In detail — VMware’s Blast Extreme protocol

If you are using VMware Horizon/View for VDI, publishing applications and/or Hosted Shared Desktops you have the choice between three protocols: PCoIP, RDP and Blast Extreme, with RDP basically being the fallback protocol when all else fails. Here it’s important to note that Blast has been around for some time in the form of a HTML5 client used through HMTL5 compatible web browsers — available as of VMware Horizon View 5.2 Feature Pack 1. It is the ‘Extreme’ part that is (still relatively) new.

As mentioned, Blast has been around for a couple of years now (since 2013) and so it is no surprise that Blast Extreme builds upon the existing (and best) capabilities of the (older) HTML5 Blast protocol. Once the Horizon View (native) clients have been updated (need to be 4.x at a minimum) enabling support for the Blast Extreme protocol, Administrators can configure one or multiple desktop pools to make use of Blast Extreme or to allow users to change the protocol within their clients themselves (something I would avoid personally, but it’s optional).

The (new) Horizon View client consist out of three specific agent side Blast Extreme components:

• The VMware Blast service (VMBlastS.exe) manages user sessions, proxies incoming TCP connections, and prepares the Blast Worker process
• The Blast Worker process (VMBlastW.exe) captures the screen and handles everything within the session
• If you use UDP, the Blast Proxy process (VMBlastP.exe) brokers UDP connections

Source: Blast Extreme Display Protocol in Horizon 7 Technical Whitepaper.

Besides HTML5, Blast Extreme is also supported on both Windows and Linux, with new endpoints being added/supported on an ongoing basis. It’s main purpose is to deliver a unified protocol ensuring a richer application and desktop experience, specifically optimized for mobile device use-cases. Performance wise it is supposed to be on par with all major remoting protocols out there (or it exceeds them) including VMware’s own PCoIP. Have a look at some of the comparisons made here.

Blast internals

Some of it’s main characteristics and capabilities include but are not limited to:

• Broad Client support. Blast Extreme is based/built on the H.264 codec, which is available in most (mobile) devices today — the ability to decode through local hardware, that is. If not, software based H.264 decoding will be used instead or JPG/PNG if the client isn’t capable of decoding H.264 at all.
• Over 70 Thin/Zero clients are supported/certified up to date.
• As highlighted, it also still supports the JPG/PNG codec, as used within the HTML5 Blast protocol.
• Blast Extreme uses lossy compression by default, but it can be configured for lossless compression.
• Supports a broad range of clients and platforms: Windows (10), Linux, Android, iOS, Mac, various Thin Clients and can be used in combination with VDI and RDSH published applications and Hosted Shared Desktops. It supports up to four monitors per user.
• And as for the rich user experience goes, Blast Extreme support things like: Printing, Scanning, Smart Cards, USB redirection, Audio in/out, Windows Media Redirection for both VDI and RDSH, File type association, unified communications in the form of Skype, webcams and more — getting there.
• Blast Extreme supports the latest Intel Xeon processors with integrated Skylake GPU’s. It is built upon Intel Graphics Virtualization technologies (Intel GVT-d).
• NVIDIA Grid optimized (H.264). Delivering a rich 3D experience to your users by leveraging the NVIDIA hardware for H.264 encoding, which lowers overall CPU consumption and increases scalability. This enables us to deliver 4K resolutions. Let’s also not forget that VMware vSphere now offers HA support for vGPU enabled virtual machines — the VM will attempt to restart if another NVIDIA GRID vGPU host is available. It supports the NVIDIA GRID K1, K2, M6, M10 and M60. This (hardware encoding) will result up to 50 ms lower latency, over 80% bandwidth reduction when used on TCP and up to 19% when used with UDP — when compared to PCoIP, that is.
• Multi user AMD GPU support. A single GPU can be split among 2 to 15 users. The following cards are supported: AMD S7150, S715x2 and the S7100X.
• Uses less bandwidth. Which is one of the main reasons why it is optimized for mobile devices often making use of congested, high latency networks.
• Network friendly in that is can use TCP (will be used by default) as well as UDP (needs to be configured explicitly). It will use the external ports 443 (HTTPS) and/or 8443 (TCP/UDP).
• All remote experience traffic (from DMZ to internal LAN and vice versa) flows through the VMware Virtual Channel (vVC) port Nr. 22443 over TCP/UDP while both Windows Multi Media (MMR) and USB redirection both use so-called side channels over TCP — port numbers 9427 and 32111. Although for security reasons, MMR and Client Drive Redirection (CDR) can be configured to use the VMware Virtual Channel (port 22443) instead of port 9427, doing so affects performance VMware recommends using the side channels (ports 32111 and 9427 as mentioned above) rather than the VMware Virtual Channel
• It simplifies firewall port configurations — also see image below.
• It is build with the cloud in mind. It adepts better to lossy networks. UDP will perform slightly better than TCP when there is packet loss — The H.264 codec, when used with TCP, can handle up to 20 percent packet loss, whereas H.264 when used with UDP can handle up to 25 percent packet loss.
• Better battery life. Because the H.264 decoding can be handed of to the client device hardware, less CPU cycles/software rendering will be needed, saving battery life.

And since I don’t like to copy and paste images, I came up with my own Visio — here you go:

VMW fact: Blast Extreme is ‘just’ another protocol option within Horizon / View 7, it is not meant to replace PCoIP.

Configuration and control

The Blast Extreme protocol is completely configurable through Group Policy Objects (GPO’s). This enables network administrators to tune Blast Extreme for specific customer requirements and network conditions when and where applicable. Some of the options you have include but are not limited to the following:

• Maximum and minimum bandwidth per (remote) session — note that this will include all video, audio, virtual (side) channels and so on.
• Max Frames Per Second (FPS).
• Image (JPEG) quality. Specifies the image quality of the remote display. You can specify two low-quality settings, two high-quality settings, and a mid-quality setting.
• 264 codec. Enable or disable the use of H.264 based encoding, which will be enforced by default when this policy is not configured. When disabled or when the machine/endpoint in question is not capable of hardware encoding the JPG/PNG codec will be used instead.
• 264 and JPEG quality levels.
• UDP protocol. It needs to be configured explicitly . By default TCP will be used. Configuring this policy, to make use of UDP requires a reboot of the Horizon View Agent.
• Clipboard redirection. This can be configured from client to server, server to client, both or it can be set to disabled.
• HTTP Service. Specifies the port that is used for secure communication (HTTPS) between the security server or Access Point appliance and a desktop. The firewall must be configured to have this port open. The default is 22443.
• File transfer. Specifies the permissible behavior for file transfer between a remote desktop and the HTML Access Multiple options to choose from.
• Audio playback. Specifies whether audio playback is enabled for remote desktops. This setting is to enable audio playback.

VMW fact: By default Blast Extreme will take up as much bandwidth as possible to deliver the best user experience. Make sure to (re) configure the, out of the box defaults to balance bandwidth usage.

BEAT

Stands for Blast Extreme Adaptive Transport, first introduced with Horizon version 7.1. It is based on UDP and part of the Blast Extreme protocol. It’s main purpose is to enhance the user experience over low bandwidth, high latency and high packet loss connections/networks. According to VMware, and I quote ‘We are seeing up to 50% improved bandwidth utilization out of the box. Moreover, we are seeing six-time faster file transfers for transcontinental connections (~200 ms) with only slight packet loss’

Have a look at this VMware blog for some more information: https://blogs.vmware.com/euc/2017/02/horizon-7-1-horizon-apps.html

To finalize

Hopefully this post answered some of the questions you might have had around the Blast Extreme protocol and its capabilities. Again, Blast Extreme is not meant to replace the PCoIP protocol, at least not today — by the way, here’s how VMware got to make use of PCoIP in the first place, in case you were wondering — it is primarily aimed at, and optimized for mobile devices like phones, tablets and laptops, it’s up to you to decide when to use which protocol. Have a look at some of the websites/links below, there you will find some comparisons between the various remoting protocols (PCoIP, Citrix ICA/HDX, RDP, Blast Extreme) as well as some more general information:

1. VMware Horizon 7 Blast protocol provides a rival for PCoIP
2. VMware Horizon Blast Extreme Acceleration with NVIDIA GRID
3. Blast Extreme Display Protocol in Horizon 7 Technical Whitepaper.
4. Vmware Horizon View – Blast Extreme protocol vs. PCoIP
5. Compare Citrix, VMware and Microsoft remote display protocol options
6. VMware View documentation center
7. ICA/HDX vs. PCoIP

Thank you for reading.

Bas van Kaam

Field CTO EMEA by day, author by night @ Nerdio

Father of three, EMEA Field CTO @ Nerdio, Author of the book Van de Basis tot aan Meester in de Cloud, Co-author of the book Project Byte-Sized and Yuthor of the book: Inside Citrix – The FlexCast Management Architecture, over 500 blog posts and multiple (ultimate) cheat sheets/e-books. Public speaker, sport enthusiast­­­­­­­­: above-average runner, 3 x burpee-mile finisher and a former semiprofessional snooker player. IT community participant and initiator of the AVD User group Community world wide.