Virtualizing Desktops and Apps with Windows Server 2012 R2 Inside Out: Planning and Implementing App-V
Application virtualization infrastructure
The infrastructure technologies of an App-V deployment are extensive, based on the deployment model that you choose. They work together to provide the complete suite of App-V technologies. It is important to familiarize yourself with all of the technologies, the typical life cycle of a virtual application, the deployment models, and some of the characteristics of packages and content packages.
App-V application life cycle
To effectively manage your virtual application infrastructure, you need to plan for the life cycle of your virtual applications. Without an effective life cycle, you may end up with application sprawla situation in which you have too many applications to manage. To avoid this, you should spend ample planning time designing and documenting an operational framework for your virtual application life cycle. In this section, we’ll discuss the four phases of the virtual application life cycle: sequencing. publishing and deployment, updating, and termination.
The App-V Sequencer is one of the primary applications of an App-V deployment. You use it to create virtual application packages. Then, you deploy the packages to your App-V clients. It is important to consider the following before you begin deploying the sequencer and sequencing applications:
Prerequisites If the computer that runs the sequencer isn’t running Windows 8 or newer or Windows Server 2012 or newer, then it must have the following software installed prior to installing the sequencer. Note that the App-V client installation automatically will install the Visual C++ prerequisites.
- Visual C++ Redistributable Package for Visual Studio 2013
- Visual C++ 2005 Redistributable
- Microsoft .NET Framework 4
- Windows PowerShell 3.0
- Microsoft KB2533623 hotfix
- Windows 8 or newer or Windows Server 2012 or newer If the computer that runs the sequencer is running Windows 8 or newer or Windows Server 2012 or newer, it already has the prerequisite software.
- Match the hardware and software The computer that runs the sequencer should have a hardware and software configuration that matches the App-V client computers. For example, if all of your App-V client computers run Windows 8.1, you should install the sequencer on similar computer hardware that runs Windows 8.1.
- Use a virtual machine When possible, use a virtual machine (VM) as the computer that runs the sequencer. This allows you to take a snapshot of the VM prior to sequencing an application. Then, after you finish sequencing an application, you should revert the VM to the snapshot. This allows you to sequence an application with the same baseline configuration, which minimizes issues. Although the sequencer will allow you to sequence multiple applications without reverting the sequencer to a baseline configuration, it will warn you that you may encounter issues.
- Multiple sequencers If you have multiple operating system versions running the App-V client, you seriously should consider having multiple sequencers. This enables you to sequence applications on the same operating system to which you will deploy or stream the applications.
Application publishing and deployment
After you sequence an application, you need to publish it and deliver it to the clients. Publishing a virtual application makes the application available to App-V clients. Before the actual publishing process. you need to be aware of the different methods that you can use based on the type of App-V deployment you have.
Stand-alone deployment model
In the stand-alone model, you need to add the App-V package of the application to clients. You can do this by using the Add-AppVClientPackage Windows PowerShell cmdlet. For example, if you have an App-V package named 7-Zip.appv located at \\tt-util-01\share\7-Zip.appv, you can run the following command to add the package:
Add-AppVClientPackage Path \\tt-util-01\share\7-Zip.appv
After running the command, the output will show the details of the package added. In fact, the output is the same as if you were to run the Get-AppVClientPackage Name 7-Zip Windows PowerShell command. The output is shown in Figure 4-1.
Figure 4-1 Adding a package
In the output, notice that the IsPublishedToUser property is set to False. This is an important detail because while it is set to False, the user won’t see or be able to use the virtual application. After you’ve added the package, the client will begin receiving the files that make up the package. The data will be stored locally on the client. You can look at the %ProgramData %\App-V directory to see data from the package.
The next step is to publish the application. However, you can’t publish an application until the application has been added to the client. Once you are ready to publish, you can use the Publish-AppVClientPackage Windows PowerShell cmdlet. For example, if you added a package named 7-Zip, you can publish it to the client by running the following Windows PowerShell command:
Publish-AppVClientPackage Name 7-Zip
Once you run that, the output will be similar to when you added the package. The key difference is that the IsPublishedToUser property will be updated to a value of True, as shown in Figure 4-2.
Figure 4-2 Publishing a package
After you publish the package, the application becomes available to the user. If shortcuts are configured for the package, they will begin to be displayed after publishing the package.
Full infrastructure model
In the full infrastructure model, the publishing process is a bit more automated, especially when you are dealing with a large number of virtual applications. The high-level process to publish an application is shown below. Note that the first step involving Group Policy is a one-time step in a new full infrastructure model and would not need to be performed for each application that you want to publish.
- Create a new Group Policy Object (GPO) and modify the App-Vrelated GPO settings for your environment. Link it to the computers that have the App-V client software. At a minimum, you should configure an App-V publishing server in the GPO so that App-V clients will automatically be configured for a publishing server.
- Add the application package on the App-V management portal. Configure the settings based on your environment. At a minimum, you need to ensure that the users have access to the application and that the application is published. You can configure access by right-clicking the application and then clicking Edit Active Directory Access.
- Publish the application. To publish an application from the management portal, right-click it and then click Publish. You also can publish an application by using Windows PowerShell. For example, to publish an App-V package named 7-Zip, you can run the Publish-AppvServerPackage Name 7-Zip command.
- Sync the clients or wait for the next automatic sync. To immediately sync a client with an App-V publishing server named TT-UTIL-01, run the Sync-AppvPublishingServer Name TT-UTIL-01 Windows PowerShell command.
Configuration Manager model
If you use App-V and Configuration Manager to manage and deliver applications, then the steps to publish an application are different from other App-V models. The following high-level steps describe the process of publishing by using Configuration Manager.
- In the Configuration Manager console, create a new application.
- On the General page of the Create New Application Wizard, configure the application type to be Microsoft Application Virtualization (App-V) Client 5.0. Then, browse to the location of the .appv package that you want to publish. Also, ensure that the user and deployment .xml configuration files are in the same location as the .appv file. By default, the name of the user configuration file is <app>_UserConfig.xml. For example, if the name of the .appv file is 7-Zip.appv, then the name of the user configuration file is 7-Zip_UserConfig.xml. By default, the name of the deployment configuration file is <app>_DeploymentConfig.xml. For example, if the name of the .appv file is 7-Zip.appv, then the name of the deployment configuration file is 7-Zip_DeploymentConfig.xml.
- Complete the Create New Application Wizard by specifying application details or maintaining the default values.
- Distribute the application to Configuration Manager distribution points so that clients can obtain the application from the nearest distribution point.
- Deploy the application to clients. You can deploy the application as a streaming application if you have a full infrastructure App-V deployment model. Otherwise, you can opt for the download and execute method. Each method has pros and cons. See http://technet.microsoft.com/en-us/library/jj822982.aspx for more information on the two deployment methods.
One ongoing maintenance task that you’ll need to perform is updating applications. An application update, sometimes called an application upgrade, occurs when a software company releases a newer version of the application. Often, companies release newer versions of software to fix security issues or provide new or enhanced functionality. In a standard application deployment, in which applications are installed on every computer. you need to perform the update on every computer. In a virtualized application deployment, in which applications are packaged and delivered by App-V, you only need to update the packaged application on the App-V Sequencer and then update the distribution method with the updated package.
To update an existing App-V application with the App-V Sequencer, perform the following steps:
- Run the App-V Sequencer on the client computer that you use for sequencing.
Click the Modify An Existing Virtual Application Package option, shown in Figure 4-3.
Figure 4-3 App-V Sequencer
On the Select Task page, shown in Figure 4-4, keep the Update Application In Existing Package option selected and then click Next.
Figure 4-4 App-V Sequencer Select Task page
On the Select Package page, shown in Figure 4-5, click Browse and navigate to the existing App-V package file (.appv), click the file, click Open, and then click Next.
Figure 4-5 App-V Sequencer Select Package page
On the Prepare Computer page, shown in Figure 4-6, if the computer is ready to create a package, click Next. If issues are listed, remediate the issues if necessary and then click Refresh until the computer is ready to create a package. Click Next.
Figure 4-6 App-V Sequencer Prepare Computer page
On the Select Installer page, shown in Figure 4-7, click Browse and navigate to the install file for the application update. Click the installer file, click Open, and then click Next.
Figure 4-7 App-V Sequencer Select Installer page
The application update installation will begin. Update the application based on the installation program. When finished, select the I Am Finished Installing check box, as shown in Figure 4-8, and then click Next.
Figure 4-8 App-V Sequencer Installation page
On the Installation Report page, shown in Figure 4-9, if the update was successful, the App-V wizard should report that there weren’t any issues detected. Click Next.
Figure 4-9 App-V Sequencer Installation Report page
On the Prepare For Streaming page, shown in Figure 4-10, click Run All. Then. perform any needed first-run application configurations. When finished, close the updated application and then click Next in the App-V wizard.
Figure 4-10 App-V Sequencer Prepare For Streaming page
On the Create Package page, shown in Figure 4-11, enter a location to save the updated application package and then click Create.
Figure 4-11 App-V Sequencer Create Package page
- After the package creation completes, click Close. Next, you need to make the updated .appv package available to publishing servers, App-V clients, or Configuration Manager, depending on your App-V deployment model.
As part of your routine application maintenance. you’ll need to temporarily and permanently remove applications from your environment. Sometimes, you’ll need to remove applications from specific users. Other times, you’ll need to permanently remove an application from all of your users. You should understand the options available to you for handling these tasks. Let’s look at a few scenarios and walk through the process.
Removing an application from a small number of users
There are many situations in which you will need to remove an application from one user or a small group of users. For example, if you were running end user pilot testing for a new application, you may want to remove users after they’ve completed their testing. There are multiple methods for doing this, but we’ll focus on one of the most common methods in an environment with the App-V full infrastructure deployment model. In this model. you should be assigning application access based on Active Directory Domain Services (AD DS) security groups. When it is time to remove one or more users. the simplest method is to remove those users from the security group. The virtual application remains available in App-V, but only for users with the appropriate access rights. In situations in which you are completely and permanently removing an application from all users, you have a few options:
In the App-V Management Console, you can delete the application by right-clicking it and then clicking Delete, as shown in Figure 4-12.
Figure 4-12 App-V Management Console showing Packages workspace with two published applications
From that point on, new App-V clients can’t launch the deleted application. Users who already have the application or have used the application will still see it and be able to launch it. You should be aware of a couple of things that cause this. You delete apps from the App-V Management Server. The publishing server, by default, refreshes the list of published applications every 10 minutes. Clients get the list of applications from the publishing server. This 10-minute refresh occurs even if the management server and publishing server run on the same server! Even if you sync the App-V client with the publishing server immediately following an application deletion, it won’t matter because the publishing server isn’t yet aware that the application was deleted. In most production environments, this 10-minute refresh cycle is okay. However, if you need to reduce the amount of time between refreshes or manually perform an immediate refresh, you have the following options:
On the publishing server, stop the AppVPublishing application pool, shown in Figure 4-13, in Internet Information Server (IIS).
Figure 4-13 IIS application pools for App-V
Then, start the AppVPublishing application pool. This kicks off an immediate refresh of the published apps. Thereafter, you should perform a client sync to complete the removal process. Otherwise, you must wait until the next client sync.
Alternatively, you can adjust the refresh intervals in the registry on the publishing server. To do this, go to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Server\PublishingService key and reduce the value of the PUBLISHING_MGT_SERVER_REFRESH_INTERVAL entry. The default is 600 seconds. You can reduce it to something much smaller, such as 10 seconds, as shown in Figure 4-14.
Figure 4-14 App-V publishing registry values
An App-V 5.0 deployment includes a number of technologies, some of which must be present in all App-V 5.0 models, and some of which are used by only specific App-V deployments. These technologies are the management server, publishing server, management server database, reporting server, reporting server database, Sequencer, and App-V client.
From the Feature Selection page of the Microsoft Application Virtualization (App-V) Server 5.0 Setup Wizard, you can select which servers and databases you want to install, as shown in Figure 4-15.
Figure 4-15 The Feature Selection page showing the available App-V server features
Management server and management server database
The management server hosts a Microsoft Silverlightenabled web application that App-V administrators use to manage an App-V infrastructure. When you use App-V 5.0, all management occurs through the web console or Windows PowerShell, unlike previous versions of App-V. A computer must have Silverlight installed to access the console.
You can use the management server to work with the following objects:
- Packages You can import packages in the App-V file format, which uses the .appv file extension. You then can publish the packages to App-V publishing servers. You also can use the console to configure package security. In Figure 4-16, the management console shows the Packages workspace with a couple of published applications.
- Connection groups Connection groups make it possible for virtual applications to interact with one another. You also can use the console to configure security for connection groups.
- Publishing servers You can authorize publishing servers. You perform this task from the Servers node. You must specify publishing servers in the domain\computername format.
Administrators You can add and manage App-V administrators. Administrators are able to import and publish packages, configure connection groups, and add publishing servers.
Figure 4-16 App-V Management Console showing Packages workspace with two published applications
The management server database stores the App-V configuration and data settings. The database is hosted on a Microsoft SQL Server instance that is running SQL Server 2008 Service Pack 2 (SP2), SQL Server 2008 R2, or SQL Server 2012. You should install the management server database separately from the management server, and if you do, you need to deploy the database first and then specify its location when you deploy the management server.
Publishing server, sequencer, and App-V client
The publishing server is a web server, built on IIS, which hosts and deploys applications for App-V clients. In previous versions of App-V, a publishing server was called a streaming server. You deploy App-V applications to a publishing server in the App-V full infrastructure model by using the App-V Management Server console or by using Windows PowerShell.
You can deploy a management server and a publishing server on the same computer. You also can deploy a publishing server on a separate computer as long as you already have deployed an existing management server. This is different from previous versions of App-V, in which it was possible to deploy App-V streaming servers without having deployed a management server.
Previous versions of App-V streamed applications by using the Real-Time Streaming Protocol (RTSP). App-V 5.0 applications stream from a publishing server by using HTTP, HTTPS, or SMB. When you configure a publishing server, you specify a TCP/IP port that is used to stream applications. You subsequently use this port address when you configure Group Policy for use with App-V clients so that clients can access published App-V applications.
Publishing servers are useful in environments that have multiple geographic locations and are connected by wide area network (WAN. links. If you have the App-V full infrastructure model with a management server, publishing server, and database server at the headquarters office, clients outside the headquarters office likely would have a degraded experience compared to having App-V publishing servers locally at their office. In this case, you should deploy publishing servers at branch offices so that clients at those branch offices would be able to receive applications directly from the publishing server in the branch office, rather than across a WAN link from a publishing server in another office.
You can configure a client with the addresses of up to five publishing servers when you use Group Policy, as shown in Figure 4-17.
Figure 4-17 GPO settings for publishing
When configuring Group Policy to support clients in branch offices, provide the address of both the local publishing server and a second publishing server to use in case the local publishing server fails. The diagram in Figure 4-18 represents an App-V environment with a headquarters office and two branch offices. Each App-V client is configured to use the local App-V publishing server in its local office and also is configured with a secondary App-V publishing server in an alternate site.
Figure 4-18 App-V environment with multiple publishing servers
You can use the Sequencer to create applications that can run under the App-V client. You should sequence an application on a Sequencer that is configured on the operating system on which the application will run. This helps minimize compatibility issues for your virtualized applications.
The App-V 5.0 Sequencer can install only on computers that run Windows 7 Service Pack 1 (SP1), Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012, or Windows Server 2012 R2. In most cases, you should configure a client operating system as a sequencer. This is because most of your virtualized apps likely will be on a client operating system.
The App-V Sequencer has the following requirements:
- Windows 7 Service Pack 1 (SP1), Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012, or Windows Server 2012 R2
- Microsoft .NET Framework 4 or 4.5
- Windows PowerShell 3.0 or newer
- Update for Windows KB2533623
The App-V client must be installed on computers before those computers can run virtualized applications. The App-V client supports both x86 and x64 operating system architectures:
- On x86 operating system architecture, only x86 applications are supported.
- On x64 operating system architecture, both x86 and x64 applications are supported.
You need to deploy a separate App-V client on RD Session Host servers. We look at that client in an upcoming section in this chapter titled “ App-V for Remote Desktop Services client.”
Reporting server and reporting server database
The App-V reporting server, an optional feature, is the built-in reporting feature that you can use for reporting on virtual application usage. The reporting server records the following information:
- Application use, including launch status, startup times, and shutdown times
- Client information such as the host name, client version, operating system version and type, processor architecture, and operating system service pack level
- Package information, such as the package name, version, source, and the percentage cached
You configure the address of the reporting server when you use App-V Group Policy settings, as shown in Figure 4-19. Clients forward data to this address, which the reporting server then forwards to the reporting server database. You can install the reporting server separately from the reporting server database, though if you do this, you already must have deployed the database on another server.
Figure 4-19 GPO settings for reporting
The reporting server database stores all the information that is forwarded to the reporting server. The instance that hosts the reporting server database must meet the same requirements as the instance that hosts the management server database. You can host both databases on the same server. You don’t have to install SQL Server Reporting Services to deploy an App-V reporting server, but it is helpful because the App-V product doesn’t include report generation.
App-V deployment models
There are three deployment models that you can use to deploy App-V. Each model and its characteristics are described below:
Full infrastructure model This is the most complete deployment of App-V and also is the most commonly deployed model. It offers the most services and functionality and has the largest footprint. The key technologies of the full infrastructure deployment are the App-V Management Server, the App-V Publishing Server, the App-V client, and an App-V Sequencer. SQL is required on the back end, and the solution ties into AD DS. Optional technologies are the reporting server and associated reporting database. This model offers streaming of applications without requiring a System Center Configuration Manager environment. An example of a typical full infrastructure model deployment is shown in Figure 4-20.
Figure 4-20 Technologies of a typical full infrastructure model
- App-V integration with Configuration Manager model This is an implementation of App-V that, at a minimum, includes App-V clients, an App-V Sequencer, and System Center Configuration Manager 2012 or later. The App-V Management Server isn’t part of this deployment model, the App-V Publishing Server isn’t part of this deployment model, there isn’t a desktop configuration service, and you can’t track licensing or perform metering. The desktop configuration service is used by App-V clients to find out information about available virtual applications. This deployment model doesn’t require SQL or AD DS, but it requires System Center Configuration Manager, which enables you to stream App-V applications from Configuration Manager distribution points and automatically deploy the App-V client to computers.
- Stand-alone deployment model This is a small implementation of App-V. This deployment model has only App-V clients and an App-V Sequencer, which enables you to create .appv files or .msi files for delivery via a separate application delivery solution such as Group Policy or network file shares. The .appv files and the .msi files can be run only by the App-V client. This model isn’t used often but can be valuable for a test environment or an environment with a lot of users who do not routinely connect to the network.
An App-V package comprises several files that have specific functionality. The primary package file is the .appv file that contains the captured assets and state information. Additional files provide custom integration information for publishing applications, detailed sequencing reporting, and, optionally, sequencing templates and package accelerators. You can use the following files to provide custom integration:
- The .appv file contains the captured files and state from the sequencing process in a single file. This file includes the architecture of the package file. publishing information, and registry settings in a tokenized form that can reapply to a machine and to a specific user on delivery.
- The .msi file is used in stand-alone deployments or, optionally, when deploying by using Configuration Manager or other deployment platforms.
- The _DeploymentConfig.xml file contains default publishing parameters for all applications in the package, and it can be modified to support customization.
- The _UserConfig.xml file allows customization of publishing parameters for specific domain users. You can customize items such as shortcuts and file associations with this config file.
- The Report.xml file contains diagnostic information, how sequencing is done, and what files are excluded from a package. It also contains the messages that are displayed in the Sequencer after you finish sequencing an application.
- The .cab file is an optional package accelerator file that speeds up the creation of sequenced virtual application packages.
- The .appvt file is an optional Sequencer template file that retains commonly reused Sequencer settings.
Contents of an .appv package
An .appv file is a compressed file that contains the contents of a virtual application package. It is based on the Open Packaging Conventions standard. It is used to store a combination of XML and non-XML files in a single entity. You can view .appv file contents by renaming the file with a .zip extension and exploring its contents.
The following list describes the primary .appv file contents:
- StreamMap.xml Contains Feature Block 0, also named the Publishing Feature Block.
- PackageHistory.xml Contains information about the origin of a package, for example, which user sequenced the package, on which machine, and at what time.
- FilesystemMetadata.xml Contains a list of the files that are part of the application and were captured during the sequencing.
- AppxManifest.xml Metadata for a package that contains everything that is needed to publish.
- Registry.dat A mountable .dat file containing the registry that was captured as part of the package.
- Root Contains the file system for the virtualized application that was captured during sequencing.