Core Concepts

Optimization Modes

The Zoom Workplace VDI app supports three modes of operation for real-time media processing: Direct Optimized, Channel Optimized, and Fallback Mode

In the context of the Zoom Workplace VDI app, real-time media processing refers to the relay and rendering of real-time media between the Zoom Cloud, the Zoom Workplace VDI app, and/or the Plug-In. To support a range of VDI use cases, the Zoom Workplace VDI app supports three distinct modes of operation for media processing and optimization: Direct Optimized mode, Channel Optimized mode, and Fallback mode. These are discussed in the following sections.

Direct Optimized Mode: When the Zoom Workplace VDI app and Plug-In receive independent data streams from the Zoom Cloud

Direct Optimized Mode is the default optimization mode for the Zoom Workplace VDI app and Plugin. In this mode, the Zoom Cloud maintains two separate data streams for an optimized VDI user: one for the Zoom Workplace VDI app and another for the Plug-In. This configuration enables the user’s remote client (equipped with the VDI Plug-In) to communicate directly with the Zoom Cloud for real-time media data transfers, eliminating the need to route most real-time media traffic through the virtual desktop or across the virtual channel.

When operating in Direct Optimized mode, the following occurs:

1. The Plug-In receives data streams for video and audio directly from the cloud.

2. The Zoom Workplace VDI app handles general meeting data, such as participant information, chat message, or AI Companion features, displaying it within the Workplace app placeholder, while also managing inbound screen sharing by forwarding it to the plug-in and uploading local screen sharing content from the virtual desktop when active.

3. The Plug-In and VDI desktop use the VDI vendor’s virtual connection to communicate and determine the placement and rendering of on-screen media between the two layers.

Channel Optimized Mode: When the Plug-In receives data hairpinned through the virtual desktop

Channel optimization is similar to the Direct Optimization experience, where the Plug-In continues to render the meeting media (as seen in the above image), but through a different network path. In this mode, the following occurs:

1. All meeting media is first delivered to the VDI server from the Zoom Cloud.

2. The VDI server transfers media to the Plug-In either through an out-of-band UDP connection or through the existing VDI virtual channel if the UDP connection cannot be established.

This method may be preferred by organizations that do not enable direct Internet access for thin clients (or other remote devices), or who prefer to route data through their network, but can potentially lead to a worse experience than the Direct Optimization if network routing conditions are sub-optimal. The image below demonstrates the UDP/Channel optimization dataflow.

Fallback Mode: When all meeting media is routed to and processed directly on the virtual desktop

Fallback Mode represents a fully unoptimized VDI experience. In this mode, there is no media optimization or Plug-In in use, and all communication occurs directly between the VDI server and the Zoom Cloud, with all processing occurring exclusively on the VDI server.

This method places a significant processing burden on VDI server resources, often resulting in poor performance, including slowness, choppy video, and distorted audio. As such, Fallback Mode is the least preferred option and should only be used as a last resort or when Plug-Ins are unavailable.

Summary of Connection Modes

The Zoom Workplace VDI app supports three distinct connection modes, each tailored to different operational and security needs. The default and most efficient mode is Direct Optimized Mode, where the Zoom Workplace VDI app and Plug-In establish separate connections to the Zoom Cloud, independently handling their respective portions of a Zoom meeting to deliver a seamless, optimized experience.

In addition to Direct Optimized Mode, the Zoom Workplace VDI app can operate in alternative configurations, including Channel Optimized Mode and Fallback Mode. These modes can help address specific workflow or network constraints, such as restricted internet access for remote devices, data routing for privacy concerns, or the absence of Plug-Ins.

The following table summarizes the key differences between these modes.

Optimization FAQ

The following sections provide answers to common questions regarding media optimization.

How does Screen Sharing work with VDI?

Screen sharing for VDI users is handled differently depending on whether the user is sharing their screen from a virtual desktop or receiving a share session from another participant while using a virtual desktop.

Conversely, when a virtual desktop user shares their screen, the screen sharing video content is sent directly from the virtual desktop to the Zoom Cloud and distributed to all other meeting participants. If the Share Sound option is checked, the audio from the virtual desktop is forwarded to the VDI Plug-In, and is sent in a separate audio stream to the Zoom Cloud, marked for the share session. The Zoom Cloud then combines the video and audio streams and distributes the media to participants through the active screen sharing session.

Is local screen sharing processed on the VDI server?

Yes, initiating screen sharing from the virtual desktop requires the VDI server to process local and outbound screen sharing data. Since virtual desktops are provisioned with virtual CPU cores, some of the offloading to a GPU that can be done with real hardware is not an option for the virtual desktop. To address those performance challenges, the Zoom Workplace VDI app is optimized to reduce the frame rate of screen sharing to five frames per second to maintain server performance.

For customers with concerns about virtual desktop performance, capture rates can be reduced using the ShareCaptureFps registry key to optimize server performance.

How is the out-of-band UDP connection established?

The out-of-band UDP connection is established between the Zoom Workplace VDI app and Plug-In using UDP ports 7200-17210 by default. This encrypted connection is confirmed through the already-encrypted virtual connection between the Zoom Workplace VDI app and Plug-In (e.g. the Citrix ICA or Horizon Blast channel). If the system fails to establish a UDP connection, it will failover to the virtual connection channel.

Organizations that use the Windows Defender Firewall with customized port ranges require advanced configurations. Refer to the Windows Defender Firewall Considerations section for more information.

How does the virtual connection failover work?

In the event a direct or UDP connection cannot be established between the Zoom Workplace VDI app and Plug-In, the connection will fail over to the virtual connection used by the virtual desktop agent. These connections have limited bandwidth available and will likely impact media quality.

Can I force the UDP/Channel Optimized connection?

• DisableMMRDirect disables direct connections from the Plug-In to the meeting server, and automatically attempts UDP Optimized mode.

• DisableICABridge disables the virtual channel connection failover between the Plug-In and Zoom Workplace VDI app if a direct connection or UDP Bridge cannot be established. If no connection is established, Fallback Mode will be used. This key also disables the Horizon Blast channel.

• DisableUDPBridge disables the ability to form an out-of-band connection between the Plug-In and Zoom Workplace VDI app and force connection attempts to the virtual connection if a direct connection cannot be established. If no connection is established, Fallback Mode will be used.

How is VDI traffic protected?

All in-meeting traffic is secured with 256-bit AES-GCM encryption for UDP connections, regardless of optimization configuration. Failover media connection methods utilize TLS 1.2 encryption.

All communication between the Plug-In and Zoom Workplace VDI app is encrypted via the intrinsic virtual connection, or an out-of-band UDP connection.

What ports are required for using the Zoom Workplace VDI app?

Refer to the section on UDP Connection Establishment for port requirements for Direct and Channel Optimized modes.

I use the Windows Defender Firewall. Do I need to do anything?

The Zoom Workplace VDI app MSI package opens UDP ports 7200-17210 within the Windows Defender firewall during installation for Plug-In connectivity. Companies that utilize the Windows Defender firewall and customize the UDP port range using registry keys must update these parameters within the Windows Defender Firewall to maintain functionality.