location"]
            set location_path [URI::path $location]
            if { $location_path starts_with "/portal/" } {
                set path_index [string first $location_path $location]
                set new_location "$vmview_html5_prefix[substr $location $path_index]"
                HTTP::header replace "Location" $new_location
            }
            unset vmview_html5_prefix
        }
    }
}
Updated Jun 06, 2023
Version 2.0

Was this article helpful?

1 Comment

  • We have APM 12.1 HF2 and Horizon7.4, I used the Irule but it redirected us to logout and killed the session:

     

    Session deleted due to user logout request.

     

    any idea?