Getting Started with Microsoft Application Virtualization 4.6

Getting Started with Microsoft Application Virtualization 4.6

Virtualize your application infrastructure efficiently using Microsoft App-V

Augusto Alvarez

professional expertise distilled

P U B L I S H I N G

Getting Started with Microsoft Application Virtualization 4.6 Copyright © 2011 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: January 2011

Production Reference: 1040111

Published by Packt Publishing Ltd. 32 Lincoln Road Olton Birmingham, B27 6PA, UK. ISBN 978-1-849681-26-1 www.packtpub.com

Cover Image by Mark Holland ([email protected])

Credits Author Augusto Alvarez Reviewers Nicke Källén

Editorial Team Leader Gagandeep Singh Project Team Leader Ashwin Shetty

Kevin Kaminski Aaron Parker Acquisition Editor Amey Kanse Development Editor Wilson D'souza Technical Editor Vinodhan Nair Indexer Monica Ajmera Mehta

Project Coordinator Joel Goveya Proofreader Stephen Silk Graphics Geetanjali Sawant Production Coordinator Arvindkumar Gupta Cover Work Arvindkumar Gupta

About the Author Augusto Alvarez is a computer geek and a fan of the latest IT platform solutions. He has been working with Microsoft Technet and Microsoft Academics since 2006, collaborating on different technological events.

He is currently working as an IT Manager in Buenos Aires, Argentina, managing and coordinating IT areas, envisioning, designing, and implementing client-driven solutions, implementing and evangelizing agile and scrum methodologies, and so on. Augusto has a lot of experience not only in App-V but also in several Microsoft technologies for Windows Server—Deployment, Active Directory, Hyper-V and virtualization solutions, clustering, System Center Suite, security implementations, and so on. Augusto participates in the IT community on several forums. Additionally, you can check his blog at http://blog.augustoalvarez.com.ar/ and follow him on Twitter at http://twitter.com/augustoalvarez.

About the Reviewers Nicke Källén is an App-V MVP from Sweden. He posts as Znack on the TechNet

Forums, where he's consistently the most active answerer on App-V topics. His focus has always been on end-user experience within migration projects for several enterprise customers, and utilizing Microsoft Application Virtualization as a means for faster, more accurate delivery with less interference for a continuous experience.

Kevin Kaminski has over 13 years of systems management experience and is no stranger to the challenges enterprises can experience when managing large deployments of Windows systems. As an independent consultant, Kevin has had the opportunity to visit many diverse environments and see the problems enterprises face first hand. In addition to consulting, Kevin co-authors and teaches an advanced App-V course with fellow Microsoft Application Virtualization MVP Tim Mangan. His contributions to the online community can be seen on many sites such as the Microsoft TechNet Forums, AppDeploy.com, myITforum.com, SoftGridGuru.com, and BrianMadden.com. Outside of the online community, he heads up the Calgary Systems Management User Group (CSMUG) and performs public speaking at various events.

Aaron Parker is an Infrastructure Architect with 15 years of experience in the IT industry. An MCSE and CCIA/CCIE, he spent the last 10 years on server-based computing, desktop and application deployment and virtualization.

He currently resides in London, UK, where he's involved in deployments for private and government clients including Fortune Global 500 companies. You can find him contributing to the www.appvirtguru.com and TechNet App-V forums, or blogging at http://www.stealthpuppy.com, although he just might possibly be snowboarding instead.

www.PacktPub.com Support files, eBooks, discount offers and more

You might want to visit www.PacktPub.com for support files and downloads related to your book. Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub. com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details. At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

http://PacktLib.PacktPub.com Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can access, read and search across Packt's entire library of books. 

Why Subscribe? •

Fully searchable across every book published by Packt

•

Copy and paste, print and bookmark content

•

On demand and accessible via web browser

Free Access for Packt account holders

If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view nine entirely free books. Simply use your login credentials for immediate access.

Table of Contents Preface 1 Chapter 1: Introducing Application Virtualization in a Virtualized World 7

Why Virtualization? 9 Faster and dynamic deployments 9 Cost savings 9 Scalable and easy-to-manage platforms 10 Enhanced backup and recovery 10 Remove application deployment incompatibility issues 11 What is Application Virtualization? 11 Normal applications 12 Virtual environment 12 Side-by-side virtualization 13 Application Virtualization quick facts 14 Does Application Virtualization fit into my environment? 14 Business application scenario 14 Dynamic base operating system 15 Existing Application Virtualization platforms 16 Introduction to App-V and the Microsoft virtualization model 17 App-V implementation models 18 The application lifecycle in App-V 19 Differentiating App-V from other platforms 20 Summary 20

Chapter 2: Understanding App-V Architecture App-V components App-V Management Server App-V Management System App-V Streaming Server

23 24 24 25 25

Table of Contents

App-V Client

26

Understanding the virtual environment

27

App-V Sequencer Sequenced application files App-V Models App-V Standalone Model App-V Streaming Model App-V Full Infrastructure Model Choosing the correct model Application validations App-V model considerations Hardware sizing considerations Case study example Scenario at Contoso Contoso App-V implementation

28 28 29 29 30 32 33 34 35 37 39 39 40

Summary

42

Answers for the App-V implementation

40

Chapter 3: Preparing your App-V Environment and Installing App-V Management Server What's new in App-V 4.6? Preparing your environment App-V requirements

App-V Management and Streaming Servers App-V data store App-V Sequencer App-V client

Preparing the Full Infrastructure Model Installing App-V Management Server Installing and configuring IIS 7 Configuring SQL Server 2008 SP1 instance Installing App-V Management Server Post installation tasks What about SQL Server Express?

43 44 46 46

47 48 49 51

52 54

54 56 56 62 68

Scaling up App-V Management Server installation 70 Summary 71

Chapter 4: Deploying the App-V Sequencer, Desktop Client, and Streaming Server Installing the App-V Sequencer Installing the App-V Client Installing the App-V Streaming Server Preparing the Streaming Mode Manual configuration for Streaming Mode [ ii ]

73 74 76 80 84 84

Table of Contents

Group Policy configuration for Streaming Mode 85 Preparing the Standalone Mode 87 87 Manual configuration for Standalone Mode Group Policy configuration for Standalone Mode 88 Automating the App-V Desktop Client deployment 90 94 Testing the environment Verifying the connection with the server 95 96 Configuring and testing the default application Summary 101

Chapter 5: Taking the Initial Steps in the Sequencing Process What is sequencing? Sequencing phases

103 104 104

Installation 105 Launch 105 Process/Customization 106 Save 106

Reviewing sequencing requirements Sequencing best practices

106 108

Applications not supported for sequencing Sequencing applications Sequencing Mozilla Firefox

120 122 122

Summary

143

Creating an ODBC Data Source Name Creating a dummy printer

Publishing and deploying Mozilla Firefox

Chapter 6: Sequencing Complex Applications

When do you need Advanced Sequencing in App-V? How a virtualized Microsoft Office 2010 fits into your environment? Sequencing Microsoft Office 2010 Initial configurations and requirements Installing Microsoft Office 2010 Deployment Kit for App-V What if the service is not installed? About Microsoft product keys

Capturing Microsoft Office 2010

111 117

137

145 146 147 148 148 149

152 152

153

Editing the package

Publishing and deploying Microsoft Office 2010 Enabling Microsoft Office proxies Troubleshooting applications deployment Error code: xxxxxx-xxxxxx0A-20000194

168

175 179 182 183

Reason 183 Resolution 183

[ iii ]

Table of Contents

Error code: xxxxxx-xxxxxx0A-10000004

184

Reason 184 Resolution 184

Summary 185

Chapter 7: Managing Dynamic Suite Composition

187

Chapter 8: Integrating App-V with System Center Configuration Manager 2007 R2

203

How Dynamic Suite Composition works 188 189 DSC does not control the interaction Configuring DSC manually 190 199 Using the Dynamic Suite Composition tool Summary 202

Why integrate? Limitations of the integration How does the integration work? Components involved Delivery methods

Streaming delivery Local delivery (download and execute)

Do you need to re-sequence an application to use it with SCCM? Requirements for the integration SCCM platform requirements Storage requirements Implementing App-V and SCCM integration Configuring SCCM to distribute virtual applications Enabling virtual application advertisements Enabling streaming of virtual applications

204 205 206 207 207

207 209

210 211 211 212 213 214

214 216

Importing a virtual application into SCCM 218 Advertising and distributing a virtual application in SCCM 224 Summary 230

Chapter 9: Securing your App-V Environment

General guidelines for securing the environment Securing the operating system Securing SQL Server Securing the sequencing process Configuring App-V for secure delivery Creating and configuring a certificate Securing the App-V Management Server Securing the App-V Management Server at installation Securing an installed App-V Management Server Securing the web service [ iv ]

233 234 234 234 235 236 237 245

245 245

Table of Contents

Securing App-V Desktop Client

250

Securing App-V Streaming Server Modifying virtual applications Securing other delivery methods

253 255 258

Using Internet-facing scenarios Publishing App-V in your firewalls

259 260

Importing the certificate into the App-V Desktop Client

Securing HTTP streaming Securing SMB streaming

250

258 259

Using App-V Servers in the internal network Using App-V Servers in the DMZ

260 261

Summary 263

Appendix: Reviewing App-V for Remote Desktop Services (Terminal Services) What is Remote Desktop Services? Components in Remote Desktop Services App-V versus RemoteApp What do you need to use RemoteApp? Differences between RemoteApp and App-V Combining App-V with Remote Desktop Services Installing and configuring App-V Remote Desktop Services App-V RDS client considerations Deployment considerations Installing App-V RDS client Publishing App-V Applications with RemoteApp Summary

265 266 267 268 268 271 271 273 273 274 275 278 284

Index 285

[v]

Preface Every organization, no matter what the business involved, to achieve efficiency needs efficient people working for them. For a long time now, operating systems and applications have represented important tools in the work of these people and organizations. And if we are not capable of providing users with the proper tools, gaining an agile, dynamic, and scalable platform to provision these technologies, then we will probably affect the organization's productivity. We will also generate for ourselves, as IT workers, a lot of effort supporting end users and troubleshooting operating systems and applications installations or configurations over and over again. Virtualization technologies appeared in order to assist us in these matters and to make a direct impact on the organization's costs for hardware, energy consumption, and maintenance of IT platform. Application virtualization helps us achieve the agility and scalability we are seeking in several ways—centralized management of applications, removing repeated installations, isolating environments to avoid instabilities in operating systems, consistent and easy-to-manage deployments, and so on. Microsoft Application Virtualization (App-V) 4.6 represents in my opinion the most complete solution for virtualizing applications, and has some interesting benefits compared to other similar technologies available in the market. For example, supporting both 64-bit clients and applications, having the possibility of delivering (streaming) applications via HTTP/S protocols, generating MSI files as an alternative for offline users, high level of integration with System Center Configuration Manager (SCCM), and so on. As with any technology and implementation, we must first understand the components involved (including the applications to virtualize), understand the requirements and possibilities of our organization in order to realize the proper design, planning, and implementation.

Preface

In this book we will cover all that you need to know to get started with Microsoft Application Virtualization, starting with a detailed view of all App-V components and implementing existing models, reviewing all the requirements and detailed steps for the installations, and how to master the application sequencing process for simple and complex applications. Integration is another key element we will discuss in this book, and fortunately App-V is not just an isolated technology we can introduce into our platform. Microsoft's App-V interacts and is integrated with key components like System Center Configuration Manager (SCCM) and Remote Desktop Services (RDS, formerly known as Terminal Services). These two technologies are important features in most infrastructures as we have a vast desktop management system when we are using SCCM, and RDS appears in interesting and upcoming scenarios like Virtual Desktop Infrastructure (VDI).

What this book covers

Chapter 1, Introducing Application Virtualization in a Virtualized World, provides an overview of virtualization technologies and how application virtualization fits into this new environment, as well as differentiating App-V from other similar platforms. Chapter 2, Understanding App-V Architecture, explains the components of App-V and existing models of implementation. This chapter also provides detailed guidance for proper planning and design. Chapter 3, Preparing your App-V Environment and Installing App-V Management Server, takes a good look at step-by-step procedures for installing the App-V Management Server as well as fulfilling requirements for the entire implementation. Chapter 4, Deploying the App-V Sequencer, Desktop Client, and Streaming Server, provides step-by-step procedures for implementing the rest of the components in App-V, as well as how to set up Streaming and Standalone models in App-V. Chapter 5, Taking the Initial Steps in the Sequencing Process, discusses all you need to know about sequencing applications, best practices, and step-by-step procedure for capturing a simple application. Chapter 6, Sequencing Complex Applications, goes through advanced sequencing techniques using a very essential application for virtual environments—Microsoft Office 2010. Chapter 7, Managing Dynamic Suite Composition, provides a complete overview and detailed procedure for using Dynamic Suite Composition (DSC) in App-V.

[2]

Preface

Chapter 8, Integrating App-V with System Center Configuration Manager 2007 R2, provides a good look at integration, such as how it works, the components involved, benefits, and step-by-step procedures. Chapter 9, Securing your App-V Environment, reviews the common requirements for securing the App-V platform and also other setups involving DMZ and internetfacing scenarios. Appendix A, Reviewing App-V for Remote Desktop Services (Terminal Services), takes a look at integrating App-V with RDS, comparison with RemoteApp, and the step-by-step procedures to complement these two technologies.

What you need for this book

This book is focused on Microsoft Application Virtualization 4.6, which is available for Microsoft partners, included in Microsoft Desktop Optimization Pack (MDOP) 2010. Additionally, the App-V platform requires: •

Windows Server 2003/Windows Server 2008/Windows Server 2008 R2 operating system for App-V servers

•

SQL database (if we are using an App-V Management Server)

And for App-V Clients and App-V Sequencer, the client operating system required is Windows XP SP2 or higher, Windows Vista, or Windows 7.

Who this book is for

This book is written for IT professionals and decision makers who want to explore the benefits of implementing and maintaining virtual applications. System administrators or consultants, who intend to implement App-V from scratch, will receive all the necessary direction to accomplish it. The detailed steps provided for implementing App-V in your organization will work as an easy guide for IT professionals in charge of the operations. It will also meet the expectations of readers who are looking for a simple way of handling their application infrastructure and who want to reduce the cost of help desk support issues.

[3]

Preface

Conventions

In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning. Code words in text are shown as follows: "The manifest file is always saved in the sequencing process, and uses the same name as the SFT and the SPRJ file, adding the _manifest.xml." Any command-line input or output is written as follows: gpupdate /force

New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "On the summary wizard page click on Install". Warnings or important notes appear in a box like this.

Tips and tricks appear like this.

Reader feedback

Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of. To send us general feedback, simply send an e-mail to [email protected], and mention the book title via the subject of your message. If there is a book that you need and would like to see us publish, please send us a note in the SUGGEST A TITLE form on www.packtpub.com or e-mail suggest@ packtpub.com. If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.

[4]

Preface

Customer support

Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.

Errata

Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub. com/support, selecting your book, clicking on the errata submission form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded on our website, or added to any list of existing errata, under the Errata section of that title. Any existing errata can be viewed by selecting your title from http://www.packtpub.com/support.

Piracy

Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy. Please contact us at [email protected] with a link to the suspected pirated material. We appreciate your help in protecting our authors, and our ability to bring you valuable content.

Questions

You can contact us at [email protected] if you are having a problem with any aspect of the book, and we will do our best to address it.

[5]

Introducing Application Virtualization in a Virtualized World Virtualization has become one of the most used terms in the IT industry in the last few years. Yet there are several IT professionals, administrators, and managers who prefer to just avoid the term and not include it in their daily lives. According to a survey among IT areas in different organizations by Zenoss (http://www.zenoss.com/), a company which provides virtual and cloud services solutions, around 30% of deployments only exist as virtual. Why don't people trust virtual environments? Most of the existing misconceptions regarding adding a new layer in your infrastructure by virtualization technologies are: •

It represents a new layer of complexity, an increase in risks, and variables that could lead to unmanageable platforms

•

Increases in costs regarding hardware and licensing

How many times have you heard the expression "My company won't spend any more money on server licenses or new hardware"? I've heard that a lot. Of course, the managers of a company are not obligated to understand the technical benefits and licensing options regarding servers, but when those concepts appear around us, it is our job as IT administrators, managers, or even just IT geeks to start discussing the benefits of virtualization.

Download from Wow! eBook <www.wowebook.com>

Introducing Application Virtualization in a Virtualized World

In this chapter, we'll see why working with virtual environments is no more than a simple strategy or an implementation plan where you can start reviewing if it fits your needs or not. With virtual environments we rapidly start gaining the agility, scalability, cost-saving, and the security that almost any business today requires. The cloud service model is all around us, which presents to us several new ways of thinking about technology: •

Software as a Service (SaaS or S+S): Delivering applications over the network without any local installations or maintenance.

•

Platform as a Service (PaaS): Providing solutions, like an Active Directory solution, as a service, avoiding the deployment tasks.

•

Infrastructure as a Service (IaaS): Supplying computer infrastructure as a service. Instead of companies thinking about buying new hardware and the maintenance costs that implies, the infrastructure is provided (typically in virtual machines) as they need it.

If you need to recover from a disaster in your platform, did you consider the real cost of having your infrastructure down for several hours while you are restoring the latest backup? How much time and resources do you spend deploying/providing operating systems to users? And then how much do you spend later, troubleshooting application installations? If those number don't seem right to you (and I think they never do) maybe it is time to start thinking about SaaS, PaaS, and/or IaaS. Fortunately, today's demand regarding virtualization is incredibly high, which is why the possibilities and offerings are even higher. We can virtualize servers, appliances, desktops, and applications, achieving presentation and profile virtualization; you name it and there's probably already a bunch of products and technologies you can use to virtualize it. Application virtualization is still one of the emerging platforms but is increasing rapidly in the IT world. More and more of the dynamic aspects of isolating and scaling the applications deployment are being implemented. And Microsoft's App-V represents one of the strongest technologies we can rely on.

[8]

Chapter 1

Why Virtualization?

The reason for any of the misconceptions mentioned above could be a simple statement—Fear of the unknown. Most of the decision makers in organizations don't see IT as an investment; they see it as an unavoidable cost, so there's a simple thought around it "If it's working now, why we should spend more money? Why change it and take more risks?". Agile IT, Dynamic IT, Green IT. Have you ever heard of those terms? If you did and wondered what they mean exactly and how do I achieve them, then we are on the right track. Most of the benefits of virtualization can be grouped in four different areas.

Faster and dynamic deployments

Handling server or desktop deployments is always a painful thing to do, requiring hours of deployment, tuning, and troubleshooting; all of these aspects are inherited in any operating system lifecycle. Having virtual machines as baselines would reduce OS deployment from several hours to a few minutes. The desktop virtualization concept provides the end user the same environment as using a local desktop computer but working with remote computer resources. Taking this strategy will enhance the provisioning of desktop environments, more resources can be added on demand, and the deployment will no longer depend on a specific hardware. Building virtual machines templates ready to go, self-service portals to provision virtual machines for our power users whenever they need a virtual environment to test an application; these are some of other features that can be included using a virtualization platform.

Cost savings

Regarding cost savings, there are basically two significant points to mention: •

Lower power consumption: Large datacenters also include large electricity consumption; removing the physical layer from your servers will translate yearly to a nice reduced number in electrical bills. This is no small matter; most of the capacity and costs planning for implementing virtualization, also includes the "power consumption" variable. It won't be long until "Green Datacenters" and "Green IT" will be a requirement for every mid-size and large business.

[9]

Introducing Application Virtualization in a Virtualized World

•

Hardware cost savings: Before thinking about probably needing expensive servers to host your entire infrastructure let me ask you this, Did you know that the average hardware resources usage is around 5% to 7%? That means we are currently wasting around 90% of the money invested in that hardware. Virtualization will optimize and protect your investment; we can guarantee that the consolidation of your servers will be not only effective but also efficient.

Regarding that second observation, there's an interesting point about today's technology. Acquiring a server containing two quad-core processors and 32 GB of memory is not such a crazy idea. Today's cost for that kind of hardware is pretty much accessible for most mid-size and some small companies. And if we are not thinking of virtualization, what can we do with that server? Promote a domain controller or use it as a file server? Yes, I know, it doesn't sound right to me either. There's a common scenario in several organizations where there are users that only depend on, for example, the Office suite for their work; but the cost of applying a different hardware baseline to them, that fits their needs exactly, is extremely high. That is why efficiency also plays an important variable in your desktop-using desktop virtualization you can be certain that you are not over-or under-resourcing any end-user workstation. You can easily provide all the necessary resources to a user as long for as they need them.

Scalable and easy-to-manage platforms

A new contingency layer for every machine, taking a snapshot of an operating system, is a concept that didn't appear before virtualization existed. Whenever you introduce a change in your platform (like a new service pack release) there's always a risk that things won't be just as fine as they were before. Having a quick, immediate, and safe restore point of a server/desktop could represent a cost-saving solution. Virtual machines and snapshot possibilities will give you the necessary features to manage and easily maintain your labs for testing updates or environment changes, even the facilities to add/remove memory, CPUs, hard drives, and other devices to a machine in just a few seconds.

Enhanced backup and recovery

Virtual environments will let you redesign your disaster recovery plan (if you ever had one) and minimize any disruption to the services you are providing. The possibilities around virtual machine's hot backups and straightforward recoveries will give you the chance to arrange and define different service level agreements (SLAs) with your customers and company. [ 10 ]

Chapter 1

Have you ever had to improvise a recovery because of a hardware failure in one of your servers? Then you probably experienced that you didn't have the right hardware to replace in the server and you had to quickly buy a new one, or replace it with the hardware that was available at that moment. The virtualization model offers you the possibility to remove the hardware dependencies of your roles, services, and applications; a hardware failure can present only a minor issue in the continuity of your business, simply by moving the virtual machines to different physical servers without major disruptions.

Remove application deployment incompatibility issues

Inserting a virtualized environment into our applications deployment will reduce the time invested in maintaining and troubleshooting operating system and applications incompatibilities. Allowing the applications to run in a virtualized and isolated environment every time they are deployed removes possible conflicts with other applications. It is also a common scenario for most organizations to face incompatibility issues with their business applications whenever there's a change—new operating system, new hardware, or even problems with the development of the application that starts generating issues with particular environments. You can say goodbye to those problems, facilitating real-time and secure deployments of applications that are decoupled from tons of requirements.

What is Application Virtualization?

Application deployment, as for operating systems, always represents a significant load in every IT area, having to repeatedly deploy, maintain, and troubleshoot the same applications (and the same problems) over and over again. The Application Virtualization model introduces to us a new way to understand application deployments. As virtual machines that work abstracting the hardware layer from physical servers, application virtualization abstracts the application and its dependencies from the operating system, effectively isolating the application from the OS and other applications. Application Virtualization, in general terms, represents a set of components and tools that remove the complexity of deploying and maintaining applications for desktop users; preserving only a small footprint of the operating system.

[ 11 ]

Introducing Application Virtualization in a Virtualized World

Getting more specific, Application Virtualization is a process for packaging (or virtualizing) an application and the environment in which the application works, and distributing this package to end users. The use of this package (which can contain more than one application) is completely decoupled from the common requirements (like the installation and uninstallation processes) attached to applications. The Technical Overview of Application Virtualization offered by Microsoft represents a fine graphic explanation about how normal applications interact with the operating system and their components; and how virtualized applications do the same. Take a look at http://www.microsoft.com/systemcenter/appv/ techoverview.mspx.

Normal applications

In standard OS environments, applications install their settings onto the host operating system, hard-coding the entire system to fit that application's needs. Other applications' settings can be overwritten, possibly causing them to malfunction or break. Here's a common example of how two applications co-exist in the same operating system, and if these applications share some registry values the application's (or even operating system's) usability could be compromised.

Virtual environment

With Application Virtualization, each application brings down its own set of configurations on-demand, and executes in a way such that it only sees its own settings. [ 12 ]

Chapter 1

Each virtual application is able to read and write information in their application profile and can access operating system settings in the registry or DLLs, but cannot change them.

Side-by-side virtualization

Each App-V-enabled application brings down its own set of configurations and can run side by side without the settings conflicting with each other or the host operating system. Despite this separation, inter-application communication with other App-V applications and those installed locally is preserved, allowing for cut and paste, OLE, and all other standard operations. Here's a simple example on how App-V applications can work interconnected; this feature is called Dynamic Suite Composition (DSC).

[ 13 ]

Introducing Application Virtualization in a Virtualized World

Application Virtualization quick facts Here are some facts about Application Virtualization: •

The applications are not installed on clients, they are published.

•

With Application Virtualization we can achieve the co-existence of incompatible applications like Microsoft Office 2007 and Microsoft Office 2010.

•

Applications are installed only once on a reference computer, where the package is captured and prepared.

•

You can capture a set of interconnected applications into a single package.

•

The capturing process is in most cases a transparent process; which identifies the environment that the application requires to work, like files and registry keys.

•

Application Virtualization offers you the possibility of centralized management. There is one point where we handle virtualized applications and the distributing behavior in our environment.

•

Even though you can create a package of almost any software, not all applications can be virtualized. There are some examples that could be quite tricky to actually pack into one bundle. Applications that require high operating system integration can generate some known issues.

Does Application Virtualization fit into my environment? Whenever there's a discussion concerning this question, I usually present common scenarios which most the companies know about.

Business application scenario You are using a company's application that requires: •

Special configurations every time that is deployed. Customizing files or setting special values within the application configuration environment.

•

It is also interconnected with other applications (for example, Java Runtime Environment, a local database engine, or some other particular requirement).

[ 14 ]

Chapter 1

•

It demands several hours every week to support end users deployments and troubleshooting configurations.

Application Virtualization offer us the possibility to guarantee that end users always have the same configuration deployed, no matter when or where, as you only need to configure it once and then wrap up the entire set of applications into one package.

Dynamic base operating system

You have a dynamic base operating system image that changes constantly, and the scenario looks like this: •

There are several types of base images according to user profiles (HR users usually have a different base operating system than the one provided for a developer).

•

Microsoft Deployment Toolkit (MDT) combined with System Center Configuration Manager (SCCM) to maintain images not being used.

•

Every change requires manual and local intervention on every client for installing or removing applications (some prefer accepting the risks, and provide end users with local administrator privileges to achieve some kind of auto-management).

Again, this translates into several hours of supporting, deploying, and maintaining those different types of images. It also carries important risks if the organization is getting bigger, as the hours invested on these matters will increase exponentially. Implementing Application Virtualization with a clean base image will help us minimize the impact every time there's a change. With centralized management of the applications you can make all the necessary changes and implement them instantly on demand. Also, by adding granularity to the type of images, special applications can be distributed only to selected group of users, keeping a small footprint for every operating system. Another aspect of Application Virtualization is related to a significant matter in many organization—application licensing. Application Virtualization can also maintain a central point for software licenses, allowing you to keep track of the current licensing situation of all your applications.

[ 15 ]

Introducing Application Virtualization in a Virtualized World

Existing Application Virtualization platforms

As mentioned before, there are many virtualization solutions available to consider. The demand for Application Virtualization is increasing significantly; some of the most important offerings available in the market are: •

Microsoft Application Virtualization (App-V), formerly known as SoftGrid

•

VMware ThinApp

•

Citrix XenApp

•

Symantec Software Virtualization Solutions (SVS)

•

InstallFree Bridge

Some of the differences among these technologies are: •

ThinApp and App-V 4.6 are the only ones that support 64-bit OS deployments (earlier versions of App-V do not support this feature).

•

Microsoft App-V 4.6 is the only one that supports 64-bit applications.

•

App-V, SVS, and XenApp use a set of kernel mode drivers and supporting services to manage the virtualization process. ThinApp includes the entire virtual environment directly into the application package.

•

App-V, SVS, and XenApp include options for reporting the virtualized applications usage.

•

VMware ThinApp and InstallFree Bridge do not include a central point for application license management.

•

VMware ThinApp and App-V, in a 32-bit environment, are the only platforms that support 16-bit applications. 64-bit operating systems do not support 16-bit applications.

Some other options available in the application virtualization market are: •

Ceedo

•

Zero Install

•

AppZero

•

Novell ZENworks Application Virtualization

•

Spoon AppExpress

•

LANDesk Application Virtualization

•

Sandboxie [ 16 ]

Download from Wow! eBook <www.wowebook.com>

Chapter 1

Introduction to App-V and the Microsoft virtualization model Microsoft introduced App-V as one of the many tools within the Infrastructure Optimization (IO) model. This model offers you the different kinds of maturity levels an infrastructure can achieve.

The IO model also presents a path to accomplish the maximum level of maturity; performing these best practices we can guarantee operational efficiency among the IT activities. Fortunately, Microsoft provides complete guidelines, tools, checklists, and other assets to understand which maturity level we are staged on, what we should do to level up, and which technologies are involved. You can find all of this at http://www.microsoft.com/infrastructure/. App-V's benefits give the necessary level of control to the administrators over the application deployments as well as securing the user's profile, providing them with the proper work environment. The Dynamic Level of Microsoft IO also requires dynamic application access and recovery for desktop applications, both of which are also gained with App-V. Some of the most important topics we can find in all of these resources are: •

An online assessment tool to achieve Dynamic IT: Once we run this wizard-like tool, we receive a complete report on how to optimize our infrastructure in areas like Identity and Access, Desktop, Device and Server Management, Security and Networking, Data Protection, and IT Process. You can access the online tool at http://www.microsoft.com/infrastructure/ about/assessment-start.aspx.

•

IT Compliance Management Series: Guidelines oriented to IT governance, risk, and compliance requirements. Download the series from the Microsoft Download Center at http://www.microsoft.com/ downloads/en/default.aspx.

•

Windows Optimized Desktop Scenarios Solution Accelerator: Guideline to achieving a proper plan and designing applications and operating systems in your organization. This accelerator will be useful when we start thinking in App-V. More information is available at http://www.microsoft.com/ infrastructure/resources/desktop-accelerators.aspx.

[ 17 ]

Introducing Application Virtualization in a Virtualized World

•

Infrastructure Planning and Design Guides for Virtualization: Complete references for designing a virtualization strategy; you will find specialist guides for App-V, Remote Desktop Services (formerly known as Terminal Services), System Center Virtual Machine Manager, Windows Server Virtualization, Desktop Virtualization, and so on. More information is available at http://technet.microsoft.com/en-us/ solutionaccelerators/ee395429.aspx.

Levels in the Microsoft Infrastructure Optimization (IO) Model are shown in the following figure:

App-V implementation models

App-V is the most robust as well as the most flexible platform of the application virtualization options available and we can implement it in any environment. It doesn't matter if we just want to use it with a few mobile users or for the entire organization, App-V fits all. Let's take a quick look at the implementation models available: •

Standalone: There's no infrastructure needed for this one, you just need a reference computer that packages the application (sequencer machine) and the App-V client that receives the application. You can even use it for offline users.

•

Streaming Mode: This is the same model as the standalone with the exception that you are also using a streaming server to distribute the applications. You can set up streaming servers for low-bandwidth links like branch offices.

•

Full Infrastructure: The full model introduces you to a Management Server, where you can centrally administer the entire infrastructure (packages, permissions, licenses, and reporting), a Streaming Server (which can stream down applications using the default App-V protocol, HTTP/S, SMB, or combination with SCCM 2007 R2), and the App-V client. Note that the Management Server can provide applications to users as well as stream.

[ 18 ]

Chapter 1

The application lifecycle in App-V

To understand a little bit more about application virtualization, let's make a note of the milestones that represent the lifecycle in an App-V package: •

Application Sequencing: As the first step in the life of a virtualized application the sequencing of an application represents capturing the environment (files, shortcuts, and registry keys) where it works, and packaging it into one bundle.

•

Application Publishing and Deployment: After the creation of the App-V package, the administrator publishes it on the server, defining different sets of permissions and licenses if applicable, and it is deployed to all the App-V clients within the scope.

•

Application Update: The application update process refers to applying the necessary changes and revisions into the application. And clients can consume this new version of the package the next time the application is launched.

•

Application Termination: This step consists only of removing or disabling the application from our server. As App-V clients never install this application, the termination process does not modify anything in their operating system and the application smoothly disappears from the environment without a trace.

[ 19 ]

Introducing Application Virtualization in a Virtualized World

Differentiating App-V from other platforms

We've previously covered some basic differences that we can find between the application virtualization platforms. Now, if you haven't made up your mind just yet, it's time for some quick facts about Microsoft App-V: •

Microsoft App-V 4.6 supports 64-bit clients as well as 64-bit applications.

•

In the process of capturing-sequencing an application, we can immediately create MSI files to be deployed for offline clients and other particular environments.

•

HTTP streaming: Applications can be streamed using web servers like Internet Information Services (IIS) version 6 or 7 or Apache.

•

Dynamic Suite Composition (DSC): DSC provides the possibility to integrate different App-V packages and gain interaction between them.

•

Highly-integrated with System Center Configuration Manager 2007 R2. If you already have SCCM 2007 R2 implemented, publishing applications combining the platforms should not present difficulties.

•

Reporting: The use of virtualized applications can be easily monitored and reported with Microsoft App-V (only in the Full Infrastructure model). This can be an important feature in the lifecycle mentioned about applications, where you can get all the necessary information about the usage and termination, if it's needed, about applications that are no longer used by clients.

•

Variety of implementation models: If there are not enough resources for a complete implementation, the standalone mode lets us take advantage of application virtualization without requiring particular servers.

Summary

In this chapter we've covered: •

The basics of virtualization

•

Common misconceptions about the technologies and their uses

•

The reasons why virtualization is no longer a simple strategy that you can use, but represents the next focus any IT platform should have

•

And exactly what application virtualization is and the benefits it includes

I once heard "What is virtualization but just removing physical characteristics to recreate them in an emulated environment? Why even bother?". It is exactly that, but within that abstraction from hardware or software dependencies is what makes the difference; you just need to see it. [ 20 ]

Chapter 1

Even though most of the technology and IT fans working in a company do not decide on the investments the organization should make, it is important for us to understand that the agility we gain administering a virtualized platform is easily translated to reducing costs regarding IT daily activities, creating the opportunity for us to focus on different valuable activities. There are several technologies and products we can use for application virtualization. Microsoft App-V offers the most suitable strategy (64-bit applications and clients supported), is scalable (different models available that can be used simultaneously in our environment, centralized management of permissions and licenses), and dynamic (interconnecting different set of applications plus strong reporting features that help us monitor the application lifecycle). In the next chapter, we'll take a deeper look at the App-V architecture and implementation models, roles, and components, along with the necessary guidelines to choose, plan, and design the right implementation model.

[ 21 ]

Understanding App-V Architecture Microsoft Application Virtualization, as for any platform, needs a proper design before implementation. To achieve a proper design, you need to first understand the components which combine and interconnect to build the App-V infrastructure, plus, of course, the requirements in your organization. Incorrect design of any platform that you are trying to implement translates to a lot of problems and overhead. So before deciding on any change or new implementation, you should ask yourself why, where, how, and what. You should also always take the perspective of other stakeholders into account, which will bring you common questions like how much or is it worth it; explaining those numerically will make your job a lot easier as well. During an application virtualization implementation, you should never find yourself asking questions like "Does my application vendor support virtualization?" or "Which App-V security model should I choose in this branch office?". A correct assessment and design should take care of those questions prior to implementation. Most of the questions that appear in the design process will be related to how much you know about the platform architecture. You cannot expect to achieve a well detailed design of App-V if you don't understand the basic architecture, such as which App-V components are present and which modules are interacting? For example, in the cache component on the App-V client, defining an incorrect value for the client cache could result in bandwidth overhead.

Understanding App-V Architecture

Understanding the architectural differences between a normal application and an App-V application is another important matter. Normal applications modify and apply operating system settings so each of its components can function normally, which is why different versions of an application cannot usually co-exist on the same operating system. Or common configurations can be overwritten by newly installed applications making the operating system unstable. Virtualized applications bring down their own environment on-demand, which is isolated from the operating system where you are working. The scalable architecture from App-V offers us a way for dynamic communication between virtualized applications and their isolated environments. For example, instead of building one bundle of five different applications, which would create one large App-V package, you can have different packages interconnected and only the necessary information will be transmitted on demand. In this chapter you will learn about: •

App-V roles and components

•

Files and components inside an App-V package

•

Existing implementation models for App-V

•

Selecting the correct model to implement App-V in your environment

App-V components

As a quick and simple review, here's the description of which components make up the App-V infrastructure.

App-V Management Server

The Management Server needs an SQL data store (multiple Management Servers can access the same data store) from which it retrieves information like application assignments and licenses, records and permissions within the App-V management environment. The authorization phase which you administer from App-V Management Server is integrated with Active Directory groups. If you are combining the streaming process with the App-V Management Server, the default ports used by this server are RTSP (554), and RTSPS (322). The content folder is the location from which this server requests the packages, but it does necessarily have to be located on the Management Server.

[ 24 ]

Chapter 2

The Management Server also gathers all the performance and metering information from within the environment. All that information is stored in the SQL data store. Even though the database can be placed on a separate server, it is highly recommended that the Management and SQL server hosting the database are placed on the same network segment to avoid any inconvenience.

App-V Management System

The App-V Management System is composed of the App-V Management Console and the App-V Management Service. This web service represents the communication channel between the MMC and the SQL data store, controlling any read/write requests to the database. It can be installed together with the Management Server or on a separate computer with IIS. The MMC console can also be installed on a separate computer - the only requirements are MMC 3.0 and .Net Framework 2.0 are installed.

App-V Streaming Server

This server will have the role of streaming applications to the clients which do not have an acceptable connection to the Management Server, like a branch office. Streaming applications is the only functionality enabled for this server, and it represents, in most cases, an option to be installed. The Streaming Server has three options: •

RTSP/RTSPS Streaming: This is the native streaming option of Microsoft App-V. Using these protocols means that you can also use an important feature in App-V, Active Upgrade. This feature gives you the possibility to perform modifications on an App-V application and deliver that update in real-time to users.

•

HTTP/S Streaming: This option can be used to stream applications to App-V Clients using IIS or any web server like Apache. It represents a good possibility when we have a strict environment. HTTP/S streaming gives you the option of using known and accessible ports like 80 or 443. Active Upgrade is not possible using HTTP/S streaming.

•

SMB Streaming: Placing the applications on a file server is quite simple and does not require much configuration. Active Upgrade is not possible using SMB streaming.

[ 25 ]

Understanding App-V Architecture

It is important to note that the only the RTSP/RTSPS protocols of the Streaming Server requires installation. Using HTTP or SMB streaming does not need any App-V installation. Here is a quick comparison between the different streaming methods: Server

Protocol

Advantages

Disadvantages

File server

SMB

Simple, low-cost solution to configure existing file server with \CONTENT share

No active upgrade

Supports enhanced security using IPSec Familiar protocol

IIS server

HTTP/ HTTPS

Supports enhanced security using HTTPS protocol

No active upgrade

Only one firewall port to open Scalable Familiar protocol

App-V Streaming Server or Management Server

RTSP/RTSPS

Active upgrade

Server administration requirement.

Supports enhanced security using RTSPS protocol

Can handle fewer simultaneous cached launches than file or IIS servers

If you are using RTSPS, only one firewall port to open

App-V Client

The App-V Client component is installed on the end-user operating system and interacts with the App-V Server, managing package streaming into cache and publishing refresh. It stores user-specific information related to the virtual applications in each user profile, so every time the client reboots the machine, the Client component saves the last changes made. This component also has a "Terminal Services" or "Remote Desktop Services" version. The only obvious reason to use this is that the applications are published using Terminal Services virtual desktop.

[ 26 ]

Chapter 2

Within the App-V client installation, the operating system creates a virtual drive (usually "Q:"); which must have the same letter that was assigned when the application was sequenced on the source machine. Within this drive, the App-V client stores the application components streamed by the App-V server. The client's cache is a sensitive component; fortunately the App-V architecture has been designed to support large applications—App-V cache can extend up to 1 TB. Defining an extensive cache on each client can be really expensive, but has a big impact on lower bandwidth consumption between client machines and streaming servers. Underestimating this component could result in application failure.

Understanding the virtual environment

An important point regarding virtualized applications architecture is that it provides App-V clients several virtual environments, which isolate the applications and provide all the necessary virtual components for proper functionality. As we have seen earlier, this is the main difference between normal applications and virtualized applications. These virtual settings are created and packaged in one environment called "SystemGuard", where we can find: •

Virtual drive or virtual file system: This is where the applications are stored, the Q:\ drive. The virtual file system redirects the file system requests from the application, for example where the application would normally be installed on the C:\ drive.

•

Virtual registry: This is used to handle registry keys and requests for the application.

•

Virtual COM: This manages and redirects COM objects to avoid conflicts with existing operating system components.

•

Virtual services: Embedded services in the application are captured in the sequencing process and maintained in the SystemGuard environment.

•

Virtual process environment: Where the path environment values are located.

•

Virtual fonts: Each font created/added in the sequencing process exists only in this environment where the application can use it.

•

Virtual INI: Each application has private settings within virtual copies of standard Windows .ini files.

[ 27 ]

Understanding App-V Architecture

App-V Sequencer

The App-V Sequencer is in charge of creating the application package. It is basically a tool installed on a computer (using the same OS as App-V clients) that captures the installation of the applications to generate the package. This package consists of several files like Open Software Description (.osd file), sequenced application file (.sft file), icon files (.ico), XML manifest, and a project file (.sprj). The sequencing process always uses a separate drive or partition where the application, which is being captured, stores the files that is being used. This drive is usually represented with the letter Q:\. Using this particular letter is optional, but it is used as a standard in App-V to avoid network drives (Z:, Y:, B:, and so on) or Terminal Server drives (M:). Optionally, an MSI file can be created by the App-V Sequencer for the applications to be distributed from a file share; or distributed to offline users.

Sequenced application files

App-V applications do not act as normal applications and of course, do not contain the normal files you would find in any given application. Once the App-V Sequencer captures the application, the following files are created: •

SFT: The SFT file is the container for the original files used by the application. In the capturing process the App-V Sequencer packs these files in a form that can be streamed by the App-V Server, without altering any configuration or source code. The SFT file is composed of two sections—the feature block 1 (FB1), which represents the application's most used features (or in this case, most used files) and the feature block 2 (FB2), the remainder of the application. The behavior of these two blocks on the client is as follows. The FB1 is streamed the first time the App-V client launches the application; the FB2 is streamed to the client only on demand. °°

•

DSFT: There is also a differential version of the SFT, the DSFT file. This file is the one that you create when you need an Active Upgrade of the published application. The DSFT contains the delta files between the original SFT and the new version. Using DSFT, you can reduce the bandwidth impact when you perform a significant change in an pre-existing application—the App-V Server only streams the files that the client does not have already.

OSD: The OSD (Open Software Description) file represents the link to the SFT file, providing all the necessary information to the client for locating and launching the application. [ 28 ]

Chapter 2

The OSD file contains the location within the SFT file of the application name and executable file in the virtual environment, supported operating systems, and so on. •

SPRJ: The SPRJ is the XML-based project file; once the application is sequenced you can save the project for a future change in the application. It contains the list of files, registry keys, and directories that are being included by the sequencer, as well as the parse items.

•

Manifest file: This XML file stores information for the sequenced application regarding the application shortcuts (Desktop, Start Menu, and Quick Launch) and the application file type associations. The manifest file is always saved in the sequencing process, and uses the same name as the SFT and the SPRJ file, adding _manifest.xml. The use of this manifest file occurs during important phases in the App-V delivery deployment. Loading and running a virtualized application using a script or cmd with SFTMIME command line and the MSI which you can create to deploy applications to offline users also contains the manifest file. The XML manifest is also needed when you import App-V applications to System Center Configuration Manager 2007 R2.

•

ICO: The icon file is created during the sequencing process and represents the file that App-V is using to deliver clients the proper shortcut for the App-V package, as well as the file type associations. The ICO file always uses the file from the original application.

•

MSI: The MSI file is optional in most cases. The main role of this file is for offline users where you need to provide a file to deliver the application. MSI files contain a copy of the manifest, OSD, and ICO file.

App-V Models

Now that know all of the players involved in Microsoft Application Virtualization, you should take a look at the possibilities on how to deploy them considering your particular needs.

App-V Standalone Model

This model represents the use of servers just dedicated to streaming applications. It is appropriate on platforms that do not want/require Management Server. The components present here are the Streaming Server, Sequencer to package the applications, and the App-V client.

[ 29 ]

Understanding App-V Architecture

Sequencing the application adds all the necessary files into one package and generates an MSI file that you can use to deploy manually (distributing via a CD/DVD or USB drive), scripting and Group Policy (having GPO involved to distribute it will require, of course, Active Directory), or using SMS/System Center Configuration Manager (SCCM). This model is indicated when you have several offline users, or when you have already deployed SCCM and you don't want to add an App-V Server. It can also be effective when the cost of distributing to branch offices with low bandwidth is too high.

App-V Streaming Model

This model is also appropriate on platforms that do not want/require Management Servers. The components present here are the Streaming Server, Sequencer to package applications, and the App-V client. [ 30 ]

Chapter 2

The Streaming Server, as the name suggests, streams the applications to the clients on demand. But what is the term streaming in App-V? Streaming is the process of the App-V client obtaining the sequenced application package, starting with FB1 (feature block 1) and the rest, FB2 (feature block 2) acquired on demand. The streaming process can also be executed by a file or web server. The App-V Streaming Server does not use a SQL database, the permissions are set and maintained based on ACLs (Access Control Lists). You can use it on low-bandwidth links, like branch offices, to optimize the application deployment and you don't have to set up a new server at the facility.

[ 31 ]

Understanding App-V Architecture

App-V Full Infrastructure Model

The full model contains the full set of components in App-V—Management Server (App-V SQL database included), Sequencer, Streaming Server, and App-V Client. In most cases, having a separate installation of the App-V Streaming Server is optional as the Management Server can also provide this functionality. Using a Management Server you can manage application delivery in a dynamic way using the publication, which is in charge of combining permissions with Active Directory groups, placing the icons and shortcuts on the App-V client desktop. Two important features that you gain using this model are: •

Reporting: Detailed reporting about the use of each App-V package. Having a periodic report about App-V usage will give you significant information about how to improve your virtualized application platform.

•

Central license management: Using named licenses on each App-V package, you can guarantee that only users who have the appropriate license can run the application. And if we are using concurrent licenses for the application, the App-V license management will only let the application run the number of times that is permitted.

The App-V Full Infrastructure Model is the most suitable when you are looking for a large, scalable, and dynamic platform for virtual applications within your organization. In the next image, you can see all of the App-V components interacting in the Full Infrastructure Model.

[ 32 ]

Chapter 2

Choosing the correct model

Microsoft App-V offers you all the necessary environments and possibilities for an effective and efficient implementation of your virtualized application platform. But even though understanding the existing models makes your job a lot easier, you must further consider your design to achieve a suitable, scalable, and dynamic deployment. There is no golden rule about the exact model/s you should apply in your corporate and/or branch offices; mostly the correct design of your infrastructure will depend on asking yourself the right questions.

[ 33 ]

Understanding App-V Architecture

Microsoft also provides a complete guide for planning and designing your App-V implementation available in Microsoft Download Center: •

Application Virtualization 4.6 Infrastructure Planning and Design Guide http://www.microsoft.com/downloads/en/default.aspx

Application validations

Even though it is something most of us should start asking before starting to think about the design, people usually avoid application compatibilities matters. Here are some of the questions you should review for proper planning and design: •

Does the application vendor support virtualization? Not all applications are suitable for virtualization. Each App-V package generates their own virtual environment, but some applications require a high degree of integration with the operating system, making the virtualized application unstable or incapable of working. A good example is antivirus software. The complete reference for applications not supported for virtualization can be found in Chapter 5. In my experience, you won't have any problem virtualizing most types of applications. I've seen most business applications, even those built specially for the company, working smoothly as App-V packages including 16-bit legacy applications.

•

Does the application's license support virtualized environments? One of the features which App-V includes is the capability to detect application license inaccuracies. Implementing centralized application management will let you formalize legal compliance for licenses in your organization. But you must also be cautious with the acquired licenses—not all applications support virtualization. For example, there are some applications that depend on and are attached to some hardware components, like a MAC address.

•

Which application and client architecture will you be using? Microsoft App-V 4.6 includes, among several others, improvements and changes that allow the possibility to use and virtualize 64-bit applications and 64-bit operating system clients. But there's one disclaimer—sequencing and deploying 16-bit applications to 64-bit clients is not supported. This a restriction in 64-bit operating systems, and not only for virtual applications.

[ 34 ]

Chapter 2

•

Will the applications intended for virtualization depend or interact with other applications? You must first understand and evaluate each of the applications you would like to virtualize. In most cases you can see that applications may need other applications in order to work properly. For example, Java Runtime Environment represents a common requirement for software. In these cases, you will need to set associations between virtual applications—once a user launches an application a secondary package is loaded on demand as well to guarantee complete functionality. This is called Dynamic Suite Composition (DSC) in App-V. In this book you can find an entire chapter dedicated to understanding, configuring, and deploying applications using DSC.

App-V model considerations

If you have a complex scenario where there is an interesting mix of variables like branch offices, different bandwidths present, offline and mobile users, security policies in your company, and so on, then there are a few questions that you should ask: •

Does the Full Infrastructure Model fit into the cost/benefit analysis? As you have seen before, the Full Infrastructure Model contains the features that bring you the most benefits, but also requires support and maintenance. Do you need the entire platform set in your environment? or do you just need to sequence a few applications on demand and deliver them to users? In this analysis you usually evaluate current and future needs of your organization, so if you just need to solve an operating system conflict with one legacy application, the cost of having a complete infrastructure supporting that will be unnecessarily high. Regarding Full Infrastructure deployments, there are two important considerations regarding the SQL database—database replication is not supported in App-V but database mirroring is. Keep these two considerations in mind if you are looking for high availability.

•

Is System Center Configuration Manager 2007 R2 already deployed in your environment? If you have a robust platform like SCCM working in your organization to deploy applications, you should consider combining App-V with that technology instead of replacing it. Complementing App-V models, like Standalone, with SCCM is a very suitable scenario to deliver virtual and non-virtual applications. Take note that as App-V offers the possibility for MSI application deployments, they can easily be complemented with thirdparty deployment solutions. [ 35 ]

Understanding App-V Architecture

For those scenarios, in this book you will find all that you need to know about App-V integration with Configuration Manager 2007 R2. •

Do you have a Remote Desktop Services (formerly known as Terminal Services) environment in place for delivering applications or remote sessions to users? App-V also offers interesting options for combining these strategies, including the possibility to deliver virtual applications using RemoteApp (applications published using Remote Desktop/ Terminal Services). You have to carefully analyze this scenario because in a Remote Desktop Services (RDS) environment you are giving clients access to remote resources (an entire desktop, entire operating system, or just an application) and the deployment of virtual packages in this case is oriented to deliver applications to the servers providing these resources instead of to the client machines. You will find a reference for deploying App-V in Remote Desktop Services (Terminal Services) environments in Chapter 10.

•

How many users will be receiving your virtualized applications? Every time a user makes a refresh (connecting to the App-V Management Server and checking updates or new applications) on the App-V client, the Management Server retrieves information from the database and sends it to the client. Usually a Management Server can take up to 12,000 publishing refreshes per minute, higher than that will require a separate App-V Management Server.

•

How many different client operating systems do you have? Microsoft App-V only supports applications sequenced on the same operating system as the clients which are going to receive the application. Meaning, if you have Windows XP, Windows Vista, and Windows 7 as client operating systems in your organization and you decide to deliver them all the same App-V package, you might find some stability issues within that application. And having to sequence the same application as many times as you have operating systems also introduces a high cost. Even though Microsoft officially requires the same operating system for sequencing and deployment, you can find several examples of applications that can work normally across different operating systems.

[ 36 ]

Chapter 2

That's why running App-V Sequencer on a virtual machine is usually the best approach. Using virtual machines plus having snapshots of different disks will let you easily sequence applications on clean operating systems the moment you need them. •

What is the current bandwidth in your branch offices? Having a low bandwidth to some of the company's branch offices will most likely require those branches to have a streaming server located at the facilities. Streaming is only viable between the same network segment and different networks when a high bandwidth is available.

•

Do you have a corporate policy regarding user groups or environments? Some organizations have strong regulations which might prevent you from using the same Management Server for different groups, or a policy that could require servers be separated from a particular environment. For example, General Management must have dedicated servers for all existing platforms. A common regulation existing among companies regards communications security. App-V gives you the possibility to use a secure protocol for delivering applications—RTSPS, which you can deploy with a certificate and make it compliant with several security regulations.

•

Do you have firewall policies in client operating systems and/or between networks where you will be streaming applications? Using RTSP/RTSPS protocols for delivering applications to clients requires opening particular ports between the client operating system and networks. Fortunately, App-V gives you the possibility to stream applications using SMB or HTTP/HTTPS protocols, which are far more common within corporate networks.

Hardware sizing considerations

To understand the "how much" question a little more you must provide an accurate estimation of the hardware which you are going to use. There is some important and valuable information about server sizing in App-V in the Server Sizing Guide at Technet Application Virtualization Whitepapers available at http://technet.microsoft.com/en-us/appvirtualization/cc843994.aspx. Here are some of the basic questions about this topic: •

How many users and applications will you be servicing? This is the question that you can use to estimate the hardware needed.

[ 37 ]

Understanding App-V Architecture

°°

App-V Management Server: Related to the first question you asked on App-V model considerations, you need to find out how many applications will be deployed to clients and how many of those App-V clients will be requiring them. App-V Management Server can maintain 12,000 refreshes per minute or 48,000 per hour. If your requirements are higher, you need need to set up different Management Servers where you can manually separate the applications to be distributed (remember, multiple App-V Management Servers can use the same database) or deploy your servers with load-balancing features (hardware or software load balancing).

°°

SQL database size: The size of the App-V database depends principally on application launches and retained reporting information. Microsoft provides a small equation to calculate the approximate growth of the database: (560 bytes per launch and shutdown) X (number of launches per day) X (user population) = Daily database growth. For example, 10,000 users who launch and shut down one application per hour every day, translates to 125 MB per day.

•

°°

Streaming Servers: RTSP/S does not include tools to limit the use of network bandwidth. This is why it is highly recommended that you only stream applications between networks with a high speed link. Even though for Streaming Servers the process of delivering applications does not translate to high processor or memory usage, using secure communications with RTSPS or HTTPS introduces a minimum overhead you should consider.

°°

App-V Client Cache: The client cache is another option you can combine with the streaming strategy selected. Having a large cache on each client will translate to lower network usage. You should also evaluate this when you start sequencing applications—the App-V packages' size will let you estimate the proper amount of cache needed.

Do you need daily reports from your Management Servers to retrieve App-V activities? Constantly retrieving reports from the Management Server could represent a significant load on the SQL Server, so if we have a large organization and must retrieve data constantly the recommendation is to periodically extract the data and move that information to a new database on a separate server where we can execute those reports without impacting operational performance.

[ 38 ]

Chapter 2

Case study example

Let us take a look at a fictitious company to make this a more practical example. Contoso is a software factory with two branch offices which is looking to implement App-V to find a solution for their recurrent calls to their help desk about installation of applications and troubleshooting.

Scenario at Contoso

Here is a description of the company's current scenario: •

Headquarters is located in London with 600 users (management and IT); the branch office in Birmingham has 50 users (developers) and the branch office in Manchester has 100 users (marketing and HR).

•

Operating systems used:

•

°°

Management and HR: Windows XP SP3

°°

Developers and IT: Windows 7 64-bit

°°

Marketing: Windows Vista SP2 32-bit

The applications and groups involved for sequencing are the following: °°

Management and HR: Adobe Reader and WinRAR

°°

Marketing: QuickTime

°°

Developers: Microsoft Office 2007, Mozilla Firefox, Opera, Google Chrome, and Safari

°°

IT: Mozilla Firefox, WinRAR, Microsoft Office 2010

•

The most intensive application is Microsoft Office 2007.

•

All of the locations have a Domain Controller (using the same domain), proper DNS, and DHCP configurations. Also, for several purposes each location has a SQL Server 2005 deployed.

•

All offices are connected using a VPN (Virtual Private Network) with a high-speed Internet connection.

•

Birmingham office contains sensitive data, and the company regulations indicate that the firewall connected in this office should only allow the VPN connection and ports 80 and 443 for outbound communication.

•

The company requires a report on a daily basis about the usage of these applications by developers and IT.

[ 39 ]

Understanding App-V Architecture

Contoso App-V implementation

With the description mentioned above, you receive the request from Contoso IT Manager to implement App-V and distribute sequenced applications to all offices. 1. Which App-V model would you use? °°

How many App-V Management Servers and SQL databases will be involved?

2. How many packages would you need to capture? 3. What are the database storage requirements for the App-V SQL data store?

Answers for the App-V implementation

Now, let us take a look at each question and consider the best options for this scenario. 1. Which App-V model would you use? The model chosen must be App-V Full Infrastructure. With the scenario described for headquarters and branch offices, the option to use Streaming or even Standalone mode is possible (though not the most effective solution) but the reports requirement demands that you use App-V Management Server with a SQL database where information about usage is needed. The Streaming and the Standalone models cannot be used when you need automatic retrieval of application usage or centralized management of applications. °°

How many App-V Management Servers and SQL databases will be involved? Two App-V Management Servers. You already know that you need App-V Management Servers to use the reporting features on the applications usage by developers and IT. These types of users are located in London and Birmingham. You will also need two SQL databases. It is important to note that the connections available from the branch office do not allow any communication other than via ports 80 and 443, meaning that if you want to use only one SQL database for these two App-V Management Servers then they will be unable to communicate.

The use of a Streaming Server is very suitable for the Manchester branch office. Remember that the process of delivering applications (using RTSP/S from a Management Server; HTTP/S, or SMB) requires a high bandwidth connection. The best approach is always to place a streaming server near the clients. [ 40 ]

Chapter 2

2. How many packages would you need to capture? The important note to remember here is that Microsoft only supports delivering applications to the same operating system used by the sequenced applications, meaning if you captured an application using Windows 7 64-bit, the only supported App-V Desktop Client here will be a Windows 7 64-bit operating system. With that in mind, here are the packages involved by operating system: °°

Windows 7 64-bit: WinRAR, Microsoft Office 2007, Microsoft Office 2010, Mozilla Firefox, Opera, Google Chrome, and Safari

°°

Windows XP SP3: WinRAR

Thus a total of eight packages, seven built in a Windows 7 64-bit App-V Sequencer and one in a Windows XP SP3 App-V Sequencer. 3. What are the database storage requirements for the App-V SQL data store? We use the formula mentioned previously, (560 bytes per launch and shutdown) X (number of launches per day) X (user population) = Daily database growth. As having an exact figure for the number of times an application will be launched and closed is virtually impossible, we must start using some relative values here. So, let's begin with the facts. The places where an SQL database exists are London and Birmingham, and the applications involved there are Adobe Reader, WinRAR, Mozilla Firefox, Opera, Safari, Google Chrome, Microsoft Office 2007, and Microsoft Office 2010. We can estimate, using a slightly exaggerated number, that applications with an average usage level will be launched four times during a day per user, and the more intensively used applications will be launched eight times. Also, eight applications are involved in the SQL databases, but only Microsoft Office 2007 is an intensive application. The total number of user is 650; 600 from London and 50 from Birmingham. °°

Normal usage applications launches per day = 28

°°

Intensive usage applications launches per day = 8

°°

Number of users = 650

560 x 36 x 650 = 13104000 bytes = 12.49 MB database growth per day.

[ 41 ]

Understanding App-V Architecture

Summary

In this chapter we have discussed the importance of the design process in any technology implementation, and one of the keys to a correct design is to understand the company requirements and possibilities, the technical components involved to satisfy those needs, and how those components interact with each other. We had a good look at the components in an App-V infrastructure and the role each of them plays and how the interconnection existing in those components builds the existing models available to deploy App-V in our organization. Fortunately, Microsoft Application Virtualization provides us with the necessary possibilities to implement not only an effective but an efficient implementation. But as always, the more possibilities that exist, the more difficult it is to achieve a dynamic, scalable, effective, and efficient design. That is why the information we retrieve from our assessment will give us the necessary tools to realize that objective. Even though there is no golden rule that fits all implementations, we must examine and consider the necessary components: application compatibilities and company requirements, the cost/benefit equation in each model, company regulations, company assets, and so on. In the next chapter we will start reviewing the environmental requirements for and working with the initial installation of the App-V Management Server.

[ 42 ]

Preparing your App-V Environment and Installing App-V Management Server As discussed earlier, Microsoft App-V has several key points that need to be evaluated before implementation, and the quality of the assessment you perform will determine the components that will be included in your deployment. In this chapter, you will take a closer look at the App-V environment you are about to deploy, examining the requirements on each component, step-by-step installation procedures, and performing the initial tests to validate that your infrastructure is capable of sequencing and publishing applications. App-V 4.6 is the current version for application virtualization in Microsoft, where the platform introduces several changes that make a significant difference to earlier versions. Supporting the 64-bit platforms for both, operating system and client, is possibly the main feature in App-V 4.6, making this platform the only one with 64-bit compatibility in application virtualization for Windows 7 and Windows Server 2008 R2 support. Additional languages have also been added along with enhancements to gain a high level of integration with Virtual Desktop Infrastructure (VDI) scenarios through the use of shared storage, improving the sequencing experience as well as the System Center Configuration Manager 2007 R2 SP2 integration.

Preparing your App-V Environment and Installing App-V Management Server

As security and centralized management are key factors in App-V, this platform also has a high level of integration with Active Directory, even though it is not a requirement for a model such as standalone, where you can distribute MSI files by using media, USB, or just with a file share. The most suitable environment requires a single authentication method. To detail some of the requirements regarding the technology, the centralized management, applied as a requirement in the Full Infrastructure model, needs a central point to retrieve the permissions involved, application assignments, and licenses. All of these must be stored in a database from a SQL instance. The Management Server and the web services from IIS participate as well. The deployment of the components should be as simple as understanding their use. What I have learned from many App-V is that most of the errors that appear in the process are usually the consequence of an incorrect assessment, and not asking yourself the right questions at the right time. You will cover the following topics: •

New features in App-V 4.6

•

Requirements for the App-V environment

•

Installing App-V Full Infrastructure model: App-V Management Server

•

Necessary post installation tasks

What's new in App-V 4.6?

As discussed earlier, Microsoft App-V 4.6 introduces major enhancements which give this platform higher advantages than other similar offerings. Let us take a look at those new features and improvements: •

Support for Windows 7 and Windows Server 2008 R2: The new kernel model introduced with Windows 7 differs greatly from what Microsoft offered in Windows Vista and Windows Server 2008, so this new compatibility is not just a minor feature. App-V 4.6 supports the new options included in Windows 7 and Windows Server 2008 R2 like AppLocker, BranchCache, BitLocker, Jump List, and the Windows 7 taskbar.

•

Support for 64-bit environments, operating systems, and applications: The time of x86 architectures is coming to an end. Windows Server 2008 R2 is an exclusive 64-bit operating system and it is rumored that the next desktop Windows OS, Windows 8, will be the last one supporting 32-bit. Not only are the operating systems moving to the 64-bit architecture, but applications are also embracing this model. App-V 4.6 supports both 64-bit clients and 64-bit applications. [ 44 ]

Chapter 3

•

•

Improved UI in App-V Sequencer: Some interesting tweaks have been made in the user interface in App-V Sequencer: °°

The start page and "monitoring" wizard page are completely redesigned.

°°

The monitoring process is simpler, built as a three step phase.

°°

New and improved error messages.

°°

Automatic window minimization when the capture process starts is removed.

°°

To avoid user errors the buttons are grayed out while the system is collecting information from the current capture.

°°

The Block Size option is removed; the default and only option is 64K.

°°

VFS editing is removed from the wizard. After the process completes, you can edit the virtual file system.

°°

The Compression option is now a checkbox.

New operating system tagging for sequencing an application: With 64-bit compatibility appearing, the operating system values used when you are sequencing an application needed a change to make this platform scalable. Here are the new values, compared with App-V 4.5:

OS Value

App-V 4.6

App-V 4.5

WinXP

Windows XP Professional 32-bit

Windows XP Professional

WinXP64

Windows XP Professional 64-bit

N/A

Win2003TS

Windows 2003 Terminal Server 32-bit

Windows 2003 Terminal Server

Win2003TS64

Windows 2003 Terminal Server 64-bit

N/A

WinVista

Windows Vista 32-bit

Windows Vista

WinVista64

Windows Vista 64-bit

N/A

Win2008TS

Windows 2008 Terminal Server 32-bit

Windows 2008 Terminal Server

Win2008TS64

Windows 2008 Terminal Server 64-bit

N/A

Win2008R2TS64

Windows 2008 R2 Terminal Server 64-bit

N/A

Win7

Windows 7 32-bit

App-V CU1

Win764

Windows 7 64-bit

N/A

[ 45 ]

Preparing your App-V Environment and Installing App-V Management Server

•

Support for Virtual Desktop Infrastructure (VDI): Virtual desktops are very common for organizations that wish to optimize hardware resources for end users. App-V 4.6 works hand in hand with this virtualized environment to achieve a more efficient use of the resources, pointing virtual desktops to shared cache for applications instead of streaming to each individually.

•

High level integration with Microsoft Office 2010: By using the isolated environment that App-V 4.6 provides you can have incompatible applications working in parallel in the same environment, like Office 2007 and Office 2010. Microsoft is working on this use case to enable gradual migrations to the new Office suite. By sequencing Office 2010 with App-V 4.6 you will receive interesting features such as: °°

Search indexing support for Office file types

°°

Outlook fast search enabled

°°

Microsoft Outlook "Send To" available

°°

High level integration with SharePoint

°°

Mail control panel applet for virtualized Outlook 2010

°°

Print to virtualized OneNote 2010

°°

URL protocol redirection to virtualized Outlook 2010

These features are not available in any other application virtualization platform, basically because they are integrated with the operating system by installing the application. •

System Center Configuration Manager 2007 R2 SP2 modified their architecture for supporting virtualized applications.

•

Supporting more languages: Added 12 more languages supporting the platform.

Preparing your environment

After reviewing the general planning and design for the application virtualization platform, it is time to start working on the more tangible requirements. You will be reviewing the general requirements of the platform and then proceeding with the step-by-step preparation and installation process for each model.

App-V requirements

This section will describe the requirements for each component in App-V including hardware, operating system, and software specifications. [ 46 ]

Chapter 3

App-V Management and Streaming Servers

The following requirements are for the Management Server including the App-V Web Service and the App-V Management Console. Both of these components can be installed on a separate computer, but the common configuration usually includes these components on the same server.

Minimum hardware •

Processor: Intel Pentium 1 GHz

•

Memory: 512 MB to 1 GB (2 GB or higher recommended)

•

Hard disk space: 300 MB The hard disk space requirement does not include the requirements for the content folder where the application packages will be stored. You should perform the applications sizing mentioned earlier to determine the proper space needed.

Operating system Operating system

Service pack

System architecture

Windows Server 2003 Standard, Enterprise, and Datacenter Editions

SP1 or SP2

x86 or x64

Windows Server 2003 R2 Standard, Enterprise, and Datacenter Editions

No service pack or SP2

x86 or x64

Windows Server 2008 Standard, Enterprise, and Datacenter Editions

SP1 or SP2

x86 or x64

Windows Server 2008 R2 Standard, Enterprise, and Datacenter Editions

N/A

x64

[ 47 ]

Preparing your App-V Environment and Installing App-V Management Server

Software requirements •

Internet Information Services 6 or Internet Information Services 7 with ASP. NET enabled

•

Microsoft .NET Framework 2.0 or later

•

Microsoft Management Console 3.0 or later IIS 6 or IIS 7 roles are required specifically for the App-V web service.

App-V data store

The following are the requirements for the SQL data store used by the App-V Management Server where the information from application assignments, permissions, and licenses is stored.

Minimum hardware •

Processor: Intel Pentium 1 GHz

•

Memory: 512 MB (1 GB or higher recommended)

•

Hard Disk Space: 200 MB These hardware specifications consider the minimum requirements needed only for the App-V database. In the case of using a SQL instance with other databases you will need a proper sizing to avoid any possible bottleneck.

Operating system Operating system

Service pack

System architecture

Windows Server 2003 Standard, Enterprise, and Datacenter Editions

SP1 or SP2

x86 or x64

Windows Server 2003 R2 Standard, Enterprise, and Datacenter Editions

No service pack or SP2

x86 or x64

[ 48 ]

Chapter 3

Operating system

Service pack

System architecture

Windows Server 2008 Standard, Enterprise, and Datacenter Editions

SP1 or SP2

x86 or x64

Windows Server 2008 R2 Standard, Enterprise, and Datacenter Editions

N/A

x64

Software requirements •

Active Directory and DNS infrastructure working and available for the server

•

MDAC (Microsoft Data Access Components) 2.7 or later

•

SQL instance working on any of these engines: SQL Server 2000 (SP3a or SP4), SQL Server 2005 (SP1, SP2, or SP3), or SQL Server 2008 (no SP or SP1) 32 or 64-bit Additional configuration could be required for the SQL Server instance to complete the installation process.

App-V Sequencer

These are the requirements needed for the App-V 4.6 Sequencer. Even though there are no complex configurations needed, it is highly recommended that you take note of the software requirements and recommendations.

Minimum hardware •

Processor: Intel Pentium 1 GHz (32 or 64-bit)

•

Memory: 1 GB (2 GB or higher recommended)

•

Disk space: 40 GB separate disk available with at least 15 GB free

[ 49 ]

Preparing your App-V Environment and Installing App-V Management Server

Operating system Operating system

Service pack

System architecture

Windows XP Professional

SP2 or SP3

x86 or x64

Windows Vista Business, Enterprise, or Ultimate

No service pack, SP1 or SP2

x86 or x64

Windows 7 Professional, Enterprise, or Ultimate

N/A

x86 or x64

Software requirements

There are no specific software requirements to use Sequencer, but there are a few considerations to take into account. You will cover the general recommendations for the sequencing process, but in regard to the environment you should start considering: •

It is highly recommended that you use the same operating system and software baseline as the clients where the applications will be deployed. Microsoft does not support sequencing applications captured on a different OS from the clients that are being deployed.

•

The common standard for the letter assigned to the second partition available is Q:\.

•

Ensure that the system drive where %TMP% or %TEMP% folders are located has sufficient disk space. This directory is where the application stores temporal sequencing data.

•

The most common use for a Sequencer deployment is virtual machines with snapshot possibilities. This gives us the chance to use a clean operating system every time an application package is captured.

•

Not recommended to use an antivirus application, as it could disrupt the sequencing process.

[ 50 ]

Download from Wow! eBook <www.wowebook.com>

Chapter 3

App-V client

The following are the specifications required for the App-V Desktop client:

Minimum hardware •

Processor: Specific for the selected operating system

•

Memory: Specific for the selected operating system

•

Disk space: 30 MB for installation and 6 GB for the App-V Desktop Client Cache

Operating system Operating system

Service pack

System architecture

Windows XP Professional

SP2 or SP3

x86 or x64

Windows Vista Business, Enterprise, or Ultimate

No service pack, SP1, or SP2

x86 or x64

Windows 7 Professional, Enterprise, or Ultimate

N/A

x86 or x64

Software requirements

Installing the App-V Desktop Client using setup.exe completes all the requirements for the platform to be ready. The following components are installed: •

Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)

•

Microsoft Application Error Reporting

•

Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)

•

Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)

Depending on the selected model that you will be using, some particular configuration will be needed both before and after the installation process.

[ 51 ]

Preparing your App-V Environment and Installing App-V Management Server

Preparing the Full Infrastructure Model

The Full Infrastructure is the model where all the App-V components interact and is the most suitable when you are looking for a scalable and dynamic platform for application virtualization deployment. The use and location of each of its components will depend on the design decisions previously made; you will consider installing the App-V Management Server with all the server components (Web Service, Data Store, and Management Console) in one place. The current baseline that you will be reviewing is as follows: App-V Management Server •

Windows Server 2008 R2 (64-bit).

•

Machine joined to an Active Directory domain.

•

SQL Server 2008 SP1.

•

IIS 7 with ASP.NET enabled.

•

Application Server Role enabled.

•

.NET Framework 3.5. Regarding .NET Framework 4 there are some known issues and you should try to avoid installing this feature.

Notes about SQL Server 2008: •

The Express Editions for SQL Server are supported by App-V as a valid instance for the data store, but if you want to install any of those you should keep in mind the restrictions associated with the free versions of the SQL engine—1 CPU supported for processing, 1 GB of memory assigned, and 4 GB is the maximum size for a database. If you are considering a production environment then the best approach should be SQL Server Standard or Enterprise edition. In fact, if you ask Microsoft about SQL Express, the answer will be "not recommended for production environments".

•

SQL Server 2008 with SP1 is the supported version when using Windows Server 2008 R2. Once you start the SQL installation you will see a compatibility warning regarding the SP1 requirement. As soon as the installation completes you should install the Service Pack to remove any incompatibility issues.

[ 52 ]

Chapter 3

•

The Application Server role with .NET Framework 3.5 is also highly recommended to be installed with Windows Server 2008 R2, prior to SQL Server 2008 SP1 installation.

App-V Sequencer •

Windows 7 Ultimate Edition (64-bit).

•

Machine joined to an Active Directory domain. In most environments, joining the App-V Sequencer to the domain should not be necessary.

App-V Desktop Client •

Windows 7 Ultimate Edition (64-bit).

•

Machine joined to an Active Directory domain. [ 53 ]

Preparing your App-V Environment and Installing App-V Management Server

Installing App-V Management Server

Prior to installing the App-V Management Server services you should complete some configuration needed on IIS and SQL Server. The general installation process will be: 1. Install and configure IIS 7. 2. Configure SQL Server 2008 SP1 instance. 3. Install App-V Management Server. 4. Post-installation tasks. Now let us take a closer look at each step.

Installing and configuring IIS 7

1. Open the Server Manager Add Roles Wizard, select Web Server (IIS), and click on Next.

2. Click on Next on the Introduction page. The default features will be added to the Internet and Information Services role but you will need to add some particular options which the App-V web service requires. [ 54 ]

Chapter 3

3. Check the ASP.NET feature option within Application Development and within Security check Windows Authentication.

4. Add the Management Tools features, including IIS 6 Management Compatibility. Click on Next.

5. On the wizard summary page click on Install. [ 55 ]

Preparing your App-V Environment and Installing App-V Management Server

Configuring SQL Server 2008 SP1 instance

1. Open SQL Server Configuration Manager from the SQL Server start menu. 2. Select SQL Server Network Configuration panel. 3. Verify under Protocols for MSSQLSERVER (this is the default instance name used in the example case) that TCP/IP and Named Pipes options are set to Enabled.

Installing App-V Management Server

1. Start the App-V Manager Server installation wizard. Click on Next.

2. Accept the License terms and click on Next. [ 56 ]

Chapter 3

3. Complete the Registration Information and click on Next. 4. Select Custom installation type to choose the components to be installed.

5. Check the components to install and their the installation paths then click on Next.

[ 57 ]

Preparing your App-V Environment and Installing App-V Management Server

If you want to divide the components onto separate servers, you can select or deselect each Management Server module as needed—Management Server, Management Service, and Management Console. 6. On the Configuration Database page, if the SQL instance does not appear in the Server name drop-box list, you can insert the name in the next field. In the example case, the server name is appv-server. Click on Next.

7. Select Create a new database, accepting the default name APPVIRT. Click on Next.

[ 58 ]

Chapter 3

8. On the Connection Security Mode page, deselect the option Use enhanced security and click on Next.

Securing the communications is out of the scope of the current chapter. 9. On the TCP Port Configuration page select Use default port (554) for the RTSP communications, and click on Next.

[ 59 ]

Preparing your App-V Environment and Installing App-V Management Server

10. On the Administrator Group page select the Active Directory group that will include the users in charge of managing the server. For the example I have a special group App-V Admins.

11. On the Default Provider Group select the Active Directory Group that will be the default authorized group to use Application Virtualization Management Servers. Click on Next.

[ 60 ]

Chapter 3

12. On the Content Path page select the location where the content folder will be stored. You must ensure that the this directory has enough space to store the packages that you will be creating. The example uses E:\App-V\content\. Click on Next.

13. Click on Install. 14. The installation process could take a couple of minutes, depending on the hardware used. 15. You must restart to complete the installation. If any errors appear at this stage, you can examine the Management Server installation log, sft-server, which can be found in: •

x86: C:\Program Files\Microsoft System Center App Virt Management Server\App Virt Management Server\logs

•

x64: C:\Program Files (x86)\Microsoft System Center App Virt Management Server\App Virt Management Server\logs

At this stage, any issues should be associated with the prerequisites mentioned above. Please take a closer look at those requirements, especially regarding enabling the right features in IIS and SQL.

[ 61 ]

Preparing your App-V Environment and Installing App-V Management Server

For a complete reference on App-V logs, check the following Microsoft Knowledge Base: •

How to interpret the messages in the SoftGrid Virtual Application Server log http://support.microsoft.com/kb/930871

The App-V Team has created a complete guide to understanding all errors possible during the App-V Management Server installation. Please check the following article from the App-V official blog: •

App-V Troubleshooting, Known Issues and General Resources http://blogs.technet.com/b/appvcallback/archive/2010/08/03/appv-troubleshooting-known-issues-and-general-resources.aspx

Post installation tasks

After the successful installation of App-V Management Server, you must ensure that your system meets all the requirements for proper communications. 1. Open the Windows Services console and verify that the Application Virtualization Management Server service is started.

[ 62 ]

Chapter 3

There have been some situations in which this service would not start properly when the operating system starts. This usually happens when you have the App-V Management Service on the same machine as the SQL Server. To avoid further can use the Recovery Panel from the service properties dialog and select to restart the service if a failure occurs.

If you still experience issues when the machine restarts, there are two possible solutions—set a higher value for Reset service after; this will wait a little longer before trying a restart of the service, or modify the registry value for the App-V Management Service, adding the SQL service as a dependency.

[ 63 ]

Preparing your App-V Environment and Installing App-V Management Server

2. In the file system explorer, browse to the content folder and share it by setting the Everyone permissions to Read.

3. Also add to the file system Security properties for the content folder the permissions Read, Read & execute, and List folder contents to Everyone.

[ 64 ]

Chapter 3

4. Open Windows Firewall with Advanced Settings from the Start menu. 5. Select New Inbound Rule, and in the new wizard select Program and click on Next.

6. In This program path select C:\Program Files (x86)\Microsoft System Center App Virt Management Server\App Virt Management Server\bin\ sghwdsptr.exe. Click on Next.

[ 65 ]

Preparing your App-V Environment and Installing App-V Management Server

7. Select Allow the connection and click on Next.

8. Select that the rule will apply for Domain, Private, and Public environments and click on Next.

[ 66 ]

Chapter 3

9. Enter a name for the rule and click on Finish. 10. Repeat this procedure for sghwsvr.exe, also contained in the C:\Program Files (x86)\Microsoft System Center App Virt Management Server\App Virt Management Server\bin\ folder.

With these four steps done, you have completed the App-V Management Server installation process and are ready to use the console.

Download from Wow! eBook <www.wowebook.com>

Just select it from the Administrative Tools menu. Select Connect to Application Virtualization System and use the name of the server with a non-secure connection (you can also use "localhost" or the server IP).

Installing the App-V Management Console on a different machine is possible but not simple. The App-V Team created a configuration guide to achieve this, which you can access at the official Microsoft App-V blog: http://blogs.technet.com/b/ appv/archive/2009/04/21/app-v-4-5-remote-consoleconfiguration-guide.aspx.

[ 67 ]

Preparing your App-V Environment and Installing App-V Management Server

Once the server is added, you can browse the available options for the App-V Management Server such as applications, packages, application licenses, and so on.

What about SQL Server Express?

As mentioned before, Microsoft does not support production environments using SQL Server Express instances, mainly because of the restrictions imposed on this free database engine service. But if you want to implement SQL Express in your lab or semi-production environment, you can do it, but there are a few more tasks to complete before starting the App-V Management Server installation. Here is the step-by-step process for configuring the SQL Server Express instance: 1. Open SQL Server Surface Area Configuration Tool from the SQL Server Start menu. 2. Click on Surface Area Configuration for Features.

[ 68 ]

Chapter 3

3. Within CLR Integration, check the option for Enable CLR integration.

4. Within OLE Automation click Enable OLE Automation.

[ 69 ]

Preparing your App-V Environment and Installing App-V Management Server

5. Close Surface Area Configuration for Features. 6. Click Surface Area Configuration for Services and Connections. 7. Within Remote Connections select Local and remote connections and set it to Using both TCP/IP and named pipes.

8. Restart the SQL Server Express services to apply all changes.

Scaling up App-V Management Server installation

As has been discussed earlier, App-V offers several ways to scale up your application virtualization infrastructure—adding Streaming Servers, integrating with SCCM, and adding Management Servers accessing the same SQL data store. Using the Windows Failover Cluster feature in App-V 4.6 is not supported, but using Windows Network Load Balancing (NLB) is. [ 70 ]

Chapter 3

Servers working on a Windows NLB work as a cluster, with a virtual IP—each receives all incoming virtual IP traffic on a cluster network adapter on each computer. One computer is selected to respond by using an algorithm that is run on each host. Even though you can balance the incoming traffic for the App-V Server, there are some things to consider: •

If the App-V service stops responding, NLB will not remove a host from the cluster

•

When an App-V client is associated with a specific host in the NLB cluster, this association never changes unless the cluster membership changes

You can find a complete reference to App-V in a Network Load Balance environment in an official Knowledge Base from Microsoft: •

How SoftGrid Networking works together with Windows Server 2003 Network Load Balancing http://support.microsoft.com/kb/932018/

Summary

In this chapter, you had a good look at the new and important features present in App-V 4.6. You will get the chance to evaluate these features (like the Microsoft Office 2010 integration) in the following chapters. Preparing and installing the App-V Management Server is a key milestone in the deployment of the Full Infrastructure Model—most of the known issues are discussed in the post installation tasks mentioned in this chapter. We have already discussed the importance of correct assessment, design, and sizing prior to an implementation. Even though the App-V roles and services do not have large hardware requirements it is very important to know the specifications for App-V 4.6. In the next chapter, you will take a look at how to prepare the rest of the App-V components and get the environment ready, including what's required for the Streaming and Standalone models. Also, you will test the default application as verification for your entire environment.

[ 71 ]

Deploying the App-V Sequencer, Desktop Client, and Streaming Server If you decide to implement the Full Infrastructure Model, installing the App-V Management Server is just a small portion of the entire App-V environment. Even though most of the initial and common errors are related to the Management Server, an incorrect deployment of the rest of the components could result in hours of troubleshooting effort. After reviewing and understanding the components and models available for implementation, a good point to remember is that often you can combine options to fulfill your business requirements. For example, implementing the combination of the App-V Management and Streaming Server in your central office for the most active users in the company, possibly distributing Streaming Servers through the same facilities to optimize bandwidth and caching. Also, using the Standalone Model for mobile users, distributing App-V packages in MSI via Group Policies, and for branch offices use Streaming Servers with either HTTP or SMB (file sharing) streaming. Automation is another key factor that all IT professionals are continuously seeking. With automatic deployments you get the chance to optimize the time you are investing in mechanical procedures and also deliver outstanding provisioning times. In this chapter you will cover: •

Installing the App-V Sequencer

•

Installing and configuring the App-V Desktop Client

•

Preparing the environment for the Streaming and Standalone models, using manual configurations or via Group Policy

Deploying the App-V Sequencer, Desktop Client, and Streaming Server

•

Automating the App-V Desktop Client installation

•

Testing the environment by delivering the App-V Default Application

Installing the App-V Sequencer

After reviewing the requirements and recommendations you can see that the App-V Sequencer installation is pretty straightforward. The procedure is as follows: 1. Once you run the installation file, you should get the notification for missing requirement, in this case Microsoft Visual C++ 2005 SP1 Redistributable Package (x86). Click on Install.

2. On the first wizard page, click on Next. 3. Accept the License Terms and click on Next. 4. Select the installation path for the App-V Sequencer binaries. Click on Next.

[ 74 ]

Chapter 4

5. Click on Install and the installation process will start. 6. After the installation completes, you can automatically launch the application where you can see the new and refreshing interface.

[ 75 ]

Deploying the App-V Sequencer, Desktop Client, and Streaming Server

Installing the App-V Client

The installation of the App-V Client component is also very simple and intuitive. The only consideration before starting the installation is that should already have the proper cache size defined. 1. Once you start the installation, a few prerequisites will be installed.

2. On the first page of the wizard click on Next. 3. Accept the License Terms and click on Next. 4. Select Custom setup type and click on Next.

[ 76 ]

Chapter 4

5. Accept or modify the installation path for the App-V Desktop Client. 6. Verify that the data locations used by the App-V Desktop Client, including the drive letter that will be used, are the same as the ones selected for the App-V Sequencer. Click on Next.

7. Now you can select the cache size used by the client to store the loaded applications. The default is the maximum size of 6 GB (6144 MB) or you can use the Use free disk space threshold option, where you can set the value for minimum hard disk space available.

Click on Next. [ 77 ]

Deploying the App-V Sequencer, Desktop Client, and Streaming Server

8. On this page you can set the behavior of the Runtime Package. The only recommended option to change from the default selection is marking the On Publishing Refresh on Automatically Load Application.

The Application Source Root option, here left blank (default), is used when you want to override the streaming location of the .sft files (this location is set in the .osd of the App-V package). If you set a path in the Application Source Root, the applications will look for the SFT in that location instead of the one they are receiving in the OSD. This option is another alternative when you are using slow links to avoid transmitting large amounts of data. Also take note that you can use the auto-load options. In this example Automatically load previously used applications has been selected. 9. On the next page you can configure the server you are receiving the packages from and the communication method used. In this case, the server's name is appv-server and the type of communication is Application Virtualization Server, using the RTSP 554 protocol. Click on Next.

[ 78 ]

Chapter 4

10. On the last page, just click on Install. 11. After the wizard completes, you can use the App-V Client Management Console to verify the Publishing Servers options.

[ 79 ]

Deploying the App-V Sequencer, Desktop Client, and Streaming Server

Installing the App-V Streaming Server

The App-V Management Server can already perform application streaming, making the App-V Streaming Server an optional component to install. One of the most appropriate scenarios for the App-V Streaming Server is branch offices. The streaming process requires high bandwidth to deliver applications, so using an App-V Streaming Server near client computers is usually the best option. Working with the App-V Streaming component gives you the possibility to customize the type of connections you are going to allow from client machines. Let's take a look at the step-by-step installation. 1. Running the installation file, at the first page click on Next. 2. Accept the License Terms and click on Next. 3. Complete the Customer Information and click on Next. 4. Verify the installation path for the Streaming Server binaries. Click on Next. 5. On the Connection Security Mode page, as you are not using secure connections, click on Next.

[ 80 ]

Chapter 4

6. The TCP Port Configuration uses the default port in this case. Click on Next.

7. Provide the location for the content folder. Remember that this folder will be the place where App-V packages will be stored, so it could be a good idea to use a secondary drive. Click on Next.

[ 81 ]

Deploying the App-V Sequencer, Desktop Client, and Streaming Server

8. In the Advanced Settings page, customize the settings for the App-V Streaming possibilities with the following values: °°

Max client connections: 1000.

°°

Number of core processes: 5.

°°

RTSP thread pool size: 50.

°°

Connection timeout: 60 seconds.

°°

Core timeout: 120 seconds.

°°

RTSP timeout: 30 seconds.

°°

Enable User authentication and Enable User authorization: As the App-V Streaming Server uses NTFS file permissions, by enabling these two options you can control whether the server checks and enforces those ACLs (Access Control Lists) or not.

°°

Cache block size: 512 KB.

°°

Maximum cache size: 512 MB.

°°

Package update: 1800 seconds (30 minutes).

9. On the last page, click on Install. 10. Once the installation is complete it will ask for a reboot. This is not exactly a requirement, but actually a recommendation for system performance. [ 82 ]

Download from Wow! eBook <www.wowebook.com>

Chapter 4

11. After the reboot, there are two post-installation tasks necessary (the same as in the App-V Management Server installation): °°

Sharing the content folder the same as in the previous installation.

°°

Use Windows Firewall with Settings to add two inbound rules for the executable files, sghwdsptr.exe and sghwsvr.exe, both located in C:\Program Files (x86)\Microsoft System Center App Virt Streaming Server\App Virt Streaming Server\bin\ folder.

[ 83 ]

Deploying the App-V Sequencer, Desktop Client, and Streaming Server

Preparing the Streaming Mode

The default installation of the App-V Desktop Client accepts only the option to set the publishing server as the same server that publishes the application, the App-V Management Server. So if you need to use an App-V Streaming Server, for example in a branch office, you will need to change a few registry keys in the App-V Desktop Clients. These steps are only necessary when you already have the App-V Desktop Client installed and would like to modify the value for the Streaming Server.

You can execute this by manually modifying it or using Group Policy.

Manual configuration for Streaming Mode

Running a manual configuration for the client requires modifying the registry values used by the App-V Desktop Client. This is done as follows: 1. Use Run in the Start menu and type in regedit. 2. If the client is using a 64-bit operating system, locate the following path:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\SoftGrid\4.5\ Client\Configuration\.

In case of a 32-bit OS, the path is: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ SoftGrid\4.5\Client\Configuration\.

[ 84 ]

Chapter 4

1. Right-click on ApplicationSourceRoot key and select Modify. 2. Insert the name of the App-V Streaming Server, in this example, RTSP:// appv-streaming:554, and click OK.

The registry keys modified should like as follows:

3. Close the Registry Editor and the App-V Desktop Client is ready to receive applications from the Streaming Server.

Group Policy configuration for Streaming Mode

You can access these Group Policy options by downloading the Microsoft Application Virtualization Administrative Template (ADM Template), available at the Microsoft Download Center http://www.microsoft.com/downloads/en/ default.aspx. Once the Administrative Templates are imported, you can start working on the App-V group policies. 1. Create a Group Policy, link it in the Organizational Unit where the Streaming clients will be working, and select Edit.

[ 85 ]

Deploying the App-V Sequencer, Desktop Client, and Streaming Server

2. Expand Computer Configuration | Policies | Administrative Templates | Classic Administrative Templates (ADM) | Microsoft Application Virtualization Client or Microsoft Application Virtualization Client (64-bit).

3. Select Communication and modify the Application Source Root Group Policy value to Enabled and set the Application Source Root Path to RTSP://appv-server:554.

[ 86 ]

Chapter 4

4. Click OK and the policy will be set and ready.

5. Once the values are set and the group policy linked, on the client machines just use the following command to retrieve the latest configurations: gpupdate /force

Preparing the Standalone Mode

Preparing the Standalone Model can also be achieved using two types of configurations—manual and using Group Policy for modifying the registry values.

Manual configuration for Standalone Mode This approach requires installing the App-V Desktop Client from scratch.

1. If the client already has the App-V Desktop Client installed you will need to uninstall it, or use the Group Policy Configuration method to modify the registry values instead. 2. Place the App-V Desktop Client installers on the client machine. 3. Open an elevated command prompt and type the following: setup.exe" /s /v"/qb-! SWICACHESIZE=\"6000\" AUTOLOADTARGET=\"NONE\" REQUIREAUTHORIZATIONIFCACHED=\"FALSE\" SWIFSDRIVE=\"Q\"

Once you run this command line, the App-V Desktop Client installation will start. [ 87 ]

Deploying the App-V Sequencer, Desktop Client, and Streaming Server

Group Policy configuration for Standalone Mode

You can access this Group Policy option by downloading the Microsoft Application Virtualization Administrative Template (ADM Template), available at the Microsoft Download Center http://www.microsoft.com/downloads/en/default. aspx. Once the Administrative Templates are imported, you can start working on the App-V group policies. 1. Create a Group Policy, link it in the Organizational Unit where the Standalone users will be working, and select Edit. 2. Expand Computer Configuration | Policies| Administrative Templates | Classic Administrative Templates (ADM) | Microsoft Application Virtualization Client or Microsoft Application Virtualization Client (64-bit).

3. Select Communication and modify the following Group Policy values: °°

Allow Independent File Streaming: Enabled.

°°

Always Require Application Authorization: Disabled.

°°

Disconnected Operations: Work Offline: Enabled.

°°

Disconnected Operations: Allow: Enabled.

°°

Disconnected Operations: Limit Disconnected Operations: Enabled.

[ 88 ]

Chapter 4

4. Select the folder Permissions under Microsoft Application Virtualization Client and modify the Permissions to Toggle into Offline Mode value to Disabled:

5. Once the values are set and the group policy linked, on the client machines just use the following command to retrieve the latest configurations: gpupdate /force

[ 89 ]

Deploying the App-V Sequencer, Desktop Client, and Streaming Server

Automating the App-V Desktop Client deployment

There's no point in having the Administrative Templates for App-V and achieving a centralized management for the App-V client behavior if you cannot automatically deploy the Desktop Client component. App-V installers include both types of files for client installation—EXE and MSI. The last one is often used by administrator for automating deployment using Group Policies Software Installation, System Center Configuration Manager 2007, or any other third party platform. Running the installation from the setup.exe file is usually the best choice when you are running a manual installation, as all the pre-requisites are included. Even though the MSI is the preferred method for silent and automated installations, it does not include the prerequisites and you can experience some problems installing the Application Error Reporting component which requires a special ID. So you should properly install all the components first and then run the MSI. In this section you will see how you can automate this deployment. The automatic deployment will include running a complete script which can be found in the code bundle download for this book. The name of the script is appv_client.bat. Here's the content of the script you are going to use: @ECHO OFF REM Installing Microsoft Visual C++ 2005 Redistributable Package (x86) SET SOURCE= SET SOURCE=\\servername\sharedfolder\VisualC2005 START /WAIT %SOURCE%\vcredist_x86.EXE /Q /T:%TEMP%\VC2005x86 REM Installing Microsoft Visual C++ 2008 Redistributable Package (x86) SET SOURCE= SET SOURCE=\\servername\sharedfolder\VisualC2008 START /WAIT %SOURCE%\vcredist_x86.EXE /Q REM Installing Microsoft Application Error Reporting SET SOURCE= SET SOURCE=\\servername\sharedfolder\ErrorReporting START /WAIT MSIEXEC /I %SOURCE%\dw20shared.msi APPGUID={E569E45F7BA6-4C7F-B6BA-3FFCBE92FC22} REBOOT=Suppress REINSTALL=ALL REINSTALLMODE=vomus REM Setting the options for App-V Desktop Client Installation SET OPTIONS= [ 90 ]

Chapter 4 SET SET SET SET SET SET SET SET SET SET SET SET SET SET SET

OPTIONS=ALLOWINDEPENDENTFILESTREAMING=FALSE OPTIONS=%OPTIONS% SWIFSDRIVE=Q OPTIONS=%OPTIONS% SWICACHESIZE=6144 OPTIONS=%OPTIONS% AUTOLOADONLAUNCH=1 OPTIONS=%OPTIONS% AUTOLOADONLOGIN=0 OPTIONS=%OPTIONS% AUTOLOADONREFRESH=0 OPTIONS=%OPTIONS% AUTOLOADTARGET=PREVUSED OPTIONS=%OPTIONS% REQUIREAUTHORIZATIONIFCACHED=0 OPTIONS=%OPTIONS% PERM_ADDAPP=1 OPTIONS=%OPTIONS% PERM_PUBLISHSHORTCUTS=1 OPTIONS=%OPTIONS% OPTIN=FALSE OPTIONS=%OPTIONS% SWIPUBSVRDISPLAY=servername OPTIONS=%OPTIONS% SWIPUBSVRTYPE=RTSP OPTIONS=%OPTIONS% SWIPUBSVRHOST=servername OPTIONS=%OPTIONS% SWIPUBSVRPORT=554

REM Installing Microsoft App-V 4.6 Desktop Client x64 SET SOURCE= SET SOURCE=\\servername\sharedfolder\App-V START /WAIT MSIEXEC /I %SOURCE%\SETUP.MSI %OPTIONS% ALLUSERS=TRUE REBOOT=SUPRESS /QB

Things to look out for: •

You need to change the values set for the variable SOURCE, which contains the files location.

•

The value servername is used to change it using the FQDN of the App-V Server in charge of publishing applications.

•

The options marked for SWIPUBSVRTYPE and SWIPUBSVRPORT are related to the type and port set in the environment. In this case, RTSP and 554.

•

For more information about variables and procedure refer to the following articles: °°

Application Virtualization Client Installer Command-Line Parameters (http://technet.microsoft.com/en-us/library/ cc843737.aspx)

°°

How to Install the Client by Using the Command Line (http:// technet.microsoft.com/en-us/library/ee956917.aspx)

Using this simple script, you can also automate the deployment process using Group Policy logon scripts, to guarantee that users will be able to install the App-V Desktop Client once they log on to their computers.

[ 91 ]

Deploying the App-V Sequencer, Desktop Client, and Streaming Server

The only consideration you should evaluate before deploying this client is that if you are going to use Group Policy with logon scripts, this process will be executed every time. Let's take a look at this process (the following example uses a 64-bit environment): 1. Download the following pre-requisites for the App-V 4.6 Desktop Client: °°

Microsoft Visual C++ 2005 Redistributable Package (x86)

°°

Microsoft Visual C++ 2008 Redistributable Package (x86)

°°

Microsoft Application Error Reporting, which can be found in the Support\Watson folder on the release media (dw20shared.msi file)

Visual C++ 2005 and 2008 Redistributable Packages must be 32-bit, even if you are using a 64-bit environment. 2. Place the installation files in a shared folder available on the domain network, including the installer setup.msi from the App-V Desktop Client. You have to make sure that this folder and its content are available to all users and computers for Read and Execute. 3. Access a Domain Controller (or any machine with the Group Policy Management Console) using a privileged account, and place the mentioned script there. 4. Open the Group Policy Management console. Create and link a new group policy object. In this case, you'll be using an Organizational Unit placed specially for users who will receive the App-V Desktop Client, App-V Deployment.

[ 92 ]

Chapter 4

5. Use a descriptive name for the group policy object such as App-V Deployment. 6. Right-click the object and select Edit. 7. Expand User Configuration | Windows Settings | Scripts (Logon/Logoff).

8. Double-click on Logon.

[ 93 ]

Deploying the App-V Sequencer, Desktop Client, and Streaming Server

9. Click on Show Files and place the appv_client.bat script within this folder. 10. Click on Add and select the App-V script. Click OK.

With that, the policy will run for all users located in the container you've selected. 11. If you want immediate response from the client machines, remember to use the gpupdate /force command line.

Testing the environment

Before getting into the sequencing process of an application it is important to validate that the entire configuration set up so far is working properly so that the next steps of the deployment should not give us any trouble. Most of the errors or issues that can occur in the deployment phase are related to connectivity problems or misconfigurations in the implementations. All of them can be easily avoided if the proper tests are executed.

[ 94 ]

Chapter 4

Verifying the connection with the server

The initial step in validating a proper installation and communication from client machines to the App-V Server can be done in several ways. But none of those can be simplified any better than using the Immidio Resource Kit. Immidio (http://immidio.com/) is a company that provides solutions and software to companies, with a big focus on virtualization technologies. They've also created the Immidio Resource Kit, which contains a fabulous tool—the App-V Ping. With App-V Ping you can easily verify the communication and configuration from the App-V Client to the App-V Server, using a far more powerful tool than just "telnet" to 554 port (or the default streaming port selected). App-V Ping is really simple to use: 1. Download the App-V Resource Kit from Immidio. It can be found at http://immidio.com/resourcekit/. 2. Install the App-V Resource Kit. 3. At a command prompt, open the installation path for the Immidio Resource Kit. In this case, it's C:\Program Files\Immidio\Resource Kit. 4. Type the following command and verify the results: App-V-Ping.exe –s -v

Always start with the App-V Ping tool to validate the communication between clients and servers. [ 95 ]

Deploying the App-V Sequencer, Desktop Client, and Streaming Server

Configuring and testing the default application

Once communication with the server has been validated the next logical step is to try distributing a virtual application. In this case, the Default Application from App-V will be the test. Here are the steps: 1. In the App-V Management Server, open the App-V Management Console.

2. Inside Applications, right-click on Default Application and select Properties. 3. In the General tab, modify the values for OSD Path and Icon Path using the UNC of the content folder. In this example, it is \\appv-server\content\.

[ 96 ]

Chapter 4

4. In the Shortcuts tab, select the shortcuts to be installed for this application. In this example, the options selected are Publish to User's Desktop and Publish to User's Start Menu.

[ 97 ]

Deploying the App-V Sequencer, Desktop Client, and Streaming Server

5. In the Access Permissions tab, add the Active Directory groups that will have this application made available. Click OK.

6. Locate the content folder and open it to edit the DefaultApp.osd file. 7. Locate and modify the fourth line number, using the correct server name and port as follows:
[ 98 ]

Chapter 4

8. Now access the App-V Desktop Client, and if a new login was performed, the Default App shortcuts should appear. If not and you want to avoid the logoff and logon, you can access the App-V Client Console from C:\Program Files (x86)\Microsoft Application Virtualization Client\SftCMC.msc. 9. Select Publishing Servers, right-click on appv-server, and select Refresh Server.

10. Once the application is loaded, you can find the shortcuts added just as you configured.

[ 99 ]

Deploying the App-V Sequencer, Desktop Client, and Streaming Server

11. Select any of them and the application will load after a few seconds.

12. If the application has been delivered properly you should see a small screen with the Microsoft Application Virtualization Default Application.

After completing these steps you can be certain that the environment deployed is working normally and the applications to be captured can be delivered.

[ 100 ]

Chapter 4

Summary

In this chapter you have had the chance to start working directly with the App-V platform, with the main procedures for the installation, preparation, deployment, and initials steps for testing the environment. The Streaming and Standalone mode are not simple to configure manually, but fortunately the use of Microsoft Application Virtualization Administrative Template can make things a lot easier. Not only did you cover the configurations that could be performed automatically, but also reviewed how to create and deploy a script within your domain to deploy the App-V Desktop Client. Another important thing you must remember before taking the platform into production is that you should always use the Default Application to validate the configurations. In the next chapter you will take a closer look at the sequencing process, capturing simple applications like Mozilla Firefox, and highly-complex ones like Microsoft Office 2010.

[ 101 ]

Download from Wow! eBook <www.wowebook.com>

Taking the Initial Steps in the Sequencing Process You have already seen which components are included in Microsoft Application Virtualization, how they interconnect, how to perform a correct assessment and sizing, and finally the step-by-step procedure to implement App-V. Now is the time for getting into the essence of delivering virtualized applications—the sequencing process. One of the challenges of virtual applications is to achieve the isolation of the work environment, giving the ability to avoid incompatibilities with other applications or components within the operating system. In this capturing process the App-V sequencer is in charge of providing a virtual environment for the installation of this application, monitoring and capturing any changes that the process performs. The result of the sequencing process is a package with several components that interact with each other to allow a transparent execution of the application, so the user cannot differentiate the use of the normal application with a virtualized application. The files included in this package, as reviewed earlier, are: •

SFT file (original applications' file packed into one file)

•

OSD file (in charge of controlling how the application runs by providing the necessary links between the client and the SFT file)

•

SPRJ file (project file, used generally for a future change in the application and importing applications to the Management Server)

•

Manifest file (XML with the application shortcuts and file associations)

Taking the Initial Steps in the Sequencing Process

•

ICO file (icon file for the application)

•

MSI file (optional component used by the App-V Standalone model, containing the manifest, OSD, and ICO files)

Experience with several applications and their sequencing shows that some of them need tweaks or changes, but the general results are pretty good. But you must always remember and consider that not all applications are suitable for sequencing. Usually you will find most of the problems are in applications with high operating system integration, like those with drivers or shell extensions. In this chapter you are going to learn about: •

Understanding the sequencing process

•

Reviewing sequencing requirements and best practices, including the applications which are not suitable to be sequenced

•

The step-by-step sequencing and publishing process for simple applications

What is sequencing?

Sequencing represents the process where the App-V Sequencer monitors and captures the files and environment changes (like registry modifications) created by an application installation. Once the capturing process is complete, the sequencing process ends by building the App-V package ready to be delivered to clients by a streaming method or just using an MSI. The sequencing process, to achieve this, creates a virtual environment which is isolated from the operating system avoiding most conflicts with other applications or components existing on the client's operating system.

Sequencing phases

Once the application is selected and the environment is ready for capturing, you can easily identify four phases in the sequencing process—installation, launch, customization, and save.

[ 104 ]

Chapter 5

Installation

The installation phase starts with selecting the package name, starting and monitoring the installation process, and finally processing all the information, listing the files created, registry changes, simulated reboot operations, and so on. The following is a summary image from the Microsoft Sequencing Guide:

Launch

After the application installation is complete, the launch phase is used to configure the application's components such as defining shortcuts and file type associations, monitoring file operations while the application is launching, capturing registry and services changes, updating the file list and virtual registry, and finally generating the OSD, SFT, and MSI files. Within this phase the primary feature block (FB1) is also set, which will be the first data packet sent to the App-V Client.

[ 105 ]

Taking the Initial Steps in the Sequencing Process

The following is a summary image from the Microsoft Sequencing Guide:

Process/Customization

This phase is oriented to perform changes in the application that will be supported within the OSD file. This section is dedicated for a more advanced sequencer, locating scripts to run inside or outside the virtual environment, additional actions to take depending on the results from running a script, and so on.

Save

In this phase all the App-V packages are created based on the information collected in the previous phases.

Reviewing sequencing requirements Once the App-V Sequencer is in place, you must always keep in mind the requirements and best practices for sequencing applications.

You should have already reviewed that the hardware and software requirements do not represent any complexity.

[ 106 ]

Chapter 5

Minimum Hardware: •

Processor: Intel Pentium 1 GHz (32 or 64 bits).

•

Memory: 1 GB to 2 GB or higher recommended.

•

Disk space: 40 GB separate disk available with at least 15 GB free.

Operating System: Operating System

Service Pack

System Architecture

Windows XP

SP2 or SP3

x86 or x64

No service pack, SP1, or SP2

x86 or x64

N/A

x86 or x64

Professional

Windows Vista Business, Enterprise, or Ultimate

Windows 7 Professional, Enterprise, or Ultimate

Even though you can install App-V components in Windows XP SP2 and Windows Vista with no Service Pack, these two are no longer supported by Microsoft. You should use Windows XP with SP3 and Windows Vista with SP1 or superior. The second partition available (App-V standards letter Q:) is a common scenario and best practice is to use this letter but it is not a requirement to sequence an application. You can capture applications installed on C:\ (or any other letter) but if you decide to capture a subfolder inside C:\Program Files (x86)\application_name, the directory C:\Program Files (x86) must exist in the App-V Desktop Client. Before you start packaging an application you must understand the virtual environment where you will be working—the application behavior and restrictions, common best practices to provide an efficient process which will result in a transparent deployment and usage of the virtualized application.

[ 107 ]

Taking the Initial Steps in the Sequencing Process

Sequencing best practices

A good place to start would be the Best practices to use for sequencing in Microsoft App-V article at the official Knowledge Base from Microsoft, available at http://support.microsoft.com/kb/932137/en. You can also find the Microsoft Application Virtualization 4.6 Sequencing Guide at the Microsoft Download Center (http://www.microsoft.com/downloads/en/ default.aspx). Here are some lessons learned from many scenarios delivering virtualized applications: •

Understand the application requirements before capturing it. It's never a good idea to go directly to sequence an application you have never installed. You must review the requirements of each application and verify whether it needs other components or applications. This will lead you to see if you need to use Dynamic Suite Composition or just one bundle with several applications.

•

Understand the application usage. You must run the necessary tests once the application is running to verify that the user can actually use it. One common error in App-V implementations is that the deployment application tester does not complete the right use cases to verify the successful implementation of the application. Ask a user what the common activities a person executes once the application is launched, and include those in the process of capturing it. Test-driven development (TDD) is the name that developers use, which is more than just a best practice, when they are coding. Or do you prefer use Test-Driven-Deployment?

•

Before starting sequencing, shut down other programs. Otherwise the App-V Sequencer could capture changes generated from another running application. A good example of those that it might be a good idea to disable (close) are: °°

Antivirus software

°°

Windows Update

°°

Windows Defender

°°

Windows Search

°°

Disk defragmentation tools

°°

Software agents like Dropbox, iTunes, and so on

[ 108 ]

Chapter 5

•

Even though running an antivirus software on the sequencer machines is not a good idea, ensure that the computer is not infected with any type of malware. To do that without installing any antivirus, you can use the Microsoft Malicious Software Removal Tool from the link http://www. microsoft.com/security/malwareremove/default.aspx. This tool consists of only a standalone EXE file, which is updated frequently by Microsoft, and automatically scans your computer to detect any malware presence.

•

Use Windows Virtual PC or any other virtualization platform for the App-V Sequencer machines, thus allowing snapshot possibilities. This gives you the chance to work with a known clean operating system every time. Do not reuse the same sequencer image where you install and remove applications. Do not take the snapshot as soon you complete the App-V Sequencer installation. Once the App-V Sequencer installation is completed, should run the App-V Sequencer wizard, which assigns a unique GUID to the App-V package. If you revert to snapshot every time you want to capture a new application the same GUID will apply to every App-V application. Virtual PC does not support 64-bit guest operating systems. VMware Workstation and other platforms do support this architecture.

•

Use the same operating system in the sequencing and client machines. Use the same baseline, updates and existing applications. Microsoft does not support deploying applications on a different operating system to that where it was captured. For example, capturing Mozilla Firefox on Windows Vista and then deploying the App-V package on Windows XP.

•

If the client/sequencer operating system is Windows Vista or Windows 7 keep the User Account Control (UAC) option consistent. If the client machines have this feature enabled, maintain the same option in the sequencer.

•

Ideally place the application folder in the root drive, to avoid any inconsistencies between clients. For example Q:\MyApp.

•

Use a short filename for the application folder name. This standard is called "8.3 filename", where the name contains eight or less characters. For example, an incorrect directory name would be Q:\Mozilla Firefox; the correct one would be Q:\Firefox.

•

Execute the application as many times as necessary to ensure that all the initial configurations most applications perform (like license agreement and file type associations) are completed successfully. [ 109 ]

Taking the Initial Steps in the Sequencing Process

•

In the Launch Phase of sequencing the application, the FB1 (primary feature block) is created. A best practice in this phase is launching the application and executing a normal usage of it. For example, if the sequenced application is Microsoft Word, open the application, type and misspell a word, which will use grammar correction features.

•

Ensure that none of the application components is installed with the Install on First Use option. Select either Run from My Computer (install this component) or Not Available (do not install this component).

•

Remove Automatic Updates from a sequenced application. This could lead to deployment inconsistencies.

•

Verify that the temp directory %TMP%, %TEMP% has sufficient space to store temporary sequencing data.

•

If the application installation freezes or notifies about some errors encountered while the capturing process is running, even if the application seems installed correctly, re-run the sequencing procedure.

•

Create an ODBC Data Source Name (DSN) in the sequencer machine prior to any application capture. This is one of the best practices that is commonly missed but is an important one if you are dealing with applications that need to create their own ODBC DSN. If the application needs to create an ODBC DSN, it will create several registry containers which will also be captured by the sequencer. This could be a problem if the App-V Desktop Clients do use other ODBC DSNs. Once the App-V package is deployed it will overwrite the existing registry keys.

•

Install a dummy printer in the sequencer before starting any application capture. This is another example of a best practice for special applications that could install virtual printers in the client operating system. As with ODBC DSN, when you start the first printer, the operating system generates a lot of new data and registry containers. If you are capturing an application that actually installs the first printer in the operating system, the App-V package will capture several new settings that could be disruptive at deployment time.

•

Set user expectations. The use of virtualized applications could result in losing some capabilities, like "right-click options" from the application. It is important for you to explain to the final users which functionalities the application will have and which will be missing.

[ 110 ]

Chapter 5

•

Document the sequence process. Do not expect that you will always be the person responsible for sequencing the application. A good explanation document will facilitate your work and help your teammates. The documents created here could be guidance for the sequence procedure when a new application version appears.

•

Review the Applications not supported for sequencing section later in this chapter to find which applications are not supported.

Creating an ODBC Data Source Name

This is a simple procedure, present in the App-V 4.6 Sequencing Guide from Microsoft, for creating an ODBC DSN. In this example, the client machine is Windows 7 64-bit. 1. Open Control Panel | System and Security | Administrative Tools | Data Sources (ODBC).

[ 111 ]

Taking the Initial Steps in the Sequencing Process

2. Click on the User DSN tab.

3. Click Add. Select SQL Server in the next window and click Finish.

[ 112 ]

Chapter 5

4. For Name, enter dummy. For Server, enter dummy and click Next.

5. Uncheck the Connect to SQL Server to obtain settings for the additional configuration settings checkbox. Click Next.

[ 113 ]

Taking the Initial Steps in the Sequencing Process

6. Accept the default configuration in the next page and click Next.

7. Click Finish.

[ 114 ]

Chapter 5

8. Click OK. Do not bother to click Test Data Source as the test will fail.

Next, create an ODBC System DSN setting as part of the Sequencer base image, as follows: 1. Click on the System DSN tab.

[ 115 ]

Taking the Initial Steps in the Sequencing Process

2. Click Add. Select SQL Server in the next window and click Finish. 3. For Name, enter dummy. For Server, enter dummy and click Next. 4. Uncheck the Connect to SQL Server to obtain settings for the additional configuration settings checkbox and click Next. 5. Accept the default configuration and click Next. 6. Click Finish.

7. Click OK. Do not bother to click Test Data Source as the test will fail.

[ 116 ]

Chapter 5

8. Click OK to close the ODBC applet.

Creating a dummy printer

This procedure will add a sample printer in the App-V Sequencer operating system. In this example, the client machine is Windows 7 64-bit. 1. Open the Control Panel | Hardware and Sound. Select Add a printer.

[ 117 ]

Taking the Initial Steps in the Sequencing Process

2. Select Add a local printer.

3. Accept the port configuration and click on click on Next.

[ 118 ]

Chapter 5

4. For Manufacturer, select HP and for Printers select HP LaserJet P2015 PCL6. Click Next.

5. For Printer name, enter dummy. Click Next.

[ 119 ]

Taking the Initial Steps in the Sequencing Process

6. On the Printer Sharing screen click Next. 7. Click Finish.

8. Close Devices and Printers applet.

Applications not supported for sequencing

You already know that some applications are not suitable for sequencing. Most of them depend on the analysis you performed regarding complexity or the result of the cost/benefit equation in each case. Here's a summary of the type of applications that are usually unsuitable for virtualizing. Even though it is possible to sequence them with App-V, the deployment results are usually not very good. Application type

Definition

Examples

Applications with drivers

Applications that install and rely on a systemlevel driver.

OEM hardware utilities

As a workaround for this scenario, the driver portion of this application can be installed locally on the client system, allowing the other components of the application to be virtualized. [ 120 ]

Chapter 5

Application type

Definition

Examples

Applications that integrate closely with the operating system

Some applications, such as the Internet Explorer browser, are closely tied to the operating system. As such, these applications cannot be sequenced.

Windows Media Player

Applications with shell extensions

Microsoft Application Virtualization does not support shell extensions that contain a custom dynamic-link library (DLL). This would require providing access to the virtual environment to Windows Explorer. Shell extensions are in-process Component Object Model (COM) objects that extend the abilities of the Windows operating system.

WinZip

COM+ applications

COM+ is dynamic; it happens at run time and is not captured. COM and DCOM, by contrast, are recorded in component services and are static.

BizTalk

Applications with background tasks

App-V supports the virtualization of services; however, they must be started from within the virtual environment. Some applications install a service in background, which is not captured.

PCAnywhere

Applications that integrate with many other applications

Applications with complex or unknown integration with other applications or operating system components need to be fully evaluated to identify and define interaction requirements.

Microsoft Office Live Meeting 2007

Applications with licensing enforcement tied to a computer

Applications where the license is tied to system hardware or to the system's MAC address.

Computer-aided design (CAD) software

Applications that result in an .sft file greater than 4 gigabytes (GB)

App-V does not support sequences larger than 4 GB.

Microsoft Flight Simulator X

16-bit application in 64-bit client

This is actually a restriction in the OS. None of Windows 64-bit clients supports 16-bit applications.

Pegasus Mail 16-bit version

[ 121 ]

Internet Explorer

Firewall Client ISA/TMG Server

Microsoft Office Communicator 2007

Taking the Initial Steps in the Sequencing Process

Sequencing applications

As mentioned earlier, even though there are some restrictions in the applications you can virtualize with Microsoft App-V, most existing and common applications are very suitable for sequencing. That's why Microsoft uses three different categories to divide the type of applications you can package and distribute with App-V: •

Simple: Does not require modifications in the sequencing process, provides a simple and straightforward way to capture it. The package size of this type of application is around 100 MB or less; and it usually takes just a few minutes to get it ready.

•

Moderate: Could require some changes in the sequencing process, like making a few registry changes or adding parameters in the OSD file to make the application work properly.

•

Complex: Several changes needed in the virtual environment to get this type of application working properly. Complex applications are usually the kind where you need to hard code some parameters or install some drivers on the client operating systems before the deployment of this application. These App-V packages are, in most cases, built in several iterations as you are getting to know the application; that's why could take several hours to complete.

In this chapter you are going to start with a small and simple application to get familiarized with the sequencing process and then you will be moving on to more complex applications.

Sequencing Mozilla Firefox

Mozilla Firefox is one of the most common applications used via virtualizing. This is because organizations prefer using the operating system's browser as the default for all users, which is in most cases Internet Explorer. Mozilla Firefox is required as an alternative for some users (for example developers who want to test a web application they are building) and virtualizing is the best approach when you don't want to modify your base operating system. The operating system used in the App-V Sequencer is Windows 7 64-bit (Hyper-V virtual machine) and Mozilla Firefox 3.6. 1. The Mozilla Firefox version used in this example has a known issue in Windows 7; you need to change the compatibility options to Windows XP (Service Pack 3). Just access the installer Properties, and the Compatibility tab to make the switch.

[ 122 ]

Chapter 5

2. Inside the Q:\ drive place a new folder, using the recommendations mentioned, called Firefox. 3. Open the App-V Sequencer application and click on the option Create a Package to start the wizard.

[ 123 ]

Taking the Initial Steps in the Sequencing Process

4. Complete the package information and click on Next.

5. If the option Show Advanced Monitoring Options was selected, you will now have two options to select: °°

Allow Microsoft Update to run during monitoring: This is not a recommended option to use as any change with Windows Update during the capturing process could generate unnecessary information for the package you are creating.

°°

Rebase DLLs: With this option enabled, DLLs are remapped to a contiguous address space in RAM to increase efficiency and performance. But some applications may not support this feature so in this case leave it unchecked.

[ 124 ]

Download from Wow! eBook <www.wowebook.com>

Chapter 5

6. Click on Next. 7. With the installer available and the compatibility option changed, you can click on Begin Monitoring which will start creating the virtual environment where you will install the application. Click on Begin Monitoring.

8. Select the folder Firefox under Q:\ and click OK.

[ 125 ]

Taking the Initial Steps in the Sequencing Process

9. Locate the installer and start the Firefox installation. On the first page, click on Next.

10. Select Custom installation type and click on Next. 11. Change the Destination Folder to Q:\Firefox.

[ 126 ]

Chapter 5

12. Select the number of shortcuts; this is not really important as you can modify this later when you publish the application. Click on Next. 13. In the Start Menu Folder click on Next. 14. Uncheck the option Use Firefox as my default web browser and click on Install. 15. Once the application is installed, you could run it to verify that the installation was completed successfully. But the sequencing process has a launching phase, so you can wait until then to execute it. 16. On the Monitor Installation page click on Stop Monitoring and click on Next.

17. You are going to see two applications available— Mozilla Firefox and Mozilla Firefox (Safe Mode). Also note that in this section you can set which shortcuts the users will receive. Even though you can customize it later, verify that all the necessary shortcuts are in place.

[ 127 ]

Taking the Initial Steps in the Sequencing Process

In this case, you have two, but there are packages that could load several applications, and not all might be necessary for your purposes; take a closer look to avoid any unnecessary information being loaded into the package.

18. Select Mozilla Firefox and click on Edit. You will see the following as the description.

[ 128 ]

Chapter 5

19. Rename the OSD File Name using the appropriate name convention. In this case type Firefox.osd, and click on Save.

20. Repeat the action for Mozilla Firefox (Safe Mode). In this case use the name FirefoxS.osd. Click on Save.

[ 129 ]

Taking the Initial Steps in the Sequencing Process

21. On the next page, you are ready to launch the applications, make the necessary modifications to the environment, and generate Feature Block 1 (FB1) for the virtual application. Click on Mozilla Firefox and select Launch. This is an important phase of the sequencing process. As discussed earlier, the FB1 is the default set of data transmitted to the client. This data is created within this launch process, so if you know which features users will execute more often in this application, then you should include those actions in this step. Making correct use of the Launch process and Feature Block 1 creation could be very significant as it will reduce much of the load for App-V Streaming and/or Management Servers.

[ 130 ]

Chapter 5

22. It will try to import Internet Explorer configurations, select Don't import anything and click on Next.

23. Firefox will try to set itself as the preferred browser, so uncheck the option Always perform this check when starting Firefox and click on No.

[ 131 ]

Taking the Initial Steps in the Sequencing Process

24. As a recommended best practice, in Firefox access Tools | Options | Advanced and deselect all the options in the Update tab. Click OK and close the browser.

25. Repeat the launch process for Mozilla Firefox (Safe Mode). 26. Once both applications have been launched click on Next.

[ 132 ]

Chapter 5

27. The sequencing process is complete. Click on Finish.

28. With the application captured, now you just need to perform a few more changes to get the Mozilla Firefox package ready.

[ 133 ]

Taking the Initial Steps in the Sequencing Process

29. Access the Deployment tab; change the values in Protocol to RTSP and in Hostname use the Streaming Server in charge of delivering the application, in this case it is appv-server.

Note that the list of operating systems selected for deploying has only Windows 7 64-bit. As mentioned several times earlier, it is not recommended that you deploy App-V packages to different OS from the sequencer machine. You can also insert a Path, which can represent the folder created inside content to store this virtualized application. 30. The other tabs present, like the Virtual Registry tab, will provide all the necessary information about the virtual environment created; there is no need to make any further changes.

[ 134 ]

Chapter 5

There is no need to make any change under the Virtual File System tab either.

[ 135 ]

Taking the Initial Steps in the Sequencing Process

31. Click on Save and select a folder where all the App-V packages will be stored. This, of course, does not have to be on Q:\. The file saved will be for the Sequencer Project.

Using this file you can later edit this package for an update or configuration change. In the selected folder you can find all the files necessary for deploying the virtualized version of Mozilla Firefox.

[ 136 ]

Chapter 5

Publishing and deploying Mozilla Firefox

Once the application is captured and the package creation is complete, you now have to publish it in the App-V Management Server and get it ready for client machines. In this example, the Streaming Server is represented by the App-V Management Server, where the MMC Console, Web Service, and SQL database are also located. Before starting these steps it is important to verify that you have completed the Post installation tasks section in Chapter 3.

1. Copy the files created in the App-V Sequencer to the content folder. As you have not defined any path in the App-V package, the Mozilla Firefox files must be in the root of the content folder and not in a sub-folder. 2. Access the App-V Management Server and open the App-V Management console. Right-click on Applications and select Import Applications.

[ 137 ]

Taking the Initial Steps in the Sequencing Process

3. In the content folder look for the SPRJ file. Click on Open.

4. A new wizard will appear. Type the Description of the application and select the Default Server Group. Click on Next.

[ 138 ]

Chapter 5

5. Select the shortcuts that will be available to clients. Click on Next.

6. In the Access Permissions page select the groups that will receive this application. In this case, the group will be App-V Admins. Click on Next.

[ 139 ]

Taking the Initial Steps in the Sequencing Process

7. Click on Finish.

The application is now added to the App-V Management Server and is ready to be deployed.

You can also check the properties of these two added applications and verify the options in the Shortcuts, File Associations, and Access Permissions tabs. Verify the OSD and Icon path. These two must use a network path \\appv-server\content\Firefox.osd. [ 140 ]

Chapter 5

8. With the environment set, access the App-V Desktop Client. If you are already logged in, refresh the server connection and the selected shortcuts should appear.

[ 141 ]

Download from Wow! eBook <www.wowebook.com>

Taking the Initial Steps in the Sequencing Process

9. Double-click either of them, and the application will be streamed down to the client's cache and executed.

10. You can also verify that the options you changed during the sequencing process are maintained in the deployment. Remember that the first time the application is launched, it takes a few seconds (depending of course on the size of the block) to be executed as it checks for updates and downloads the primary feature block, FB1. After the first launch, the application will only complete a verification from the server about any update, and the rest of the execution will be executed from client’s cache.

[ 142 ]

Chapter 5

Summary

In this chapter, you have had the chance to start working directly with virtualized applications; understanding their requirements, environment, phases, and the processes involved. Even though you usually see the sequencing process as simple steps, to achieve an effective isolation of the application there are several points to consider. You have reviewed closely the best practices you must consider before capturing an application, which cover all of the necessary aspects—from the sequencer's operating system and available components to where and how you are storing the application in the virtual environment. With that, you have also looked at which applications are not suitable for virtualizing. In the sequencing per se, you had two good examples of step-by-step procedures. You first had the chance to review the basics in the sequencing process by virtualizing Mozilla Firefox. All applications are unique when you talk about how they behave in their environment. That's why each sequencing process will be different in any given situation. If you understand the requirements, best practices, and supported scenarios, you should never completely discard application virtualization as a possible solution. In the next chapter, you will review the process of sequencing and publishing a more complex application, Microsoft Office 2010.

[ 143 ]

Sequencing Complex Applications As seen in the previous chapter, once you get familiar with the sequencing process you can find it a straightforward procedure. The complexity of capturing and isolating an application always depends on the application. Also discussed were the different types of applications when categorizing them in a virtual environment—simple, moderate, and complex. These categories are related to how these applications interact with the operating system and how many changes are needed to achieve a working virtualization. Microsoft Office 2010 is definitely a complex application. This suite is highly integrated with several operating system capabilities, and not fully prepared for virtualizing. That's why Microsoft developed the Microsoft Office 2010 App-V Deployment Kit, which will provide you with the necessary environment for a transparent implementation. Microsoft Office 2010 not only requires the use of the Deployment Kit, but also needs to add and remove some registry keys, edit some environment values, and make other changes for a smooth deployment. It is important to understand that taking a deeper look at App-V by handling and configuring a virtualized Office 2010 will lead you to understanding and gaining necessary experience for many other applications which have the same level of complexity. Due to the complexity of the applications plus the App-V components involved, you must be ready for troubleshooting the deployment processes. Understanding the error codes and the possible reasons for each of them is one of the key factors.

Sequencing Complex Applications

In this chapter you are going to learn about: •

Benefits of virtualizing Microsoft Office 2010

•

Requirements before capturing Microsoft Office 2010 using the App-V Deployment Kit

•

Capturing and editing the Microsoft Office 2010 App-V package

•

Deploying the virtualized Microsoft Office 2010

•

Troubleshooting App-V package deployment

When do you need Advanced Sequencing in App-V? Advanced Sequencing represents the practices you must execute for achieve some particular applications to actually function properly when virtualized. The sequencing phases are the same as reviewed earlier—the only differences are the tasks you are going to add to those phases to complete the capturing process.

When you need to use some of these tasks will depend on each application, and the tasks required will also depend on the restrictions that each application has. Here are some of the application types that will require some changes to the straightforward process you saw earlier: •

Applications that cannot install on a specified (Q:\) drive: There are some applications which do not support being installed on a drive other than C:\, and even worse there are applications which will not let you decide the directory path for the installation; fortunately App-V can still support this type of application anyway. The sequencing process will still use the Q:\ drive, which will contain files and folders for redirecting the file activity in the client to the directory in the C:\ drive.

•

Web applications: Internet Explorer is not supported for sequencing but there are some web applications, like Silverlight or Java Runtime Environment, which can be sequenced. App-V in this case delivers the Internet Explorer executable file to the client to generate a virtual environment for the web-based application.

•

Adding scripts to the OSD files: You can add changes to the default OSD files created by App-V to get a more personalized virtual application.

[ 146 ]

Chapter 6

•

Complex applications suites that are integrated with several operating system components: This is the case with Microsoft Office 2010, which requires interaction with other applications in the operating system, adding some registry values to be captured by the sequencer, changing some configuration values from the normal App-V behavior, and so on. To achieve this in Office 2010, Microsoft developed the Deployment Kit for App-V which you will combine with some advanced sequencing techniques.

You must never confuse advanced sequencing for complex applications with applications not supported for sequencing. Applications not supported for virtualization, as seen earlier, will not function properly because of the platform architecture and restrictions in some type of applications.

How a virtualized Microsoft Office 2010 fits into your environment?

Microsoft Office has been "the" most wanted suite when people discuss virtualizing applications. The main reason is due to the isolation; achieving this means that you can guarantee that any version of Microsoft Office could co-exist in the same operating system, eliminating conflicts between versions. Organizations are usually attracted by this because most of the user's productivity depends on this suite, and App-V provides an easy way to deploy newer versions of the platform without disrupting other user's productivity. Users who cannot migrate away from the Office XP/2003 user interface and the application's compatibility are usually a show-stopper when the organization is pushing for an Office 2007/2010 migration. But, with Microsoft App-V, you can simply deploy a new suite without affecting an existing one. As mentioned earlier, Microsoft Office represents a suite that integrates with several components of the operating system to provide functionality, like right-click capabilities and shell extensions, which are not fully supported by Microsoft App-V. And the organizations, who decided to use Microsoft Office 2007 in a virtualized environment for a progressive migration, had to forego several Office 2007 functionalities in this transition.

[ 147 ]

Sequencing Complex Applications

Fortunately, for Office 2010, Microsoft created the "Deployment Kit for App-V", that brings back some of the lost functionalities you didn't have when you virtualized the previous version of this suite. Using this kit, the following functionalities (proxies) will be added: •

Improved SharePoint integration to open, save, and edit files

•

Find your e-mail items quickly with Outlook's Fast Search

•

Connect to your inbox using Microsoft Outlook Send to functionality

•

Print your documents directly to OneNote

•

Find contents within your documents using Office Document Indexing

•

Open web-based calendar items and RSS Feeds in Outlook

•

Perform advanced mail configuration using the Virtual Mail Applet

There are also a few considerations before starting with the process: •

Microsoft Office 2010 32-bit working on 32- and 64-bit operating systems and App-V clients is fully supported with all features

•

Microsoft Office 2010 64-bit working on 64-bit operating system and App-V client is supported, but with none of the proxies mentioned earlier.

Do not avoid any of these considerations, as it will be important to set user and company expectations.

Sequencing Microsoft Office 2010

Once you have reviewed all the benefits and considerations of using a virtualized Office 2010, you are going to take a detailed look at the complete Advanced Sequencing process for this suite. Using this Deployment Kit requires some initial configuration before starting the sequencing process. Here is a look at the step-by-step process.

Initial configurations and requirements

Here are some of the initial configurations you must execute before starting work on the sequencing: •

If you are sequencing on a Windows XP machine the following features must be installed: °°

.NET Framework 3.0 [ 148 ]

Chapter 6

°°

Windows Search 4.0. This is a particular case, as it is commonly best practice for sequencing applications to disable search features

°°

Microsoft XML Paper Specification Essentials Pack Windows 7 already has these features included in the default operating system installation. Windows 7 also uses XPS services, which are installed by default, for an efficient capture of Microsoft Office 2010.

•

Install the Microsoft Office 2010 Deployment Kit for App-V.

Installing Microsoft Office 2010 Deployment Kit for App-V

This Deployment Kit will provide you with the necessary tools to achieve the best user experience for a virtualized Microsoft Office suite. The complete reference for this Deployment Kit can be found at the Microsoft Knowledge Base available at http://support.microsoft.com/kb/983462/. This example is using a Windows 7 64-bit system as the App-V Sequencer and a Microsoft Office 2010 32-bit installation; this way you will be able to use the additional functionalities. The Deployment Kit has separate installers, for 64- and 32-bit installations. The architecture used in each case depends on the operating system used, and not on the Microsoft Office version.

Let's take a look at the installation: 1. Download the Microsoft Office 2010 Deployment Kit. Select a folder to decompress the files into. 2. Installation of the Deployment Kit must be done from a command prompt and the necessary parameters regarding the activation type used by the Microsoft Office suite should be added. The command line executed here will depend on which type of product key you will be using; verify this prior to any installation. Here are the options available: °°

Using KMS activation: msiexec /i OffVirt.msi PIDKEYS="xxxxx-xxxxx-xxxxx-xxxxxxxxxx-xxxxx" USEROPERATIONS=1

[ 149 ]

Sequencing Complex Applications

The USEROPERATIONS parameter is used for setting which users will be able to activate their Microsoft Office suite. The value 1 allows non-administrators to activate it. °°

Using MAK activation: msiexec /i OffVirt.msi WORD=1, EXCEL=1, POWERPOINT=1, GROOVE=1

Here you are not providing the product key to install it, so the product will request it at launch. You must select the products that will be available for activation by adding the parameter and the value 1. GROOVE is the component for SharePoint Workspace. The complete parameter reference can be found in the Knowledge Base linked to earlier.

The process usually takes a few seconds to complete, and if you selected the right installation type you won't see any error messages but that is still no certainty that the installation completed correctly.

[ 150 ]

Chapter 6

3. Verify that the installation has completed successfully by accessing the Event Viewer | Application.

4. Verify that the Office Software Protection Platform service is added and started.

[ 151 ]

Sequencing Complex Applications

What if the service is not installed?

Even though the installation appeared to have completed, with no errors generated, the service might not be created or started. And when you run the Office installation during the sequencing process, the following error message will be displayed: Error 1920. Service "Office Software Protection Platform" (osppsvc) failed to start. Verify that you have sufficient privileges to start system services.

This will happen if you are using the wrong version of the Deployment Kit; remember that the architecture used by the installer must be the same as the operating system.

About Microsoft product keys

The Microsoft Volume License Key terms changed significantly when Windows Vista was released; Microsoft introduced two new concepts—Multiple Activation Keys (MAK) and Key Management Service (KMS) keys. MAK activation, as shown in the example, requires each machine/client to execute it by Internet, telephone, or using Microsoft's Volume Activation Management Tool (VAMT). VAMT acts as a centralized management point for the existing keys in your organization, where you can check the status of all existing keys and activate them remotely if you want to. You can download this tool by accessing the Microsoft Download Center at http://www.microsoft.com/downloads/en/default.aspx. KMS does not require a separate activation for each of the clients; applications and software using KMS will contact a key server every 180 days to validate the status of the inserted key, making it a transparent process for users. VAMT can also be used for KMS activations. This last type of key, KMS, are the most recommended when you are deploying Microsoft Office 2010, as it avoids the activation phase every user must otherwise execute when the application runs for the first time.

[ 152 ]

Chapter 6

Another important note about Microsoft keys and the deployment of Microsoft Office 2010 as a virtualized application is that MSDN and TechNet keys are not valid in App-V; if you try to deploy packages using these keys the product will not activate.

Capturing Microsoft Office 2010

Once the Deployment Kit is installed correctly, you can start the capturing process. 1. Locate the Microsoft Office 2010 installer and start the installation before starting to capture it. In the first stage the installer extracts several files that must be avoided during the sequencing. 2. Start the App-V Sequencer and select Create a Package.

[ 153 ]

Sequencing Complex Applications

3. Complete the package information and click on Next.

4. On the next page click on Begin Monitoring to generate the virtual environment.

[ 154 ]

Chapter 6

Select the folder on Q:\ drive where the binaries will be placed.

5. Go back to the Microsoft Office 2010 installer and click on Customize. 6. Under Installation Options select only the necessary products. Avoid using the option Install on first use - always select the option to either install completely or not at all.

[ 155 ]

Sequencing Complex Applications

7. Under File Location select the folder previously created in Q:\.

8. It is optional to fill in the User Information.

[ 156 ]

Chapter 6

9. Click on Install Now. This may take a while depending on the components selected. 10. Once the installation is completed, click Close.

11. You will need to activate the installation, so search for the binaries placed on Q:\ and double-click on one of the applications. Do not use Microsoft Outlook, OneNote, or Groove to perform this.

[ 157 ]

Sequencing Complex Applications

You will also be asked about configuring Updates, select Don't make changes.

While the capture process is still running, you will need to make a few changes to the registry; this way these changes will be included in the package. 12. The first one is related to Windows Search preferences. Open an elevated command prompt and type the following command: reg add "HKLM\SOFTWARE\Microsoft\Windows\Windows Search\ Preferences" /v "{0077B49E-E474-CE11-8C5E-00AA004254E2}" /t REG_ DWORD /d "1" /f

[ 158 ]

Chapter 6

13. The next registry keys will be added and then immediately deleted. This way when the application is deployed, it will delete any existing keys on the targeted machine. As this example is using a 64-bit operating system, the registry path is located in Wow6432Node. reg add HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9203C2CB-1DC1-482d967E-597AFF270F0D}\TreatAs reg add HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{BDEADEF5-C265-11D0BCED-00A0C90AB50F}\TreatAs reg delete HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9203C2CB-1DC1482d-967E-597AFF270F0D}\TreatAs /va /f reg delete HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{BDEADEF5-C26511D0-BCED-00A0C90AB50F}\TreatAs /va /f

If you are using a 32-bit operating system the path will be HKEY_CLASSES_

ROOT\CLSID\{value}\TreatAs.

The /va parameter is used to delete any of the existing sub-keys and their values. The /f parameter is used for executing without confirmation.

[ 159 ]

Download from Wow! eBook <www.wowebook.com>

Sequencing Complex Applications

14. After this is completed, you can now click Stop Monitoring. This process may also take some time as the information is collected. Once it completes, click on Next.

15. In Configure Applications the entire set of applications will be shown. You can remove the applications that you won't be using, such as Notepad or Internet Explorer.

[ 160 ]

Chapter 6

To get the proxies working, you will need to add them manually at this stage. 16. The first one to be added will be the MailTo proxy. This is the option that is used on Send To; adding this proxy will allow the option to use the virtualized Microsoft Outlook 2010 as the default. You can find this executable at C:\Program Files (x86)\Common Files\ Microsoft Shared\Virtualization Handler\MapiServer.exe. It is highly recommended that you use the field in OSD File Name as a short name and without any spaces. In this example it is MAPI.osd.

The Version field in all applications will be reviewed later, as you need to maintain all applications with the same number.

17. Do the same for the Virtual Search Host, located in the same folder as VirtualSearchHost.exe. Don't forget to change the OSD File Name.

[ 161 ]

Sequencing Complex Applications

18. Repeat the process for the file VirtualOWSSuppManager.exe.

19. If you are including Outlook 2010, the Mail Control Panel component can also be added. The path for this file is C:\Windows\system32\Control.exe, but you need to add the Office path as well. Add the application as follows: C:\Windows\system32\Control.exe Q:\selectedFolder\Office14\ mlcfg32.cpl. Take note that selectedFolder represents the path you selected when you

started sequencing the application.

If you didn't include Outlook in the installation, the CPL file will not exist. 20. You can also include the Microsoft Office Document Cache application, which can be found in Q:\selectedFolder\Office14\MSOSYNC.EXE.

[ 162 ]

Chapter 6

21. By default, each application added includes a shortcut. As these proxies are only functionalities, we don't need any shortcuts. So you can remove them from shortcuts.

[ 163 ]

Sequencing Complex Applications

22. Also note that the existing detected applications do not contain a recommended file name for the OSD.

Access each application and enter a short name for the OSD.

[ 164 ]

Chapter 6

This step can be combined with changing the Version field for all applications; it is also a requirement to use the same version number for all of them. 23. Check the Microsoft Office 2010 installer version. You can find this by using file properties and clicking on the Details tab.

The current version of the installer is 14.0.4730.1010.

[ 165 ]

Sequencing Complex Applications

24. Using the installer version number, access all of the Microsoft Office applications and replace the Version field data with that number.

25. With all those changes made, you can now click on Next. 26 On the Launch Applications page you can execute the applications which will generate the primary block for this package (FB1).

[ 166 ]

Chapter 6

As this is the first block that is streamed to the client, you must ensure that you run the applications with their most common usage. Some examples are using Microsoft Word 2010 with the Spelling and Grammar feature, or inserting images, charts, shapes, adding WordArt or a Cover Page, and so on. You must remember that understanding common application usage in this phase can translate into optimized bandwidth usage when delivering App-V applications and improving users' perceptions of virtual applications. 27. Once you have completed the launching phase, click on Next.

28. Once the App-V Sequencer completes, click on Finish.

[ 167 ]

Sequencing Complex Applications

The first phase of the sequencing process is complete; now you will also need to make a few changes to the package and some small captures from the registry as well.

Editing the package

Microsoft Office 2010 has been captured but there are some modifications that you must make to the App-V package before streaming it. These modifications also include a small capture phase, which can be easily executed even if the wizard was completed and closed. You can restart the wizard and add a few modifications to the virtual environment without affecting the previous capture. 1. Once the wizard is complete, you will see the package editor. You can start by inserting the Package Name.

[ 168 ]

Chapter 6

2. Under the Deployment tab, select the name of the App-V Server to be used for deployment and the proper port.

Another interesting option in this case is Compress Package. As this package will be large (in this example, with just Word, Excel, PowerPoint, and SharePoint Workspace the total size is 1 GB), compressing the package will reduce it to 50% of the original size. 3. Under the Virtual Registry tab, open the following path: REGISTRY | MACHINE | Software | Wow6432Node | Microsoft | Office. This is the path for 64-bit operating system; for 32-bit the Wow6432Node must be ignored.

[ 169 ]

Sequencing Complex Applications

4. Right-click on 14.0, select Key, and Merge with Local Key. Using this option means that the App-V application will get the chance to see both registry options—the virtual registry presented by the isolated environment in App-V and the local registry on the client's operating system.

[ 170 ]

Chapter 6

5. Now to add a few more registry keys to be captured in this package. Select Tools | Sequencing Wizard. 6. Click on Next and select Begin Monitoring.

7. Once the environment is ready again, you need to add the registry values for the Outlook profile (this is normally created when you run the configuration wizard). Open an elevated command prompt and type: reg add HKEY_CURRENT_USER\Software\Microsoft\Windows NT\ CurrentVersion\Windows Messaging Subsystem\Profiles

[ 171 ]

Sequencing Complex Applications

8. As this example is using a 64-bit operating system, you will also execute the following command: reg add HKEY_CURRENT_USER\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles

9. You will again need to add and delete a registry key so that the virtual application can delete it if the application was previously installed on the machine. Execute the following commands: reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\ Addins\Microsoft.OMSAddin reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\ Addins\Microsoft.OMSAddin /va /f

10. As the last step in this advanced sequencing process, you are going to change a basic default setting in App-V, the Local Interaction with other applications, which is always disabled by default. One of the main features in virtualized applications is the isolation these applications can achieve regarding existing software on a client operating system. You can change this and allow virtual applications to interact with other applications to use them for particular tasks, like allowing them to use an installed application such as Windows Live Messenger. Microsoft Office 2010 requires this ability, which can be enabled in the OSD file generated with the tag LOCAL_INTERACTION_ALLOWED. You must be very careful using this option and it should be avoided unless it is absolutely necessary. [ 172 ]

Chapter 6

For more information about Local Interaction behavior in App-V, the Microsoft App-V Team has a very complete post

A Look Under the Covers - The LOCAL_INTERACTION_ ALLOWED Tag at http://blogs.technet.com/b/appv/ archive/2007/09/20/a-look-under-the-covers-thelocal-interaction-allowed-tag.aspx.

You will need to edit the OSD files generated by accessing the OSD tab. On each application execute the following: 1. Expand SOFTPKG | IMPLEMENTATION. 2. Right-click on VIRTUALENV, select Element | Add | POLICIES.

3. Right-click on POLICIES, select Element | Add | LOCAL_ INTERACTION_ALLOWED.

[ 173 ]

Sequencing Complex Applications

4. Select LOCAL_INTERACTION_ALLOWED and in the Element Text section add the value TRUE.

For this task, you can also use a third-party tool, OSD Editor from Login Consultants; with this tool the process will be much more straightforward. The tool is available from the company's website; you just need to register for free.

[ 174 ]

Download from Wow! eBook <www.wowebook.com>

Chapter 6

With that step, you are ready to save the project (finally!). Verify that the Compress Package option is the best suited in your environment and also if generating an MSI is necessary.

The last step is, of course, publishing and deploying the application.

Publishing and deploying Microsoft Office 2010

The deploying process for Microsoft Office 2010 is pretty much the same as any App-V package, but if you want to use the "proxies" mentioned above you will need to add a small change.

[ 175 ]

Sequencing Complex Applications

This example will be using the App-V Management Server to distribute the application. Here is a look at how: 1. Import the application in the App-V Management Console. Add the necessary permissions to the applications.

Take a closer look at the application shortcuts. If you use the normal Start menu options, the shortcuts will be placed in the Microsoft Office folder; if a previously installed version of Office is using the same folder in the Start Menu of the client machines, you will encounter some problems. The applications are ready as soon as you add them to the server, but for them actually work properly on the client, you will also need to install the Microsoft Office 2010 Deployment Kit in the App-V Desktop Client.

[ 176 ]

Chapter 6

2. Access the App-V Desktop Client and make the Deployment Kit available. The Microsoft Office shortcuts should be in place if you refresh the App-V client or just log in using a selected user.

3. Run from the command prompt the same installation as used when you sequenced the application. In this case it is as follows: msiexec /i OffVirt.msi WORD=1, EXCEL=1, POWERPOINT=1, GROOVE=1

[ 177 ]

Sequencing Complex Applications

4. You can also open any of the Microsoft Office 2010 applications. As it is the first time you are launching them, this is probably going to take a few seconds because all the applications you launched when you were sequencing them are placed in the first block that is streamed to the client.

5. As soon as you open any of the applications, the product will request activation. In this case, as you never provided a product key, it will ask for one.

[ 178 ]

Chapter 6

Enabling Microsoft Office proxies

Enabling the functionalities in a virtualized Microsoft Office requires a little extra work. But the trade-off could be everything to the experience the user is expecting from this deployment. To enable the Microsoft Office proxies execute the following steps: 1. You need to open one of the OSD files generated and retrieve the following values: °°

Package GUID: This identifier is always unique (or at least it should be) on every package you are using. You can find it under IMPLEMENTATION | CODEBASE.

[ 179 ]

Sequencing Complex Applications

°°

Version: The same used in the installer.

°°

Name: For each of the proxies you have added, you are going to use the name used by the OSD. The applications involved in this example are Microsoft Virtual Office Simple Mapi Proxy Server, Search MAPI Protocol Handler Host, and Microsoft SharePoint Client Support Manager.

2. With all this information, you can now re-install the Deployment Kit adding these parameters.

[ 180 ]

Chapter 6

In this example, here's the command: msiexec /i OffVirt.msi ADDDEFAULT=Click2runOneNoteProxy,Cl ick2runOutlookProxies,Click2runWDSProxy,Click2runOWSSuppP roxies PACKAGEGUID={8AD07653-8995-498A-ADEF-84A6C27A8CAA} PACKAGEVERSION=14.0.4730.1010 MAPISERVER="Microsoft Virtual Office Simple Mapi Proxy Server" VIRTUALSEARCHHOST="Search MAPI Protocol Handler Host" OWSSUPPServer="Microsoft SharePoint Client Support Manager"

The variables you need to change are PACKAGEGUID, PACKAGEVERSION, and the rest of for proxies used. 3. For testing these on the client use the indexing options provided by the proxies. With this option, the search options in the operating system can also find keywords within Word documents. This example is using a normal Word document Virtual Proxies.docx, so select a word inside this document, "Handler".

[ 181 ]

Sequencing Complex Applications

Using the Start menu search, you can see that looking for the "handler" keyword finds the Word document as a match.

That's pretty much all about sequencing Microsoft Office 2010. If you don't have much experience sequencing applications you won't find this procedure very straightforward; the main reason for this is that Microsoft Office has a high level of integration with the operating system. Sequencing complex applications could take several hours of work. You must always start by understanding how the application interacts with the operating system and all of the components involved.

Troubleshooting applications deployment As with any platform with any complexity, you can find in App-V several situations where you need to troubleshoot your deployments. Most of the errors seen in deployments are related to these three basic areas: •

The Post Installation Tasks in the App-V Management or Streaming Server were not completed. Around 80% of the problems can be found within those tasks.

•

The selected application was not sequenced using best practices.

[ 182 ]

Chapter 6

•

The applications used are not supported. A lack of analysis and testing usually ends up with applications not working properly. A correct assessment and verifying that the application supports virtualization (covered in Applications not supported for sequencing in Chapter 5) should be enough to avoid this type of incorrect deployment.

Microsoft App-V, besides the messages in Event Viewer, contains a client log where you can monitor any activity in detail. You can find it at C:\ProgramData\ Microsoft\Application Virtualization Client\sftlog.txt.

Error code: xxxxxx-xxxxxx0A-20000194 The complete message of this error states:

The package requested could not be found in the system data store or the files associated with this package could not be found on the server. Error code: xxxxxx-xxxxxx0A-20000194.

Reason

This error message is related to the second item from the bullet list you just saw. The App-V Desktop Client cannot find the package name within the App-V Management or Streaming Server. Another possibility is that the package and files could exist on the server, but they were not added correctly.

Resolution

You can resolve this error message with the following steps: •

Verify the path of the sequenced application. If you are storing the application in a sub-folder inside the content folder, the specific path must exist in the App-V package otherwise the applications files should be in the \content folder and not at a deeper level.

•

Verify the file name of the sequenced application. If you are not using the 8.3 naming convention you may experience several problems. Edit the App-V package and save the SFT, OSD, XML, and so on using the 8.3 naming convention.

[ 183 ]

Sequencing Complex Applications

Error code: xxxxxx-xxxxxx0A-10000004 The complete message of this error:

The Application Virtualization Client could not establish a connection to the Application Virtualization Server. Check your network connection, and then try again. Error code: xxxxxx-xxxxxx0A-10000004.

Reason

This error is related to first item in the bullet list you just saw. The App-V Desktop Client cannot communicate with the App-V Server or the machine in charge of delivering the application. A simple way to test for this problem is to execute a telnet from the App-V Desktop Client to the server using the port from which the server is delivering applications to the client. For example, if you are using RTSP streaming, the command should be as follows: telnet appv-server 554

Resolution

You can resolve this error message with the following steps: •

Verify the Application Virtualization Service is started on the App-V Server.

•

Verify the inbound connections for the server are configured correctly on the firewall (complete steps are explained in the Post installation tasks section in Chapter 3).

•

Verify there are no firewalls between the client and server that could be in the way of the communication. If there are, ensure the appropriate ports are open. If you completed the Hostname field incorrectly when you saved the Sequencer Project earlier the xxxxxx-xxxxxx0A-10000004 error will appear as well. This is because it is looking for a server name that is not online or does not exist.

[ 184 ]

Chapter 6

Summary

In this chapter, you not only had the chance to work with a complex application, which allowed you to gain experience in the sequencing process, but also reviewed step-by-step the procedure for capturing one of the most important applications to virtualize. The possibilities and recommendations for using a virtualized Microsoft Office 2010 suite will always depend on each environment and organization. Even though, as any other virtual application, you only need to capture it once with each operating system and you do not have to touch that package until the release of any major update or service pack, deploying Office using App-V could have some costs (hardware, bandwidth, storage, and so on) that might not be appropriate for your environment. Microsoft Office 2010 by itself contains several options for automatic deployment, and you should always consider these options before migrating it to virtual. Consider sequencing Office 2010 as the best approach when you need the co-existence of different Office suites on the same client machines. In the next chapter you will review another level of complexity in virtual applications: dependencies using Dynamic Suite Composition.

[ 185 ]

Managing Dynamic Suite Composition As discussed earlier, Microsoft App-V represents the most dynamic platform for virtualized applications, from which you can scale up application deployment by delivering an efficient design. Dynamic Suite Composition (DSC) represents one of the most important features when talking about agile deployments. DSC provides the ability to have a new layer of interoperability, virtualized applications dependencies, where one App-V package depends on and interacts with another App-V package. With Dynamic Suite Composition, you get the chance to avoid large-sized packages or redundant sets of components, virtualized separately in different applications. You can virtualize one application normally, like Microsoft Office, and on a different package a Microsoft Office plugin that will only be streamed down to the clients whenever it is required. Having separate environments not only reduces the chance of getting application components captured more than once in different packages but also gives us control of these dependencies and lets you distribute the applications with more accuracy to users, achieving a one-to-many strategy on applications. For example, having several web applications packages but only one Java Runtime Environment (JRE) used by all these web applications. In the previous chapter, you had the chance to sequence an application with high complexity like Microsoft Office 2010. There you reviewed the virtual environment created on an application capture and also saw how you can edit this environment to set the right parameters in your application. The dependencies mentioned in DSC are nothing but parameters in the virtual environment of each application.

Managing Dynamic Suite Composition

Manually editing the OSD file represents the main task in DSC preparation, but, of course, the risks increase as editing some of these parameters could end up causing erratic functionality in the App-V packages. Fortunately, Microsoft provides the Dynamic Suite Composition tool with which you can easily establish the necessary communication channels between applications. In this chapter you will look at: •

Understanding how Dynamic Suite Composition works

•

Practical examples of preparing and using DSC

How Dynamic Suite Composition works

Dynamic Suite Composition represents the way in which administrators can define dependencies between App-V packages and guarantee final users transparent operability in applications. In normal use of the operating system, you can find several applications which are dependent on other applications. Probably the best example are web applications interacting, from a browser of course, constantly with Java Runtime Environment, Silverlight, and other applications like a PDF reader. DSC is also suitable in any plugin scenario for other large applications like Microsoft Office. Dynamic Suite Composition always identifies two types of applications: •

Primary application: This is the main application and is usually the full software product. This should be identified as the application users execute primarily before needing a second application.

•

Secondary application: This is usually a plugin attached to the primary application. It can be streamed in the normal way and does not need to be fully cached to run.

An important note is that a primary application can have more than one secondary application but only one level of dependency is supported. You cannot define a secondary package as dependent on another secondary package.

[ 188 ]

Chapter 7

Here is an example from the App-V Sequencing Guide by Microsoft, showing the "many-to-one" and "one-to-many" relationship in Dynamic Suite Composition.

These application dependencies are customizable in the App-V configuration file for virtual applications, the OSD, where you are going to use the tag in the primary application, adding the identifiers of the secondary application(s). So every time the main application needs a secondary application (like a plugin), it can find the right path and execute it without any additional user intervention. In some environments you can find secondary applications that could be a requirement for normal use of a primary application. With DSC, you can also use the variable MANDATORY=TRUE in the primary application OSD file. This value is added at the end of the secondary application reference.

DSC does not control the interaction

When you discuss implementing Dynamic Suite Composition in your organization you must always remember that DSC does not control the interaction between the two applications, and is only in charge of sharing the virtual environment between the App-V packages. [ 189 ]

Managing Dynamic Suite Composition

The SystemGuard, the virtual environment created by each App-V application, is stored in one file, OSGuard.cp (you can find it in the OSD file description using the name SYSGUARDFILE). Once the application is distributed, every change made by the operating system's client and/or user changes, are stored in Settings.cp. DSC represents by sharing, between primary and secondary application, the Settings.cp file, while always maintaining the OSGuard.cp. This task will guarantee the interaction between the two applications, but Dynamic Suite Composition does not control how this interaction is occurring and which components are involved. The reason for this is that when you find yourself in a complex DSC scenario, where you have a primary application with several secondary applications that use the same shared environment as well, some conflicts may appear in the virtual environment; secondary applications overriding DLLs or registry keys, which were already being used by another secondary application in the same environment. If a conflict occurs, the last application to load wins. So, for example, the user data, which is saved in PKG files, will be kept within the secondary application package. Dynamic Suite Composition was designed to be used on simple dependencies situations and not when you want full and large software packages interacting as secondary packages. Microsoft Office is a good example of software that must be used as a "primary application" but never as a "secondary application".

Configuring DSC manually

Now you are going to take a closer look at configuring Dynamic Suite Composition. If you completed the steps for sequencing a complex application such as in the previous chapter, you will see that these steps as far simpler. When you are working with DSC, using virtual machine snapshots is highly recommended as both applications, the primary and secondary, must be captured separately.

[ 190 ]

Chapter 7

This example will use a familiar environment for most, integrating an Internet browser with another program; Mozilla Firefox 3.6 with Adobe Reader 9. The scenario is very well known to most users as most find themselves with a PDF file that needs to be opened from within the browser while you are surfing around (or receiving an attachment via web mail). If a PDF reader is not a requirement on the client machines you will be obligated to capture and deliver one to all possible users, even though they only use it when a PDF files appears in their browsing session. Using Dynamic Suite Composition you can easily configure the browser, Mozilla Firefox, with a secondary application, Adobe Reader, which will only be streamed down to clients if the browser accesses a PDF file. These are the steps to follow: 1. Log on to the sequencer machine using a clean image, install and capture the primary application. 2. Import the primary application in the App-V Management Server. Set the permissions needed for the selected users. 3. Restore the sequencer operating system to the base clean image. 4. Install the primary application locally again; do not capture this installation. 5. Install and capture the secondary application with App-V Sequencer. 6. Import the secondary application in the App-V Management Server. Set the permissions needed for the selected users. 7. Modify the dependencies on the OSD file from the primary application. Here is a detailed look at this process. 1. Install and capture the primary application, Mozilla Firefox. This example is using an already captured application; you can review the process of sequencing Mozilla Firefox in the previous chapter. Here's a quick look at the procedure: i. Start the App-V Sequencer Application and begin the capture. ii. Start the Mozilla Firefox installation (if using Windows 7 you may need to use compatibility mode for the installer).

[ 191 ]

Managing Dynamic Suite Composition

iii. Select the installation folder in Q:\ using an 8.3 name in the folder.

iv. Complete the installation. v. Stop the capturing process and launch the application. It is recommended to remove automatic updates from the Mozilla Firefox options.

[ 192 ]

Chapter 7

vi. Complete the package customization and save the App-V project. 2. Import the primary application, Mozilla Firefox. i. Copy the project files into the content folder in the App-V Management Server. ii. Open the App-V Management Server Console and import Mozilla Firefox. iii. Select the proper permissions and shortcuts to be published. 3. Restore the operating system to the base clean image. 4. Install Mozilla Firefox locally - no need to capture it again. It is best practice to install the primary application in the same way and with the same options as when it was installed when you captured it. Any inconsistency could be reflected in inconsistent behavior of the secondary application. 5. Install and capture the secondary application, Adobe Reader 9.3. Ok, now it is time to make your own way and sequence this application. Do not worry, Adobe Reader does not have any particular considerations. Here are a few guidelines to remember: i. Once the capturing process starts, remember the application installation folder must be in Q:\. This example is using the folder name AdbRdr93.

[ 193 ]

Managing Dynamic Suite Composition

ii. As soon as the installation is finished, change the OSD File Name to a short name.

iii. Launch the application in the sequencing process, go to Preferences | Updater, and select Do not download or install updates automatically.

[ 194 ]

Chapter 7

iv. In the Deployment tab complete the name of the App-V server in charge of distributing this application. v. In order to be able to reduce the size of the package, you can remove some unnecessary files from the Virtual File System tab; for example the Adobe Updater. Removing files in VFS is a dangerous thing to do. Keep this in mind when you are sequencing an unfamiliar application for the first time.

vi. Save the project. 6. Import the secondary application, Adobe Reader 9.3 as follows: i. Copy the project files into the content folder in the App-V Management Server. ii. Open the App-V Management Server Console and import the Mozilla Firefox. iii. Select the proper permissions and shortcuts to be published. Before you go on, make a checkpoint to verify you are on the right track. Run a few tests on the application separately to verify there were no errors in the sequencing process. [ 195 ]

Download from Wow! eBook <www.wowebook.com>

Managing Dynamic Suite Composition

iv. Check Mozilla Firefox runs normally in App-V Clients as a virtual application. If you run Mozilla Firefox and try to open a PDF file, without having any PDF reader on the App-V client, the following message will appear as there is no program associated to open the PDF file:

v. Check whether Adobe Reader 9.3 runs normally in App-V Clients as a virtual and separate application. Now you can go on with the DSC process. 7. Modify the dependencies in the OSD file from the primary application. i. Open the secondary application Adobe Reader's OSD file located in the content folder. Copy the line of CODEBASE.

[ 196 ]

Chapter 7

In this example, the complete line reads as follows: The information in this line will not be exactly the same in your environment; for example, the GUID represents the unique ID for the App-V package.

ii. Open the primary application Mozilla Firefox's OSD file. iii. Locate in the file and just above it insert a line reading . iv. Below insert the CODEBASE selected from the Adobe Reader OSD file. v. Below this new line, insert .

In this example, the three lines inserted:

As the primary application does not need the secondary application to work, you do not need the MANDATORY variable set here. With that change, you are ready to give it a try on the App-V Desktop Client. [ 197 ]

Managing Dynamic Suite Composition

vi. Access the App-V Client and open the App-V Management Console. In Publishing Servers right-click on the App-V Server with the published applications and select Refresh Server.

vii. Open the Mozilla Firefox virtualized application and browse for a published PDF file on the Internet. Here's an example, accessing a website with a PDF associated with it:

[ 198 ]

Chapter 7

Or you can also find a PDF file that has been downloaded and open it with Mozilla Firefox.

At this point you can see Dynamic Suite Composition as a simple procedure; when you evaluate the DSC Tool by Microsoft things are going to get much simpler.

Using the Dynamic Suite Composition tool

This Microsoft tool provides even more simplicity to the DSC process. You can easily accomplish creating the dependencies without editing any OSD files. The Dynamic Suite Composition tool does not need any installation; by running the EXE file you are ready to start using it. You can find it at Microsoft Download Center http://www.microsoft.com/downloads/en/default.aspx. Here is a look at this simple process, using the previous example of Mozilla Firefox and Adobe Reader: 1. Open the Dynamic Suite Composition Tool and in Package Root(s) select the content folder in the App-V Server. The applications existing in the folder will be loaded, and they should be grayed out until you select a primary application.

[ 199 ]

Managing Dynamic Suite Composition

2. In Primary Package select Mozilla Firefox.

3. In Secondary Package select Adobe Reader 9.3 and click on Add.

[ 200 ]

Chapter 7

Adobe Reader is now added in the Dependencies area. If you are using one primary package and several secondaries, you just need to add them inside Dependencies. You can also add the Java Runtime Environment, which is another suitable secondary application for browsers. 4. Note that you can set the Mandatory variable with just one click.

5. Click on Save and the change is ready to be used in App-V Clients. If you check the Mozilla Firefox OSD file you will see that the same change was made as in the manual process.

6. Remember to refresh the server in App-V Clients. With that, the applications are ready to work together.

[ 201 ]

Managing Dynamic Suite Composition

Summary

In this chapter, you had the chance to review one of the most important features in Microsoft Application Virtualization regarding dynamic and agile environments— Dynamic Suite Composition. DSC manages dependencies between App-V packages, which you can categorize as primary and secondary applications. Dynamic Suite Composition is an important strategy you can use to prevent large virtualized application size and also gain granular control of the permissions and access you give users for the secondary applications, like plugins. DSC gives us the possibility to use "one-to-many" scenarios, where you have one primary application with several secondaries. But Dynamic Suite Composition is not in charge of managing and controlling the interaction between all these applications. That's why you must be careful which applications you select as secondary, as not all are suited for this category. Configuring DSC manually consists mainly in configuring the OSD file from the primary application and adding a simple DEPENDENCIES tag linking to one or several secondary applications. Fortunately, Microsoft also provides us with a much simpler procedure using the Dynamic Suite Composition Tool, which with a simple GUI you can set all the necessary dependencies. In the next chapter you will see other interoperability options you can achieve in App-V, this time combining an existing System Center Configuration Manager environment with App-V.

[ 202 ]

Integrating App-V with System Center Configuration Manager 2007 R2 System Center Configuration Manager (SCCM) is one of the most robust platforms available, not only for deploying applications (SCCM provides a vast set of solutions for deploying and updating operating systems), but also for running complete assessments (health, hardware and software inventory, and so on) on clients, servers, and devices at every layer (virtual, physical, and mobile) working in your organization. One of the most important qualities you can have as a technology professional is understanding that the solutions, platforms, and technologies you would like to implement should adjust to your requirements and possibilities, and not the other way around. Microsoft's technologies are designed this way, including Microsoft Application Virtualization and System Center Configuration Manager which, based on their characteristics can interact at deployment levels. The SCCM implementation models are quite similar to the ones already discussed for App-V. That's one of main reasons you should consider the integration when you are designing the deployment. A simple example regarding the combination of technologies is that if you have already designed and deployed System Center Configuration Manager across the organization, you most likely deployed Distribution Points near branch offices; the same architecture definition should apply for App-V Streaming Servers. There's no need to implement both; having SCCM server deployed you could achieve the same streaming functionality with Configuration Manager using the same package you would use in an App-V Streaming or Management Server.

Integrating App-V with System Center Configuration Manager 2007 R2

You didn't have much stability when you were working with the previous versions of these platforms, App-V 4.5 and SCCM 2007 R2 SP1. A lot of troubleshooting was needed plus most of the App-V features were lost. Fortunately, App-V 4.6 and the R2 Service Pack 2 of Configuration Manager made tight integration possible between these technologies This chapter will not discuss how to implement System Center Configuration Manager or the client's deployment. Instead, the content of this chapter will be based around assuming that the SCCM platform is already in place and with the clients already integrated. Some of the topics will be: •

Benefits and limitations of integrating System Center Configuration Manager and App-V

•

How does the integration between these platforms work

•

Delivery possibilities using SCCM with App-V packages

•

Example of integrating System Center Configuration Manager 2007 R2 SP2 with virtual applications

Why integrate?

As always, before implementing, you should keep in mind why you are doing it and what the results you should expect are. There are some important concepts discussed in this chapter that are also mentioned in the Microsoft official white paper, App-V_and_ConfigMgr_Whitepaper_Final.docx, regarding App-V and System Center Configuration Manager integration and you can find this document at the Microsoft Download Center http://www.microsoft. com/downloads/en/default.aspx. Here are the key points for integrating Microsoft App-V with System Center Configuration Manager: •

Optimizing your Infrastructure: If you have already implemented SCCM in your environment, not integrating with App-V could create higher management costs, troubleshooting, complexity, and hardware, as you will need to implement the Streaming Server separately from your Distribution Points. Configuration Manager can fulfill the streaming process without requiring major changes in your implementation.

•

Improved client targeting: System Center Configuration Manager makes it possible to deploy normal and virtual applications with an enhanced level of targeting, depending on collections and the capabilities of the systems involved. [ 204 ]

Chapter 8

•

Complementing App-V with SCCM assessments: Microsoft Application Virtualization includes user targeting for their packages; integration with Configuration Manager can combine these possibilities with software metering, asset intelligence, and Wake-on-LAN (waking a computer that is turned off to deliver a package) features for the virtual applications deployment.

•

Virtual Applications delivery as a complement to Operating System Deployment: One of the most important features in SCCM is Operating System Deployment (OSD), which can be combined and scaled up with other features like software updates, software and hardware inventory, targeting for implementing operating system drivers, and so on. Using App-V you can deliver applications as soon as the operating system is deployed, saving considerable time in delivering a ready-to-go operating system.

•

Background delivery of App-V applications: On unstable or slow networks, BITS protocol can be leveraged allowing application delivery as network connections permit. The SCCM client performs the download of the App-V application into the SCCM cache where it is then imported into the App-V cache. This offers much more flexible application delivery but comes with a storage penalty on the client. The application will exist in both the SCCM and App-V client cache and cannot be purged from the SCCM client cache. This means that in this delivery model there is at least a doubling of the storage required on the client.

Limitations of the integration

There are some limitations to integrating SCCM and App-V. This is completely understandable considering that only in the last version of both of these platforms, App-V 4.6 and System Center Configuration Manager 2007 R2 SP2, is this integration supported. Here are some points that you should consider as well: •

You must re-advertise an application when there is an active upgrade. As mentioned before Active Upgrade is the process that you run on an App-V package to update the application using a service pack or any other type of modification; the App-V Full Infrastructure Model automatically delivers the new version to clients. SCCM does not know about any updates, so you will need to create a new advertisement every time there is a virtual application update.

[ 205 ]

Integrating App-V with System Center Configuration Manager 2007 R2

•

Reduced reporting. App-V Full Infrastructure provides a very important set of reports you can execute and retrieve about your virtual application; Configuration Manager does not provide the same level of reporting. Using Local Delivery as the preferred method for delivering applications means that it is not possible to report on how many times an application has been used.

•

Targeting applications for Remote Desktop Services clients is not recommended. This is not a limitation only for virtual applications, but applies to all Configuration Manager Clients' user targeted and/or user interaction with the SCCM client. The SCCM client only allows software distribution to the console session of a terminal server system (mstsc.exe / console). Therefore, if an application delivery is targeted to users that are using a remote session on the terminal services system; they will not be able to execute the advertisement.

•

Asset Intelligence (in charge of reporting and inventory features) in SCCM requires Feature Block 1 present in the virtual application streamed to clients.

•

Asset Intelligence cannot inventory virtual applications which co-exist with the same version of the application installed locally. As mentioned, virtual applications live within their own environment, making it possible for an application to be both installed locally and virtually deployed. In this scenario, Asset Intelligence will not inventory the App-V application.

•

In order to use Dynamic Suite Composition in virtual applications working together with SCCM R2 SP2, both interconnected packages must be advertised and registered with the App-V Client. That is why using the local delivery method (download and execute, to be discussed later), is the recommended option when using DSC.

•

As seen earlier DSC provides the ability to mark dependencies in virtual packages, and when you are using this feature App-V stores both packages (primary and secondary) in the same virtual environment, requiring both packages to be advertised and registered to the client in order to function properly.

How does the integration work?

Having reviewed the benefits and limitations of integrating App-V and System Center Configuration Manager 2007 as well as the requirements to achieve this, let's take a look at how this process happens.

[ 206 ]

Chapter 8

Components involved

As you are merging two separate platforms, you need to understand which components, roles, and services will be utilized from each of the platforms: •

App-V Sequencer: No surprise here, the virtual application must be sequenced and captured by a Sequencer. The process of capturing it is the same and you don't need to introduce any changes to that phase.

•

SCCM Site Server: In charge of managing and handling the actions performed by the SCCM Distribution Points.

•

SCCM Distribution Point: Storing and distributing the App-V applications.

•

SCCM Client: Client agent which communicates with System Center Configuration Manager and receives the virtual applications.

•

App-V Client: SCCM Client and App-V Client work together. The SCCM Client delivers the virtual application to the App-V Client which is responsible for executing it.

Delivery methods

When you are integrating SCCM with App-V, there are two delivery methods when distributing virtual applications—streaming delivery and local delivery (download and execute).

Streaming delivery

This delivery method represents the one talked about when discussing the App-V Streaming Server. As said, this is a role you can install on a server which will execute nothing more than delivering applications; this server can be a System Center Configuration Manager Server configured for streaming delivery. When using this delivery method, the App-V Client will be configured to receive applications using HTTP/HTTPS (standard distribution point) or SMB (Branch Distribution Point) streaming.

[ 207 ]

Integrating App-V with System Center Configuration Manager 2007 R2

This is how the delivery works in the streaming mode:

Image used from Microsoft official guide Virtual Application

Management with Microsoft Application Virtualization 4.5/4.6 and System Center Configuration Manager 2007 R2.

Note: FTAs stand for File Type Associations. In this process you can evaluate the entire workflow of the streaming delivery from the moment the application is sequenced. These set of steps should be familiar if you already know and understand how a Streaming Server works with virtual applications, but note the following: •

The App-V Client does not stream an application until one of the shortcuts for this application is double-clicked.

•

Once the streaming process is started, the same behavior occurs at first. Feature Block 1 is delivered from the SCCM Distribution Point to the App-V Client cache.

•

Once the application is running, the rest of the package is streamed down by the App-V Client.

[ 208 ]

Chapter 8

The streaming delivery method must be considered when the clients and servers live on the same LAN; remember that the streaming process requires high-bandwidth connections. Another good example of using this method is when you have applications that are constantly updated, the updates occurs at the Distribution Point which delivers the new package to the clients. Avoid using this method when you have several offline users.

Local delivery (download and execute)

The local delivery (download and execute) method explains itself; the initial task executed by the client is downloading the application, the complete package, and then executing it. In this downloading process, the application is delivered to the SCCM client cache and then the SFT file is streamed from the SCCM client cache into the App-V client cache. Basically, the SCCM client works as a local streaming server for the App-V Client. This is how the delivery works in this mode:

[ 209 ]

Integrating App-V with System Center Configuration Manager 2007 R2

Image used from Microsoft official guide Virtual Application

Management with Microsoft Application Virtualization 4.5/4.6 and System Center Configuration Manager 2007 R2.

In this process workflow figure, you can clearly see how the SCCM client is in charge of downloading the entire content of the package as soon as it is advertised. But when the user clicks on any of the shortcuts for the application, the App-V Client streams the application to the cache from the SCCM Client cache, and then completes the launch process. The application stays in App-V cache, ready to be launched, as long as the advertisements are maintained in Configuration Manager. The local delivery is the best approach when you are using slow networks between servers and clients, and of course for offline users who can work normally with the application even when they are not connected to the network. The local delivery also needs a considerable amount of storage; three times the size of the application package—one for the SCCM Client, another for the App-V Client, and the third one is stored for calculating differentials when the application receives an update.

Do you need to re-sequence an application to use it with SCCM?

One of the questions you may receive from App-V administrators who have never worked with this integration could be If I have already sequenced an application and the deployment options are set to look for an App-V Server to receive the application, do I have to re-sequence the application and set a new value for the SCCM Distribution Point in charge of distributing it? This could sound like a logical action to execute, change the value set in the App-V Desktop Client and/or the App-V application to start looking for a SCCM Distribution Point instead of an App-V Server. But fortunately, you don't have to change anything. The App-V Client includes a new registry value OverrideURL. This value can be set to use an alternate server in charge of delivering the virtual applications. The process is transparent to the user; the value is changed by the SCCM client and the streaming process is redirected to the Configuration Manager Distribution Point in charge of the delivery.

[ 210 ]

Chapter 8

Following is a simple diagram where you can see the interaction between the SCCM Client and the App-V Client.

Image used from Microsoft official guide Virtual Application

Management with Microsoft Application Virtualization 4.5/4.6 and System Center Configuration Manager 2007 R2.

Requirements for the integration

App-V and System Center Configuration Manager are two important platforms, each of them having a certain complexity. Before starting to plan the integration, it is time to review the requirements and the considerations.

SCCM platform requirements

Even though it could sound pretty obvious at this point, remember that having a healthy SCCM environment represents an important starting point before starting to make changes to the environment. Regarding System Center Configuration Manager 2007 components, the following basic platform is needed: •

Primary Site: SCCM 2007 R2 SP1/SP2 with the primary site server is needed.

•

Site Server: A Site Server with the following roles installed: °°

Site System [ 211 ]

Integrating App-V with System Center Configuration Manager 2007 R2

°°

Site Server

°°

Component Server

°°

Distribution Point

°°

Fallback Status Point

°°

Management Point

°°

Reporting Point

•

Distribution Points: At least one available and working, with IIS and streaming enabled for BITS application delivery. This server will be in charge of the package distribution.

•

Clients: SCCM Client installed and working properly.

Those are the minimum requirements for integrating an App-V platform with System Center Configuration Manager. But if you are going to work with App-V 4.6 you must consider that it requires SCCM 2007 R2 with SP2; Service Pack 1 is not supported for this version of App-V. System Center Configuration Manager R2 SP2 was released with several important improvements. Discussing the use of those improvements with SP2 is beyond the scope of this book, but just to name a few: •

Supporting Windows 7 and Windows Server 2008 R2.

•

Improved user-based targeting. Some changes were implemented to how applications, including the virtual ones, are deployed and published on clients.

•

Supporting 64-bit clients.

Storage requirements

In the official guide provided by Microsoft - Virtual Application Management with Microsoft Application Virtualization 4.5/4.6 and System Center Configuration Manager 2007 R2 you can find a complete reference to all the requirements, including the storage considerations. You can download this guide from the Microsoft Download Center at http://www.microsoft.com/downloads/en/default.aspx. These considerations depend primarily on the type on the delivery method chosen. As for the App-V environment, you must size the storage considering clients, App-V cache and server, and Distribution Points in SCCM. Here is a general guideline to the storage requirements: •

SCCM Clients cache must be configured considering the full size of the App-V packages to be distributed. [ 212 ]

Chapter 8

•

For the App-V Client cache, it is recommended to size it considering the SCCM client cache defined. The App-V client cache should be configured with the free disk space threshold option, setting it to 1 GB additional than the SCCM client cache value. For example, using a SCCM Client cache with 4 GB, the App-V Client cache should be configured with a free disk space threshold of 5 GB.

•

SCCM Distribution Points should allocate space equal to the size of the package multiplied by three. This sizing considers the delivery method, current version of the package, upgrade version, App-V client cache version, and differential files while constructing an upgraded version of the package.

To know how to configure the SCCM Client you can check the How to Configure the Temporary Program Download Folder (Cache) for Configuration Manager Clients article by Microsoft: http://technet.microsoft.com/en-us/library/bb680615.aspx

Implementing App-V and SCCM integration

Ok, now that you understand how these two platforms communicate with each other, it is time to start getting some practice. If you are familiar with both environments, managing and publishing applications within System Center Configuration Manager 2007, and have also used Microsoft Application Virtualization, then these processes should not surprise you as they are not complex. In overview, the steps you are going to execute are as follows: 1. Configure SCCM to distribute virtual applications. 2. Import virtual applications into SCCM. 3. Advertise and distribute virtual applications in SCCM. Here is a look at each of these steps.

[ 213 ]

Integrating App-V with System Center Configuration Manager 2007 R2

Configuring SCCM to distribute virtual applications

This is the logical first step to execute, as System Center Configuration Manager does not include the options by default to advertise and stream virtual applications. Enabling advertisements and streaming of virtual applications are two different sets of procedures to execute. The procedures start by assuming you already have a user with proper permissions to change settings in the Configuration Manager environment.

Enabling virtual application advertisements To enable virtual application advertisements follow these steps:

1. Log in to a computer with the SCCM management console. 2. Navigate to System Center Configuration Manager Console | Site Database | Site Management | siteName (SMS - SCCM Lab here) | Site Settings | Client Agents.

[ 214 ]

Chapter 8

3. Right-click Advertised Programs Client Agent and select Properties.

4. In the General tab, select Allow virtual application package advertisement.

5. Click OK. [ 215 ]

Integrating App-V with System Center Configuration Manager 2007 R2

Enabling streaming of virtual applications To enable virtual application streaming follow these steps:

1. Log in to a computer with the SCCM management console. 2. Navigate to System Center Configuration Manager | Site Database | Site Management | siteName (SMS - SCCM Lab here) | Site Settings | Site Systems | serverName (SCCM Lab here).

3. Right-click ConfigMgr distribution point and select Properties.

[ 216 ]

Download from Wow! eBook <www.wowebook.com>

Chapter 8

4. Under the General tab verify that in Communication settings the option Allow clients to transfer content from distribution points using BITS, HTTP and HTTPS (required for device clients and Internet-based clients) is checked. This option is checked by default when you configure the ConfigMgr distribution point role for the first time.

[ 217 ]

Integrating App-V with System Center Configuration Manager 2007 R2

5. In the Virtual Applications tab, click on Enable virtual application streaming.

6. Click OK. With those two steps you are ready to start importing applications, advertising, and delivering them to clients.

Importing a virtual application into SCCM

Importing a virtual application in Configuration Manager does not differ much from the procedure with normal applications. The manifest, XML, is the file used to retrieve the information related to the virtual application. This file is modified whenever the SFT with new references to the OSD files is generated. These changes are related to a topic discussed earlier; SCCM needs to modify them to override the configurations set when you sequenced the application. Before starting with the importation process you must have defined the Source directory, where the application's files are stored, and the Destination directory, where the new and changed file will be stored. Because of these changes, you must ensure that these directories are different, otherwise the original files will be overwritten. Remember the Source directory can be a network location; for example, where the files are currently stored for the App-V platform.

[ 218 ]

Chapter 8

Here is the process: 1. Log in to a computer with the SCCM management console. 2. Navigate to System Center Configuration Manager | Site Database | Computer Management | Software Distribution | Packages.

3. Right-click on Packages, select New | Virtual Application Package.

[ 219 ]

Integrating App-V with System Center Configuration Manager 2007 R2

4. An installation wizard will appear, and the first thing that you need to fill in is the Source directory where the manifest file is located. This example will be using a local directory on the SCCM Server and the selected application is Mozilla Firefox.

Click on Next. 5.

[ 220 ]

Chapter 8

6. On the next page you must define the Destination directory; this path will be accessed from the clients later to retrieve the applications. As recommended before, this network location should be different to the one selected for Source. This example will be using a directory created especially for App-V packages \\Sccm-2007\SMS_SMS\virtualApps.

[ 221 ]

Integrating App-V with System Center Configuration Manager 2007 R2

Click on Next. 7. Verify and modify, if necessary, the security settings for this application. Click on Next.

8. Verify the options and values on the Summary page and click on Next.

[ 222 ]

Chapter 8

The importation process will start, and depending on the application size, could take a few moments. 9. Once the process is completed, click on Close.

You can easily identify the virtual packages in your SCCM console, using the App-V icon.

[ 223 ]

Integrating App-V with System Center Configuration Manager 2007 R2

With that, your importation process is complete.

Advertising and distributing a virtual application in SCCM

Once the importation process is complete, you can start the advertisement. 1. Navigate to System Center Configuration Manager | Site Database | Computer Management | Software Distribution | Packages. 2. Expand Packages and right-click the application you want to advertise. Select Distribute | Software.

[ 224 ]

Chapter 8

3. A new installation wizard will appear, click on Next on the first page. 4. Select the Distribution points you would like to use for distributing the application and click on Next.

The distribution point SMSPXEIMAGES$ only appears if you have the role PXE Service Point installed in SCCM. This distribution point is only used for publishing boot images, which are applied in Operating System Deployment (OSD). In this case, it is not necessary to enable it.

[ 225 ]

Integrating App-V with System Center Configuration Manager 2007 R2

5. On the following page, leave Yes selected for the option to create the advertisement for this virtual application.

Click on Next. 6 In the Select Program page click on Next.

[ 226 ]

Chapter 8

7. If you have already created a collection for this advertisement, select it by clicking Browse. This example already has a collection Windows 7 created with an added client.

If you need to create a new one from scratch, you can do this by selecting Create a new collection and advertise this virtual application to it. 8. In the collection properties, complete the Name and Comment and click on Next.

[ 227 ]

Integrating App-V with System Center Configuration Manager 2007 R2

9. Verify if a subcollection applies to you and click on Next.

10. Complete the Advertisement Schedule and click on Next.

[ 228 ]

Chapter 8

11. On the next page, select the options Yes, assign the virtual application. This will make this advertisement mandatory.

Click on Next. 12. Check the Summary page and click on Next.

[ 229 ]

Integrating App-V with System Center Configuration Manager 2007 R2

13. The process should only take a moment. Click on Close on the final page.

Summary

In this chapter you had the chance to review the importance of System Center Configuration Manager 2007 R2 SP2 integrated with App-V 4.6. You have learned some of the important facts, including the limitations of why these two platforms can and should be complementary instead of having them working separately and distributed among clients. SCCM R2 SP2 integrated with virtualized applications involved two types of applications delivery: •

Streaming delivery, suited for clients on the same LAN, which works with a Streaming Server (the SCCM Distribution Point) that delivers the virtual applications to the App-V Client

•

Local delivery (download and execute) method, the best approach for offline users or low bandwidth networks, which streams the application to the client's cache only when the user executes the application for the first time, and subsequent launches are executed only from this client's cache

[ 230 ]

Download from Wow! eBook <www.wowebook.com>

Chapter 8

You have also reviewed all the requirements for the integration, including SCCM platform and storage requirements. With that, all the steps necessary to configure SCCM to work with virtual applications as well as importing, advertising, and delivering these applications were explained in detailed. It is a very common scenario in App-V planning to consider an implementation where you already have SCCM in the organization. You must keep in mind that optimizing your infrastructure is a key factor in every implementation and you should not duplicate complexity maintaining two platforms separately; complementing these two correctly can preserve a healthy client and application delivery. In the next chapter you will take a look at more specific scenarios in App-V security, introducing and implementing secure communications and configurations within the Microsoft Application Virtualization environment.

[ 231 ]

Securing your App-V Environment Microsoft Application Virtualization, with the updated versions, was transformed into a robust and scalable platform, becoming the best choice for small-, medium-, and large organizations. In large organizations you can usually find several security policies regarding their communications; including applications deployment. The communications in App-V can be secured using certificates, which will guarantee safe communications between senders, such as an App-V Management or Streaming Server, and receivers, such as the App-V Desktop Client. Certificates are basically in charge of assuring the information sender and receiver has not been modified in the communication. Certificates are most commonly deployed and distributed using Certification Authorities (CAs), which is a valid and supported role from Windows Server, and are usually deployed in organizations where the certificate deployment is intended to be automated. The implementation of a root CA is out of the scope for this book, but you will see an alternative, supported method for implementing certificates. This chapter will cover how you can secure App-V communications and application delivery. Application delivery will focus on securing RTSP communications, but you can still use secure HTTP or SMB streaming. These are the topics to be covered: •

General guidelines for securing the App-V environment

•

How to create, configure, and implement certificates

•

Configuring secure communications between the App-V Management Server/Streaming Server and App-V Desktop Client

•

The changes required in virtual applications for secure delivery

Securing your App-V Environment

•

Overview of securing HTTP and SMB streaming

•

Review Internet-based scenarios and the considerations

General guidelines for securing the environment

One of the key aspects for any implementation is getting to know and understand the environment where you are going to work. There will be many matters to analyze and evaluate prior to design, and of course, one of them is security. Securing an environment has several considerations and cost should probably be one of the most important. You can always think about the most secure implementation available—combining hardening with Group Policies, IPsec connections, highly secured firewalls, customized operating systems, certificates, and so on. But each of these has a cost, not only for implementation but also maintenance. Getting to know the organization, their policies, expectations, budget, and security baselines will provide you with the necessary tools for an appropriate and secure design.

Securing the operating system

To start with the logical and basic aspects, you can start thinking about securing the operating system. Fortunately, Microsoft provides a complete guide to reviewing how you can secure the operating system with the Windows Server 2008 Security Guide (also available for Windows Server 2003). You can find it at the Microsoft Download Center http:// www.microsoft.com/downloads/en/default.aspx.

Securing SQL Server

The database is an important component in App-V, and if you are thinking of a secured environment you should consider enhancing common configurations in the SQL database and instance. Some of the considerations to evaluate: •

Connecting to the database only requires port 1433.

•

App-V does not need SQL authentication to the database.

[ 234 ]

Chapter 9

•

Remember that the App-V Web Service is in charge of connecting to the database and handling the read/write actions. No other component should have access to the database.

•

IPsec is a common implementation for connections to a SQL database.

You can find a complete guide to securing SQL Server for all supported versions (SQL Server 2005, 2008 and 2008 R2) at http://msdn.microsoft.com/en-us/ library/bb283235.aspx.

Securing the sequencing process

This chapter will evaluate and define the necessary steps to secure the following App-V connections: •

Client to App-V Management Server

•

Client to App-V Streaming Server

•

Management console to web service

As the App-V Sequencer only gets involved at the first stage in the sequencing process and no other connection is made to this computer, you won't need to use any certificates or IPsec policies. One important aspect of security in the sequencing process is that represented in the file permissions set by the application. Any common installation process creates the necessary files and folder used by the application and also sets the permissions for each of them. This is no small matter as application can store important user information such as credentials in these files and folders. Not protecting them properly can compromise this information in the applications you are delivering. The App-V Sequencer captures the NTFS permissions set by the application during the sequencing process, and if you modify any of those permissions in this process those permissions will persist in the application delivery.

[ 235 ]

Securing your App-V Environment

To avoid compromising files or folders, you can enforce the original permissions set by the application—the option used in the App-V Sequencer is called Enforce Security Descriptors under the Deployment tab.

Configuring App-V for secure delivery

To accomplish a secured environment for App-V there are several tasks you can execute. Of course, not all of them are mandatory and which ones you implement will depend mainly on two factors—the policies your organization already has and the implementation cost for security matters.

[ 236 ]

Chapter 9

The certificate used for communication must fulfill the common requirements for all environments you are attempting to use it in: •

Certificate must be valid

•

Certificate must contain the correct Enhanced Key Usage (EKU) – Server Authentication (OID 1.3.6.1.5.5.7.3.1)

•

Certificate FQDN must match the server on which it is installed

•

Client and server must trust the root Certification Authority (CA)

But there's also an important, last requirement for using App-V with certificates: •

Certificate Private Key has to have permissions changed to allow the App-V Service account (by default represented by NETWORK SERVICE) access to the certificate.

For more information about CA there are several articles available on Microsoft TechNet: •

Building an Enterprise Root Certification Authority in Small and Medium Businesses for Windows Server 2003 (http://technet.microsoft.com/enus/library/cc875810.aspx)

•

Active Directory Certificate Services Step-by-Step Guide for Windows Server 2008 (http://technet.microsoft.com/en-us/library/cc772393(WS.10).aspx)

Creating and configuring a certificate

The common scenarios where certificates are found in our organizations usually involve having an already internally deployed root CA or using a third-party public certificate. But fortunately there is an alternative for when you don't have a CA deployed and using a public certificate does not fit your environment. Using self-signed certificates, created by the machine in charge of the communications like an App-V Management Server, will provide the same level of security but with a little manual work up front. Here is a look at what is required: 1. Log in to the machine in charge of delivering applications. This example uses the App-V Management Server already deployed. 2. Access the Internet Information Services (IIS) Manager console from Administrative Tools. Note that this example uses the IIS 7 MMC. You should also see the IIS 6 console that was deployed for compatibility options and which does not provide the self-signed certificates option natively. [ 237 ]

Securing your App-V Environment

3. In the IIS console, click on the server name and look for the option Server Certificates.

4. In the right-pane, click on the option Create Self-Signed Certificate.

[ 238 ]

Chapter 9

5. An installation wizard will appear with an option Specify a friendly name for the certificate. This example uses appv-server as this is the name of the server involved. Click OK.

With that, the certificate is generated and imported locally on the App-V Management Server machine. But before deploying it, you need to set the permissions for the App-V service account to be able to access it. 6. Click on Run in the Start menu and type mmc. In the console, click on File | Add/Remove Snap-in. 7. In the list, select Certificates and click on Add.

[ 239 ]

Securing your App-V Environment

8. A second window will appear, this time for selecting the type of certificates to handle. Select Computer account and click Next.

9. Also select to use the local computer.

10. In the certificates console, expand Personal and click on Certificates. 11. Right-click on the certificate created earlier and it should appear as the FQDN of the server. Select All Tasks | Manage Private Keys.

[ 240 ]

Chapter 9

12. A new window will appear where you can set the permissions. Click on Add.

[ 241 ]

Securing your App-V Environment

13. In the account selection window, select the NETWORK SERVICE account, which is the default account set by App-V to run. 14. Select Read access to the certificate for the NETWORK SERVICE account.

The account NETWORK SERVICE is the default used by the App-V service; if you have changed this then you should change the permissions set in this step to the appropriate account. To verify the account used by App-V, you can access the Services console in the server and in the column Log On As the account will be listed.

Once the certificate is in place, you will need to export it in order to get it ready for deployment to clients. 15. Back to the certificates console, right-click the certificate and select the option All Tasks | Export.

[ 242 ]

Chapter 9

16. An installation wizard will appear. In the first window leave the No, do not export the private key option selected. Click on Next.

[ 243 ]

Securing your App-V Environment

17. Leave the DER encoded binary X.509 (.CER) option selected. Click on Next.

18. Select the path where the certificate will be stored and later accessed by clients. Click on Next and then Finish.

[ 244 ]

Chapter 9

Securing the App-V Management Server

Once the certificate is created and deployed in the server, the implementation process in the App-V Management Server is very simple and intuitive.

Securing the App-V Management Server at installation

If you don't already have the App-V Management Server deployed you can secure the connections from scratch. You can find this option in the installation process, at the Connection Security Mode step. Just select the option Use enhanced security and the drop-down will show you the certificates available. You will need to select, of course, the certificate with the FQDN of the server.

Securing an installed App-V Management Server Fortunately the process of securing an already deployed platform does not require complex steps or complicated changes to your environment. Here is a look at the procedure:

1. Access the Application Virtualization Management Console. Expand Server Groups and Default Server Group, which is the default group created in the environment you are using. 2. Right-click the name of the server and select Properties.

[ 245 ]

Securing your App-V Environment

3. In the new window, select the Ports tab. Uncheck the option for RTSP port and select RTSPS port. This example is going to keep the default port number for secure connections, 322.

4. Click on Server Certificate and a new wizard will appear. Click on Next.

[ 246 ]

Download from Wow! eBook <www.wowebook.com>

Chapter 9

5. Select the certificate you created earlier with the server FQDN. Click on Next.

6. In the last window, click on Finish. You will receive the message saying you need to restart the Application Virtualization Management Server service to complete the changes made.

[ 247 ]

Securing your App-V Environment

7. Just access the Services console, right-click Application Virtualization Management Server, and click on Restart.

The process for securing the connections used from the App-V Management Server is now completed.

Securing the web service

You can also secure the communication between the Application Virtualization Management Console and the web service in charge of managing the communication between the MMC and the SQL data store. As this example uses the Web Service, the MMC, and the SQL database on the same server, the procedure is really simple. 1. On the server access the Internet Information Services (IIS) Manager console. 2. Expand the server name, Sites and select Default Web Site. 3. In the Actions pane, select Bindings.

[ 248 ]

Chapter 9

4. Click on Add. In the Type drop-down select https and in the SSL certificate dropdown select the certificate created earlier. Click OK.

With that, you have configured your web service to accept HTTPS communications for the console. 5. You can test it by opening the Application Virtualization Management Console and selecting the 443 port.

For more information about IIS and certificates you can check the Microsoft TechNet article Managing Microsoft Certificate Services and SSL at http://technet. microsoft.com/en-us/library/bb727098.aspx. [ 249 ]

Securing your App-V Environment

Securing App-V Desktop Client

The procedure for securing the App-V Desktop Client is as simple as for the App-V Management Server. The options are the same, either configuring the client during the installation process or afterwards, for an already deployed client. Before starting the process you will also review the additional steps needed for this example, with the scenario of not having a CA available on the network and creating a self-signed certificate.

Importing the certificate into the App-V Desktop Client

As you are not using a CA, you need to configure the client's operating system to trust the App-V Management Server for secure connections. 1. Log on to the App-V Desktop Client. 2. Click on Run in the Start menu and type mmc. In the console, click on File | Add/Remove Snap-in. 3. In the list, select Certificates and click Add. 4. A second window will appear, this time for selecting the type of certificates to handle. Select Computer account and click Next. 5. Also select to use the local computer. 6. In the certificates console expand Trusted Root Certification Authorities. Right-click Certificates and select All Tasks | Import.

[ 250 ]

Chapter 9

7. The import wizard will start. Click on Next on the welcome screen. 8. Locate the .CER file exported earlier. For this example the file was copied to the client.

9. Leave the option Place all certificates in the following store selected which will be showing Trusted Root Certification Authorities.

[ 251 ]

Securing your App-V Environment

10. Click on Finish and the certificate will be imported. Now that the certificate is in place, you only need to change the communication type used in the App-V Desktop Client. 11. Access the Application Virtualization Client console. Select Publishing Servers, right-click the name of the App-V Server, and select Properties.

12. In the Type drop-down select the option Enhanced Security Application Virtualization Server and insert the Host Name for the server (in this example, appv-server.aalvarez.ad) and click OK.

[ 252 ]

Chapter 9

A very important note is that you must use the FQDN of the App-V Server and not the NetBIOS name. This is because the certificate just imported is using the Fully Qualified Domain Name to identify and trust in that server.

Securing App-V Streaming Server

Configuring secure connections for streaming servers can be a little bit tricky as you don't have an App-V console you can use to change the necessary configurations. That's why you will need to change some registry values to accomplish this. 1. Generate a certificate for the App-V Streaming Server using the same steps as shown previously. Again, for this step you can use an existing CA or a self-signed certificate. If you want the second option, you will probably need to install IIS on the server as it is a requirement for the App-V Streaming Server. 2. Once the certificate is created and configured, in the Certificate management console go to the Details tab and look for the Thumbprint value. Copy the value as shown in the following screenshot:

[ 253 ]

Securing your App-V Environment

3. Access Run and type regedit. Locate the path HKLM\Software\Microsoft\ SoftGrid\4.5\DistributionServer. If using a 64-bit OS, the registry path will be HKLM\Software\Wow6432Node\ Microsoft\SoftGrid\4.5\DistributionServer. 4. Double-click the key X509CertHash and paste the value from the Thumbprint but remove all spaces.

5. Now expand the registry folder DistributionServer, right-click RtspsPorts, and select New | DWORD (32-bit) Value.

[ 254 ]

Chapter 9

6. In the DWORD Value name type 322. Edit the value of Base, selecting Decimal and enter the Value data as 322.

7. Restart the Application Virtualization Streaming Server service and the Streaming Server configuration is complete.

Modifying virtual applications

If you have already configured the entire environment for using secure connections the only thing missing is re-configuring the virtual applications for secure delivery. The only step necessary for configuring a captured application to be streamed down in a secure mode if you are in the process of sequencing the application, is to change the protocol used to RTSPS (which can be found under the Deployment tab of the App-V Sequencer window) and entering the proper FQDN in the Hostname field.

[ 255 ]

Securing your App-V Environment

But if you already have the application imported into your server, you do not need to re-configure the App-V Sequencer project. You can accomplish it using the Application Virtualization ADM Template for applying a Group Policy to modify App-V Desktop Clients, or by modifying the OSD file in the virtual application. Using the ADM Template, you can automate the process by modifying the Application Source Root value in the Group Policy applied to the App-V Desktop Client. You must change the value to use the server's secure URL, in this case RTSPS://appv-server.aalvarez.ad:322. The Application Source Root value will override the URL placed in any application's OSD. There was a registry key for the App-V Desktop Client reviewed earlier which you can use for the same purpose—ApplicationSourceRoot.

If you want to configure it manually in the OSD of the virtual application you can do that as follows: 1. Access the content folder and locate the OSD file(s) you would like to modify. This example will be using the Default application. 2. Open the OSD file and edit the content CODEBASE HREF using the RTSPS protocol, the FQDN of the server, and the communication port. In this example, it is RTSPS://appv-server.aalvarez.ad:322/ DefaultApp.sft.

[ 256 ]

Chapter 9

3. In the App-V Desktop Client, access the Application Virtualization Client console, select Properties for the DefaultApp. 4. In the General tab select Clear.

5. Click Yes on the warning message. This will delete any cached information for the application.

[ 257 ]

Securing your App-V Environment

6. Under Publishing Servers, right-click the name of the server and select Refresh Server.

Once this is done, the application will be refreshed with the new and secure communication method for the server.

Securing other delivery methods

So far you have seen how to secure the default streaming method in App-V using the RTSP protocol. But you can also ensure that HTTP or SMB streaming can also be executed in a secure mode.

Securing HTTP streaming

Configuring HTTPS as a streaming method essentially involves three steps: 1. Securing the content virtual directory, in the same way as was shown in the Securing the web service section earlier. 2. If you are using HTTP or HTTPS you need to configure the MIME types to support the streaming. You need to add the following types: .OSD=TXT .SFT=Binary

The procedure to add MIME types in IIS is simple and can be referenced in the following articles by Microsoft: °°

Using IIS 7 (http://technet.microsoft.com/en-us/library/ cc725608(WS.10).aspx)

°°

Using IIS 6 (http://support.microsoft.com/kb/326965)

3. An optional procedure for HTTP or HTTPS streaming is to configure Kerberos authentication. Using this type of authentication, there is mutual confirmation between client and server, and it is highly recommended you use it. [ 258 ]

Chapter 9

To use Kerberos authentication between client and server, IIS must be configured to use Service Principal Name (SPN), which is used by a client machine to uniquely identify an instance of a service. To configure a SPN you can use the command line tool included in Windows Server 2008—Setspn.exe. To configure it on your server use the following command: setspn.exe –A HTTP/appv-server.aalvarez.ad

Securing SMB streaming

App-V provides the ability to stream applications using a file server, and you can also provide a secure environment when using the SMB protocol in the communication. The process for securing this type of streaming is not simple and involves complexity that goes beyond the scope of this book—an IPsec implementation. IPsec uses several protocols to accomplish high-security standards between hosts and even between networks, and is included in the standard of IPv6 but is optional in IPv4. IPsec protects any application traffic across an IP network. Microsoft TechNet provides guides for designing and implementing IPsec for all networks: •

Implementing IPsec with Windows Server 2003: Server and Domain Isolation Using IPsec and Group Policy (http://technet.microsoft.com/en-us/ library/cc163159.aspx)

•

Implementing IPsec with Windows Server 2008/Windows Server 2008 R2: Windows Firewall with Advanced Security and IPsec (http://technet. microsoft.com/en-us/library/cc732283(WS.10).aspx)

Using Internet-facing scenarios

Extending the App-V platform using the Internet is highly possible and does not involve great complexity. This is because the protocols and communications established between clients and servers can be identified and therefore published to the Internet. In the document provided by Microsoft (App-V Security Operations Guide available in Microsoft Download Center http://www.microsoft.com/downloads/en/default. aspx) there are examples of some of the most common scenarios for publishing the App-V platform to the Internet as well as considerations about using domain and non-domain joined clients. [ 259 ]

Securing your App-V Environment

Publishing App-V in your firewalls

Depending on network complexity and the App-V model selected, the scenarios available too numerous to describe individually. But two of the most common, publishing App-V servers located as part of the internal network behind a firewall, and publishing App-V servers located in the DMZ, can be covered here.

Using App-V Servers in the internal network

In this example, all of the App-V components are part of the internal network and are behind a firewall.

[ 260 ]

Chapter 9

Image taken from Microsoft's document App-V Security Operations Guide.

You will need to configure two rules in the firewall (for example ISA or Forefront TMG) to correctly publish the App-V services: •

Web Publishing rule for the server hosting the virtual packages. More information is available at http://technet.microsoft.com/en-us/ library/cc723324.aspx.

•

Server publishing rule for the App-V Server (using the RTSPS protocol). More information is available at http://technet.microsoft.com/en-us/ library/cc441512.aspx.

Using App-V Servers in the DMZ

In this scenario there are several possibilities according to the components you would like to place in the DMZ network and the ones to be placed in the internal network. A common recommendation in other environments is that the servers to be placed in the DMZ should be those in charge of communication with the clients and nothing more; in this case, the App-V Management Server (if applicable) and the IIS server for publishing and streaming. The following components should be placed as part of the internal network— Content server, SQL server, and Domain Controllers.

[ 261 ]

Securing your App-V Environment

Image taken from Microsoft's document App-V Security Operations Guide.

In this example, these are the communications that should be allowed between the different networks: Internet to DMZ •

RTSPS (Publishing Refresh and Streaming packages) °°

•

HTTPS (Publishing ICO and OSD files, and Streaming packages) °°

•

•

•

TCP 443 by default, this can be changed in IIS configuration

DMZ to Internal SQL Server (for communication with the App-V database) °°

•

TCP 322 by default, this can be changed in App-V Management Server

TCP 1433 is the default but can be configured in SQL Server

SMB/CIFS if the content directory is located remotely from the Management or IIS servers (to retrieve files for the virtual package) °°

Microsoft File Sharing SMB requires TCP ports 135 to 139

°°

Direct Hosted SMB requires both TCP and UDP port 445 (preferred choice)

Kerberos and LDAP (for Active Directory) °°

TCP and UDP 88

°°

TCP and UDP 389

DNS for name resolution of internal resources (this could be eliminated with the use of hosts files on DMZ servers)

Also if you are using an Internet-based scenario you would probably want to evaluate the possibilities of including non-domain joined clients as in that case you won't need a persistent VPN connection with machines joined to the domain to retrieve virtual applications. In order for App-V to function properly in the scenario for non-domain joined clients, you will need some extra configuration as the authentication phase must be completed in any case.

[ 262 ]

Chapter 9

You will need to store the users' information about the App-V platform (App-V server and a valid domain user account) in the App-V Client. In Windows 7, you can do this in Control Panel | User Accounts | Manage your credentials. For more information about this process check the Microsoft document App-V Security Operations Guide, available at the Microsoft Download Center http://www. microsoft.com/downloads/en/default.aspx. Additionally the App-V official blog from Microsoft has an interesting article about common errors when deploying a secure environment in App-V. You can check the article Troubleshooting Common RTSPS Issues with App-V available at http://blogs.

technet.com/b/appv/archive/2010/03/09/troubleshooting-common-rtspsissues-with-app-v.aspx.

Summary

In this chapter you had the chance to complete an overview of several issues you should address when you want to implement a secure environment for Application Virtualization. The general guidelines provided show that to completely secure an environment will require a lot of work on planning and analyzing the impact. Microsoft provides the necessary information for securing operating systems, SQL Server, IIS, and so on but it is your job to review the cost involved and if the organization is ready to pay it. App-V secure communications depend mainly on certificates, and you can complement this platform with an existing CA from your environment. This chapter also reviewed the process for using self-signed certificates in App-V, removing the need to use a CA but with some extra manual work involved. If you want to make changes to an existing App-V platform to make it more secure, a good thing to note is that the virtual applications won't need any changes to the packages. You can set the changes directly in the App-V Desktop Client by using Group Policy or the registry key for Application Source Root. This chapter also reviewed the importance of considering Internet facing scenarios and the options for publishing the services outside your network. Fortunately, App-V is suited for these scenarios without needing complex configurations.

[ 263 ]

Securing your App-V Environment

This is the last chapter of the book, which was indeed a lot of fun for me to write. Microsoft Application Virtualization represents a great technology most of us can use and the purpose of this book was for IT representatives to feel confident about the platform and taking their first steps into App-V. I'm pretty sure that the internal cloud model which is offered by Microsoft, where we can include App-V, will fit into most mid and large organizations. I hope you enjoyed using this book, which represents the hard work executed in several months, including some great professionals not only in Packt Publishing but in the App-V community.

[ 264 ]

Reviewing App-V for Remote Desktop Services (Terminal Services) As you have seen in the initial chapters of this book, agility and optimization are some of the most common keywords found in the virtualization world. Those keywords are not a recent invention; organizations were always looking for new or improved ways to optimize resources (like hardware, time, and money) and make their services and platforms more agile for deployment and maintenance. One of the technologies most commonly used to gain those benefits was Terminal Services, now called Remote Desktop Services, which allows for centralized management of resources, plus some simplified maintenance of users' environments. The name of Remote Desktop Services appeared because the platform communication is based on the RDP protocol. In Windows Server 2008 R2, Microsoft changed the term Terminal Services to Remote Desktop Services, and added some changes to the architecture and functionalities. One of the new features included is that, even though the protocol used is RDP, you can now also use Web Access to access applications or desktops, just needing a compatible browser. Many organizations choose Remote Desktop Services as part of the basis of their IT platform, which leaves you with a challenge if you are considering an App-V implementation. Can you believe in the co-existence of Remote Desktop Services and App-V? Yes, of course, but there are some considerations you should evaluate before the implementation as what you have seen so far of App-V deployments needs a twist for a successful combination with RDS.

Reviewing App-V for Remote Desktop Services (Terminal Services)

In this appendix, you are going to learn about: •

What Remote Desktop Services, formerly known as Terminal Services, is

•

Components involved in RDS

•

Differences in RemoteApp features between RDS and App-V

•

Combining RDS with App-V, including benefits, considerations, and procedures

What is Remote Desktop Services?

Remote Desktop Services (RDS) represents technologies provided by Windows Server 2008 R2 with which administrators can provide users a set of resources, like virtual desktops (as a session or using a virtual machine) and applications. The platform not only guarantees a secure environment for each user, but also a transparent experience using these resources, making the user feel like the session and/or applications are located on their machines. The principal features of Remote Desktop Services are: •

Sharing applications and desktops from a contained centralized environment, like a server farm.

•

RDS includes the ability to provide not only session-based desktops, but also complete operating systems with virtual machine-based desktops, known as VDI. Combining Hyper-V and System Center Virtual Machine Manager, RDS provides Microsoft's Virtual Desktop Infrastructure (VDI).

•

Centralized management of the resources involved.

•

RDP communication is the native protocol, but also includes web support for accessing resources.

•

Native application deployment with RemoteApp feature.

•

Compatible with App-V and other third-party technologies.

•

Automatic profile redirections for an enhanced user experience.

•

Multimedia (audio and video) redirection.

•

Audio input and recording.

•

Support for Aero Glass in Windows Vista and Windows 7.

For more information on Remote Desktop Services in Windows Server 2008 R2, have a look at the following link: http://technet.microsoft.com/en-us/library/ dd647502(WS.10).aspx.

[ 266 ]

Appendix

Components in Remote Desktop Services

Even though this appendix won't be focused on getting to know Remote Desktop Services deeply or how to install and configure it, you are going to take a quick look at the architecture and components involved. This way you will understand a little bit better how you can combine RDS with App-V. Depending on the type of deployment you would like to achieve in your organization (that is, combined with App-V, using RDS internally and also outside your network, number of users/applications involved, and so on) several roles can be included: •

Remote Desktop Session Host (RDSH): This is the server that will provide the sessions and/or applications to clients.

•

Remote Desktop Web Access (RDWA): This role presents the resources using a common URL you can access from any compatible browser.

•

Remote Desktop Gateway (RDG): Server in charge of handling requests from remote users to the internal network.

•

Remote Desktop Connection Broker (RDCB): This is the server which centrally handles all RDS requests. This role supports load balancing, so you can scale up your platform and optimize hardware utilization of your RDS farm.

•

Remote Desktop Virtualization Host (RDVH): The role in charge of VDI, for providing virtual desktops or virtual pool desktops to RDS clients, and using Hyper-V virtual machines.

•

Remote Desktop Licensing: This is the server role used to centrally manage all of the licenses involved in RDS.

Here are all the components working together:

[ 267 ]

Reviewing App-V for Remote Desktop Services (Terminal Services)

Image taken from Microsoft's Remote Desktop Services Blog at http://blogs.msdn.com/b/rds/.

For those who are used to the Terminal Services terminology, here's a simple table showing the previous and new name of each of these components: Previous name

Name in Windows Server 2008 R2

Terminal Services

Remote Desktop Services

Terminal Server

Remote Desktop Session Host

Terminal Services Licensing

Remote Desktop Licensing

Terminal Services Gateway

Remote Desktop Gateway

Terminal Services Session Broker

Remote Desktop Connection Broker

Terminal Services Web Access

Remote Desktop Web Access

Fortunately Microsoft provides complete guides for everything you can do with most of its technologies, including Remote Desktop Services. Take a look at the Remote Desktop Services Deployment Guide article at http://technet.microsoft. com/en-us/library/ff710446(WS.10).aspx.

App-V versus RemoteApp

As mentioned earlier Windows Server 2008 R2 Remote Desktop Services includes the possibility of a centralized deployment of applications, called RemoteApp. RemoteApp programs are applications installed on a RDS server, from which you can publish them to clients. Users can also access these applications from their computers, seemingly as locally installed applications. RemoteApp is integrated directly into the user's desktop, running in a local window and with its own entry in the taskbar. As for App-V, RemoteApp applications can run with other applications on the client's machine with no conflicts or incompatibilities. You can access RemoteApp applications from the Start menu (already published by an administrator), from an MSI file, or using .rdp (Remote Desktop Protocol) files, also created and distributed by an administrator.

What do you need to use RemoteApp?

Using RemoteApp doesn't need much expertise or a large hardware installation. RemoteApp is included, obviously, in the Remote Desktop Services role in Windows Server 2008 R2. [ 268 ]

Appendix

To install this role, all you need to do is add it from the Server Manager console.

If you are using a simple configuration for RDS, all you need is the Remote Desktop Session Host service which will be in charge of handling client desktops and published applications. Additionally, you can use the Remote Desktop Web Access service (also requires IIS) to facilitate users' access to their resources from a web browser. This could be really useful if you want a Citrix-like remote access environment.

[ 269 ]

Reviewing App-V for Remote Desktop Services (Terminal Services)

Similar to the App-V Full Infrastructure model, you can configure the users and user groups to be granted access to the resources that will be published.

Adding and configuring simple applications can be done from the RemoteApp Manager console, which does not support complex configurations. And user's access can be via an .rdp or MSI file, or through using a web browser. This example accesses PowerShell via a web browser.

[ 270 ]

Appendix

For a complete guide to using RemoteApp, have a look at the Deploying RemoteApp Programs to the Start Menu by Using RemoteApp and Desktop Connection Stepby-Step Guide article at http://technet.microsoft.com/en-us/library/ dd772639(WS.10).aspx.

Differences between RemoteApp and App-V

After reading this quick overview about RemoteApp, it sounds like it has all the features that we can find in virtualized applications using App-V, so what are the differences? RemoteApp

App-V

Installed on RDS server, published to clients

Sequenced on a similar desktop machine, delivered to clients

Using remote resources (memory, processor, and so on)

Using local resources

Requires a server hosting the application

Does not require any server, just the package you want to deliver

No possibility of using offline applications as you need an active connection to a server

Can be used for offline deployments

You need two servers if you want to publish incompatible applications using RDS (that is, Office 2007 and Office 2010)

You don't need any servers, just the sequenced applications

Published applications do not need compatibility with the client operating system

Applications should be captured and deployed in the same type of operating system

Without a question both technologies, RemoteApp and App-V, can save a lot of time and money. But before deciding on either of these two you should evaluate, plan, and design the best approach for your environment, considering that you can combine App-V with RDS and RemoteApp.

Combining App-V with Remote Desktop Services

The benefits you can achieve using App-V can sound a lot more interesting for most environments, but how can you maintain those benefits where you already have a Remote Desktop Services platform deployed?

[ 271 ]

Reviewing App-V for Remote Desktop Services (Terminal Services)

If you already have users accessing virtual desktops from RDS sessions or Hyper-V virtual machines in VDI, adding a new layer of complexity with App-V should be carefully analyzed before any implementation. Here are some reasons to use App-V along with RDS: •

Delivering applications to the RDS servers using App-V simplifies the time and effort to maintain these servers. Users can directly use the App-V RDS Client installed on the RDS server which will be in charge of receiving App-V packages.

•

App-V removes the need to install applications on servers. RDS requires an existing and installed application on a server for publishing it, making this a risk you have to accept; using App-V, you just need to deliver these applications to the servers without installing any of them.

•

You can optimize resource utilization in your RDS platform. In complex scenarios, you may need to publish incompatible applications using RDS. For example, HR members need Microsoft Office 2007 and management is using Microsoft Office 2010; for this, you need at least two separate RDS servers to install both of them. The App-V RDS client can be installed on one RDS server, from which you can deploy both incompatible applications and clients will still be using only one server.

•

Simplified applications deployment. Installing applications in RDS is a disruptive process; users must log off and a server reboot may be required as well. Using RDS with App-V, the process can be transparent for users, including updating an application.

•

Improving profiles experience. You can avoid the use of roaming profiles for users; App-V supports redirection for application settings. You can force mandatory profiles (user environment modification not possible by users) for RDS clients, while redirecting App-V applications data and settings to keep these changes consistent.

•

Using small foot-print images in VDI environments. Providing virtual machines for users' desktop environments can be really expensive in terms of storage, combining VDI with App-V can guarantee simple and small operating system images, while providing virtualized applications to complement the environment.

[ 272 ]

Appendix

Virtual Desktop Infrastructure (VDI) represents one of the most attractive solutions in virtual environments, and there are a lot of resources about it from Microsoft: •

Deploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide (http://technet.microsoft.com/en-us/library/ dd941616(WS.10).aspx)

•

Deploying Virtual Desktop Pools by Using RemoteApp and Desktop Connection Step-by-Step Guide (http://technet.microsoft.com/en-us/library/ dd772706(WS.10).aspx)

Installing and configuring App-V Remote Desktop Services Using App-V Remote Desktop Services does not differ much from a normal App-V deployment.

The only component which needs a special installation is the App-V Client, which uses different installation binaries, Microsoft Application Virtualization Client for Remote Desktop Services. The rest of the roles, App-V Management Server (including the Management System and Data Store), Streaming Server, and App-V Sequencer are exactly the same as seen earlier. To achieve a proper co-existence for these two platforms there are some important matters you should consider and take note of before the implementation - here's a short review.

App-V RDS client considerations

RDS has the same deployment process for the App-V applications, but the environment where you will be working is not the same as seen earlier. So here are some of the points you should consider: •

Consider using a network location for the "User-specific Data Location" option. This is where App-V stores the changes made in the application packages for each user. The default option is the AppData folder of the user's local profile. But if the scenario is using mandatory profiles, all of these changes will be lost and the App-V redirection will be the best approach. Keep in mind that with this redirection it is highly recommended to use a network location near the clients, to optimize the use of bandwidth and maintain an acceptable user experience. [ 273 ]

Reviewing App-V for Remote Desktop Services (Terminal Services)

•

Consider shared read-only cache for App-V for minimizing disk impact in VDI environments. In the App-V client installation you can set a common shared cache directory for App-V packages. Of course if you are using mandatory profiles and you do not have AppData redirection, this will not add any benefit as the changes in the profiles (including AppData) will not persist and you won't have to worry about profile size. More information about how to configure this option is available in the How to Configure a Read-only Cache on the App-V Client article at http://technet. microsoft.com/en-us/library/ee956915.aspx. The App-V shared cache feature is not supported at this time for use in RD Session Host farms.

•

Cache pre-load is usually a good approach in a RDS environment.

•

Highly recommended to standardize the RD Session Host settings across your server farm, maintaining the same configurations on all the servers as much as you possibly can.

Deployment considerations

Microsoft provides a very complete and interesting table about some considerations you should evaluate when you are analyzing the application delivery methods to the Remote Desktop Servers. You can find the complete reference in the App-V Remote Desktop Services document available from the Microsoft Download Center at http://www.microsoft.com/ downloads/en/default.aspx. Deployment method

Supports user publishing

Supports computer publishing

Upgrade process

Preload App‑V Cache Capability

Full Infrastructure w/ RTSP(s)

Yes

No

1. Version updated on App-V Management Server.

No

2. RD Session Host server placed in maintenance mode. 3. First open of package will upgrade.

[ 274 ]

Download from Wow! eBook <www.wowebook.com>

Appendix

Deployment method

Supports user publishing

Supports computer publishing

Upgrade process

Preload App‑V Cache Capability

Full Infrastructure w/ HTTP(s) or File Streaming

Yes

No

1. Version updated on App-V Management Server.

No

2. RD Session Host server placed in maintenance mode. 3. Publishing refresh. 4. First open of package will upgrade.

Stand Alone Client (MSI)

No

Yes

1. RD Session Host server placed in maintenance mode.

Yes

2. New version of package MSI executed. SCCM 2007 R2

No

Yes

1. RD Session Host server placed in maintenance mode.

No

2. Configuration Manager 2007 R2 advertisement executes. SFTMIME

Yes

Yes

1. RD Session Host server placed in maintenance mode.

Yes

2. Updated package published with SFTMIME.

An interesting note to remember about application publishing is that when you are working with RDS, if you are using computer publishing, the applications will be available for all users that are connected to the RD Server. User publishing will provide the granular permissions that are commonly necessary for most environments, only giving access to applications to the right RD clients.

Installing App-V RDS client

Once you have considered all the options for an App-V deployment with Remote Desktop Services, it is time to install the App-V Client in the RD Session Host.

[ 275 ]

Reviewing App-V for Remote Desktop Services (Terminal Services)

Installing the App-V client has no differences to any other application installed on a Remote Desktop Session Host, which must be set in install mode. 1. In the RD Session host, access Control Panel | Programs, and click Install Application on Remote Desktop Server.

2. A wizard will appear, click Next.

3. In the next window, insert the path for App-V Remote Desktop Services Client installation file and click on Next.

[ 276 ]

Appendix

4. Follow the installation wizard for App-V, completing the configurations needed. 5. Once the installation is complete click on Finish and the App-V RDS Client will be installed.

[ 277 ]

Reviewing App-V for Remote Desktop Services (Terminal Services)

Publishing App-V Applications with RemoteApp

As you have seen earlier, RemoteApp publishes any normally installed program to clients; App-V applications do not fit in the normal environment for RDS. That's why if you are seeking deployment of App-V packages using RemoteApp, it will require some extra configuration. This example will be using the DefaultApp provided by App-V. 1. Publish the application to the RD Server. 2. Make sure you have copied the EXE or DLL file where the application stores the icons used (available in the Icons folder for the virtual package). It is necessary to link each virtual application with the appropriate icon. 3. Access the properties from one of the shortcuts shown by the virtual application and copy the application name. The complete name + version used appears right after the /launch parameter. In this case, it is DefaultApp MFC Application 1.0.0.1.

[ 278 ]

Appendix

4. Open the RemoteApp Manager console and click on Add RemoteApp Programs.

5. A new wizard will appear, click Next in the welcome page.

[ 279 ]

Reviewing App-V for Remote Desktop Services (Terminal Services)

6. In the next window, click on Browse to select the application path. Search for the Application Virtualization Client folder located in Program Files. Select sfttray.exe file.

7. Click on Properties. Complete the name and alias for the application. 8. Select Always use the following command-line arguments option and insert: /launch "Application Name" (paste the value copied in step 3).

[ 280 ]

Appendix

Use the Change Icon option to select the proper icon for the application. For that, you will need the EXE or DLL file copied earlier. Click OK. 9. In the RemoteApp wizard click Next and in the last step, click Finish and you will be done.

With that, all you need to do is deploy the application using an .rdp or MSI file, or just access it from a web browser. This example will be using the last option.

[ 281 ]

Reviewing App-V for Remote Desktop Services (Terminal Services)

10. From a RD Client, access the web portal for Remote Desktop Services and you should see the DefaultApp available.

11. Clicking on it will give you access to the application as if it were deployed locally.

[ 282 ]

Appendix

Even more, you can verify that the App-V Client is being used from the RD Server (in the server name is w2k8-rds.aalvarez.ad) just by verifying the existing connection in the tray bar.

Using RemoteApp to publish App-V streamed applications does not involve a complex configuration, but it always needs some manual execution, making this not the most scalable solution available. But if you deployed App-V packages using SCCM 2007 R2 or an MSI, these particular steps are not necessary, as the application should already be available for selection in the RemoteApp wizard.

[ 283 ]

Reviewing App-V for Remote Desktop Services (Terminal Services)

Summary

In this appendix you had the chance to understand what the basic concepts in Remote Desktop Services are, what are the benefits, the components involved, and how you can combine them with Microsoft Application Virtualization. RDS also provides application deployment using RemoteApp, but even though the concept sounds similar, App-V and RemoteApp are not the same. The scenarios where you should consider each of them are different, but the combination could be a good complement in your organization. Combining App-V with RDS does not require large complex procedures, but it does need a proper analysis before implementation. Remote Desktop Services offers users a different way to handle their desktops or applications, forcing us to re-evaluate the App-V implementation. If you get to properly understand, plan, and design these two solutions, Remote Desktop Services and App-V could save a lot of resources from an IT point of view—time, money, people, and effort.

[ 284 ]

Download from Wow! eBook <www.wowebook.com>

Index A advanced sequencing 146, 147 application lifecycle, App-V application publishing and deployment 19 application sequencing 19 application termination 19 application update 19 application virtualization about 11 business application scenario 14 dynamic base operating system 15 facts 14 normal applications 12 platforms 16 side-by-side virtualization 13 virtual environment 12 App-V about 17, 18 and RemoteApp, differences 271 application lifecycle 19 case study 39 combining, with Remote Desktop Services 271, 272 differentiating, from other platforms 20 implementation models 18 Microsoft Office 2010 deployment kit, installing 149-151 publishing, in firewalls 260 versus RemoteApp 268 App-V 4.6 features 44-46 App-V applications publishing, with RemoteApp 278-283 App-V Client about 26, 27

hardware requisites 51 installing 76-79 software requisites 51 virtual environment 27 App-V Client component 207 App-V components about 24 App-V client 26, 27 App-V management server 24 App-V management system 25 App-V sequencer 28 App-V streaming server 25, 26 sequenced application files 28, 29 virtual environment 27 App-V data store hardware requisites 48 operating system 48 software requisites 49 App-V desktop client about 53 certificate, importing into 250-253 securing 250 App-V desktop client deployment 90-94 App-V environment App-V desktop client, certificate importing into 250-253 App-V desktop client, securing 250 App-V management server, securing 245 App-V management server, securing from installation 245 App-V streaming server, securing 253-255 certificate, configuring 237-244 certificate, creating 237-244 configuring, for secure delivery 236, 237 extending, internet-facing scenarios used 259

guidelines, for securing 234 HTTP streaming, securing 258, 259 installed App-V management server, securing 245-248 operating system, securing 234 other delivery methods, securing 258 publishing, in firewalls 260 SMB streaming, securing 259 SQL Server, securing 234, 235 using, in internal network 260, 261 web service, securing 248, 249 App-V implementation models full infrastructure 18 standalone 18 streaming mode 18 App-V infrastructure model 32 App-V management and streaming server hardware requisites 47 operating system 47 software requisites 48 App-V management server about 24 IIS 7, installing 54, 55 installation, scaling up 70, 71 installed App-V management server, securing 245-248 installing 54-62 post installation tasks 62-68 securing 245 securing, from installation 245 SQL Server 2008 SP1 instance, configuring 56 SQL Server Express 68-70 web service, securing 248, 249 App-V management system 25 App-V models about 29 application validations 34, 35 App-V full infrastructure model 32 App-V standalone model 29 App-V streaming model 30 hardware sizing validations 37, 38 validation 35-37 App-V models validation 35-37 App-V packages deployment, troubleshooting about 182, 183

xxxxxx-xxxxxx0A-10000004, error code 184 xxxxxx-xxxxxx0A-20000194, error code 183 App-V Ping about 95 uses 95 App-V Remote Desktop Services client considerations 273 client, installing 275-277 deployment considerations 274, 275 installing 273 App-V, requisites about 46 App-V client 51 App-V data store 48 App-V Sequencer about 53 hardware requisites 49 installing 74, 75 operating system 50 software requisites 50 App-V Sequencer component 207 App-V server using, in DMZ 261-263 using, in internal network 260, 261 App-V standalone model 29 App-V streaming model 30 App-V streaming server HTTP streaming 25 installing 80-83 RTSP/RTSPS streaming 25 securing 253-255 SMB streaming 25

B business application scenario 14

C case study, App-V App-V implementation, answers 40, 41 Contoso App-V implementation 40 example 39 scenario 39 certificate, App-V environment configuring 237-244 creating 237-244 Certification Authorities (CAs) 233 [ 286 ]

cloud service model 8 components, Remote Desktop Services (RDS) name in Windows Server 2008 R2 268 previous name 268 Remote Desktop Connection Broker (RDCB) 267 Remote Desktop Gateway (RDG) 267 Remote Desktop Licensing 267 Remote Desktop Session Host (RDSH) 267 Remote Desktop Virtualization Host (RDVH) 267 Remote Desktop Web Access (RDWA) 267

D default application testing 96-100 delivery methods, Microsoft App-V and System Center Configuration Manager integration local delivery (download and execute) method 209, 210 streaming delivery 207-209 DMZ App-V server, using 261-263 DSC about 13, 20, 187 configuring manually 190-199 primary application 188 secondary application 188 tasks 190 tool, using 199-201 working 188 DSC, configuring Mozilla Firefox, installing locally in operating system 193 primary application, capturing 191-193 primary application, importing 193 primary application, installing 191-193 secondary application, capturing 193-199 secondary application, installing 193-199 steps 191 dummy printer, creating Add a local printer, selecting 118 Printer name, entering 119

Printer Sharing screen 120 Dynamic Suite Composition. See  DSC

E Enhanced Key Usage (EKU) - Server 237 error code, Microsoft Office 2010 xxxxxx-xxxxxx0A-10000004 184 xxxxxx-xxxxxx0A-20000194 183

F full infrastructure model 52, 53

G Group Policy Management Console 92

H HTTP streaming about 20, 25 securing 258, 259

I Immidio 95 Infrastructure as a Service (IaaS) 8 Infrastructure Optimization (IO) model 17 internal network App-V server, using 260, 261 internet-facing scenarios 259 Internet Information Services (IIS) 20 Internet Information Services (IIS) Manager 237

J Java Runtime Environment (JRE) 187

K Key Management Service (KMS) keys 152

L local delivery (download and execute) 209, 210

[ 287 ]

M Microsoft Application Virtualization Administrative Template (ADM Template) 88 Microsoft App-V and System Center Configuration Manager integration App-V Client component 207 App-V Sequencer component 207 components 207 delivery methods 207 key points 204, 205 limitations 205, 206 requisites 211 SCCM Client component 207 SCCM Distribution Point component 207 SCCM platform requirements 211, 212 SCCM Site Server component 207 storage requirements 212 working 206 Microsoft App-V and System Center Configuration Manager integration, implementing SCCM, configuring to distribute virtual applications 214 virtual application, advertising in SCCM 224-230 virtual application, distributing in SCCM 224-230 virtual applications advertisements, enabling 214, 215 virtual applications, importing to SCCM 218-224 virtual applications streaming, enabling 216-218 Microsoft Deployment Toolkit (MDT) 15 Microsoft Management Console. See  MMC Microsoft Office 2010 capturing 153-162 deploying 175-178 deployment kit for App-V, installing 149-151 initial configurations 148 Microsoft Office proxies, enabling 179-182 Microsoft product keys 152, 153 package, editing 168-175

sequencing 148 Microsoft's Remote Desktop Services Blog URL 268 Microsoft Volume License Key 152 MMC 25, 137 Mozilla Firefox about 122 Access Permissions page 139 advanced options 125 Always perform this check when starting Firefox, unchecking 131 and Mozilla Firefox (Safe Mode) 127 App-V Management Server, accessing 137 Default Server Group, selecting 138 deploying 137, 138, 140 Deployment tab, accessing 134 Destination Folder, changing 126 Don't import anything, selecting 131 Monitor Installation page 127 OSD File Name, renaming 129 package information 124 publishing 142 save, clicking on 136 Show Advanced Monitoring Options option 124 Use Firefox as my default web browser, unchecking 127 Virtual Registry tab 134 Multiple Activation Keys (MAK) 152

N Network Load Balancing (NLB) 70

O ODBC Data Source Name, creating Connect to SQL Server to obtain settings for the additional configuration settings checkbox, unchecking 113, 116 default configuration, accepting 114 ODBC System DSN setting, creating 115 steps 111 User DSN tab 112 operating system, App-V environment securing 234 Operating System Deployment (OSD) 205

[ 288 ]

P Platform as a Service (PaaS) 8 primary application, DSC 188

R RemoteApp and App-V, differences 271 App-V applications, publishing 278-283 using, guidelines 268-271 versus App-V 268 Remote Desktop Connection Broker (RDCB) 267 Remote Desktop Gateway (RDG) 267 Remote Desktop Licensing 267 Remote Desktop Services (RDS) about 36, 265, 266 APP-V, combining 271, 272 components 267 features 266 Remote Desktop Session Host (RDSH) 267 Remote Desktop Virtualization Host (RDVH) 267 Remote Desktop Web Access (RDWA) 267 RTSP/RTSPS streaming 25

S SCCM Client component 207 SCCM Distribution Point component 207 SCCM platform requirements, App-V and System Center Configuration Manager integration 211, 212 SCCM Site Server component 207 secondary application, DSC 188 sequenced application files about 28 DSFT 28 ICO 29 manifest file 29 OSD (Open Software Description) 28 SFT file 28 SPRJ 29 sequencing about 104 best practices 108, 109 non supportive applications 120, 121

phases 104 requisites 106 sequencing applications about 122 complex 122 moderate 122 simple 122 sequencing applications, non supportive applications applications, integrating closely with operating system 121 applications, integrating with other applications 121 applications, resulting in .sft file greater than 4 gigabytes (GB) 121 applications with background tasks 121 applications with drivers 120 applications, with licensing enforcement tied to computer 121 applications with shell extensions 121 COM+ applications 121 sequencing, best practices application, executing 109 application requirements, understanding 108 application usage, understanding 108 automatic updates, removing 110 closing and shutting down programs 108 dummy printer, creating 117, 118 dummy printer, installing 110 launch phase 110 malware check 109 ODBC Data Source Name, creating 111, 112 ODBC Data Source Name (DSN), creating in sequencer machine 110 same operating system in sequencing and client machines, using 109 sequence process, documenting 111 short filename, using for application folder name 109 Test-driven development (TDD) 108 user expectations, setting 110 sequencing, phases installation 105 launch 105 process/customization 106 save 106

[ 289 ]

sequencing process, App-V environment securing 235 sequencing, requisites hardware requisites 107 operating system 107 server connection verifying 95 service level agreements (SLAs) 10 Service Principal Name (SPN) 259 SMB streaming about 25 securing 259 Software as a Service (SaaS) 8 Software Virtualization Solutions (SVS) 16 SQL server, App-V environment securing 234, 235 standalone mode group policy configuration 88, 89 manual configuration 87 storage requirements, App-V and System Center Configuration Manager integration 212, 213 streaming delivery 207-209 streaming mode group policy configuration 85-87 manual configuration 84, 85 preparing 84 System Center Configuration Manager (SCCM) about 15, 203 configuring, to distribute virtual applications 214 virtual applications, advertising 224-230 virtual applications, distributing 224-230 virtual applications, importing 218-223

V virtual applications advertising, in System Center Configuration Manager (SCCM) 224-230 distributing, by configuring System Center Configuration Manager (SCCM) 214 distributing, in System Center Configuration Manager (SCCM) 224-230

importing, to SCCM 218-224 modifying 255, 257, 258 virtual applications advertisements enabling 214, 215 virtual applications streaming enabling, steps 216-218 virtual COM 27 Virtual Desktop Infrastructure (VDI) 266, 273 virtual drive or virtual file system 27 virtual environment virtual COM 27 virtual drive or virtual file system 27 virtual fonts 27 virtual INI 27 virtual process environment 27 virtual registry 27 virtual services 27 virtual fonts 27 virtual INI 27 virtualization about 9 application deployment incompatibility issues, removing 11 benefits 9-11 cost savings 9, 10 easy-to-manage platforms 10 enhanced backup and recovery 10 faster and dynamic deployments 9 scalable platforms 10 Virtualized Microsoft Office 2010 147, 148 virtual process environment 27 virtual registry 27 virtual services 27 Volume Activation Management Tool (VAMT) 152 VPN (Virtual Private Network) 39

W web publishing rule for server hosting virtual packages 261

Z Zenoss URL 7

[ 290 ]

Thank you for buying

Getting Started with Microsoft Application Virtualization 4.6

About Packt Publishing

Packt, pronounced 'packed', published its first book "Mastering phpMyAdmin for Effective MySQL Management" in April 2004 and subsequently continued to specialize in publishing highly focused books on specific technologies and solutions. Our books and publications share the experiences of your fellow IT professionals in adapting and customizing today's systems, applications, and frameworks. Our solution based books give you the knowledge and power to customize the software and technologies you're using to get the job done. Packt books are more specific and less general than the IT books you have seen in the past. Our unique business model allows us to bring you more focused information, giving you more of what you need to know, and less of what you don't. Packt is a modern, yet unique publishing company, which focuses on producing quality, cutting-edge books for communities of developers, administrators, and newbies alike. For more information, please visit our website: www.packtpub.com.

About Packt Enterprise

In 2010, Packt launched two new brands, Packt Enterprise and Packt Open Source, in order to continue its focus on specialization. This book is part of the Packt Enterprise brand, home to books published on enterprise software – software created by major vendors, including (but not limited to) IBM, Microsoft and Oracle, often for use in other corporations. Its titles will offer information relevant to a range of users of this software, including administrators, developers, architects, and end users.

Writing for Packt

We welcome all inquiries from people who are interested in authoring. Book proposals should be sent to [email protected]. If your book idea is still at an early stage and you would like to discuss it first before writing a formal book proposal, contact us; one of our commissioning editors will get in touch with you. We're not just looking for published authors; if you have strong technical skills but no writing experience, our experienced editors can help you develop a writing career, or simply get some additional reward for your expertise.

Xen Virtualization ISBN: 978-1-847192-48-6

Paperback: 148 pages

A fast and practical guide to supporting multiple operating systems with the Xen hypervisor 1.

Installing and configuring Xen

2.

Managing and administering Xen servers and virtual machines

3.

Setting up networking, storage, and encryption

4.

Backup and migration

Applied Architecture Patterns on the Microsoft Platform ISBN: 978-1-849680-54-7

Paperback: 544 pages

An in-depth scenario-driven approach to architecting systems using Microsoft technologies 1.

Provides an architectural methodology for choosing Microsoft application platform technologies to meet the requirements of your solution

2.

Examines new technologies such as Windows Server AppFabric, StreamInsight, and Windows Azure Platform and provides examples of how they can be used in real-world solutions

3.

Considers solutions for messaging, workflow, data processing, and performance scenarios

Please check www.PacktPub.com for information on our titles

VirtualBox 3.1: Beginner's Guide ISBN: 978-1-847199-14-0

Paperback: 348 pages

Deploy and manage a cost-effective virtual environment using VirtualBox 1.

Get up and running with VirtualBox to start working with your own virtual machines

2.

Effectively administer and use virtual machines in a home/office environment

3.

Analyze virtual machines with the most commonly used software tools

OpenVPN

ISBN: 978-1-904811-85-5

Paperback: 272 pages

Learn how to build secure VPNs using this powerful Open Source application 1.

Learn how to install, configure, and create tunnels with OpenVPN on Linux, Windows, and MacOSX

2.

Use OpenVPN with DHCP, routers, firewall, and HTTP proxy servers

3.

Advanced management of security certificates

Please check www.PacktPub.com for information on our titles

Least Privilege Security for Windows 7, Vista and XP ISBN: 978-1-849680-04-2

Paperback: 464 pages

Secure desktops for regulatory compliance and business agility 1.

Implement Least Privilege Security in Windows 7, Vista and XP to prevent unwanted system changes

2.

Achieve a seamless user experience with the different components and compatibility features of Windows and Active Directory

3.

Mitigate the problems and limitations many users may face when running legacy applications

Microsoft Silverlight 4 and SharePoint 2010 Integration ISBN: 978-1-849680-06-6

Paperback: 336 pages

Techniques, practical tips, hints, and tricks for Silverlight interactions with SharePoint 1.

Develop Silverlight RIAs that interact with SharePoint 2010 data and services

2.

Explore the diverse alternatives for hosting a Silverlight RIA in a SharePoint 2010 Page

3.

Work with the new SharePoint Silverlight Client Object Model to interact with elements in a SharePoint Site

4.

Use Visual Studio 2010's new features to debug Silverlight RIAs that interact with SharePoint 2010

Please check www.PacktPub.com for information on our titles

Download from Wow! eBook <www.wowebook.com>

Oracle VM Manager 2.1.2 ISBN: 978-1-847197-12-2

Paperback: 244 pages

Manage a flexible and elastic data center with Oracle VM Manager 1.

Learn quickly to install Oracle VM Manager and Oracle VM Servers

2.

Learn to manage your Virtual Data Center using Oracle VM Manager

3.

Import VMs from the Web, template, repositories, and other VM formats such as VMware

4.

Learn powerful Xen Hypervisor utilities such as xm, xentop, and virsh

Microsoft Dynamics NAV Administration ISBN: 978-1-847198-76-1

Paperback: 190 pages

A quick guide to install, configure, deploy, and administer Dynamics NAV with ease 1.

Install, configure, deploy and administer Dynamics NAV with ease

2.

Install Dynamics NAV Classic Client (Dynamics NAV C/SIDE), Dynamics NAV Role Tailored Client (RTC), and Dynamics NAV Classic Database Server on your computer to manage enterprise data

3.

Connect Dynamics NAV clients to the Database Server in the earlier versions and also the latest Dynamics NAV 2009 version

Please check www.PacktPub.com for information on our titles