Category Archives: Uncategorized

Why our App-V Training Classes are Finally Upgraded to “Masters” Level

When App-V 5 was released two years ago, I blogged about how we were renaming our training classes as “Experts” level, rather than the Masters Level designation that we used for the App-V 4.6 classes.

The idea was that while I had been working with pre-releases for almost a year, I knew that we didn’t know enough about the completely rewritten product.  At the time, I was guessing it would take about a year of digging through the mud to uncover enough about how the product really worked under the hood to be comfortable enough to consider the product mastered.  Little did I know that it would take two years!

We are finally there.  While I think that we did a pretty darned good job with our training classes over the last two years (ask anyone that attended) we are now convinced that we can teach you more about mastering the product in one week than you can learn on your own working with the product full time for years and years.  Our classes, both those run by TMurgent and those run by Kevin Kaminski over at The Big Hat Group, will be designated  as “Masters Level” in 2015.

App-V 5.0 Sp3 Upgrade: Clear Browser Cache to clear issue on Server MC upgrade

Just in case this bites someone else…

An upgrade of App-V Server to 5.0 SP3 includes a replacement Management Console.  As this is Silverlight based, this means that the website delivers a Silverlight XAP file to your browser.  Where it remains in your browser cache.

Upgrade of the server does not always mean that the browser cache gets flushed.  So you might find that while your console is “working”, you are not getting the new UI features (in this case for connection groups). To verify, open the console and click on the “About” link (upper right) to check the version, which should now be 5.0.10107.  If not, clear your browser cache.  And don’t forget about any shortcut links that you made to the console.  In my case, typing the URL in a browser got me the new console, but clicking the link each time got me the old one.

 

Tim on App-V 5.0 SP3

image attribution Stuart MilesThis week Microsoft released the anticipated App-V 5.0 SP3, along with an updated UE-V 2.1, as part of the MDOP fall release.  We normally expect the MDOP release around November 1st, so this drop is a little later than usual for some reason.  But it is well worth the wait.

While Microsoft App-V is generally regarded as the best application virtualization solution out there, the product did take a step back in the 5.0 re-write that was released two years ago.  Oh, it was still better than the alternatives, but not necessarily better than App-V 4.6.  At that time, I cautioned companies to work with 5.0 in their labs, as eventually they will want to move to the new platform, but if they were on 4.6 currently they shouldn’t be in a hurry to upgrade in production. 

With the release of 5.0 SP2 last fall, I felt that it was mostly ready.  On one hand, 5.0 SP2 allowed you to do many things that you just couldn’t do otherwise, while on the other hand there were some annoyances that kept it from being declared the best.

During 2014, we saw a couple of “hotfix” releases, especially HotFix 4 and HotFix 5, which were really feature releases and major performance improvements.  5.0 was looking really good.

With the release of SP3 this week, I think that 5.0 is now the best release, clearly surpassing even App-V 4.6.  Which is important since the end of support for App-V 4.6 SP3 as I read it as Dec 2 2014,  or this guy thinks  might be next June.   In any case, time to get moving. 

So what do we get in SP3?

To start with, everything here is based upon a combination of access to pre-release software, plus a review of the release notes.  The msdn download center has been all bonkers so I haven’t gotten the actual bits yet. 

In the release, all components of App-V are upgraded.  Server, Sequencer, and Client.  There are MDOP downloads, RDS downloads, and Hosting Provider downloads showing on the site (even if the download button isn’t working.

See the release note here, but read my summary as well…

  • Single Install. First, we get a roll-up of those important “hotfixes”.  A single install for new clients is a beautiful thing.
  • Connection Group Flexibility. This consists of four things:
    1. You can now include apps published to the user and those published globally in the same group (as long as you enable the connection group to the user).  Previously all packages in the group had to be published the same way as the group.
    2. You can mark packages as optional in the group.  This means you can define a master group for anyone getting the primary package that includes all possible add-ons, but publish the add-ons independently without having to manage a group for each permutation.  It is kind of like the And/Or used in the Configuration Manager, except that the group GUID is consistent at the client.
    3. You can mark a package version with a wildcard of “*”.  So if you upgrade the package you don’t have to think about updating the connection group.
    4. You can now unpublish and/or remove a package from the client without disabling the connection group (as long as the package is optional in the group).
    5. Connection groups can get upgraded even if in use.  This is similar to the package pending scenarios (where a package add/publish/unpublish/remove is queued up for execution at a later time when the package is not in use), except that in this case pending means that the client needs to make additional changes to state but you immediately get the effect for newly launched packages/groups.

Keep in mind that this new flexibility is not available to Config Manager deployments at this time.  That would require a rev of Config Manager.  So those that deliver using the App-V Server, Stand-alone deployments, or with third-party tools, get a leg up.

  • Publishing for other users. You may now publish/unpublish a package, or enable/disable a connection group to a user other than yourself via powershell.  The limitation is that the user must be currently logged in, or at least profile still available on this machine, and that you must be an administrator.  The powershell now accepts the user SID as an optional parameter.
  • Local Publishing Authorization.  The Group Policy (as well as regular registry based configuration) for App-V is expanded to allow you to control if package and connection group publishing is limited to only Administrators.  Previously, it was possible for users with standard rights to self-publish by googling the PoweShell commands.
  • Merged Roots. This is huge! When packages are placed in connection groups, an improved merging of identical paths between the packages occurs.  There were improvements in HotFix 5, but is even better now.
  • Goodbye PVAD (almost). Thanks to merged roots, it is no longer necessary to declare a PVAD folder in the sequencer and install the software to be virtualized into that folder.  In fact, I found out that if you are going to use a Connection Group, you are probably better off using a VFS style install! With SP3, there still is a PVAD, it is just hidden.  For most all applications, this turns out to be just fine, but we know of a few applications that require PVAD installation, so how to we handle that?  You have a couple of ways to do this:
    1. There is a new command line switch, -EnablePVADControl when you launch the Sequencer GUI to show the PAD prompt like before.
    2. You can set a new registry DWORD HKLM\Software\Microsoft\AppV|Sequencer\Compatibility\EnablePVADControl to 1.
    3. Or, when you enter monitoring mode, just browse to the C:\ folder.  The Sequencer created a random PVAD folder name (looks like a GUID) for you.  Just install the app there.

So how do you know when to sequence to the PVAD?  .  Each app will act differently, but often the when at the client and you launch the virtual app, it will in some way complain that it isn’t installed or configured correctly and refuse to run. When the app doesn’t work at the client, give PVADing a try.  It might just work. 

The MVPs have a short list of apps that we have found that need PVADing, including:

WinZip
ArcGIS Desktop tool
Avaya CMS Supervisor R17
Wonderware InTouch 10.x

I also think that we will find apps that have long path length issues with VFS style installs, and a PVAD install, especially one carefully crafted with a long PVAD, might be needed.

  • PowerShell Changes. Some small changes were made to the PowerShell interface to support the new features.
  • Client Publishing from Publishing Server. Some behind-the scenes changes were made to support the new connection group features.  This mostly affects manual diagnostic debugging from the client of the publishing information as the new client will automatically use the new syntax.  If previously you used http://servername:port to test the publishing server, you now use http://servername:port&clientversion=5.0.xxxxx.x&clientos-WindowsClient_6.2_x64 (replacing the x’s with the actual client version and the OS as well).
  • RunVirtual. RunVirtual is now supported for per-user published packages. WooHoo.
  • Some App-V Client Debug logs have been consolidated, and some moved to a ServiceLog subfolder.  See the release notes if you care.
  • Virtual Services with DACLS Fix. For some time, certain windows services that use “unusual” Service DACL settings to protect themselves would not work when installed using the sequencer.  This included the FlexNet licensing service and those of Google Chrome Enterprise.  While the prior work-around to manually modify these permission settings in the Sequencer will still work, you no longer need to do so.

NOTE: Microsoft doesn’t list this as a feature or fix with the release.  It seems that this was simply a side effect of a different fix to virtualized services.  They only became aware of this fix when I discovered it and asked about it.  No word on what they were trying to fix, but presumably it was to fix a different virtual service issue reported by a customer.

Please pay attention to the details in the readme about the order of upgrade installation, as this is different from prior releases due to the changes to support the new connection groups.  You should upgrade the servers before upgrading ANY clients.

This information is based on working with some pre-release builds, and re-checking the release notes to make sure that there are no unexpected surprises. We will switch out and use the new version in our training class this week (if I can get it downloaded!).  Perhaps we will learn a little more. 

Also check out Thamim’s blog on the subject here: http://virtualvibes.co.uk/connection-groups-2-0-in-app-v-5-0-sp3-more-manageable-more-flexible/

PS: I have a new version of AppV_Manage ready to release that works with the new features, and works with the Windows 10 Preview, where there are some PowerShell differences that needed addressing.  I will get that released soon.

My Favorite BriForum moment, 10 years later

BriForum 10th Anniversary This year marks the 10th Anniversary of BriForums, a rather unique conference that I have had the privilege of speaking at many times. In fact, I’ve lost count of how many I have spoken at since I have spoken at every one and for many of those years there has been both one in Europe and one in the US. This year I will be speaking both at the London show next month and the Boston show this summer.

My favorite moment at BriForum? Well it isn’t the fire and subsequent Bomb evacuation at the 2nd Washington show, which while quite memorable, doesn’t compare to the first show.

The very first BriForum was held in a movie theater in Silver City (near Washington DC). Most of the speakers barely knew each other, mostly from on-line presence and randomly running into each other at other shows like the Citrix iForum (what Synergy used to be called). Some of us had met at dinners held by posters at the ThinList, but by and large we didn’t know each other that well.

Which made it such an exciting show to hear sessions led by these awesome people. And all of us were in awe of each other, while hoping that we were good enough to not get heckled off stage when it was our turn.

So there I was, standing on the stage of a movie theater giving my presentation when I got interrupted. You know the crappy music they play along with advertisements to go buy some popcorn and soda before the movie starts? Well that started up in my room about 30 minutes into the session.

Not knowing what to do, I exited out into the lobby to find Gabe making popcorn at the popcorn machine. No, he didn’t turn on the music, but he was the guy who could figure out how to get it off. I returned to the room and it stopped. But that’s not the end of the story.

When the videos came out, I realized that the entire time I was on microphone. Everything thing I said; the conversation with Gabe and all, came out on the recorded audio.

UPDATE: Brian posted a link to the video here. The music hit at just after the 34 minute mark.

Fortunately neither Gabe nor I used any bad language!

Request for new VDI Term: “Semi-Persistent”

VDI is often categorized as either Non-Persistent or Persistent.

Non-persistent VDI is where you use a shared common image. Only one image to maintain. When the user logs off, the image is destroyed and the next time the user logs on they get the original image.

Persistent VDi is where the complete image is retained upon logout and the next time the user logs on they get the exact same image they had when they logged off.

The reality is that usually Non-persistent VDI implementation brings along some user data from the prior session. This is handled by Roaming Profiles at a minimum, but may also have folder redirection or a user environment add-on product to manage the user-related-data, either app related (UEV, AppSense, RES, TriCerat, Norskale, etc) or layering (Unidesk, Citrix PVD, 2012R2 “User Layer”).

I think we need a different term for this, segregating it from Non-persistent. I’m going to start calling this “Semi-Persistent”. What do you think?

AppV 5 Connection Group “Pellucidity” and Deletion Objects

I have written a new “white paper” on App-V 5. This one looks at package “pellucidity” (the layering effect caused by the settings “override local” or “merge with local”), and package deletion objects and how these are implemented at the client when you use Connection Groups.

As it was in 4.6 with DSC, all is not as simple as you might think. The paper makes a nice reference with charts showing you what happens in each of the possible combinations. Fortunately, most of the time the client is doing the reasonable thing. But when you hit those other cases you need a reference like this to figure out what is going on. It’s full of charts like this…

…as well as explanations. You might think the virtual file system and virtual registry would behave the same way, but you’d be wrong!

White Paper at Pellucidity and Deletion Objects: Connection Group Layering in App-V 5

App-V 5 and App Related Data

One of the big benefits of App-V has always been that applications that needed certain kinds of remediation to work today were automatically dealt with.

I’m talking about apps that were developed without complete support for multiple users (or multiple tenants), or for apps that assumed systems that have no security protection to write to common locations.

We just sequenced them, and App-V automatically redirected any writes by the user to a safe location isolated to only that app. And it all roamed with the user.

Until version 5.0, where Microsoft decided that virtualized apps should behave more like non-virtualized apps. For the most part, the changes in 5.0 are welcome and make the job of preparing and distributing apps easier. But not for a log of older apps.

Primarily we are talking apps that were originally developed before UAC in Windows Vista, but also apps originally developed before people understood multi-user in Windows XP. These categories, unfortunately, include a whole lot of business apps developed by enterprises themselves. And in most cases the enterprise cannot update the app. Reasons for being unable include:

  • No longer knowing where the source code is
  • Developer is no longer at the company
  • Don’t have the tools to even rebuild that old code
  • Nobody wants to take ownership of it

In App-V 5, we really have a couple of big problems with these apps:

  • The virtual app doesn’t roam all of the changes made by the user (the ARD).
  • The app won’t work because of file or registry writes that now fail

You would still have those problems with a natively installed version, so App-V 5 isn’t breaking anything that way, but usually these apps worked great in App-V before.

A while back, I created a tool (AppRemediation) to take care of much of the first issue. I continue to find more things and need to update that tool at some point; it doesn’t get 100%.

So to better understand the problem, I performed some new testing. The accompanying chart shows the results of all of that testing.


Click for a larger image

Testing was done using a new version of my home-built AppVPersonalization tool that allows you to write to specific places and see if it works, or where the data is being written.

The testing consisted of making a package with files, registry items, and environment variables of different kinds inside the package. I tested both cases of having the program be located inside the PVAD folder and not (VFS’d). I also tested as an admin or standard user, and with the program elevated to a different admin user using RunAsAdministrator. The chart above shows what happens in the different scenarios.

I am hoping that Microsoft will continue to adapt the App-V product to improve it’s ability to make virtual applications easier for these older applications. If not, at least you know a little more about what to look out for.

AppV is Hot Now

Microsoft App-V seems incredibly hot right now, with everyone getting ready to jump on App-V 5 when SP2 comes out. There is way more activity in this space than I have ever seen!

 

I have been running training classes on App-V for over six years now. Back when Microsoft bought Softricity, I saw an interest spike. But it was not a big spike, and it did not last long. I also have been seeing a somewhat larger boost in interest in the last 2+ years as customers started on their Windows 7 Migration, a boost that has continued through this year. That boost has caused me to add an extra class into the schedule each year, and those classes have been mostly full.

But in all of that time I never booked a student for a class until after the previous class had completed. Until now. This summer it has been hot. We have a class starting next week in Boston. Full. The next class is in Phoenix in December. Full. I added a new class today in January through our partner in Phoenix (ThinClient Computing). It already has students booked. What is going on?

Companies that use App-V 4.6 are ready to move over to 5.0. Companies that use Citrix Streaming for App Virtualization (which is going away) are switching over to App-V. Companies that never used App-V and are now a tad late in their Windows 7 Migration are using it to get done faster. Companies that completed an overhaul to SCCM2012 are now ready to virtualize their apps. Companies that finished their Migrations are virtualizing apps for flexibility. It is like a huge wave hitting us right now.

And finally there is what Microsoft is doing to the product. App-V 5 is a complete rewrite of the application virtualization stack; modernizing what AppVirt is all about and trying to make it simpler. While I have recommended App-V 5 for new customers, I have been cautious with existing customers thinking about upgrading to version 5 until we see a number of new issues resolved and other new things that we had been asking for. Most of these should be solved with the release of SP2, although I am still cautious about how well it will perform. . But the customer interest tells me that they are ready commit to SP2 now, before we even see the final bits.

App-V is finally hot.