Independent App-V Blog

In the former SoftGrid platform there was an option to allow “Anonymous Access” to virtual Applications. Anonymous Access was used in environments with only a limited Active Directory Infrastructure (like Novell Directories, Samba or others). With App-V 4.5 the option to allow “Anonymous” access disappeared from the App-V Management infrastructure without any easy substitute.

Beyond being an academic exercise I recently meet a customer in a Training class who wanted to have as much as “legacy” SoftGrid features along with new opportunities (namely Dynamic Suiting).

The requirements:

1. There is no “real” Active Directory. All Users are members of an “Alternative” Directory Service (Samba in that case, but it also might be a Windows Workgroup, eDirectory or so).
2. A Stand-Alone-AD with a very limited amount of Lab Users and no Trust Relationship to the Directory Service is acceptable but must not require any administration
3. All Users get the same set of applications
4. Client Devices get their Virtual Applications as dynamic as possible without the need to “touch” them. There is no Electronic Software Distribution solution in place
5. Dynamic Suite Composition and Active Upgrade are highly demanded
6. File Type Associations should be assigned on the Client.
7. Application Shortcut Integration (Desktop Icon, Start Menu) is optional
8. Applications are listed on an Intranet web site
9. Management efforts are as limited as possible

When evaluating the topics above, the result doesn’t look pretty nice:

1. A “legacy like” App-V Management Server infrastructure is not possible, because the App-V Management Server requires Kerberos based authentication and authorization. While the “downloading” part could be done by a simple Web Server or App-V Streaming Server, applications can’t be Published that way
2. Does not make things much easier. The existence of an “almost empty” AD was the foundation of the former “Anonymous Authentication”, because “anonymous” meant that all the  user requests were mapped to  one and the same “Service” users – and its authorization was mapped back to the users – but this option disappeared in App-V 4.5
3. That’s obvious for Anonymous Authentication – if you don’t know the users you can’t differentiate between them.
4. Because of this, any MSI based publishing (like MSI + Central Deployment or MSI in Standalone Mode) can’t be used. An MSI based announcement requires touching the client.
5. Esp. Dynamic Suiting is one of the drivers to move from SoftGrid 4.2 to App-V 4.5
6. This item prohibits the use of a simple Web Site that semi-automated displays a list of all available applications (by parsing the “Content” folder), because though the Web Site allows to launch an Application (i.e. the OSD file) it does not allow to register File Type Associations on the Client device.
7. Creating Shortcuts on the user’s desktop would allow offline access, but this is an optional feature
8. This can be done by using a script that parses the “Content” folder and creates web links to all OSD files
9. Perhaps some requirements could have been fulfilled with smart scripting solutions, but this firstly would require to actively touch the client (push the scripts) and secondly can be quite sophisticated (using SFTMIME loops with different parameters to publish the Applications Shortcuts, File Type Associations and so on).

After some discussions and testing, we came to a solution that only can be considered as a work around, because it does not provide exactly the same flexibility as the old “Anonymous Authentication”.
The Solution Design:
In the Back End

• Build an App-V Streaming Server that can be contacted from the Production Clients. Configure it to not enforce Authentication nor Authorization.
• Build a simple Web Server that can host a file. I’d recommend installing IIS on the Streaming Server Box and configure IIS to have a virtual web directory pointing to “Content”
• Build an isolated App-V Management Server on a (virtual) machine that also acts as AD Domain Controller, Database Server and (optional) Web Server.
• Make sure, all components point to the same Content folder
• Install and configure the App-V Client on the same machine pointing to that server as Publishing Server (I’ll call this client the “Publishing Client”).
• Whenever a new Application has to be published (or an existing one has to be modified), use the Publishing Client to extract the so called “Applist”. The Applist is an XML like proprietary file that tells the client how to publish applications and where to gather the required resources. The APPLIST.XML structure can be found inside the Client’s “sftlog.txt” file after increasing the log level.
• Place the Applist.xml file mon a Web Server that can be contacted by the Production Clients.

On the Clients

• Install the App-V Client and configure it as follows:
• Define the Publishing Server to be an HTTP(s) Server and point to the Applist.xml file
• Disable “RequireAuthorizationIfCached”
• Recommended: Configure the Variable SFT_SOFTGRIDSERVER to point to the streaming server

The result:
Upon User Logon, the App-V Client connects to the Web Server and downloads the Applist.xml file. This file is parsed by the Client and instructs it to download the OSD and ICO files, to create the application records on the client, to create the Shortcuts and FTAs. Upon Application Launch, there is nothing new: The client parses the OSD, contacts the Streaming Server (that is defined by SFT_SOFTGRIDSERVER, the OSD File or ApplicationSourceRoot) and transfers the Package GUID for the SFT. Streaming Server checks if there is a new version of the package and starts to deliver the SFT.
Considerations and Advantages
The biggest consideration is that some action is required every time an Application’s Publishing information are changed: The administrator has to extract a new Applist.xml and place it on the Publishing Web Server. However, this could be semi-automated in a script.
The advantage is, that with only limited effort, also Non-AD-Users can be provided with App-V Applications “on demand” – without the need to implement an MSI-based distribution solution.

Falko

So Windows 7 reached Release Candidate status last week and even earlier Microsoft released Cumulative Update 1 for App-V and now supports Windows 7 as a platform.

So you got out and downloaded the RC as well as CU1 for App-V through either the MSDN or licensing websites. You deploy your virtual applications just like you did on your mainstream platform but it doesn’t work. The applications don’t seem to get added to the client cache. "This App-V technology should ease my future OS deployments, right?" So why isn’t this working?

During the sequencing process you have selected Operating Systems that the application was supposed to work on. You have probably selected some or maybe all the available Operating Systems in the list, but definitely not Windows 7 as it was not available in earlier version than CU1.

The behavior on the App-V client is that prior to adding the application it will check if the Operating System it is currently running on is supported by the application. It does this by checking the OS VALUE tag in the OSD.

To be clear: this is done on application level, not on package level. It’s not likely but if the package has multiple applications associated with it (like Microsoft Office suite has) it might be that one application will be added while others might not depending on this tag and the way you have implemented it in your organization.

Anyway, if the Operating System is not listed the application simply won’t be added.

If you check the log you would see two messages related to this error:

The Application Virtualization Client could not parse the OSD file ‘C:\PATH\xxx.osd’. Reason: No valid implementation for this machine (rc 07708804-00000007)

The app manager could not create an application from ‘C:\PATH\xxx.osd’ (rc 07708844-00000007)

The solution to this is fairly simple, just add the tags to the OSD. This can be done in different ways:

Using the sequencer

The sequencer that you created the applications with, doesn’t hold the Windows 7 key. The version that came with CU1 does, version 4.5.1.15580.

Simply open the package and go to the deployment tab. You’ll see the Windows 7 option available here. It’s actually called Windows 7 32-bit already, probably preparing on future 64-bit versions of App-V.

Edit the OSD directly

By using a text editor or a script you could edit the OS VALUE tag in the OSD. The tag you want to add is Win7. So the result should look something like this:

Note: Be aware that if you are using the MSI option to deploy your virtual applications the OSD’s used by the installer are inside the MSI. So after you edit the OSD you need to recreate the MSI. This has to be done through the sequencer either manually (Tools-Create MSI) or automatically (SFTSequencer.exe /MSI)

Future Ready?

So all applications are updated to Windows 7 and you can enjoy (hopefully )testing them on the new platform.

You should ask yourself however if you want to go through this situation again when the next Microsoft Operating System comes along. Because a new Operating System will probably bring a new tag along with it which then has to be updated throughout the OSD’s again.

One way to avoid this situation is to have no limitation on the application whether it will deploy on a certain platform in the first place. Of course there is no guarantee it will work properly, but why restrict it from technical perspective? Another approach is to allow it to run on every platform except when you determined it isn’t suppose to.

This can be achieved in App-V by not mentioning any OS VALUE tag at all, either by removing all of them from the OSD or not selecting any OS in the deployment tab of the sequencer.

Now the client won’t decline any OSD on any platform, so you are ready for every operating system to come.

Maybe something to consider if you go through updating all your OSD’s?

Microsoft gave a sneak peak demo of App-V for Server applications on the Microsoft Management Summit last week. Check out the demo at the Microsoft Virtualization Blog.

This is pretty cool stuff and will be an exiciting new addition (and in time replacement) to the way we deploy server applications today.

Today I recieved some great news: I’ve been rewarded the 2009 Microsoft® MVP Award for Microsoft Application Virtualization (Softgrid)!

The Microsoft MVP Award Program recognizes and thanks outstanding members of technical communities for their community participation and willingness to help others. The MVP Award is given to exceptional technical community leaders who foster the free and objective exchange of knowledge by actively sharing their real-world expertise with technology users. The MVP Award celebrates the most active community members from around the world who provide invaluable online and offline expertise that enriches the community experience and makes a difference in technical communities that feature Microsoft products.

I’ve always considered myself an enthusiast of the Microsoft Application Virtualization product, both on the Internet as well as at customers, which is why I’m really honored to recieve this award. This is really a drive for me to continue my contributions to the community.

This also means that SoftGridBlog now has two contributors who have the MVP status and I don’t think many other websites can say the same. So stay tuned for more App-V content.

Many of you have downloaded the App-V Client Diagnostic and Configuration tool from our website and I received some positive feedback about the usage of the tool that was released about two weeks ago.

Now let me drill down and show you some detailed information about the tool.

Today I’ll show you the Applications tab.

When the applications tab is selected ACDC will connect to WMI and retrieve package and application name and display it in a parent - child relationship. Depending on the number of packages and applications this may take some time.

The packages are colored depending on their status.

• Green means the application is currently running
• Orange means the application is not fully loaded and might not work offline
• Red means the application is added to the app-v client, but is not loaded at all. Depending on your delivery method you might have an issue here.

This view differs from the default Client management console where only the applications are displayed. The advantage here is that packages with many applications (like Microsoft Office for example) will not fill up your console to quickly.

After you select a package or application the detail pane on the right will display detailed information about the package or application. This information is retrieved and bundled from WMI, Registry or OSD file.

Below you’ll find all the possible information available (if applicable)

One piece of information I’d like to highlight and that is Dynamic Suiting Composition.

ACDC will display DSC information in the right pane, showing dependency NAME, VERSION, GUID, HREF and Mandatory parameters.

However if the dependent application is not available in the app-v client this information is only partially available. Only the information that has been added to the OSD file of the main application can be displayed.

Additionally ACDC will tell you whether the dependent application is not available and display this information in red. This information if particularly useful if you are troubleshooting the app-v delivery methods which don’t automatically load dependent applications like the App-V MSI method or the App-V integration with Configuration Manager 2007 R2.

All the displayed detailed information can be copied to the clipboard for comparison, reporting or other purposes.

Launching the apps

The applications are not displayed for informational purposes only. If you need to troubleshoot you’ll need to launch them as well. Luckily ACDC provides a rich set of features around packages and applications for you to diagnose their environment.

Besides the actions that the default Client Management GUI has (like Add, Unload, Delete, Repair and Clear) ACDC gives you extended actions like:

• Launch predefined commands in the virtual environment
• Launch custom commands in the virtual environment
• Edit the local OSD
• Load from custom SFT path

Launching commands within the virtual environment

Getting inside the virtual environment and running your command within it was always one of the default questions I received when I was implementation App-V at customers.

Although I’ve written some articles that provide different ways to get inside the virtual environment in the past, it always seems to be hard to explain it to "technically challenged" people.

With ACDC it now becomes as easy as starting the application itself. ACDC provides 4 predefined (frequently used) commands to launch:

• Command Prompt
• Registry editor
• Windows Explorer
• Internet Explorer

And if you have a custom toolkit you also you can put these tools in the "External ACDC Launch Files" directory and they will incorporate in the tool.

Edit the local OSD

Settings in the OSD can influence the way the application runs. However editing the OSD and delivering it to the app-v client (multiple times) is somewhat time consuming.

What I always do in this scenario is edit the locally cached OSD until I was certain about the specific setting(s), before editing it back in the source. Finding the correct one however is difficult because they are all named with a GUID which you can find in the Client Management GUI.

All this is no longer needed because you can right click on any application and select Edit to open the locally cached OSD in notepad. This function even incorporates with Login Consultants OSD editor if you make that available in the same directory as ACDC.

Warning: be careful editing the OSD files because once they have a new timestamp they will not be overwritten by the Management Server during an refresh.

Load from custom SFT path

If you run into the situation where a package is not or not fully loaded and the package is unable to load for some reason, you might try loading it from the original URL (mentioned in the OSD) or an alternative source.

ACDC gives you the ability to browse to a directory and selecting the SFT file to load from. This must off course be the SFT from this particular application to work.

The good thing is that ACDC can be run under both as a Limited User and under Administrative privileges. Some functions however do require Administrative privileges.

That’s about it for the Application tab. I hope this information was useful to you.

Next I will go through the other tabs as well.

The MDOP team just announced that the engineering on version 4.6 of App-V is progressing well. This new version of App-V is mainly about the 64-bit platform support. The TAP program for App-V 4.6 will be opening soon. Somewhere in Q1/2009 registration will be available on Microsoft Connect.

Sure you can install the the current version of App-V 4.5 Management/Streaming server on a 64-bit Windows box. This works. But the current App-V (v4.5) Client cannot be installed on 64-bit Windows Clients and Server (Terminal Server). This currently is mainly an issue for Terminal Server customers who want to run on 64-bit Windows.

Also the next release of Windows Server, Windows 2008 R2 will only be available in 64-bit, forcing all future Terminal Server environments to be 64-bit. Since App-V (formely SoftGrid) gained much of its popularity in the Terminal Server community and still is, Microsoft really wants to support 64-bit.

Great news. The MDOP team just announced the availability of App-V 4.5 CU1, which besides containing all fixes from App-V 4.5 hotfix packages 1 to 3, also contains an update that makes the App-V 4.5 Client work on Windows 7 beta.

You can register and request to download the update from Microsoft Connect and find more info here: KB963693.

Microsoft also expressed their commitment to support App-V 4.5 on Windows 7 within 90 days of general availability.

AppScriber is a new product from Immidio that does Application (Self) Provisioning for application deployment products that have a very on-demand nature, like Microsoft App-V or Citrix XenApp, with their published and/or streaming applications. Actually this product will work with any deployment solution that deploys applications based on the user’s group membership.

  

Version 1.0 of the product will only have the Self Provisioning functionality and works very simple. It consists of a website with two interfaces, a user interface and a application manager interface.

An AppScriber Application Manager can add applications to the portal after which users can “activate” those applications through the AppScriber User interface. So you should only use this for the applications where all users already are allowed to use these, but if you make them all available to them it would be to much. Like a very large start menu with to many applications.

Their is all sort of features in the product like:

• Extensive logging to see what user and/or manager changed what
• See the application lists from the user’s point of view
• Display customized Activate and De-activate messages
• See what users activated a certain application
• De-activate applications for certain users

But a demo says more than a thousand words so I made 2 videos of an App-V 4.5 scenario:

1. VIDEO: From an Application Manager point of view I add an application
2. VIDEO: From a desktop user that has access to the AppScriber portal. The activation and de-activation of applications

Besides this functionality, in version 2.0 of the product a piece of workflow will be introduced. So besides just adding applications to the portal which everyone can Activate, you can then also add applications that users can Request. Those requests will go to the pre-configured Application Manager (by e-mail), who in their turn can Accept or Reject these Requests.

Immidio AppScriber 1.0 will be available soon. Also with an Express Edition with a limitation of ten applications, so you can test and play around with it.

For more information go to: http://www.immidio.com/

Today Login Consultants released a new freeware tool to support Microsoft Application Virtualization called App-V 4.5 Client Diagnostic and Configuration tool.

ACDC makes it possible for administrators or users to troubleshoot virtual applications and the environment they run in:

• Launch predefined and custom commands within the virtual environment of each application.
• See the impact of the App-V Client and the available virtual applications on your system by calculating package size, cache size, user delta file size, log file size etc.
• Diagnose problems with App-V applications by parsing the App-V Client log file (in real time) and search any message online.
• Configure settings that are not visible in the App-V Client GUI, such as “Predictive Streaming”, “Allow Stream from File”, “Max Package Age” and many more.
• Give an overview of application and package information by merging important WMI, registry and OSD information in one single window.
• ACDC can be run both as an Administrator and as a Limited User. Running as a limited user will limit the functionality of the tool due to the fact that it has less permission on the system.

Requirements

• Microsoft .NET Framework 2.0
• Microsoft Application Virtualization Client 4.5 or
• Microsoft Application Virtualization Terminal Services Client 4.5

Supported Operating Systems

• Windows XP Pro w/SP2, Windows XP w/SP3
• Windows Vista RTM/SP1
• Windows Server 2003 (SP1, SP2, R2, SP2+R2)
• Windows Server 2008

Questions or suggestions can be provided through the website http://www.loginconsultants.com/forum under “SoftGrid Tooling”

ACDC can be downloaded here (registration required).

The next couple of days I will talk in depth about the functionality of ACDC and how it can be used in the day-to-day business. Below are several screenshots from the actual tool:

 1. Launching commands within the virtual environment

2. Client installation and settings

3. Detailed cache information

4. Real time log parser

As you might know Microsoft released an Administrative Template for the App-V 4.5 Client which can be downloaded here. And documentation can be found here. This ADM can be used to manage numerous App-V 4.5 Client settings from Group Policies within Active Directory.

We have had the request from multiple customers about managing some additional App-V 4.5 Client settings which are not available in the ADM file described above. Ruben Koene from Login Consultants decided to make the App-V 4.5 Add-on ADM. This template is supplementary to the Microsoft App-V 4.5 ADM Template.

Settings managed from the Add-on ADM, amongst others, are:

• Managing the virtual drive letter
• Managing the client’s refresh settings (point to management server)
• Cache location and size

You can download it from the Login Consultants website (registration required).