How to isolate mutexes, events and semaphores (MutexIsolation)
In order for some desktop applications to run securely and safely on a server operating system they require systems resources to be isolated, so that they do not attempt to access the same resources which may need to be controlled by different mutexes, semaphores, and the events generated.
By default, the Redirection Engine (AAV) will not isolate any mutexes, semaphores or events, isolation will only be enabled if the <MutexIsolation>, <EventIsolation> or <SemaphoreIsolation> isolation tags are specified. For each <MutexName>, <EventName> or <SemaphoreName> the name referenced in the tag is redirected to a process specific name.
Please note, this isolation depends upon the feature HookKernelObjects, the APIs are case sensitive, so use the exactly the same cases for mutex, event and semaphores.
Video Example: Google Earth
Only a single instance of Google Earth can run on XenApp or RDS, watch a video to see this compatibility feature in action for mutex isolation.
<AAV> <MutexIsolation> <MutexName>Global\Google Earth Google Mountain View</MutexName> <MutexIsolation>
- Open up AppAcceleratorV.clc
- Enable the feature HookKernelObjects, by moving the <Feature>HookKernelObjects</Feature> from the list of commented out features so that it appears within the main body of <Features> listed (disabled state).
<Features> <Feature>HookKernelObjects</Feature> </Features>
- Open up Redirections.xml, and create a tag for the type of system object you would like to isolate.
- Create the tags required for <MutexIsolation>, <EventIsolation> or <SemaphoreIsolation>
<MutexIsolation> <MutexName>FirstMutexName</MutexName> <MutexName>AnotherMutexName</MutexName> </MutexIsolation> <EventIsolation> <EventName>FirstEventName</EventName> <EventName>AnotherEventName</EventName> </EventIsolation> <SemaphoreIsolation> <SemaphoreName>FirstSemaphoreName</SemaphoreName> <SemaphoreName>AnotherSemaphoreName</SemaphoreName> </SemaphoreIsolation>