Transcript
A TAKE Solutions White Paper
Application packaging can help enterprises manage growing volumes of software for desktop and server systems efficiently. By streamlining software configuration and deployment, application packaging can help reduce application management costs.
SoftGrid Application Virtualization Microsoft SoftGrid Application Virtualization is the only virtualization solution that delivers applications that are never installed, yet helps to securely follow users anywhere, on demand. Whether deployed on desktops, terminal servers or in conjunction with Microsoft SMS, \ SoftGrid changes application management from a series of tedious, manual tasks into an automated, streamlined process that accelerates the pace and reduces the cost of business. With SoftGrid, applications are never installed on individual desktops, laptops or servers.Instead, applications are located on a central SoftGrid Server, managed from a single console and deployed ondemand to either desktops or terminal servers over the network when they're needed. This automates all four stages of the application management process. Deployment: Using SoftGrid, IT administrators no longer have to go from machine to machine to deploy software. Instead, they can quickly deploy applications by placing the software on a single SoftGrid server and assigning application rights to users using Active Directory or NT Domains. This automatically deploys icons on end-users desktops with rights to the application – making access immediate and no different than what they are already used to Updates: To update applications, administrators replace only the changed files on the SoftGrid Server. End users have immediate access to the latest version Support: SoftGrid eliminates many of the problems that lead to most support calls (application conflicts, etc.). Furthermore, if there are problems with an application, support can centrally fix the software instead of having to visit the individual computer. Termination: To eliminate an application, administrators simply take it off the SoftGrid Server. To terminate a particular user's rights, they simply remove access from Active Directory. Either of these automatically removes icons for the application on end-users desktops. There is no need for un-installs or visits to individual computers. Roaming and free-seating models can be powerful for a range of IT environments including thosein hospitals, financial services firms, universities, libraries and training rooms/labs. However, they have never been viable using solely Windows desktop operating systems. These changes with Microsoft SoftGrid Application Virtualization.
2
Customers have cut help-desk costs by up to 30% by reducing call volume for application-related problems, and reduced enduser downtime by up to 80% by ensuring business continuity of applications.
Application Roaming
Security
SoftGrid supports multiple Windows client environments, including desktops, laptops and terminal servers, with a single, centrally managed infrastructure. As a result, users can seamlessly travel from one physical environment to the next throughout the day and have their applications and preferences roam with them.
Microsoft SoftGrid Application Virtualization improves application security, desktop reliability and resilience, and license compliance. When applications are not fully secured everything from desktop reliability to license compliance can be affected. Each time an application is installed, the operating system is impacted. Each time a browser is used to access applications, the likelihood of security breaches and infections increases.
Application roaming and can be used in conjunction with SoftGrid's application replication capabilities to ensure that no matter the location of the user, their application requests are always fulfilled by a local SoftGrid server, ensuring optimal performance and conserving WAN bandwidth.
Hoteling/Free-Seating Two key capabilities make it possible for users to share Windows desktops or laptops in a successive fashion: 1) All applications and user preferences can be configured to persist on the network, and 2) Applications cannot affect the local operating system on which they execute. For example, one user can sit down at a desktop in the morning hours, log in and receive icons that represent applications that are specific to them. As the user executes those applications, they are cached to the desktop or laptop but run in SystemGuard™, a virtual runtime environment that protects applications from each other and which also protects the underlying OS from any application-specific modification. The user logs off a few hours later, freeing up the machine. Then, a second user can log on and receive a different set of application icons which may or may not include some programs that overlap with the first user. As the second user starts using their programs, the applications will either be sent from a SoftGrid server and cached locally or will be loaded from the local cache if they were used by a previous user. The SoftGrid cache, therefore, is shared and persistent, which means that applications only need to be accessed one time per system. However, because of the platform's security capabilities, only users with permissions to run an application will see the icon for that application appear on their desktop, Start menu or quick launch bar.
SoftGrid improves application security in several ways: As a result of policy-based intelligent management, users can only access applications that they have been given permission to use Applications that typically require administrative rights can be run using a standard user account – in virtual administrator mode – so end-users cannot inadvertently, or intentionally, affect the network IT can secure applications via a read-only operating system with a fully locked down security template or group policy object, protecting applications from being altered or used in unauthorized manners. Because applications are never installed, the OS remains pristine and less prone to infection or degradation With application virtualization, if malware does infect one application, the chances that it will compromise other applications or the OS are greatly reduced If a laptop is lost or stolen, the applications on it will only run for a limited period, eventually timing out and protecting your license agreements.
Cost-reducing Help eliminate costly processes such as compatibility testing, as well as hidden costs. Customers have cut help-desk costs by up to 30% by reducing call volume for application-related problems, and reduced end-user downtime by up to 80% by ensuring business continuity of applications. 3
Resources can be dynamically allocated in realtime based on real-time needs. This is called the SystemGuard™ virtual application environment.
SoftGrid's patented application virtualization, dynamic streaming delivery, and centralized management technologies make everything from deployments and upgrades to migrations and business continuity initiatives, much easier, faster, and lower-risk.
Application Virtualization Application virtualization is at the heart of SoftGrid. It decouples applications from the operating system and enables them to run as network services. Application virtualization can be layered on top of other virtualization technologies – network, storage, machine – to create a fullyvirtual IT environment where all computing resources can be dynamically allocated in realtime based on real-time needs. This is called the SystemGuard™ virtual application environment. SystemGuard enables each application to bring its own set of configurations and run within a protective run-time "sandbox" on the client, so there is no dependency or effect on the configuration of the machine running them. However, since applications execute locally, they run with full performance, functionality, and access to local services – including cut and paste, OLE, printing, network drives and attached devices. Standard Operating System Environment. Under standard environments, applications install their settings onto the host operating system, hardcoding the entire system to fit that application's needs. Other applications' settings can be overwritten, causing them to malfunction or break.
Standard Operating System Environment Under standard environments, applications install their settings onto the host operating system, hard-coding the entire system to fit that application's needs. Other applications' settings can be overwritten, causing them to malfunction or break
The Virtual Application Environment With application virtualization, each application brings down its own set of configurations on-demand, and executes in a way so that only it sees its own settings. This leaves the host operating system and existing settings unaltered.
Side-by-Side Virtualization Each SoftGrid-enabled application brings down its own set of configurations and can run side-by-side without the settings conflicting with each other or the host operating system. Despite this separation, inter-application communication with other SoftGrid applications and those installed locally is preserved, allowing for cut and paste, OLE, and all other standard operations. SoftGrid's application virtualization is different than machine virtualization (such as Microsoft Virtual Server), which virtualizes the machine on which the operating system (and applications) are installed. Machine virtualization provides an abstraction layer between the hardware and the operating system that's running on top of it. It also allows managing and simultaneously operating multiple environments on a single machine. SystemGuard provides the most extensive virtualization on the market. In addition to virtualizing Windows Services, it virtualizes per user, per application instance, every critical application component including the Registry, file system, DLLs, COM/IPC, .INI files, process environment and fonts.
Registry SystemGuard creates a virtual Registry for each application. Registry settings created by one application cannot be seen by other applications — including Regedit. Rather than copying the entire Registry, SystemGuard's virtual registry utilizes an "overlay" method — items in the real registry may be read by the application as long as a virtual copy of that item is not available. All application writes to the Registry are contained within the virtual Registry.
File System SystemGuard also handles requests made by applications to files in specific directories by redirecting the requests. For example, if an application looks for a file located in a specific directory on the local C drive, SystemGuard can redirect any requests to the corresponding directory inside of its virtual file system. Dynamic Link Libraries (DLLs) specifically needed 4
This wizardbased tool allows you to package applications in a virtual environment that can be delivered and executed on the client.
by the application are made available within SystemGuard, avoiding conflicts with different versions of the same DLL that may be installed locally. These components are shared and tracked inside of the Virtual File Systemavailable. All application writes to the Registry are contained within the virtual Registry.
COM/IPC SystemGuard enables programs to redirect communication requests through services such as COM/ DCOM or IPC methods such as Named Pipes. This alleviates versioning problems and other conflicts at these interfaces.
.INI SystemGuard allows each application or instance to have private settings within virtual copies of standard Windows .ini files.
Process Environment: SystemGuard stores private environment variables — including paths, port values and addresses.
Fonts Installation of fonts can consume valuable resources as they are done on a machine-wide basis. SystemGuard can make fonts available individually on a per-application basis.
The Virtual Environment SystemGuard is at the core of SoftGrid Client, which runs on the local desktop. SystemGuard is responsible for providing a fully functional virtual environment for applications to run in isolation. Contained in this environment are the virtualized OS components—registry, files, fonts, INI, COM, embedded services, and environment variables—that are required for the application to run properly. SystemGuard creates virtualized registry keys for every application it runs. These keys are not accessible to other applications running on the local OS, nor are they visible to registry editing tools such as regedit. Registry reads and writes are redirected to the virtual keys as needed. Note, though, that virtualized applications are allowed to pass through to the local registry for information not contained in the virtualized registry
keys. Similarly, SystemGuard creates a virtualized file system and redirects the majority of the application's reads and writes to this file system. This virtualized file system is isolated and provides the environment you need if you want to run multiple versions of the same application on a single client..
Packaging Applications Now you might be wondering how you create a fully functional independent environment for your virtualized application to run in. For this task, you use SoftGrid Sequencer. This wizardbased tool allows you to package applications in a virtual environment that can be delivered and executed on the client. The sequencing process involves three steps: Installation, Configuration and Test, and Execution. In the first step, Installation, the SoftGrid Sequencer uses an active watch process to monitor the installation of the application and assess application dependencies. Once complete, the Configuration and Test phase is used to make any necessary changes to the default configuration in order to ensure the desired first-run experience. Finally, in the Execution phase, the SoftGrid Sequencer compiles and orders the code block necessary to launch the application. Feature Block 1 (FB1) is the essential code required to launch the application, allowing the user to run the application without downloading the entire package. Once an application has been sequenced, four files are created: a virtualizationenabled application file (.sft), an Open Software Description file (.osd), an Icon file (.ico), and a project file (.sprj). These are then copied to the content directory of SVAS. Alternatively, an administrator can publish .ico and .osd files to the clients using an HTTP server. While SoftGrid typically provisions applications to run independently of each other in isolated environments, SystemGuard does permit some application interaction. You should carefully examine any dependencies applications may have on one another and sequence applications together if they rely on interacting with each other. This process is commonly referred to as suiting. Note that not all applications that require interaction with one another can be sequenced
6
The management console provides a single administrative tool from which applications can be published, terminated, and so on.
together. Suiting is a very intricate process and should be done only after careful examination of the dependencies, as sometimes sequencing two or more applications defeats the purpose of virtualization.
Simplifying Administration The SoftGrid management console provides a single tool for performing all the administrative tasks. The management console is installed on the SVAS by default and can be installed on any other server or workstation. It is an MMC 3.0 snap-in and uses the SoftGrid Management Web Service to connect to the SoftGrid DataStore, giving authorized administrators full access to data stored in the database for management purposes. The connection between the management console and the SoftGrid Management Web Service uses Microsoft .NET Framework remoting, making it possible to install the management console and the Web service on the same or different servers. Larger organizations should run more than one instance of the SoftGrid Management Web Service. The SoftGrid Management Web Service runs on Windows 2000 or later with IIS 5.0 or later. The .NET Framework 2.0 or later is required, as well as Microsoft Data Access Components (MDAC) 2.7 or later for data store connectivity. The management console provides a single administrative tool from which applications can be published, terminated, and so on. Tasks are organized into nine main categories or containers. The Applications container is where the administrator can do things such as import .sprj files to publish newer applications, specify .osd location, remove applications, and so on. By default, this container includes a published package you can use to test client connectivity to the application server. A file type association is created when the applications are sequenced. Once the package is imported, the file type associations become available in the management console. The File Type Association container provides a single place for administrators to modify all file type associations. The Packages container controls versions of packages for active upgrades; these are application upgrades that can be done without the user disconnecting or the server being shut down. The administrator can also delete a package from the
management console using this container. Note that deleting a package from the Packages container will remove the .sft file fromthe management console and the data store but will not delete it from the content directory on the application server. As we mentioned earlier, when a user launches an application, SoftGrid Client checks for license availability and launches the application only if a license is available in a data store. The Application Licenses container is where administrators can associate licenses with applications—unlimited licenses, concurrent licenses, and named licenses are all supported. Server Groups contains a logical grouping of application virtualization servers and logging information. Administrators can add new server groups or modify properties (such as ports used for communication or allocated memory and processes) of an existing group. In the Provider Policies container, the administrator can create a set of rules called policies. The custom provider policies are used to give users access to numerous applications under different sets of conditions. You can use the Account Authorities container to specify a domain and credentials that will be used when SoftGrid needs access to read the domain's directory information. SoftGrid Administrators contains the user groups responsible for administering the SoftGrid environment. In this container, administrators can add or remove groups to control access permissions. Lastly, the Reports container, as its name implies, allows administrators to generate reports to check the overall health of the SoftGrid environment. The following reports are available: Application Utilization, Software Audit, System Utilization, User/ Group Activity, and System Error.
Setting up the Client The SoftGrid Client is installed on the operating system of the computer the user will use to access the virtualized application. As we mentioned earlier, two client types are supported: Microsoft SoftGrid for Desktops or Microsoft SoftGrid for Terminal Servers. Each approach hasadvantages but also certain performance tradeoffs, in terms of network latency, server farm consolidation, and ease of management. 6
SoftGrid relies on Active Directory (or Windows NT® 4.0) domain users and groups for provisioning applications to authorized users.
In a desktop implementation, applications are available locally and there is little dependency on network availability and throughput. This approach is recommended, for instance, for organizations that have branch offices with limited IT infrastructure. Terminal Services is a good option for an organization that has already rolled out terminal servers. This scenario makes efficient use of hardware and software, drastically reducing the number of necessary servers. And, of course, it enables a true free seating environment. Large organizations will typically have a combination of desktop and terminal server infrastructure. Installing and configuring the various components is similar for both approaches when you set up a SoftGrid deployment. The client can be deployed using any standard method, such as manual installation or automated deployment using a tool such as Systems Management Server 2003. Although the installation of the client is straightforward, there are some properties you must provide at the time of installation—such things as the location of the installation, the cache size, the drive letter to be used for the virtual drive, the location of application data files, and so on. Once the client has been installed, some additional settings can be specified or changed using the client management console. To launch the client management console, go to the control panel and launch SoftGrid Client Management from Administrative tools. You can choose to connect to the local machine or to a remote machine. The SoftGrid on local host root tab is where you can specify most of the functional parameters, including logging directory, application data directory, client run and display settings, error and informational message pop-up frequency, maximum cache size, virtualized drive, network and connectivity options when disconnected from SoftGrid server, and permissions. You can view and change applications in the Applications container. The Applications container provides status information about the local application, such as whether the application is running, if the application is locked in cache, and what percentage of the application (.sft file) has been streamed into the local cache. The File Type Association container allows you to view, change, and remove a file type association. For more details, see our discussion of the File Type Association in
the previous section. The Desktop Configuration container allows you to specify, change, and manually refresh the application server settings you specified during installation. Here, you can also select whether the client refresh should happen at the time of user logon (this is the default selection) and the length of the auto refresh interval.
Active Directory SoftGrid relies on Active Directory (or Windows NT® 4.0) domain users and groups for provisioning applications to authorized users. In a multi-domain environment, users can be provisioned using the appropriate group memberships (SoftGrid supports local, global, and universal group memberships) and trust relationships with the domain where SVAS is installed. When installing SVAS, you are prompted for different service accounts and groups, which help with the integration with Active Directory and are subsequently used for administrative purposes. Thus, there are three groups and accounts that you should create prior to installation: a SoftGrid Browser Account, a SoftGrid Administrators Group, and a SoftGrid Users Group. The SoftGrid Browser Account is responsible for browsing Active Directory and,therefore, requires read-only rights to all the Active Directory domains in a multi-domain environment. The SoftGrid Administrators Group is used to grant administrative access to SoftGrid Management Console and SoftGrid Management Web Service. And the SoftGrid Users Group is used to assign default provider policy, which is used to give all users in the domain access to applications published through the management console. Microsoft SoftGrid Application Virtualization helps reduce the complexities inherent in enterprise application management. With SoftGrid you can overcome formidable challenges that, until now, have been unavoidable, and transform your computing environment into a dynamic, services-oriented infrastructure.
7
TAKE has developed an efficient and cost effective approach to application migration which includes assessment and reporting on the compatibility of applications which helps to reduce time and cost
Application Stewarship
• To know the system requirements of the applications like required hard drive, memory and operating system.
Windows Installer provides a standard packaging format for applications and a standard method for customizing applications. Preparing or obtaining a Windows Installer package file for installation is called packaging the software. Each product has its own Windows Installer package file. Depending on the application to be deployed, packaging software can be as simple as performing an administrative installation to prepare the application for later installation by clients from a network location. Packaging can also be as complex as reauthoring the entire application, or even repackaging the application, which involves capturing the required modifications when installing an application and replacing the application's native installation program with a customized setup.
• To know any pre dependencies for the applications if exists.
Quality Testing
TAKE provides application stewardship as part of application packaging process for our client in reduced costs saving you much time in finding the technical details of the applications. We meet with the developers, users and testers to perform a test install of each application before packaging. The complete stewardship is performed on each application and the same is documented. Application steward is mainly the process of collecting the technical details, dependencies and requirements of the application. The following are the main objectives of this process.
• To know possible risk of installation failure for those applications.
Prior to deploying a Windows Installer–based application, typically you need to test it in the targeted deployment environment to ensure the application works as expected. However, it is often not feasible (or possible) to test each piece of an application's functionality, due to the complexity of the application and/or its interface. Behind the scenes, there may be dozens or hundreds of attempts to access files, registry keys, or services; errors may only become apparent in rare and isolated circumstances
• To know the number of target work stations and their operating system.
Deployment
• To know privileges required by the user to install and run the applications. • To know the complete installation instructions and procedures for the applications • To know the testing procedures and collect the test data to test the packages.
All the above are taken care of if the clients can provide us the right contact persons for all the applications that we have to package
MSI Packaging(Windows Installer technology) Windows Installer provides consistent and reliable methods to customize installations, update and upgrade applications, and resolve configuration problems. Using Windows Installer the operating system implements all of the proper installation rules. An application needs only to describe itself in a Windows Installer package. Windows Installer then performs the installation tasks for each application, which can help prevent problems.
Deployment tests are performed against the installed product, ensuring that the product has been installed correctly and all key functionality works in the installed environment. Test Cases in this area are primarily designed to identify whether the application fails to work properly due to permission settings on the registry or individual files. Migration can be done on a entire set of applications that are identified and tested for compatibility with the new operating system. TAKE has developed an efficient and cost effective approach to application migration which includes assessment and reporting on the compatibility of applications which helps to reduce time and cost. 8
TAKE Solutions, Inc. Global Headquarters – Chennai, India 80/81, MBC Towers, 6th Floor Alwarpet Chennai-600 018, +91.44.6696.4200 www.takesolutions.com Copyright © 2009 All content is the property of TAKE Solutions, Inc. All rights reserved. All other trademarks mentioned are the property of their respective owners.
Towell- TAKE Solutions, LLC Middle East Office PO Box 270 | PC 112 | Ruwi | Sultanate of Oman Tel. +968 24794550 Fax. +968 24795550 www.towelltake.com
[email protected]