1. Field of the Invention
This invention is direct to a method and device to control user session as it connects to a remote desktop or application, using a Virtual Channel supplied by the remoting technology such as Remote Desktop Protocol (RDP), Citrix Independent Computing Architecture (ICA) or VMware PC-over-IP (PCoIP). Further, the invention continues to monitor the state of the device, operating system and user session for as long as it is connected to the remote desktop or application.
2. Description of the Related Art
In the following a general term definition is provided and is used within the application documents:    Device—A laptop, physical desktop, thin client, tablet, mobile phone used by a user such as an employee, contractor or supplier to connect to a remote desktop or remote application.    Thin Client—A corporate owned physical desktop dedicated to accessing a remote desktops or remote applications.    Connected Device—Same as device, although with emphasis on the fact that the device is connected to the remote desktop or application.    Connecting Device—Same as device, although the device is actively establishing a connection with the remote desktop or application.    Device State—The state of the device, including the state of the physical device, the operating system which runs on it, and the logged in user session. The state can be defined by one or more of the following parameters: Anti-Virus enabled, Firewall enabled, Wi-Fi connectivity/security, Installed Applications, Running Applications, User Security, Group membership, User Privileges, Geographical Location, Geographical Elevation, and others.    Remote Desktop—A Windows (or other) desktop, running on a server within a corporate data center or on the internet (cloud), allowing user to launch one or more applications which run within a remote user session and is delivered via a remoting protocol to a device.    Remote Application—A single Windows (or other) application, offering a user interface that runs in a remote session and is delivered via a remoting protocol to a device. In comparison to the remote desktop only the relevant application data is transmitted and not the complete desktop, so that the application although running remote is integrated into the local desktop.    Access Token—An access token is an Operating System concept that describes the security context of an application, and determines the access that the operating system grants to the process. The access token consists of a set of security groups, privileges and claims which the operating system uses to control access to securable objects, such as files and folders and the Windows Registry. This Access Token is also used by the invention to control the access.    Remote Desktop or Application Server—A server, either physical or virtual, that is configured to allow remote access to either the desktop or one or more applications.    Remoting Protocol—A network protocol used to capture graphics, audio, clipboard or storage from a remote session and deliver it to a device where it can be reconstructed to give the illusion that the remote desktop or application is running on the local device.    Remoting Protocol Service—An application launched by the Operating System and that implements the server side of the Remoting Protocol.    Gateway Server—A server that facilitates the connection between the Connecting Device and the Remote Desktop or Application Server. The gateway server may choose to allow or deny the connection based upon the configuration. It may also connect the network of the Connecting Device to the Remote Desktop or Application Server using technologies such as a Virtual Private Network (VPN).    Virtual Channel—Provided by the remoting protocol, the virtual channel allows third parties (or the remoting protocol vendor) to implement communicate between software running on the remoting client and software running on the remote desktop server.    Remoting Client—An application that runs on a device, implementing the client end of the remoting protocol and presents to the user either a remote desktop or remote application.    User Session—An abstract concept of an operating system to represent an authenticated and logged in user, their desktop, and the applications that they are running either on virtual desktop or virtual machine providing a virtual desktop.    Remote User Session—A user session running on a remote computer, and is delivered over the internet or intranet by communications using a remoting protocol. In contrast to that is the local session when the user is logged into the user session with the keyboard, mouse and monitor physically connected to the remote desktop or application server.    Windows Registry—A hierarchical database of settings for the Microsoft Windows Operating System and Microsoft Windows applications.    Environment Variables—A set of name/value pairs that can affect the way applications run. Environment Variables can be global, or specific to a user or user session.    Administrative Scripts—Written in one of many high level programming languages, Administrative Scripts are written by IT departments to manipulate the behavior of the Operating System to increase the user experience, or to enforce corporate policy.    Third Party Tools—Much like the Administrative Scripts, a number of third party tools exist written by the OS vendor or independent software vendors, allowing IT departments to manipulate the behavior of the Operating System to increase the user experience, or to enforce corporate policy.    Operating System—Software that runs on a computer to manage computer hardware and software, and provide a common set of services to applications.    Internet—A global system of interconnected networks connecting billions of devices around the world.    Intranet—A private network accessible only to the employees of an organization.    Jailbroken—A jailbroken device is one that has been deliberately compromised to remove software restrictions enforced by the manufacturer, allowing applications to be run that are not available to a non-jailbroken device.
The increase in capability of portable devices, combined with the increase in availability of high speed internet has created an environment where employees now expect to be able to work from anywhere using a variety of devices. Those devices can be owned by the business, the employee or someone external. Therefore these devices are managed and maintained not exclusively by the own IT department but also by the employee itself or by the external user. These differently owned devices will have different statuses e.g. their security state (Anti-virus, Firewall etc.). All these devices will be used as connecting devices to connect to a corporate remote desktop or application hosted in the datacenter. To provide a compliant and secure corporate workspace, the IT department needs to consider the current status of the device connected to the corporate workspace.
Microsoft Remote Desktop Services is a widely used technology that allows users to access a remote desktop or application from either a session-based, or virtual desktop infrastructure-based server. In the following the term session is used for both session base or virtual desktop infrastructure based server. The server may be running on a data center within a corporate network, or from the internet. Users access the remote desktop or application using a Remote Desktop Client available on all mainstream devices including desktop platforms such as Windows and Mac OSX, and also mobile platforms such as Windows Phone, iOS, and Android. The Remote Desktop Client uses Remote Desktop Protocol (RDP) to deliver a high fidelity remoting experience, by transporting high quality graphics, audio, clipboard, storage and printers from the data center to the Remote Desktop Client. This ensures that as long as the user has connectivity to the data center, they can access their desktop or application from any device, and wherever they are physically located.
Citrix XenApp and XenDesktop is another widely adopted technology that aims to deliver both desktops and applications from the data center to the user. Citrix provides a Citrix Receiver product which delivers the remote desktop or applicate to a variety of devices, including desktop platforms such as Windows, Mac OSX, Linux and Chrome OS, and also mobile platforms such as Windows Phone, iOS, Android and Blackberry. Citrix Receiver uses the Citrix Independent Computing (ICA) remoting protocol to deliver high fidelity remoting experience to the user.
VMware Horizon is another adopted technology which aims to deliver both desktops and applications from the data center to the user. VMware provides a product which delivers the remote desktop or applicate to a variety of devices, including desktop platforms such as Windows, Mac OSX, Linux and Chrome OS, and also mobile platforms such as Windows Phone, iOS, Android and Blackberry. VMware uses the PCoIP remoting protocol to deliver high fidelity remoting experience to the user.
In addition there are a couple of other vendors offering solutions to provide a desktop or an application from the datacenter to the user. The majority of the businesses using Microsoft, Citrix or VMware.
Desktop as a Service (DaaS) is an emerging technology, where both applications and desktops are delivered from the cloud. This places additional pressure on IT to ensure that connected devices remain compliant with business policy.
Both Microsoft RDP and Citrix ICA offer Virtual Channels for some platforms allowing a developer to extend the remoting protocol with additional information. Microsoft RDP offer Virtual Channels for the Windows platform. Citrix ICA offer Virtual Channels for Windows, Linux and MAC OSX platforms.