Citrix Web Plugin – What is it? | Parallels RAS Answers
Citrix Web Plugin is an online plugin offered by Citrix that enables users to access remotely published desktops and applications from a web browser. Users that are running Microsoft Windows can quickly access VDI networks using web browsers, such as Internet Explorer, Google Chrome, and Mozilla Firefox. Designed to work with virtual desktops, this web plugin allows Citrix Virtual Apps (formerly Citrix XenApp) users to open applications, manage them, and define settings. Citrix Web Plugin makes it easy to access published desktops. As you access the virtual web interface, application icons are automatically generated, and drives and printers are mapped to the VD session. Windows automatically detect whether your system has a web plugin installed. If it doesn’t locate the plugin, it offers a link to download the file.
Challenges with Citrix Web Plugin
The cost and complexity in deployment and management of the infrastructure is a vital issue. Additionally, confusion arises from multiple products having similar names. For example, Citrix Receiver is the primary client component that facilitates connections between client devices and Citrix Virtual Apps and Desktop resources. Citrix Online Plug-in provides access to virtual desktops and hosted applications from remote devices.
Citrix Online Plug-in–Web is a client component that allows access to Citrix Virtual Apps/Citrix Virtual Apps and Desktop resources through a web browser. The plugin requires the prior installation of NET 2.0. Without it, users will constantly receive warning messages every time an application is opened.
You have to use the command CitrixOnlinePluginFull.exe ADDLOCAL=”ICA_Client,Flash,USB” to install the web-plugin component that supports just USB and Flash. To install the same with support for USB, Flash, and XenDesktop, use the command CitrixOnlinePluginFull.exe ADDLOCAL=”ICA_Client,Flash,USB,DeskstopViewer”. End-users are confused with these multiple products and versions, resulting in more IT support requirements.
There are issues with the applications not launching after upgrading to IE9 or higher. When you upgrade to Windows 8.1 or higher, you need to update the Citrix Receiver versions. To access resources using a web browser, you need the Citrix Online Plug-in–Web, Citrix Receiver, and Citrix Virtual Apps.
The only way to unlock the plugin’s full potential is through a paywall, only by making use of other Citrix paid services. It also requires access to the Citrix Workspace Platform to be used properly, not to mention that there is a rather complex transition process from the Citrix Receiver to the application.
Security Vulnerabilities of Citrix Web Plugin
Citrix Web Plugin is strewn with numerous security vulnerabilities that make it a shaky solution when it comes to remote access of published desktops and applications. The vulnerabilities
which have affected the Citrix Web Plugin and their details are given below:
CVE-2009-3936
This unspecified vulnerability was also identified back in 2009 and it allows remote attackers to
bypass authentication using a crafted certificate by impersonating the SSL/TLS server.
CTX125976
This vulnerability was identified in the ICA Client ActiveX Object (ICO) component of the Citrix
Online Plug-in for Windows. It could allow attackers to execute arbitrary code on behalf of the
currently logged-in user. This vulnerability exists in all versions of Online Plug-In for Windows.
Up to version 12.0.3.
CVE-2010-2990
This is yet another serious vulnerability in Citrix Online Plug-in which can allow remote
attackers to execute arbitrary code using a crafted .ICA file, an HTML document, or crafted type
field in an ICA graphics packet. This issue has complete confidentiality, integrity, and availability
impact.
CVE-2010-2991
This vulnerability allows remote attackers to execute code or cause a denial of service via a
crafted HTML document that triggers .ICA file reading.
How Does Parallels RAS Leverage HTML5 Technology?
HTML5 eliminates most limitations of HTML4 while bringing new, innovative features. With HTML5, you don’t need plugins such as Java and Flash to add images and media to the webpages, with less dependency on scripts. HTML5 comes with new markup tags, is device independent, and with HTML5 browsers, web pages consume less bandwidth and load faster.
Parallels® Remote Application Server (RAS) leverages this HTML5 technology to provide quick and productive access to corporate resources from any HTML5-enabled browser. You don’t need to install client software or a plugin on the client device. With Parallels RAS as a single package, you can remotely publish desktops and applications, and provide access to resources from any device, anytime, and from anywhere. Parallels RAS is easy to deploy and use, requiring only a fraction of time and cost for Citrix virtual solutions.
Parallels RAS makes the migration process easier with a free migration tool that automates most of Citrix Virtual Apps (formerly Citrix XenApp) use case scenarios. The migration tool extracts settings from Citrix XenApp 6.x into a file that can be imported from Parallels RAS Console.
Download your 30-day trial and see how seamless the Parallels RAS Client for HTML5 is.
References