Virtualizing Desktops and Apps with Windows Server 2012 R2 Inside Out: Planning and Implementing App-V

Deploying App-V infrastructure

After you determine which application virtualization model to use, you need to deploy the appropriate roles to support that model. In most production environments, you should host the management server database and the reporting server database separately from the management server and the reporting server. It isn’t uncommon to see the management database and reporting database also separated, depending on the database infrastructure you have. Before a deployment, you need to understand the order in which to deploy App V technologies. In this section, we will explain the following:

• App-V infrastructure requirements
• Installing management databases
• App-V Management Server configuration
• App-V Publishing Server deployment and configuration
• App-V for Remote Desktop Services clients
• Integrating App-V with System Center Configuration Manager

App-V infrastructure requirements

The technologies of App-V should be deployed in a specific order. If you deploy all roles on the same server when you deploy the App-V full infrastructure model, the installation wizard automatically deploys them in the correct order. If you deploy the roles on more than one server, you should deploy them in the following order:

1. Management server database
2. Management server
3. Publishing server
4. Reporting server database (optional)
5. Reporting server (optional)

When you configure management server database settings, you need to specify the security account of the computer that will access the database. This can be a security group account or the computer account of the server that will function as the management server. When you install a management server separately, you need to specify the instance location and credentials that will be used to access the management server database.

When you deploy a publishing server, you need to specify the network address of the management server. You can’t deploy a publishing server without having a management server already deployed, unless you deploy all of the roles at the same time.

You must deploy a reporting server database before deploying a reporting server. The reporting server doesn’t have dependencies on any other services in the App-V full infrastructure model.

You don’t need to install the App-V Sequencer when deploying the App-V full infrastructure model. However, it is a good idea to deploy a sequencer as soon as possible to begin testing the deployment. The App-V client usually is the last application to be deployed.

Installing management databases

The management server stores all of the configuration data in an App-V management database, which includes all application metadata. the deployment configuration, the relationships, and the security assignments. The management server only communicates with the management database, and it is the first technology that should be installed in the App-V full infrastructure model. When you add management servers for a scalable deployment, you only need to allow Read and Write permissions to the database. You don’t have to provide additional configurations.

The minimum supported database platform is Microsoft SQL Server 2008 R2 Standard, Enterprise, Datacenter, or Developer edition (32-bit or 64-bit). The Developer edition should not be used in a production environment. Additional prerequisites include the installation of the following:

• .NET Framework 4 (Full Package)
• Microsoft Visual C++ 2010 SP1 redistributable package (x86)
• Windows Server 2008 or newer

In the deployment scenario in which you install all of the technologies on the same computer, the App-V server setup GUI-based installation first installs the App-V management database and then installs the management server and the publishing server. Finally, if selected, the reporting database and reporting server are installed.

If you are implementing scalable deployment, you should run the GUI installation on a server that hosts the management database because remote SQL database creation isn’t supported in the installer.

As an alternative, you can install the SQL database when you execute SQL Server scripts that are extracted from the server setup, as shown in Figure 4-24. SQL Server scripts extract from the setup with the following command: appv_server_setup.exe /layout /layoutdir=c:\ extract.

In the destination folder, you must modify two of the six scripts to provide the appropriate Read and Write permissions for the domain accounts or domain groups that you need to manage an App-V infrastructure. The first modification must be done to the Permissions.sql script to replace the entry for [ManagementDBWriteAccessAcountSid] and for [ManagementDBWriteAccessAcountName] with the security identifier (SID. and the name for the domain group that requires Write permissions to the database. This group should include the App-V administrator account and all management servers in the environment. If you use the same account for installation and App-V administration, then you should use the same entries for [ManagementDBPublishAccessAcountSid] and [ManagementDBPublishAccessAcountName]. Otherwise, you should enter the correct SID and name for the installation account. In Figure 4-25, the Permissions.sql file has been modified and is ready for use.

Modification of the second script, Database.sql, is optional and has to be done only if you plan to replace the default database name AppVManagement with a unique name. In Figure 4-26, the Database.sql file has been updated to create a database named CustomDB.

A SQL Server administrator must run prepared SQL scripts against a computer that is running SQL Server that will host the database. SQL Sysadmin permissions are required. You can run the script if you first open the SQL Server Management Studio console and run it as a query, but you need select the proper database. The second method that you can use is the OSQL command-line application. “ The switches /E, /i, and /d are case-sensitive. Reporting database setup is identical to a management database and can be done with the App-V setup installer, or it can be pre-created with SQL scripts. The following commands can be used:

OSQL –E –i database.SQL

OSQL -E -d MS_Appv5_Management –i CreateTables.sql

OSQL -E -d MS_Appv5_Management –i CreateStoredProcs.sql

OSQL -E -d MS_Appv5_Management –i UpdateTables.sql

OSQL -E -d MS_Appv5_Management –i insertversionlnfo.sql

OSQL -E -d MS_Appv5_Management –i Permissions.sql

App-V Management Server configuration

An App-V Management Server provides a centralized location to manage an App-V 5.0 infrastructure for delivering virtual applications to both an App-V client and an RDS (formerly Terminal Services. client. Unlike previous versions of App-V, a web application that runs on Silverlight manages the App-V 5.0 infrastructure. You configure this web application’s address when you install a management server. The installation of an App-V Management Server creates a dedicated IIS website, for which you can specify the name during the installation setup. By default, it is called the Microsoft App-V Management Service. The App-V Management Service will be configured to listen on a dedicated port number, which can be provided during setup.

App-V server features can install on multiple servers to provide scalability and high availability; however, all App-V server features would need a common way to be accessed, such as by using a load balancer. Each management server node needs connectivity to the database on the computer that is running SQL Server. If a single server hosts multiple technologies, they can use different ports, or you can configure them to share a single port.

Preinstallation tasks include configuring appropriate user and administrative groups that can install and administer a management server. A management server requires that an IIS server is installed and configured to be trusted for delegation. If you plan to support Secure Sockets Layer (SSL. for connectivity to a management server, you also need a server certificate that is issued from either an internal or a public certification authority.

Installing an App-V Management Server at the command line requires elevated privileges. You can display the installation parameters. shown in Figure 4-27, by running the following command:

appv_server_setup.exe /?

The following commands provide an example of an App-V Management Server installation, as shown in Figure 4-28. You can verify the output of the installation in the log file appv_server_datatime.log in the %temp% directory.

appv_server_setup.exe /quiet /management_server /MANAGEMENT_ADMINACCOUNT=”Adatum
\AppVAdmin” /MANAGEMENT_WEBSlTE_NAME=”Microsoft App-V Management 
 service” /MANAGEMENT_WEBSITE_PORT=”80” /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER
_NAME=”SQLSRV.adatum.com “  /EXISTING_MANAGEMENT_DB_SQLIN STANCE_USE_DEFAULT 
/EXISTING_MANAGEMENT_DB_NAME=”AppVManagement”

Common postinstallation tasks include sharing the content folder that is used to store the App-V package. It also is common to enable firewall rule exceptions.

You can install a management server by using a very basic GUI, but for enterprise deployment, we recommend script-based installation. Management servers and publishing servers have a dependency on IIS with the following features:

• Common HTTP features: static content and default document
• Application development features: Microsoft ASP.NET, Microsoft .NET Extensibility, and Internet Server API (ISAPI) extensions and filters
• Security features: Windows authentication and request filtering
• Management tools features: IIS Manager

One common method for proper installation of IIS and all required services is to use the Deployment Image Servicing and Management (DISM) tool, which you can use to create a script by saving the following commands in a text editor with the .cmd extension:dism /Online /Enable-Feature /FeatureName:llS-ApplicationDevelopment ^

/FeatureName:IIS-ASPNET /FeatureName:HS-commonHttpFeatures ^

/FeatureName:Iis-DefaultDocument /FeatureName:Iis-DirectoryBrowsing ^

/FeatureName:Iis-HealthAndDiagnosti cs ^

/FeatureName:HS-Httpcompressionstatic ^

/FeatureName:HS-HttpErrors /FeatureName:HS-HttpLogging ^

/FeatureName:HS-HttpTracing /FeatureName:HS-lSAPiExtensions ^
/FeatureName:HS-ISAPiFilter ^

/FeatureName:Iis-LoggingLibraries /FeatureName:HS-ManagementConsole ^

/FeatureName:Iis-Managementservice /FeatureName:HS-NetFxExtensibi1ity ^

/FeatureName:IIS-Performance /FeatureName:ns-RequestFiltering ^

/FeatureName:HS-RequestMonitor /FeatureName:HS-Security ^

/FeatureName:Iis-staticcontent /FeatureName:Iis-webserver ^

/FeatureName:HS-webserverManagementTools ^

/FeatureName:HS-webserverRole /FeatureName:Iis-windowsAuthentication ^

/FeatureName:WAS-ConfigurationAPl /FeatureName:WAS-NetFxEnvi ronment ^

/FeatureName:WAS-ProcessModel /FeatureName:WAS-WindowsActivationservice ^

A management server has the following requirements:

• 1-gigahertz (GHz) or faster x64 processor; two cores Intel Xeon 2.0 GHz or faster recommended
• 2 gigabytes (GB) or more of RAM; 4 GB of RAM recommended
• 200 megabytes (MB) of free disk space (does not include content); 40 GB recommended
• Windows Server 2008 R2 SP1 or newer.NET Framework 4 Extended
• .NET Framework 3.5.1 Features (or 4.5)
• Visual C++ 2010 SP1 Redistributable Package (64-bit)
• Visual C++ 2010 SP1 Redistributable Package (32-bit)
• Silverlight
• Windows PowerShell 3.0

App-V publishing server deployment and configuration

When you deploy an App-V publishing server, you must specify the location of an existing App-V Management Server. This is different from previous versions of App-V, in which it was possible to deploy a stand-alone streaming server without having to configure a management server.

Publishing servers function as distribution points for virtualized applications when you use the App-V full infrastructure model. Applications stream from these servers to clients. The entire application doesn’t need to stream before a user can start interacting with it; therefore. you won’t need as much bandwidth as you would with other deployment methods. Nonetheless, you still need to provision adequate bandwidth for the connection between a publishing server and the client.

To install a publishing server by using a GUI installer, you must follow the same steps as installing the management server. You have to point to an existing management server, and if these two roles coexist on the same computer, you must choose a different port for the website.

When you perform a command-line installation, you can use the help that the installer provides, which presents examples and definitions that construct the following command:

appv_server_setup.exe /?

You can use the following commands to perform publishing server installation at the command line:

appv_server_setup.exe /quiet /publishing_server

/PUBLlSHlNG_MGT_SERVER=http://lon-svr1.adatum.com

/PUBLlSHlNG_WEBSlTE_NAME=“Microsoft Appv Publishing service”/PUBLISHING_WEBSITE_PORT=“80
“ /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME=”SQLSRV.adatum.com” /EXISTING_MANAGE-
MENT_DB_SQLIN STANCE_USE_DEFAULT /EXISTING_MANAGEMENT_DB_NAME=”AppVManagement”

As a best practice, when you install on the same server as the management server, use port 80 for the publishing server and an alternate port for the management server.

After you deploy both the management server and the publishing server, you need to configure them with appropriate firewall rules to provide management and client connectivity.

A publishing server is a web application that is hosted on IIS, and any configuration changes can be done through IIS Manager or by using the HKLM\Software\Microsoft\APPV\Server\PublishingService\PUBLISHING_MGT_SERVER registry settings to point to the protocol and port that establish connectivity with the App-V Management Server. The PUBLISHING_MGT_SERVER_REFRESH_INTERVAL registry setting specifies how often a publishing server queries a management server for packages. The default value is 600 seconds (10 minutes), and for testing purposes, you can shorten the interval to propagate changes to clients more quickly. Any registry changes will become effective when the application pool restarts or IIS restarts.

You also can configure management server settings in IIS and the registry, as shown in Figure 4-29.

HKLM\Software\Microsoft\APPV\Server\ManagementService contains configuration data for a management server. From this registry location, you can identify or change a connection string to the management database (MANAGEMENT_SQL_CONNECTION_STRING). or identify the port and name for the management website.

In addition to the registry, some configuration settings are stored in the files in the INSTALLDIR. The AdminGroup.xml file contains information to recover access to an App-V console when you remove the last administrator from the console.

A publishing server has the following requirements:

• 1 GHz or faster x64 processor; two cores Intel Xeon 2.0 GHz or faster recommended
• 2 GB or more of RAM; 4 GB of RAM recommended
• 200 MB of free disk space (does not include content); 40 GB recommended
• Windows Server 2008 R2 SP1 or newer.NET Framework 4 Extended
• Visual C++ 2010 SP1 Redistributable Package (32-bit)
• Windows PowerShell 3.0

• The Web Server role with the following features:

  • Common HTTP features: static content and default document
  • Application development features: ASP.NET, .NET Extensibility, ISAPI extensions and filters
  • Security features: Windows authentication and request filtering
  • Management tools features: IIS Manager

App-V for Remote Desktop Services client

App-V 5.0 has a separate, special client that makes it possible to run virtualized applications on RD Session Host servers. With this client, you can run applications on RD Session Host servers that might not otherwise run on an RD Session Host server.

The App-V for RDS client has the following system requirements:

• 1.4 GHz or faster x86 or x64 processor
• Windows Server 2008 R2 SP1 or Windows Server 2012
• .NET Framework 3.51 and 4 (Full)
• Windows PowerShell 3.0
• Microsoft KB2533623 (Windows Server 2008 R2)
• Visual C++ 2008 redistributable (if installing by using an executable file)

You must configure Windows Server 2008 R2 or Windows Server 2012 as an RD Session Host server before you install the App-V for RDS client.

You can use the App-V for RDS client with the App-V full infrastructure, stand-alone, and Configuration Manager–integrated models. The App-V for RDS client uses the same Group Policy settings as the normal App-V client.

Integrating App-V with System Center Configuration Manager

The Configuration Manager–integrated model requires that you have an existing Configuration Manager or newer deployment. This model allows you to deploy sequenced App-V applications as one of many different application deployment types.

Before deploying sequenced App-V applications, you should configure App-V client software as an application that you can deploy. You then can specify the App-V client as a requirement when deploying any sequenced App-V application.

You can create the App-V client as an application by performing the following procedure:

1. Copy the App-V client installation file, corecli_amd64.msi or corecli_i386.msi, to a shared folder. In the Configuration Manager console, in the Software Library workspace, under the Application Management node, click Applications.
2. On the ribbon, click Create Application.
3. On the General page of the Create Application Wizard, set the type to Windows Installer (*.msi file) and then click Browse.
4. Browse to the shared folder where you copied the App-V client installation file. Finish the wizard and then click Close.

To create an App-V application in Configuration Manager. perform the following procedure:

1. In the Configuration Manager console, in the Software Library workspace, under the Application Management node, click Applications.
2. On the ribbon, click Create Application.
3. On the General page of the Create Application Wizard, set the type to Microsoft Application Virtualization 5 and then click Browse to go to the network location that hosts the file in .appv file format.
4. Finish the wizard and then click Close.