Sequencing AutoCAD 2015 in App-V 5

The stars had aligned! I had finished all of the testing for The Deployment Performance Series research, published the first of the 8 papers, shipped my server down to North Carolina for our next training class. And great summer weather was set for a great week of golf. Then my knee acted up so I needed to give it a couple days of rest. Feeling rather pissed off, I decided to work on something horrible. Which is good for you.

I first sequenced the 2000i version of AutoCAD back in 2001. Autodesk was one of the early ISVs to really get in and support the concept of virtualizing applications. They didn’t have as many versions back then, I recall just one version of AutoCAD plus 3DS Max. But it was still big and hairy and it took more than a few passes to get it right.

Over the years, the software designers at AutoDesk are seemingly always using some cutting edge developer stuff inside their annual releases. And sometimes we struggle with how to make that work for a couple weeks, but it always does. Until a couple of years ago. The first Autodesk version I ran into with a seemingly unsolvable problem was AutoCAD Architecture 2012. Then some versions of the 2013 series, like Revit and Creation Suite seemed to have the same kind of launch issue. This was against a 4.6 sequencer, but testing against the new 5.0 showed the same symptom. The app would launch and immediately spit out an application specific error that it was not installed properly, and all of the procmons and xperfs could not help. I worked a trouble ticket with Microsoft for one customer for about 9 months before we gave up in frustration. This unanswered forum post remains.

So on a whim I pulled out App-V 5.0 SP2 with Hotfix 4 and AutoCAD 2015 and went to work in a pissed off mood. And I got it working. Here’s how.

Step 1.  The first thing you do with any Autodesk product is deal with the dependencies. There are some dependencies that are incompatible with App-V, and others that are inconvenient. These must be identified and the installer configured to not install them. You then treat them as dependencies to be installed on the sequencer prior to sequencing, and pushed out to any client machines natively that are going to get the working package.

To configure the installer, which will be a setup.exe, you modify the setup.ini file. Make a backup copy of it and then edit the setup.ini file using your favorite text editor like Notepad.

The ini file is organized in sections. A section starts with a line contained in square brackets, such as [ACAD]. You start in the [SETUP] section at the top of the file. There are several lines that set variables like “EXE_SEQUENCE”. Depending on how you start the installer, one of these is used, and it identifies which of the remaining sections will be run. I simply ignore these and make all fixes in the sections themselves.

#============================= Install Execute & UI Sequence =============================

Inside a section, such as the [ACAD] section, will be a variable called “PREREQUISITE”. This variable defines other sections that are to be installed before installing the software named in the EXE_PATH variable in the section. I make a copy of the PREREQUISITE line and comment out the old copy (lines starting with a “#” are comments). I then just remove items from the list that I want to treat as dependencies.
PRODUCT_NAME=Autodesk® AutoCAD® 2015

If you want to know what any of the dependencies are, you locate that section and look at its lines. Some, like IE just check to see if you have internet explorer and bomb out if it isn’t present. Others, like DOTNET45, install things. Typically the installer doesn’t first check to see if it is already present, so I prefer to remove the entry as a prerequisite as shown above.

Only DOTNET45, DOTNET45LANG, and DIRECTX are incompatible with the current sequencer. WMF and MSXML6 were App-V 5 prerequisites and will already be present. Those VCRuntimes are things I still prefer to keep out of my packages anyway. By looking at the prerequisite’s section, I can find the version of the installer they would have used (typically under a folder called 3rdParty). Especially with the VCRuntimes, it is important to use the version that they provide. Autodesk loves to use names, like “VC++ 2008 SP1″ that isn’t exactly the same version you’ll find on the internet with that name. In some cases over the years I have found them using VC Runtime builds that apparently never appeared on Microsoft’s public download sites. I maintain a list of VC Runtime versions here to aid in identifying versions.

You must walk through the entire file editing these prerequisites (hint: use the find function of notepad on “PREREQUISITE”) and remove the item from each. You can even be pedantic and remove the offending section completely also. Save off the edited file.

You can get bonus points for figuring out how to set your license information in the file, and removing features you don’t want, but I like to handle that through the GUI when sequencing anyway.

Step 2.  Install the prerequisites on the sequencer. My preference is to order the installs the same way that AutoDesk would have. And then reboot (if you used the command line arguments you found in the appropriate section you instructed the installer to suppress reboot notifications). And then take a snapshot. You probably won’t get the package right the first time, even with these notes to help.

Step 3.  Start the Sequencer, but not a Sequence yet.

In the Tools–>Options menu of the sequencer remove the LOCAL APPDATA exclusion. Autodesk likes to put some important stuff here that needs to be in the package. If you want to be a perfectionist, add AppData/Local/Microsoft to the list.

Step 4.  Start Sequencing. Note that if you run the installer off of a share (or even a local path) that has the path to the setup.exe longer than around 100 characters, it will fail (there actually is a section that checks for that in the setup.ini).

Take care of the licensing, select your features and go. At the finish, it prompts you to reboot. You need to immediately perform the reboot, then immediately log back in. I found that if you wait to long the sequencer doesn’t work right (at least on this package). The sequencer will pick back up and tell you to continue installing. And while you might think that you are done, you are not.

Step 5.  Wait.

The main installer will check for updates. There isn’t any right now, but Autodesk usually produces updates almost monthly. If any appear, you probably want them now. Click the Finish button for the installer when done.

Step 6.  If you included the “360″ feature, wait more. Maybe 15 minutes.

This uses a different updater and will automatically download the update in the background (there is one already) and then notify you above the icon tray. Install it.

Reboot again.

Step 7.  Fix FlexNet.

Autodesk uses Flexera’s FlexNet service for licensing. To assure the ISV that users won’t tamper with the licensing service, Flexera hardens the service security in a way that is incompatible with App-V and the client won’t be able to start the virtual service for you. Here is how I fix it.

Start a command prompt using “Run As Administrator”. Yeah, I know that you’re already an admin, but you have to elevate anyway. Then type in the following command. Scratch that, copy and paste it!
sc sdset "FlexNet Licencing Service 64" D:(A;;CCDCLCSWRPWPDTLOCRGASDRCWDWO;;;WD)

If you want to know what that is, get some scotch and google DACL. NOTE: If you have more than one virtual app running at the same time with Flexnet licensing, you’ll need to remove the service from the package and run it externally.

Step 8.  Kill the autoupdaters.

Use the tray icon for “app manager”, go to settings and uncheck box to check for updates on logon.

Afterwards, use the windows services manager and change AutoDesk Application Manager service to Manual or Disabled. (Hint: Disabled is better).

Step 9.  Avoid the AppPath bug.

My friend Rory Dan Gough (@packageologist) recently noticed that AppPaths don’t work under App-V they way they should. When a program declares an AppPath it is supposed to be used to prepend the identified paths in front of the path variable, but he noticed it was replacing the path variable. AutoCAD 2015 has two executables declaring an AppPath to prepend a common autodesk folder.

Use RegEdit and locate them under HKLM\Software\Microsoft\Windows\CurrentVersion\AppPath. You are looking for two keys named something like”AdAppMgr” which will conveniently enough be at the top of the alphabetized list. Make a copy of the path listed under the key, and delete both keys.

Then use an elevated cmd prompt to set the path variable like this:
set PATH="C:\Program Files x86\Common Files\Autodesk Shared\AppManager\R1";%PATH%

Step 10.  Avoid the TRUSTED CODE problem.

Autodesk engineers invented a new way to check that their program doesn’t launch something untoward. It breaks things at the client complaining that the file being run isn’t in the trusted path. So I edited the variable for it here.

Regedit and change
HKCU\Software\Autodesk\AutoCAD\R20.0\ACAD-E001:409\Profiles\< >\\Variables\TRUSTEDPATHS to a value of C:\Program Files\Autodesk\AutoCAD 2015/support/en-US

Step 11.   Don’t run AutoCAD! If you need to configure anything, figure out a different way to get it set.

Step 12.  Fix Stupidity.

Advance through the sequence (again, Don’t launch!) and get to the sequence editor. On the Files tab, locate the following folder:
Root\VFS\appdata\roaming\autodesk\AutoCAD 2015\r20.0\enu\

Right click on the folder and set to “Merge with Local”. Do the same for its parents up the tree.

What’s up with that? It seems that the runtime will add a couple of DLL files into that folder the first time the user opens a drawing. Somehow it manages to do this outside of the virtual environment, so the package folder hides it and you get prompted with an error that it can’t find the dll. Who the h3ll puts dlls in the user’s appdata roaming folder? What were they thinking over there?

Step 13.  Finishing off.

Clean up your shortcuts and FTAs as desired. I went to the advanced box and checked all three options. Did I need to? I don’t know, but it worked. You should probably try it without.

Here is a summary of the package contents, taken from AppV_Manage:

What’s New in App-V Manage 3.2

AppV_Manage is a free tool from TMurgent used to test newly sequenced App-V 5 application packages. Versions 3.1 and 3.2 have added integrations to round out this phase of the packaging experience.

  1. Attribution: nokhoog_buchachonAutomation  When Citrix announced the end of life for Citrix Streaming (See What’s a Citrix Streaming Customer to do now?) there was a need for a tool to help customers convert their packages to App-V. Last week at their annual customer show Synergy, Citrix’s David Wagner and Mohit Dwahan showed off a new tool they are releasing soon to help. [UPDATE: Citrix has released this tool: See blog. ] While repackaging directly into App-V from the original installer might be a better choice, if you have a large inventory Citrix Streaming packages you could leverage this tool and test to see what works. Their idea is to use the tool with a PowerShell script and the PowerShell interface to the App-V Sequencer to automate the creation process.

    Citrix asked me if AppV_Manage could be used with an automation script as part of converting Citrix Streaming packages to App-V packages. What they wanted was a command line that could be run via PSExec from another machine and return an error code indicating if the package was good or not. It is a great idea, and could also be used in automating App-V 4 package conversion, or even as part of a packaging service.

    Adding in a command line to accept a package, and to automatically add and publish was the trivial part. I also wanted to launch the apps. All of these steps might create App-V errors which I already track, so detecting issues short of app launch failures from the App-V end was easy. But I wanted more.

    So after launching all of the shortcuts, all on-screen text elements (dialog box titles or text boxes) are scanned and passed through a set of filters. The first filter is an exclusion filter. If a text item contains an exclusion string, the item is ignored. The second filter is a error filter. If a remaining text item contains this string, we declare a failure.

    These filters are configurable via registry. The installer pre-populates a set of strings for the filters based on some limited testing that I performed. Hopefully I will get some feedback and we can improve the filters over time.

    No amount of automation can possibly detect all errors. The way that apps express errors could be more numerous than the kinds of bugs that lurk in them. But this is a quick start. Although AppV_Manage will exit to return a code to a potentially waiting script, it does leave the virtual apps running. This allows for a human to now step in, connect to the VM, and test the app further.

    Details on the command line syntax and filters may be found in the online documentation here: Automated Testing.

  2. Attribution:  thanunkorn

    Antivirus/AntiMalware  We need to sequence on a machine without Antivirus/Antimalware software enabled. Because the .AppV file is an archive format with an extension not generally recognized by AV software, certain kinds of bad things can be contained in the AppV file and not detected immediately.

    This doesn’t mean that the malware can be run on a machine with a good AV product running; it is only a question of when the detection occurs. I wanted to be able to find all (or at least as many as practical) kinds of malware as early as possible and as simply as possible.

    The best way to do this is a full file system scan with every knob that the vendor provides enabled. But even on a clean VM with just one package, this can take a long time to complete.

    Publishing the package to a client machine will help, as it eliminates the unknown archive layer. But, unfortunately, streaming is implemented in a way that the bits are not scanned (by any of the AV vendors I have yet tested) on the way down to the cache. Instead, they are scanned when accessed.

    Some AV vendors support command line scanning, which allows us to request a scan of just a specific file, or sometimes folder. Some do not.

    AppV_Manage will now detect the presence of a number of AV products. The results of this detection is displayed on the Tool Config tab. If you hover the mouse over the AV Vendor result field, a tooltip will tell you what kind of support is available.

    Meanwhile, on the Publishing tab, there is a new button called “AV SCAN”, located just to the right of the Mount button. After you add and publish, you should mount the package and then click the “AV SCAN” button. Based upon the AV vendor support, the button will do the best it can to get your AV vendor to detect any malware without triggering a full disk scan.

    For some of these vendors, the scan is complete and yet very fast. Because I assume this VM is already clean before the package is added, we’ll skip the scanning of memory first when supported.

    For more information on this, see the online documentation AV Scan.

  3. What’s in Your Package?  The Publishing tab also has an “analyze” package button, added in 3.1. This analysis determines and displays all of the various “extensions” contained within the package. Unfortunately the sequencer only tells us about a few of these, like shortcuts and file type associations (but not even all of those!). This display helps you to understand how the application integrates with the OS, the user, and with other applications.

  4. ACE Integration  When it is necessary to edit the dynamic Configuration XML files, you need a good tool. Notepad is easy, because it is always on the OS, but the client parsing of the XML is extremely picky; if you use notepad you will destroy your file in an unrecoverable way because you will not be able to find the error.

    The folks over at VirtualEngine have created a good, and free, editor for these configuration files called ACE that is specifically for editing these files in a nice easy GUI.

    In 3.1 I modified AppV_Manage to detect if ACE is installed, and to add a new “edit configuration file” right click option that calls ACE. You need only to install the latest version of ACE on the client system and it will be detected. You find this on the Publishing tab of AppV_Manage. Select your package, locate the detected configuration file in the details pane, and right click for the menu. The 3.2 release fixes an issue when your package name or path includes a space.

App-V 5 SP2 HotFix 4 is more than a hotfix

Here is my explanation: Someone at Microsoft has been taking lessons on how to name product releases from Citrix. There really can be no other explanation for App-V 5.0 Service Pack 2 Hotfix 4. It is full of features. I mean, why not call it release 5.1 (or 5.3)? Or maybe Service pack 3? Surely they know how to build a full installer at Microsoft, right? You mean I have to install the client, then the hotfix, and then reboot? Really???? Sorry user, we’ll have to reboot you now. Sure, existing users would have to reboot if it were a service pack, but new users require too many reboots between the pre-requisites, the client, and hotfix. I can hear the screams of my pal Nicke from here without the phone, and he’s in Sweden and I’m in Boston.

Because there is so much in this release, you should probably fully test before deploying. But at least there is a lot of good stuff in the hotfix which you request via web (KB 2956585). Since MDOP 2014 just came out yesterday without the changes, perhaps the dev team just missed the window to get it into the MDOP release. Anyway, when you receive the zip file, ignore the x64 in the name and unpack it from any machine, you will find an update exe for each of the clients (RDS and WD), and a full installer for the sequencer.

  1. Virtual Application Deployment Speedups. With all of the good things that the version 5 rewrite brought us with openness, it turned out a lot of that openness lead to slower deployment speeds. A few of the bigger problems were addressed in SP2, but at the time Microsoft indicated that the performance of deploying virtual apps needed more work. This is especially true in semi-persistent scenarios like VDI and RDS, where apps must be deployed and streamed possibly every time the user logs in. The dev team has worked hard on this, making improvements here and there, but especially in Shared Content Store Mode.

    These performance changes do not require server side updates (as there are none) and should not require repackaging.

    In addition to the software changes, they also provide some performance guidance; information about how certain kinds of apps can affect this performance.

    In addition to the release information, over the next few weeks, I will be publishing a series of research papers that I have written quantifying the amount of impact different app features have on deployment and launch under different scenarios, where the impacts are felt, and options for dealing with it. The papers are pretty much complete now and I just need time to re-test against the final hotfix release before publishing.
  2. Ability to write files in the VFS. It was a huge step back from the old release when we lost the ability to write to files located in the VFS area. In developing 5.0, Microsoft under-estimated the creative stupidity of application developers and just assumed that they would only update files in reasonable locations. They quickly learned that we deal with a lot of strange apps, not only a bunch of apps developed in-house at enterprises 10 years ago, but also the latest releases from some major software vendors. This issue has been a blocking item for some customers that wanted to migrate to 5.0. I’m glad to see it fixed.
    Keep in mind that there are still file types that may not up written to! App-V still protects files of certain extensions, so an “autoupdate” of the vendor’s exe is not supported.

    This change is both sequencer and client oriented. It adds a checkbox to the advanced tab on the sequencer. I have not checked, but it might be possible to add the new syntax to a DeploymentConfig file of an older package on the updated client.

  3. Support for executables on network shares The App-V Client now correctly supports shortcuts to executables on a network share. It now performs user impersonation when a virtual application uses resources located on a network share. Previously, the only way to get this to work was to give the client computer account permission to the share.
  4. Package Branching is back! Branching is the ability to open up an existing package, make modifications, and save it as an entirely new package rather than as an update to the existing package. While the update method is preferred when it is a replacement for everyone, branching allows for different versions of the package to be deployed in parallel. This oversight drove a few customers to buy AVE just to have a way to branch again.
  5. Package conversion enhancements. On this one, I’ll admit that while I prefer to start over rather than convert, Microsoft has made a number of fixes and improvements to significantly increase the rate of successful conversions of App-V 4.* packages. The conversion rates are improved again (as they were in SP2 sequencer). The sequencer also now detects and warns against certain hard coded paths that it detects and cannot fix.

Plus the hotfix includes the mysterious Hotfix 3 which resolves the following:

  • Client crashes issue in certain situations with Config Manager (now resolved).
  • PowerShell windows that appear on taskbar momentarily during publishing refresh (now hidden).
  • Registry changes in in the DeploymentConfig file were ignored (now working).

Hotfix 3 was a web-available KB (2956985) for a short while only to disappear and become available after opening a support call with Microsoft, which you wouldn’t know to do because they pulled the entire KB article.

App-V hotfixes traditionally also contain all previous hotfixes, so there is no need to apply hotfix 1 and 2 if you want to apply this hotfix.

The hotfix will require a client reboot. A quick test indicates that existing apps are working prior to reboot, but additional operations like app publishing fails until the reboot is completed.

Image courtesy of pakorn.

My Favorite BriForum moment, 10 years later

BriForum 10th Anniversary This year marks the 10th Anniversary of BriForums, a rather unique conference that I have had the privilege of speaking at many times. In fact, I’ve lost count of how many I have spoken at since I have spoken at every one and for many of those years there has been both one in Europe and one in the US. This year I will be speaking both at the London show next month and the Boston show this summer.

My favorite moment at BriForum? Well it isn’t the fire and subsequent Bomb evacuation at the 2nd Washington show, which while quite memorable, doesn’t compare to the first show.

The very first BriForum was held in a movie theater in Silver City (near Washington DC). Most of the speakers barely knew each other, mostly from on-line presence and randomly running into each other at other shows like the Citrix iForum (what Synergy used to be called). Some of us had met at dinners held by posters at the ThinList, but by and large we didn’t know each other that well.

Which made it such an exciting show to hear sessions led by these awesome people. And all of us were in awe of each other, while hoping that we were good enough to not get heckled off stage when it was our turn.

So there I was, standing on the stage of a movie theater giving my presentation when I got interrupted. You know the crappy music they play along with advertisements to go buy some popcorn and soda before the movie starts? Well that started up in my room about 30 minutes into the session.

Not knowing what to do, I exited out into the lobby to find Gabe making popcorn at the popcorn machine. No, he didn’t turn on the music, but he was the guy who could figure out how to get it off. I returned to the room and it stopped. But that’s not the end of the story.

When the videos came out, I realized that the entire time I was on microphone. Everything thing I said; the conversation with Gabe and all, came out on the recorded audio.

UPDATE: Brian posted a link to the video here. The music hit at just after the 34 minute mark.

Fortunately neither Gabe nor I used any bad language!

App-V 5 and Services that are not LocalSystem

In writing some apps for some APP-V 5 performance testing, I stumbled on a problem that was at least new to me.

I know that in App-V 5 the client will only run Virtual Services under the Local System account. But I didn’t know that it totally ignored the others, I thought it captured them and just changed the account. It doesn’t do that. It will only capture services that are set to run under the Local System account.

This is very odd, since if you use Visual Studio 2013 and create a new software project in C# for a service, the sample code that Microsoft provides developers on MSDN to create a service is set to run under the Local Service account. So we aren’t talking legacy code here. Meaning that Microsoft’s App-V 5 doesn’t capture its own sample app.

In the days of old, virtual services could be run under any credentials. During one of the App-V 4.6 releases (SP1 or SP2, I don’t remember), the sequencer changed and although it would capture the service and service account, the sequencer GUI was changed to no longer allow us to change the account on the Sequencer editor tab. This, while not ideal, was OK. It was rare that you would actually need to change the account, but if you did you just needed to think about it in advance and change it in the Windows Services Manager while in monitoring mode. And you would only do this if you had a good reason AND knew the app well enough to know if changing the account would work.

Back to App-V 5. Because the client will only run services under the Local System account now, I guess the sequencer guys decided to only capture those services set to run under Local System. ALL OTHER SERVICES ARE SILENTLY IGNORED. No warning, no nothing. Yes I can get those services to run virtually in most cases, but:

  • I have to know that a service is missing.
  • I have to re-try the sequence and, while in monitoring mode, change the service logon account using the Windows Services Manager.
  • I have to figure out how to test if this causes a problem.

It is that first bullet that is the problem. At a minimum, the sequencer should put up a warning in the report. Something like the DCOM warning would help an awful lot. Much better would be to just capture the service, changing the logon account for the service, and then warn me. That would kill off the second bullet above. Best would be to support virtual services under any account, but I guess that I can live without that.

Yeah, I still have that third bullet. But that legitimately is my problem and not Microsoft’s.

What next, MDOP?

Microsoft Desktop Optimization Pack (MDOP) is a subscription add-on used by many enterprises with Microsoft Enterprise Agreements (EA) that provides a number of software benefits. The software has recently been released on a twice-a-year basis, making the next version due sometime soon. Microsoft typically does not pre-announce release dates, so we can only guess that, based on the last release being November 1, we should be due for a release around May 1.

In addition to providing upgrade benefits, meaning you can upgrade PCs to the latest version of windows as long as the MDOP subscription is in place, MDOP provides additional software to help with enterprise deployments of Windows Desktops. In each release of MDOP, Microsoft typically updates a subset of these applications, and sometimes adds new ones. The last released version of MDOP (2013 R2) included updates to support Windows 8.1, plus a few extra things. The biggest was a major update to the Application Virtualization product (App-V 5.0 SP2 and 4.6 SP3) and smaller updates to Microsoft BitLocker Administration and Monitoring (MBAM 2.0 SP1), Advanced Group Policy Management (AGPM 4.0 SP2), and Diagnostics and Recovery Toolset (DaRT 8.1). Other components in MDOP include the User Environment product (UEV 2.0), and Med-V and were apparently unchanged from the previous MDOP release.

Given that Windows XP is no longer under support, I am guessing that the next version of MDOP will drop MED-V. MED-V is the managed version of Windows 7 “XP Mode”, in which a copy of Windows XP is virtualized on top of Windows 7 using the older “Virtual Computer” hypervisor. If XP goes away, I can’t see Microsoft continuing to support MED-V as a product. Probably more important than the virtualization piece of that product, what Microsoft should find a way to re-use is the innovative user interface integration that came with the acquisition that created MED-V. In a world where people are using virtual machines, whether local or remote, integration of the user experience on a per-application basis remains interesting. Citrix has long had such capabilities, and other than RemoteApp, Microsoft does not. The value of having a single user interface experience, start menu, file associations, and “seamless application windows” on a single desktop is the end-user’s nirvana. This might or might not be an MDOP thing, but I hope they don’t forget about it if MED-V is dropped.

But if MED-V is removed from MDOP in the next release, Microsoft will feel a little pressure from customers to add something more into MDOP. Which opens up the fun guessing game of what Microsoft could or should add!

I think that everyone’s top item, a license allowing you to for host VDI images on a shared hosting provider infrastructure, ain’t gonna happen. MDOP might not be the right vehicle for that anyway, but anyway we can get it would be better than the current situation.

Next on my list would be things to improve image management. Something like the capabilities of the Microsoft Deployment Toolkit (MDT) but with a better user interface would be great. I love MDT, but the UI is something out of the 1980′s. It can be a pain to do things like make a copy of a task sequence to tweak it.

Or maybe attack image management from the other end. Something along the lines of FsLogix is doing. I like their idea of a single image tweaked at runtime by policy, in essence enabling apps on the fly, so much that last year I joined their advisory board. You still need App-V to handle application conflict, but a combination of something like FsLogix, App-V, and a better User Environment product would be a solid combination. Microsoft might be better to buy the company and add it to MDOP rather than develop on their own, but one way or another the capability would be a great addition to MDOP.

Further down my list is something to help the user and IT organize all of their remote “stuff”. A single interface where remote machines, remote apps, storage repositories, and even website credentials are managed. This could be simply a UI that accesses things, or more of a secure repository that also holds the credentials (safely) with centralized backup. This would require Microsoft to move their thinking beyond “just buy Office 365″, which might be too much to ask, however.

Given the lack of noise, I doubt any of this is happening soon. What would be on your list for MDOP?

Disclaimer: Although I am a Microsoft MVP, this article contains no “inside knowledge” or NDA material. My contacts at Microsoft are not talking about this and clam up if asked.

Streaming Theory – Should you Launch?

A small comment by Microsoft’s Thamin Karim at the European AppV User Group event in Amsterdam last week caused me to re-think streaming in App-V 5. It was one of those “duh!” moments that occur when something so obvious hits you and you realize that you hadn’t really thought about it and were operating on wrong assumptions.

The comment, which in essence was that you get slightly better performance by not preparing the App-V package for streaming and using “fault streaming” [in certain situations] with App-V 5. Here are my thoughts on this.

Streaming and Performance
When stuff needs to be transmitted over networks, we use the term streaming to indicate a difference in transmission/consumption. Rather than transmitting the entirety of the stuff, and then operating on it, the operation portion is allowed to start prior to receiving the entirety.

Streaming in App-V is a major feature to allow apps to run without being present locally. The native operating system is built with an assumption that the entirety of a file is present locally on disk, or on a remote share and loaded fully into memory prior to enabling operations on it – meaning allowing the application to run as a process. Streaming is used in App-V both to improve performance (allowing the application to start sooner or using fewer local resources), and to save on local resources (by avoiding locally caching of things not really needed).

When an application starts without App-V, a detailed analysis of the start-up period of the application tends to bounce back and forth between CPU and Disk I/O. Initially, there is disk I/O to read the WinPE header, and other portions, of the exe. This is followed by some processing, then more I/O. And this bounding back and forth occurs for some time.

Side-note: App Pre-Fetch

To explain this, let me start with an example using another Microsoft performance boosting technique — “App Pre-Fetch”. Microsoft uses a method they call “application pre-fetch” to improve performance of this critical period somewhat. App Pre-Fetch pays attention to the loading order of dlls by an applications during the first 10 seconds the process is running and writes the locations of these to a “.pf” file stored under a subfolder under the windows folder. This .pf file is automatically read by the system whenever a new process is spawned to run an exe, and in the background these dlls are queued to be read even before the exe gets around to reading them. This speeds up the application startup by eliminating the wait time that occurs without it. In the depiction below (illustrative, not actual measurements) you can see how, without App Pre-Fetch, these operations are serialized and take longer than when pre-fetch is used.

This pre-fetch only affects only dll file reading and not additional files, but you can measure the impact by locating and deleting the .pf file on a system and running the app.

Note that App-V does not prevent this pre-fetch from improving launch performance, however this effect is in place only for the second, and subsequent launches at the client.

App-V Stream Training
When we perform stream training activities inside the sequencer by launching the application in the Streaming Configuration phase of the sequencer, we are trying to achieve a similar effect for the first launch of the application. The difference here is that we consider ALL file I/O activity, including the exe file pages, dlls, and other asset files read in.

A big difference, however, is that the App-V design is that all of those files are read in first, and then the app is allowed to start consuming CPU.

In App-V 4.x, these portions of the files are placed contiguously in the .SFT file and streamed using a single request from the client. Assuming the actual disk placement of the SFT file on the server is not fragmented, this produces an optimal stream transfer time to get the files into the local cache (and on first launch, as a byproduct of streaming, into memory). Once the pieces are in place the small startup CPU completes quickly.

In App-V 5.x, the “jigsaw file system” (SFT) is no longer used, and files are stored as complete files inside the App-V file unrelated to streaming training. Streaming training affects only an XML metadata file that dictates what portions are needed. The App-V client and drivers use this metadata to make multiple requests to stream over required content. While ensuring that the AppV file is not fragmented will speed up reading of a single file, it tends to not improve the multiple-file requests as much.

The depiction below (as before, this is illustrative and not taken from any real measurements) you can see how the launch performance with training could be slightly different.

In the App-V 5.x with Stream Launch Training example, the small gaps shown in file transfer represent a small delay that occurs as the client processes additional requests in the list. This delay is probably small enough that it shouldn’t be visible on a drawing of this scale, so I exaggerated it.

The case for not launching during training
In App-V 5, when Shared Content Store mode is in use, all launches appear similar to the “first launch” scenario.

While I do not have any test numbers to prove this, it is reasonable to assume that with App-V 5 In a scenario where Shared Content Store mode is in use performing a launch during training could actually slow down the launch by requiring that no CPU is expended until everything is in place. This is especially the case when the training portion becomes larger.

I expect that the difference in the amount of time before the application is ready for user interaction to be quite small. Without launch training, certainly the user would start to see some application UI elements earlier than when launch training is performed. And while I am not convinced it matters much whether you launch or not in this scenario, the point here is that it probably doesn’t affect performance much and you should probably stop performing the extra work of training the streaming.

But keep in mind that if you let the user see the streaming indication (a configuration option added back in during SP2 that adds a streaming percentage progress bar above the icon tray) then performing streaming training can be useful, not for performance but just to provide the user some feedback that something is happening prior to application GUI displays. Under different scenarios, such as an SCCM distribution using HTTP streaming off of the DP and without SCS mode enabled, this can be quite useful.

So I’m not going to answer the question “should you launch”? I don’t even touch some of the other considerations involved in this post. The answer can only be “it depends”. It is a complicated question that must take into consideration how you distribute, how you configure the clients, and whether or not clients can go offline. But please stop doing it because we told you to do it in App-V 4.x.

Request for new VDI Term: “Semi-Persistent”

VDI is often categorized as either Non-Persistent or Persistent.

Non-persistent VDI is where you use a shared common image. Only one image to maintain. When the user logs off, the image is destroyed and the next time the user logs on they get the original image.

Persistent VDi is where the complete image is retained upon logout and the next time the user logs on they get the exact same image they had when they logged off.

The reality is that usually Non-persistent VDI implementation brings along some user data from the prior session. This is handled by Roaming Profiles at a minimum, but may also have folder redirection or a user environment add-on product to manage the user-related-data, either app related (UEV, AppSense, RES, TriCerat, Norskale, etc) or layering (Unidesk, Citrix PVD, 2012R2 “User Layer”).

I think we need a different term for this, segregating it from Non-persistent. I’m going to start calling this “Semi-Persistent”. What do you think?