Application Virtualization with Microsoft App-V for the Undecided

Server virtualization has long been firmly established in our lives. Its advantages are undeniable and widely used in various business areas. However, application virtualization is still a “novelty” in the Russian corporate market. Many are just eyeing this technology, which has already established itself well in the world. Why do many of the largest foreign manufacturers and financial organizations transfer the work of entire offices to virtualized applications? The answer is simple - because it is profitable.

A little later, we will list several key advantages that virtualization technology provides and which significantly reduce the cost of ownership of the application, and first consider the following scenario: the company moves from one version of a critical application to another.
')
Such a transition is often a difficult and painful process. New file formats, new scheme of interaction with the rest of the software. It may be that some of the equipment supports only the old version and cannot be replaced quickly. Inlays are inevitable when a new application is introduced into the work environment, sometimes you even have to roll back to the old version to avoid business downtime. Specialists in our company, providing support for customer applications , these problems are familiar not by hearsay. With the help of virtualization, even for such a large and complex package like Microsoft Office, it is possible to significantly simplify the process — run different versions simultaneously under one user, easily change configuration if necessary, add or remove components — all without long downtime.



Let's take a closer look at how technology works, and, at the same time, we list the main benefits of application virtualization.

- Applications are not installed on the computer through the installer.
In the process of "virtualization" the program is installed on a clean OS image and during the installation all changes in the registry and file system are recorded in a special package. This package, which is, in fact, a deployed application, is delivered to the user's computer and runs in its isolated environment without leaving any traces in the operating system itself. This environment is called a sandbox (sandbox) or a virtual bubble (virtual bubble). At the same time, the application launched in such a bubble “sees” ordinary programs and can interact with them, while the “invisible” one for them remains.

- Isolation of applications from each other.
Since each virtual application runs in its own, separate from other environment, it allows you to completely eliminate conflicts associated with overwriting registry branches or replacing files with several independent programs. Significantly reduces, and, more precisely, the costs of joint testing of several, sometimes very large applications become unnecessary. If necessary, virtual applications can be combined into groups and then they can interact with each other. But even in this case, the compatibility check needs to be carried out only once and in the future to be sure of the stable functioning of the programs.

- Ability to simultaneously run different versions of the same application on the same computer.
Since virtual applications are isolated from each other, nothing prevents virtualizing different versions of the same program and running them on the same computer under the same account. Both will work. Such a scenario is quite common, as we mentioned earlier, when switching from the old software version to the new one or in classrooms and test laboratories.

- Ability to simultaneously launch one application by several users, even in the case when, during a typical installation, this leads to an error of resource sharing.

- There is no need to provide users with the rights of local administrators or elevated access to the registry for non-standard applications.
In an isolated virtual bubble, the application has full access to all files and registry keys (in earlier versions of App-V there were restrictions, but they were fixed in recent editions). Therefore, there is no need to run a virtual application with elevated privileges, even if it was previously required. This increases the safety of the working environment.

- Instant availability of new applications to the right groups of users, managed through Active Directory.
In the deployed App-V infrastructure, it is enough to associate a group of users to a virtual application, so that after a specified time interval its shortcuts appear to users in the Start menu. And control is exercised through the Web-interface from any browser. In the same way, the application can be forbidden to be launched if necessary. And all this does not require a computer restart and idle waiting for installation.

- Significant reduction in time to restore the working environment in case of failure.

- Simplify the management of working systems images.
When applications are virtualized, it is no longer necessary to have OS images for different groups of users, each with its own individual set of software. Sometimes it is enough to restrict one “vanilla” way, and assign applications using Active Directory groups.

Here it is necessary to mention one more scenario, which is extremely relevant at the present time - migration from one operating system to another. Many postpone this difficult process to the last and fears are understandable. Compatibility issues, tremendous burden on the IT department, serious risks in the event of business downtime. Our company has already completed the migration process in the infrastructure of 8 major European customers, and we can safely say that application virtualization drastically reduces the project time frame. Once you have set up applications to work in both 64-bit and 32-bit environments, making sure they are compatible and working across different platforms, you can quickly set up the final user environment of any complexity when changing the OS.

Now we will list what is needed in order to deploy the structure of support for virtual applications using the example of Microsoft Application Virtualization (App-V) 5.0.

Licensing: If you already have Remote Desktop Services (RDS) client licenses, then you can already use App-V. Also, App-V licenses are included in the Microsoft Desktop Optimization Pack (MDOP). This is a set of desktop technologies available as a subscription to Software Assurance members.

Having decided on the licenses, let's see how it works.

1. Applications need to be specially packaged. The App-V Sequencer program is used for this, and the packaging process is called sequencing.
2. Prepared applications should be placed on a network folder and provide users with read access.
3. Install the App-V Client application on user devices (or terminal server). It is necessary for downloading virtual packages from a network drive and launching them.

Let us consider each item in more detail.

Preparing a virtual package will require a typical clean system image used in your infrastructure. Install the App-V Sequencer application on it. Ideally, install the Sequencer on a computer running as a virtual machine and create a “snapshot” immediately after installation. This makes it easy to return the computer where the Sequencer runs to a “clean” state before virtualizing the next application.

The running Sequencer runs in helper mode, prompting you first to specify the package name, select the directory where the installation will be performed, then tracks and saves the changes in the registry and file system that are made during the installation of the application.



App-V 5.0 does not require the creation of a separate disk for virtual applications, the installation is done in the default directory. However, the primary virtual application directory (PVAD) in this window can be selected in different ways. This can be either the installation directory of the program, or one of its subdirectories, or even some non-existent folder. Depending on this choice, the organization of the files inside the virtual package changes. In this article, we will not dwell on this point in detail, but from our experience, I would like to note that sometimes the right choice of PVAD at the first stage can eliminate many problems of functionality in the future, especially for older applications.

If a reboot is required during installation, you can do it, the changes will be recorded and the process will continue correctly from the interrupted moment. Parallel (SxS) library assemblies (for example, Microsoft Visual C ++) will be processed correctly, they are no longer necessary to install them into the system image.



The finished package is a set of files:



report.xml file - a report file in which all warnings and errors that occurred during the sequencing process are saved. It can be used to diagnose and solve problems.

The .msi file is a Windows Installer file created by the sequencer to install a virtual package through group policies or using deployment systems.

The .appv file is the file of the virtual application itself. In App-V 5.0, this file is created in the open zip format and can be opened with any archiver if necessary. Restrictions on file size, unlike previous versions, no. Unfortunately, it is impossible to make changes directly without using the sequencer.

Deployment configuration file, User configuration file - configuration files in XML format, define the deployment parameters on target computers. You can make changes to them without running the sequencer in any text editor. This greatly simplifies the fine-tuning of the application. Here, in particular, the parameters of shortcuts, file associations, environment variables are set, registry keys change.

For some programs, it is not possible to provide an exact match of the functionality of a virtual package of a locally installed version using only a sequencer. In this case, you will have to add a script that performs the missing operations. User script files are added to the package, and their call is configured in the XML configuration files. For example:

<PublishPackage> <Path>powershell.exe </Path> <Arguments>.\Scripts\InstallDriver.ps1 </Arguments> <Wait RollbackOnError="true" Timeout="120"/> </PublishPackage> 

As you can see from the syntax, the script can be written in any language in which you prefer to work. Our engineers mainly use Powershell, VBS and batch to write scripts.

Once the package is prepared, copy it to a network folder, give users read access.
Next, you need to install App-V Client on user computers and ... everything!
In the simplest case, nothing more is required. Virtual packages can be distributed in several ways:

• through the installer .msi, created at the stage of sequencing. For example, using group policies;
• using your distribution system (Microsoft SCCM, Altiris);
• using Powershell 3.0. In general, the Microsoft App-V 5.0 product is very closely integrated with Powershell and it is very convenient. Any tasks related to the distribution and maintenance of packages can be automated using scripts.

So, in the simplest case, to use Microsoft App-V, you only need the Sequencer on the IT engineer machine to prepare the packages and the App-V Client on the user's machine to run them. However, all the benefits will be available only with the full deployment of the infrastructure of App-V.

To do this, you must install the following components:

• Management Server. Provides basic management functions for the App-V 5.0 infrastructure;
• Publishing Server. Provides hosting and streaming features for virtual applications;
• SQL database management.

Additionally, you can also install a report server and SQL database for it.

All roles are installed by a single file (APPV_SERVER_SETUP.EXE):



Microsoft provides separate SQL scripts for creating databases in case your organization is responsible for a separate team of administrators. The installation phase also indicates the AD group, which will be granted permissions to control the App-V 5.0 environment.

After installation, you must configure custom App-V clients. Specify the address of the publication server and the parameters for updating information about package changes. You can do this using Powershell.

Further, access to the console and management is carried out using a browser:



Add a package specifying the network path:



Assign an AD user group and publish the package:



After that, after some time, the user will have application shortcuts and corresponding file associations. Software is ready to use.

By default, when the App-V application is published to a user, the package files are copied to the% PROGRAMDATA% folder. However, the client can be switched to the Shared Content Store mode. In Powershell, the command will look like this:

 Set-AppvClientConfiguration -SharedContentStoreMode 1 

In this case, only NTFS links to the network location of files will be created on the user's disk, which will significantly save disk space. Of course, this solution requires preliminary testing and is rarely used in its pure form, but in our implemented projects there are examples of the application of this technology in customer environments.

If several programs must interact with each other, they can be grouped into the “Connection Groups” section. In this case, their virtual environments are merged, files and the registry are made available to all members of the group. It will take some experience to properly form such groups, identify program dependencies and set their priority. Sometimes we recommend not to virtualize individual components, but install them directly into the system image. These can be ODBC drivers or database connection settings.

It may give the impression that virtualization is the saving solution for all occasions. Alas, like any technology, it has its limitations. In particular, using Microsoft App-V, drivers or services that start at system startup cannot be virtualized (see the Virtualization Guide in Microsoft Application Virtualization 5.0 ). Like any technology, App-V is evolving and many limitations have already been overcome. For example, virtualization of the context menu of the application in Explorer and various ActiveX extensions is no longer a problem. By the way, this development in the case of App-V is also sometimes a challenge. Services and patches in addition to solving problems introduce a significant change in functionality and are, in fact, a new version of technology. However, with more than a thousand virtualized applications, we help our customers in the shortest possible time to implement new functions in their working environment without disrupting business processes.

So, we looked at the benefits of application virtualization. Briefly, using the example of Microsoft App-V, we got acquainted with the main stages of creating and publishing virtual packages. Of course, this is not the only virtualization tool. Not to mention Citrix XenApp, VMware ThinApp, Novell Zenworks. The choice depends on the needs of your business. But based on the experience of supporting our customers who have implemented the transition to a virtual environment, we can formulate a transition strategy like this: if an application can be virtualized, it needs to be virtualized. Pros are undeniable.

Useful links:
Microsoft Application Virtualization 5 Administrator's Guide
Official Microsoft App-V Developer Blog
Microsoft Virtualization Free Course

By vv_m