Application Virtualization with Microsoft App-V for Undecided
Server virtualization has long and firmly entered our lives. Its advantages are undeniable and are widely used in a variety of business areas. However, application virtualization is still “new” in the Russian corporate market. Many are just eyeing this technology, which has already managed to establish itself well in the world. Why do many of the largest foreign manufacturers and financial organizations transfer the work of entire offices to virtualized applications? The answer is simple - because it is beneficial.
A little later we will list several key advantages that virtualization technology provides and which significantly reduce the cost of ownership of the application, and to begin with, consider the following scenario: a company moves from one version of a critical application to another.
Such a transition is often a complex and painful process. New file formats, a new scheme of interaction with the rest of the software. It may turn out that part of the equipment supports only the old version and cannot be replaced quickly. Overlays are inevitable when entering a new application into the working environment, sometimes you even have to roll back to the old version to avoid business downtime. Specialists in our company who provide support for customer applications , are familiar with these problems firsthand. With the help of virtualization, even for such a large and complex package as Microsoft Office, it is possible to significantly simplify the process - run different versions simultaneously under the same user, if necessary, easily change the configuration by adding or removing components - and all this without long downtime.
We’ll take a closer look at how the technology works, and at the same time, we’ll list the main advantages of application virtualization.
- Applications are not installed on the computer through the installer.
In the process of "virtualization", the program is installed on a clean OS image and during the installation process all changes in the registry and file system are recorded in a special package. This package, which is, in fact, a deployed application, is delivered to the user's computer and executed in its isolated environment without leaving any traces in the operating system itself. This environment is called the “sandbox” (sandbox) or “bubble” (virtual bubble). At the same time, an application launched in such a bubble “sees” ordinary programs and can interact with them, but itself remains “invisible” to them.
- Isolation of applications from each other.
Since each virtual application runs in its own separate environment, this completely eliminates conflicts related to overwriting registry branches or replacing files with several independent programs. Significantly reduced, or rather, become unnecessary costs for joint testing of several, sometimes very large applications. If necessary, virtual applications can be combined into groups and then they can interact with each other. But even in this case, the compatibility check needs to be done only once and in the future to be sure of the stable functioning of the programs.
- Ability to simultaneously run different versions of one application on one computer.
Since virtual applications are isolated from each other, nothing prevents virtualizing different versions of the same program and running them on the same computer under the same account. Both will work. Such a scenario is quite common, as we mentioned earlier, when switching from an old version of a software to a new one or in classrooms and test laboratories.
- The ability to simultaneously launch one application by multiple users, even when during a normal installation this leads to an error in resource sharing.
- There is no need to provide users with the rights of local administrators or increased access rights to the registry for non-standard applications.
In an isolated virtual bubble, the application has full access to all files and registry keys (in earlier versions of App-V there were restrictions, but in the latest editions they were removed). Therefore, there is no need to run a virtual application with elevated privileges, even if it was previously required. This improves the safety of the work environment.
- Instant availability of new applications to the desired user groups, managed through Active Directory.
In the deployed App-V infrastructure, it is enough to map a group of users to a virtual application so that after a specified time interval, its shortcuts appear for users in the Start menu. Moreover, control is carried out through a Web interface from any browser. Likewise, you can prevent the application from starting if necessary. And all this does not require a reboot of the computer and downtime while waiting for the installation.
- Significant reduction in time to restore the working environment in the event of a failure.
- Simplification of management of images of working systems.
When applications are virtualized, it is no longer necessary to have OS images for different user groups, each with its own individual set of software. Sometimes it’s enough to limit yourself to one “vanilla” way, and assign applications using Active Directory groups.
Here one cannot fail to mention another scenario that is extremely relevant at present - migrationfrom one operating system to another. Many postpone this complex process to the last and the concerns are clear. Compatibility problems, a huge load on the IT department, serious risks in case of business downtime. Our company has already completed the migration process in the infrastructure of 8 large European customers, and we can say with confidence that application virtualization drastically reduces project time. Once you configure applications to work in both a 64-bit and 32-bit environment, making sure that they are compatible and working on different platforms, you can quickly configure the final user work environment of any complexity when changing the OS.
Now we will list what is needed in order to expand our support structure for virtual applications using the example of Microsoft Application Virtualization (App-V) 5.0.
Licensing: If you already have Remote Desktop Services (RDS) client licenses, then you can already use App-V. Also, App-V licenses are included in the Microsoft Desktop Optimization Pack (MDOP). This is a set of desktop technologies available to members of the Software Assurance program as a subscription.
Having decided on licenses, let's see how it works.
- Applications must be specially packaged. For this, the App-V Sequencer program is used, and the packaging process is called sequencing.
- Prepared applications should be placed on a network folder and given users read access.
- Install the App-V Client application on user devices (or on a terminal server). It is necessary to download virtual packages from a network drive and run them.
Let us dwell on each item in more detail.
To prepare a virtual package, you will need a typical clean system image used in your infrastructure. Install the App-V Sequencer application on it. Ideally, you should install Sequencer on a computer running as a virtual machine and create a “snapshot” immediately after installation. This allows you to easily return the computer where Sequencer starts to a “clean” state before virtualizing the next application.
The launched Sequencer works in the assistant mode, offering to set the name of the package first, select the directory where the installation will be performed, then it tracks and saves the changes in the registry and file system that are made during application installation.
App-V 5.0 does not require the creation of a separate disk for virtual applications; installation is performed in the default directory. However, the primary directory of the virtual application (PVAD) in this window can be selected in different ways. This can be either the installation directory of the program, or one of its subdirectories, or even some non-existent folder. Depending on this choice, the organization of files within the virtual package changes. In this article, we will not dwell on this point in detail, but, from our experience, I would like to draw attention to the fact that sometimes the right choice of PVAD at the first stage can eliminate a lot of functionality problems in the future, especially for older applications.
If a reboot is required during installation, you can perform it, the changes will be recorded and the process will continue correctly from the interrupted moment. Parallel (SxS) library assemblies (for example, Microsoft Visual C ++) will be correctly processed, installing them previously in the system image is no longer required.
The finished package is a set of files:
report.xml file - a report file in which all warnings and errors that occurred during sequencing are saved. It can be used to diagnose and solve problems.
.msi file is a Windows installer file created by a sequencer to install a virtual package through group policies or deployment systems.
.appv file- the file of the virtual application itself. In version App-V 5.0, this file is created in the open zip format and can be opened with any archiver if necessary. There are no restrictions on file size, unlike previous versions. Unfortunately, you cannot make changes directly without using a sequencer.
Deployment configuration file, User configuration file - configuration files in XML format that determine deployment parameters on target computers. You can make changes to them without starting the sequencer in any text editor. This greatly simplifies the fine-tuning of the application. Here, in particular, shortcut parameters, file associations, environment variables are set, registry keys are changed.
For some programs, it is not possible to ensure that the functionality of the virtual package of the locally installed version matches the sequence sequencer only. In this case, you will have to add a script that performs the missing operations. Custom script files are added to the package, and their invocation is configured in the XML configuration files. For example, like this:
As you can see from the syntax, the script can be written in any language that you prefer to work with. Our engineers mainly use Powershell, VBS and batch to write scripts.
After the package is prepared, copy it to the network folder, provide users with read access.
Next, you need to install App-V Client on user computers and ... that's it!
In the simplest case, nothing more is required. Virtual packages can be distributed in several ways:
- through the .msi installer created at the sequencing stage. For example, using group policies;
- Using your distribution system in your organization (Microsoft SCCM, Altiris)
- using Powershell 3.0. In general, the Microsoft App-V 5.0 product is very closely integrated with the Powershell environment and it is very convenient. Any tasks related to the distribution and maintenance of packages can be automated using scripts.
So, in the simplest case, to use Microsoft App-V, you only need a Sequencer on the machine of an IT engineer to prepare packages and an App-V Client on the user's machine to run them. However, you can only take full advantage of the full deployment of the App-V infrastructure.
To do this, install the following components:
- Management Server Provides basic management features for the App-V 5.0 infrastructure;
- Publishing Server. Provides hosting and streaming features for virtual applications;
- SQL database management.
Additionally, you can also install a report server and SQL database for it.
All roles are installed in one file (APPV_SERVER_SETUP.EXE):
Microsoft provides separate SQL scripts for creating databases in case your organization has a separate administrator team. The installation group also identifies the AD group that will be given the privileges to manage the App-V 5.0 environment.
After installation, you must configure custom App-V clients. Specify the address of the publication server and update options for package change information. You can accomplish this using Powershell.
In the future, access to the console and management is carried out using a browser:
Add a package by specifying the network path:
Assign the AD user group and publish the package:
After that, after a while, the user will see application shortcuts and the corresponding file associations. The software is ready to use.
By default, when an App-V application is published to the user, the package files are copied to the% PROGRAMDATA% folder. However, the client can be switched to Shared Content Store mode. In Powershell, the command will look like this:
Set-AppvClientConfiguration -SharedContentStoreMode 1
In this case, only NTFS links to the network location of files will be created on the user's disk, which will significantly save disk space. Of course, such a solution requires preliminary testing and is rarely used in its pure form, but in our implemented projects there are examples of the application of this technology in customer environments.
If several programs must interact with each other - they can be combined into groups in the "Connection Groups" section. In this case, their virtual environments are combined, files and the registry become available to all members of the group. It will take some experience to properly form such groups, identify program dependencies and set their priority. Sometimes we recommend that you do not virtualize individual components, but install them directly in the system image. These can be ODBC drivers or database connection settings.
This may give the impression that virtualization is the life-saving solution for all occasions. Alas, like any technology, it has its own limitations. In particular, using Microsoft App-V, drivers or services that start at system startup cannot be virtualized (seeVirtualization Guide in Microsoft Application Virtualization 5.0 ). Like any technology, App-V is evolving and many limitations have already been overcome. For example, virtualization of the application context menu in Explorer and various ActiveX extensions is no longer a problem. By the way, this development in the case of App-V is sometimes also a challenge. Service packs and corrections, in addition to solving problems, bring a significant change in functionality and are, in fact, a new version of the technology. However, having more than a thousand virtualized applications behind us, we help our customers to introduce new functions in the working environment as soon as possible without disrupting business processes.
So, we looked at the benefits of application virtualization. Briefly, using the example of Microsoft App-V, we got acquainted with the main stages of creating and publishing virtual packages. Of course, this is far from the only virtualization tool. One cannot but mention Citrix XenApp, VMware ThinApp, Novell Zenworks. The choice depends on the needs of your business. But based on the experience of supporting our customers who have implemented the transition to a virtual environment, we can formulate the transition strategy as follows: if the application can be virtualized, it needs to be virtualized. Pros are undeniable.
Administrator's Guide for Microsoft Application Virtualization 5
Official Microsoft App-V Developer Blog
Free Microsoft Academy Virtualization Course
Posted by vv_m
Only registered users can participate in the survey. Please come in.
Do you plan to use application virtualization technologies in your company:
- 12% I do not plan, not enough information 21
- 19.4% I do not plan, I do not see benefits for our company 34
- 37.7% Eyeing, we will check in a test environment 66
- 18.8% I plan, we will implement it on our own 33
- 1.1% I plan, we will contact the service provider 2
- 10.2% already using 18
- 0.5% Your version (which, indicate in the comments) 1