*This post originally appeared on the AppSense blog prior to the rebrand in January 2017, when AppSense, LANDESK, Shavlik, Wavelink, and HEAT Software merged under the new name Ivanti.

Blog_Banners_main-page[1]

You may have noticed a little browser extension in your list of Internet browser extensions for Internet Explorer and Google Chrome named “Cascade”. This is a part of the AppSense Application Manager product.

The purpose of the Cascade control is to hook in to your Internet browser in order to provide the URL Redirection features of Application Manager which was introduced in version 8.9. The feature can be found on the ribbon bar under the “Global Settings” section.

file > url redirection screenshot

The feature was introduced to bring proxy server style functionality to Application Manager and allow an administrator to block or “redirect” a known URL to another resource.

On opening the feature you will be presented with a dialog control which manages the feature.

This is where the feature starts to get a little funky. In order to configure URL Redirection, you need to define a “Connection Type”. With this you can control what websites are blocked at a protocol level and so allows you to redirect URLs based on how the user is connecting to the endpoint. Wildcards are also accepted. Example “Connection Types” are:

  • Console
  • RDP-TCP
  • ICA-TCP
  • ICA-*
  • *

Once this has been established you then get to add your URLs that you want to block by clicking the “Add” button in the top section.

cascade add url screenshot

By only specifying www.facebook.com (for example) in the URL list then the mobile version of the site will still be accessible as it uses a different URL of m.facebook.com. This can be seen in the example below.

AppSense facebook access denied screenshot

However, by using *.facebook.com as the URL you will be blocking all facebook.com URLs.

Once you have configured your URL Redirection configuration you should have something similar to the below.

cascade url redirection screenshot

You can also configure to redirect based on device IP address for further customisation.

You as the administrator can also choose to redirect the end-user to the built-in Application Manager redirection page or to a custom page of your choice.

To do this click the “Redirection Options” button.

cascade redirection options screenshot

The page listed above doesn’t exist and is just there to give you an example as to how to redirect to a custom URL. There is no checking to see if the page exists, it merely redirects by replacing the blocked URL with the provided URL.

Known Issues

There have been a couple of known issues of the Cascade browser extension that you need to be aware of in case they catch you out.

It has been seen that when using Google Chrome that all traffic fails due to a DNS resolution failure. You will also notice that the Cascade extension is not listed in the list of Chrome extensions.

The first thing to check is that the following registry keys exist:

  • HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForceList; and
  • HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallSources

Within there you should also see a number of values.

These entries pertain to an “Enterprise Chrome Store” so that extensions can be installed that are not listed in the official Chrome Store.

They are written to the registry on start of the Application Manager agent service.

There is also another issue with Google Chrome blocking all traffic and shows the exact same symptoms as the above. This issue is documented in the following article:

  • 151119025016113 (Login Required)

Another issue to be aware of is that you may find that all of your Google Chrome user Group Policy items are not applied following the installation of Application Manager 8.9.

The reasoning for this is due to a Google Chrome limitation in that if Google Chrome finds any policies at all in HKLM it will ignore all policies in HKCU.

For more information on this issue please visit the following Knowledge Article:

Coming Up in V10

Application Manager version 10 is bringing some big changes in workflow including the URL Redirection feature.

In 8.9, URL Redirection can only be applied at the Global level. However, v10 will introduce the feature to other areas:

  • User;
  • Group;
  • Device;
  • Custom; and
  • Scripted

This will allow greater control as to how the feature is rolled out across your organisation and with greater flexibility.

The Global URL Redirection rules will disappear and your existing rules will be migrated into the “Custom” rules area of the configuration.

I hope this article has been an interesting read and helps with your Application Manager decisions for your environment.