For folks in healthcare using Imprivata and migrating from Citrix to Horizon, it is immediately apparent that there are a few features that Imprivata has only available for Citrix. A couple examples I’m aware of offhand include:
- Persistent app (the feature of this post)
- Epic Only Mode for ProveID Embedded (allows for Epic Fast User Switching from a thin client, no desktop required!)
Persistent app is key in healthcare, especially for ones using Epic or another EMR with Fast User Switching. The idea is the RDSH/Citrix-delivered app will auto-launch when the user badges into a Type 2/shared workstation if it is not already running, which makes everything automated for the user and prevents them from manually launching the EMR. The process looks like this:
- User badges into the desktop
- Is EMR running?
- If yes, sign user into the EMR
- If no, automatically launch EMR (via Citrix/RDSH) and sign user into EMR
Unfortunately, when you look in the Imprivata console, there is no option for a persistent Horizon app within the Computer Policies! Only Citrix:
Thankfully, we can script around the first one fairly easily. Below is a PowerShell script that you would put on your golden image (if using Type 2 VDI) or PC’s, and then have Imprivata execute it via Procedure Code. Although not 100% equivalent (native Persistent App uses API’s through Citrix Workspace App), the script will check if vmware-view.exe process is running. If it is not, it will attempt to launch the app name parameterized after the script. In this example, we are also assuming the autologon/generic account is launching the shared Epic session. So, you must have “logon as current user” allowed in your Horizon environment.
$hznclient = 'C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe'
$hznurl = "HORIZONURL HERE"
$persistentAppName = $args[0]
# default is to pass app as parameter: .\persistentapp.ps1 "app name". Otherwise, hardcode it like below:
# $persistentAppName = "APP NAME"
$process = Get-Process vmware-view -ErrorAction SilentlyContinue
if ($persistentAppName -eq $null)
{
Write-Host "Please define a persistent app!"
exit
}
if ($process)
{
Write-Host "Horizon session is running! Doing nothing!"
}
else
{
& $hznclient -loginAsCurrentUser true -serverURL $hznurl -appName $persistentAppName
}
After placing this in your golden image or PC’s, head to the Imprivata Procedure Code and add a new item. Call PowerShell to the .ps1 file, and specify the Horizon application name you wish to automatically launch from the Horizon Client. For conditions, we want it when the desktop starts up, a user logs in, or the machine is unlocked. For example, if we wish to launch Epic (name exactly how it appears in the Horizon Client), it would look like this:
Now head to your Computer Policy for the Type 2 agents, and activate the procedure code:
Now, when the machine starts up or a user badges in, if the Horizon Client process is not already running, it will automatically launch the EMR!
Hopefully this helps as a workaround until Imprivata develops this Persistent App feature for Horizon/RDSH! If you could benefit from this, go upvote this feature request on Imprivata’s Ideas page:
As always, please shoot over an email with any comments or questions – hope this helps!