All Products
Search
Document Center

Elastic Desktop Service:Policies for peripherals

Last Updated:Sep 19, 2024

Policies in Elastic Desktop Service (EDS) are used to control user experience, security, audit, peripherals, remote collaboration, and AI. This topic describes the policies used to control peripherals.

Use scenarios

You can use peripheral policies to limit cloud computers from accessing the disks or peripherals of local devices.

  • Cloud computers access disks of local devices: After you enable local disk mapping, you can access the disks of local devices from a cloud computer.

  • Cloud computers access peripherals of local devices: You can configure redirection policies to limit the peripherals of local devices that cloud computers can access and specify the redirection method. In addition to redirection policies for peripherals, you can configure a peripheral whitelist or blacklist to control peripheral access in a fine-grained manner.

Configurations

Configuration item

Description

Requirement or limit

Local disk redirection

Local Disk Mapping

Maps the disks of local devices to the disks of cloud computers. This enables cloud computers to access the disks of local devices. Valid values:

  • Read-only: You can view and copy data stored in the disks of local devices from cloud computers. However, you do not have permissions to modify data.

  • Close: You are not allowed to access data stored in the disks of local devices from cloud computers.

  • Read/Write: You can view, copy, and modify data stored in the disks of local devices from cloud computers.

  • Only Windows cloud computers are supported.

  • Only Windows clients and macOS clients are supported.

  • Local disk mapping is suitable for accessing files. This feature is not suitable for running programs. Even if you have enabled local disk mapping, you cannot run applications installed on local devices from cloud computers. However, you can run applications that do not require installation on cloud computers. The application will occupy bandwidth resources and compromise the performance of the cloud computer that runs the application. Proceed with caution.

Peripheral redirection

USB Redirection

After you enable this feature, you can use a cloud computer to access USB devices connected to a client. In addition, you can configure a USB device whitelist or blacklist or configure USB redirection for different types of devices. After you disable this feature, the corresponding peripheral is automatically switched from USB Redirection to Deny.

  • Web clients do not support USB redirection because they do not support USB devices.

  • Linux cloud computers for Adaptive Streaming Protocol (ASP) do not support USB redirection.

Webcam

Redirection policies for different types of peripherals. Valid values:

  • USB Redirection: redirects local USB devices to cloud computers. To use these USB devices, you must first install the corresponding drivers on cloud computers.

    Note

    To select a USB redirection method, you must first enable USB redirection.

  • Device Redirection: redirects local USB devices to cloud computers. You need only to install the corresponding drivers on clients.

  • Deny: disables peripheral redirection. If you select this option for a peripheral, cloud computers cannot use the peripheral.

Only Windows cloud computers for ASP are supported. Only device redirection is supported.

Scanner

Only USB redirection is supported.

ADB

No limit.

Printer

  • Linux cloud computers for ASP do not support printer redirection.

  • To enable print redirection to allow a cloud computer to use the printers of local devices, make sure that the end user connects to the cloud computer through a Windows client, macOS client, or web client.

  • If the end user uses an AD account, you must enable printer redirection and set the security group policy of the AD account to permit printer redirection. This way, the end user can use local printers on a cloud computer.

Serial Device

No limit.

Peripheral blacklist and whitelist

Peripheral Blacklist/Whitelist

After you configure USB redirection policies for different types of peripherals, you can configure a peripheral whitelist or blacklist. The peripheral blacklist and whitelist take precedence over USB redirection policies configured for different types of peripherals.

  • After you add a USB device to the blacklist, even if you have disabled USB redirection for this type of peripheral, cloud computers are still allowed to access the USB device.

  • After you add a USB device to the whitelist, even if you have enabled USB redirection for this type of peripheral, cloud computers are not allowed to access the USB device.

  • You can add up to 100 blacklist or whitelist rules. The priorities of peripherals in the whitelist or blacklist are in descending order. You can adjust the order of the peripherals in the list.

  • Vendor Identifiers (VIDs) and Product Identifiers (PIDs) are 4-bit hexadecimal strings, such as a12c.

  • After you configure a whitelist or blacklist, the configuration takes effect the next time a client connects to the corresponding cloud computer.

Peripheral management policies

Custom Rules

You can configure custom redirection policies to manage peripherals based on VIDs and PIDs.

  • You can add up to 100 custom policies.

  • VIDs and PIDs are 4-bit hexadecimal strings, such as a12c.

  • Only EDS clients of V6.4.0 and later support custom policies.

Recommended Rule for Best Practice

Policies recommended by EDS for best practices.

  • You cannot modify the recommended policies. Custom policies take precedence over the recommended policies.

  • Only EDS clients of V6.4.0 and later support recommended policies.

References