Microsoft & AppSense Video Interview – Why Microsoft see AppSense as key to Windows 7 & App-V adoption

Together Microsoft and AppSense have help many enterprise organization transform their existing, static Windows XP and Vista desktops in to dynamic, optimized desktops through a joint solution of Windows 7, App-V and Microsoft virtualization technologies, all underpinned with a User Virtualization solution from AppSense.   User Virtualization is enabling organizations to take advantages of the benefits of Windows 7 in terms of security, performance and user experience and App-V for centralizing application management and reducing operational cost.

To help educate enterprise organizations on the importance of including AppSense User Virtualization as part of your desktop transformation project, Microsoft have teamed up with AppSense to create and publish a short video interview and demo to cover the benefits of the joint solution and also the close Microsoft & AppSense relationship.  In the video, Microsoft explain how:

• “AppSense User Virtualization technology enables organizations to deploy Windows 7 quicker, and with less effort.”
• “User Virtualization helps organizations deliver a more predictable and consistent user experience, no matter what hardware or delivery mechanisms they chose to use.”
• “Moving to App-V is easier when using AppSense User Virtualization Technology.”

You can view the video by clicking on the screenshot below:

Thank you to both David Overton (Microsoft) and David Shepherd (AppSense) for taking the time to film the video.

Another supporting quote from Microsoft on the importance of User Virtualization as part of your Windows 7 or App-V strategy:

“AppSense is a leading provider of user virtualization technology to enterprise organizations.  The combination of AppSense with our Desktop Virtualization technologies, such as App-V or VDI Suites, can enable customers to move to Windows 7 and App-V even more quickly without user disruption.”
Karri Alexion-Tiernan, Director of product management for desktop virtualization at Microsoft.

A number of supporting documents including; User Virtualization for Microsoft desktops, User Virtualization and Windows 7, and a piece by Harry Labana, AppSense CTO – The Migration Equation: making sense of the move to Windows 7, can all be accessed here.

In addition to Microsoft acknowledging the importance of AppSense User Virtualization as s strategic part of the Microsoft Optimized Desktop Vision, this can be seen in the following AppSense and Microsoft Case Studies:

The Co-Operative Group - World’s largest consumer-owned business selects AppSense

“By taking the AppSense User Virtualization approach, we expect to migrate up to three times as many desktops per day using the same level of IT resource. And more importantly, we anticipate no disruption to our staff. Our investment in AppSense User Virtualization will continue to pay dividends, so when we migrate to Windows 8 having already virtualized our users, we will continue to receive the same or improved benefits in terms of speed, reduced cost and complexity and a better user experience”
Ian Cawson, Technical Architect at The Co-operative Group.

Nationwide Children’s Hospital – Leading hospital selects AppSense to personalize Windows 7 Virtual Desktops

“AppSense User Virtualization delivered the exact solution we needed to confidently migrate to Windows 7 without affecting the user experience. What AppSense has provided us with is a pain-free end-user migration, additionally it future-proofs our design.”
Jake Muszynski, Nationwide Children’s Hospital.
 

Hope this helps with your thoughts and strategy planning for your desktop transformation projects to move to the Microsoft Optimized desktop with Windows 7 and App-V technologies.

Thanks!

Gaz

Citrix TechTalk Webinar: Solving User Profile Challenges for XenApp & XenDesktop

Jo Harder, a Senior Architect at Citrix Systems has been posting some very useful blogs regarding User Profile Management.  Jo has 10 years experience working at Citrix Systems, and has a real wealth of knowledge based on deep technical understanding of Citrix and related technologies, and also real world customer environments.  With that said, in addition to the blogs, Jo is also hosting a Tech Talk Webinar on “Solving User Profile Challenges for XenApp and/or XenDesktop”.  I strongly recommend that anyone who is either experiencing problems with user profiles, or is considering using both XenDesktop and XenApp together, attends this webinar as I am sure you’ll find it more than worthwhile. :)

It is scheduled to take place on Tuesday, April 6th 2010 at 2:00PM – 3:00PM EDT

Below is the Tech Talk synopsis, along with the link to register for it of course :)

“User profiles are a little understood but highly critical aspect of any Citrix implementation.  User profiles impact the user experience, logon time, access to user data, storage requirements, and more.  Your user requirements, infrastructure, and Citrix technologies have a bearing upon your optimal user profile solution, which in turn impacts the success of your XenApp and/or XenDesktop implementation.  Especially when you are making changes to your Citrix deployment, including adding XenDesktop, revisiting your user profile solution make sense.

In this session, you will learn about:

• Technical basics regarding how Microsoft, Citrix, and AppSense profiles function
• Criteria that should play a part in your profile decision as related to XenApp and/or XenDesktop
•  Implementation considerations, such as folder redirection and transitioning existing profiles
• Sample scenarios”

Register here via this link

Sharing Personalization Settings between Operating Systems – Debunking the Myth

I have recently heard, from several different sources, that it is “best practice” not to share user profiles, or personalization settings, between different operating system platforms. On the surface, this seems a sensible limitation since different operating systems have different user profile structures. 

Vista and Windows Server 2008 (WS08) put most profile data somewhere in “\users\%username%\appdata”, whereas XP and Windows Server 2003 (W2K3) may place it in “\documents and settings\%username%\application data” or “\documents and settings\%username%\local settings” or somewhere else entirely.

We can’t predict where the data will go for a given application which doesn’t help us understand the “splatter” that it makes in the file system. This folder lottery is further compounded by the fact that Vista and WS08 implicitly add the “.v2” extension to any profile path you define for a user. What this results in is that with a roaming profile solution, you are forced to have different profiles, and therefore different settings, between XP/W2K3, which implicitly use a “v1” profile, and Vista/WS08 which explicitly use a “v2” profile (even though the path defined for this profile does not actually include the “.v2” extension).

Applications should get the paths to use within the profile folder hierarchy by using operating system API calls that are the same between the different operating systems but will yield the correct folder for the operating system it is being run on. Unfortunately, not all applications are written this way and some will make assumptions about paths and maybe even hard code them which is likely to cause problems even before operating system migration, particularly in Terminal Server/Citrix XenApp environments.

There is also the class of setting that is actually different between the different operating systems. Take for instance the good old desktop wallpaper which most people, if pushed, will confess is the one item that makes their PC experience “personal” (while this is not an essential productivity related personalization setting, it does however provide a good example as to how even the most basic of settings fail to migrate between OS platforms)  Although users don’t know, and indeed do not need to know, they are actually stored in different file formats between XP/W2K3 and Vista/WS08. Therefore if the setting for this, which is stored in the user’s registry hive, was just unintelligently transplanted between the two operating systems then one of the desktops wouldn’t show the correct wallpaper.

Some implementers may say that it is a good idea to start with clean profiles when moving from one operating system to another system since it is a good opportunity, in their view, for a clean start and to leave all the myriad of settings behind that aren’t apparently used for anything and just clutter the profile. However, against this has to be weighed the cost of the user having to re-personalize their applications and desktop. This costs both in terms of time (both users being interrupted during their workflow as they find a toolbar or application setting they need is missing, and then having to remember where and how to re-make the customization, which could be different to how they would have changed the option on their old OS)  and also can cause a certain amount of resistance when these users tell their yet-to-be-upgraded colleagues is that this great new operating system, which has been months in planning, has lost all of their settings and they are struggling to find the new ways to set things the way “they should be”.

Enter AppSense Environment Manager. All of the technical issues outlined above are addressed by Environment Manager making the migration from one operating system to another, and back again if required, a much less painless experience and instead now becomes an automated, seamless process for both the user and administrator alike. The files used by an application within the locally cached profile folders are stored in a relative, rather than absolute, form in the Environment Manager database which then allows them to be subsequently put back in the correct, operating system specific, folder hierarchies. Because Environment Manager functions on a per-application basis, it can much more accurately target which settings need to be brought over onto the new operating system and it also silently transmogrifies items and their settings, such as desktop wallpapers, to help ensure that seamless migration that administrators dream of. All this, of course, is done with next to no configuration by administrators so they do not need to understand the intricacies of any of the applications and subsequent registry settings and profile structures the user uses. This helps make for quick and easy migrations, although I don’t personally like the term “migration” since it implies a one way movement whereas Environment Manager provides bi-directionality with no extra effort.

So in summary…While it is right to say that it is NOT best practice to share ‘roaming profiles’ across OS platforms, AppSense Environment Manager dispels the myth that sharing ‘personalization settings’ between operating systems is not a recommended best practice –in fact AppSense recommend you embrace it…

Live from VMworld – VMware to OEM RTO Virtual Profiles™ into VMware View

Live from VMworld 2009 – A press release shows that VMware are to OEM the RTO Virtual Profiles Product into VMware View.

On the recent announcement at VMworld 2009,  VMware are planning to OEM the RTO Virtual Profiles™ technology into VMware View – this is great news, and yet another proof point of the importance of user personalization in the virtual desktop space.   It looks as though VMware have made a similar move Citrix did some months back when they acquired SepagoPROFILES for inclusion into their Xen line, and it makes total sense.

Let’s take a minute to appreciate the basic premise of how to reduce desktop TCO through virtualization.  The only way to deliver cost-effective virtual desktops is to standardize the corporate image.  However, if you standardize, then you also have to provide personalization capabilities in order to get the user adoption needed to make the transition to virtual desktops a success.  In this respect,  providing some level of personalization baked into platform solutions such as View is necessary.

By adding RTO technology, VMware will leverage the Windows User Roaming Profile -  which has been successfully used in Terminal Services environments for many years.  This will certainly ease some of the pains typically associated with Roaming Profiles, such as profile corruption and slow logon times.  However, in more complex, enterprise environments, something more than profile management is required to provide a local PC equivalent experience from a virtualized, standard corporate desktop (as Sumit Dhawan has explained here).   Personalizing a virtual desktop requires the ability to automatically set-up and configure the desktop based on the user’s role and context (e.g. what printers they can use, what drives they can access, use of peripheral devices), support for the installation and persistence of user-installed applications, as well as the application of all user-customized settings across all applications.  All these in combination are known as the ‘user environment’, and the most important characteristic of the user environment is that it is client OS and delivery mechanism agnostic – effectively providing a ‘follow me’ user personality anywhere, using any delivery method and to any device.  This is simply not possible using profile management alone, and why a User Environment Management Solution is required.

The thing is, most companies don’t have homogeneous desktop estates.  This is true in physical PCs today and will also be the case in their virtualized equivalents.  Companies typically use combinations of delivery technologies, applications (corporate and non-corporate), client OS and devices to deliver an optimum, productive working experience to their employees.  Based on extensive experience with many customers rolling out desktop virtualization projects, we know that successful (i.e. low-cost, high adoption) virtual desktops require the ability to automatically deliver non-persisted, leveraged corporate OS and apps on-demand from a centralized source.  To this fresh, clean desktop session must then be added the independently-managed user environment as described above – note this must be added selectively in response to user actions.  We are well beyond profile management now!

Adding RTO Virtual Profiles into the View offering will certainly enable VMware’s customer base to start to roll-out Windows XP based virtual desktops (Windows Vista & Windows 7 will be supported in future releases)  in a controlled way, while providing some personalization capabilities.  As these implementations start to grow, the need for a more comprehensive treatment of the user environment will become essential.

User personalization is an exciting and rapidly-growing space!  We’re working closely with VMware, Citrix, Microsoft and our joint customers to ensure successful and viable virtual desktop roll-outs …..we look forward to seeing this vital part of the new desktop paradigm grow in importance over the coming months and years!

Pete Rawlinson
VP WW Marketing, AppSense

Live from VMworld 2009 – A press release shows that VMware are to OEM the RTO Virtual Profiles Product into VMware View. Press Release can be found here

Some Mandatory Profile Best Practices *** Updated April 16th 2010.

There are a number of different ways that you can capture a profile that you want to subsequently use as a mandatory profile. My preferred approach is to logon as a non-administrative test user, run whatever applications are needed and configure as appropriate, logoff and then take the resulting ntuser.dat, obviously renamed to ntuser.man, as the mandatory profile’s registry hive. I generally do not have any folders in the folder specified for the mandatory profile – it just contains the ntuser.man file and nothing else. *** Update:  However, on Vista, Win7 and WS08, the empty folder AppData\Roaming does need to be created. In addition, if none of the folders that by default are used for items such as “My Pictures” and “My Music” exist in the base profile, these special folders will not be available to the user who is assigned this mandatory profile. However, it is strongly recommended that folder redirection is used to provide these special folders, if required, rather than using the defaults provided in the locally cached profile folder hierarchy. ***

Once the ntuser.man file has been copied away, I load it as a hive in regedit and then check various elements of it; namely:

1. Security – the Access Control Entries (ACEs) for the user used to generate the profile should be removed and an Everyone – Full Control ACE added in its place. It is not actually ideal to open up security to this extent but since we don’t know what user is going to use the profile, we cannot lock it down much further although it could be done with a tool such as subinacl.exe [http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b] at logon. For VDI environments, which are necessarily single user, it probably doesn’t matter but for Terminal Services, it means that a user with access to HKEY_USERS through regedit or other tools/scripts/macros can read and write/delete any other logged on user’s registry settings.
2. Search the hive for the username of the user used to generate the hive and delete/replace the values as appropriate.  Note that there is no guarantee that changing a REG_SZ value to a REG_EXPAND_SZ and using “%Username%” or “%UserProfile%” in place of the actual username or locally cached profile folder respectively will work since it is up to the application that reads the value to implement environment variable expansion. Don’t be tempted to delete a whole key unless you are prepared to test that no ill effects occur. For instance, deleting the key “HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders”, because it contains values with the path to the generating user’s locally cached profile folder, will cause problems at logon whereas deleting all of the values in the key, but not the key itself, does not cause issues.
3. Delete all policy registry keys such as “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies” and “HKCU\Software\Policies” (unless of course you want to apply GPO like lockdown this way but it can cause confusion).
4. Strip out anything that you do not want – the best mandatory profiles are generally the simplest. There is, unfortunately, no easy way of deciding what should be stripped out. I tend to focus on Most Recently Used (MRU) lists such as those for opened documents, searches, runs and so on. The benefit of starting with the default user profile rather than a “contaminated” user profile is that this step, generally, is not required.
5. Check all autorun locations, such as “HKCU\Software\Microsoft\Windows\CurrentVersion\Run” and “RunOnce”. It is usually best to have nothing in these keys and have things run at logon via other means.
6. Set application defaults, such as disabling splash screens, either by running the application and configuring it or by directly editing the registry if you know what keys/values need setting.

Once you have unloaded the hive and quit regedit, delete all .log and similar files that may have been created when the hive was loaded. Also check that the folder containing the ntuser.man file and the file itself are owned by the local administrators group and have no write/delete access for non-administrators. This is particularly important if the mandatory profile will be local to the system it is used on rather than through a share since share level permissions can also help protect the hive from accidental or deliberate damage.

Finally, thoroughly test the mandatory profile works as desired when assigned to a representative, non-administrative, user and the available applications are run.

I hope this has been of use, and if you have any questions or comments, please do let us know.

VDI Personalization and Configuration: Profile Management & Logon Scripts – not enough for multiple delivery mechanisms & OS platforms?

As a leading user environment management vendor, AppSense are in a unique position in that we have been involved many VDI projects and rollouts, of which the majority vary in architecture, technology and requirements.  One thing that does however remain the same between such projects is that of the requirement for user personalization management.

For many years the roaming profile provided user personalization in SBC environments, however as VDI deployments become more and more complex, with varying methods of desktop and applications delivery, along with multiple desktop operating systems and subsequently, profile versions, the roaming profile is no longer able to provide the user with their required settings in such (complex?) scenarios.

Furthermore, these desktops must now be constructed and configured based on the context of the user and/or connecting device.  i.e. mapping specific printers local to the user and device dependent on the location of the user logging on, or applying security policies to hide or remove access to network drives, folders, data and functionality such as copy and paste or print, again, based on the location of the user.  Whereby the desktop delivered to a user when connected locally inside the corporate LAN is different to that of the desktop delivered to the same user when connecting remotely from outside of the LAN.

One more point to consider is that of enabling the user to freely roam between the server hosted or provisioned virtual desktop, and the users local desktop device such as their PC or roaming laptop.  How do you as IT enable user settings to automically follow the user between different platforms?

AppSense Environment Manager was designed from the ground-up with functionality to accommodate the above requirements, making it, or, other user environment management solutions essential to the mass adoption of VDI on an enterprise scale.  In essence, AppSense provides the ability to encompass multiple delivery technologies and OS platforms by allowing the user to roam between the paradigms without any noticeable change to their desktop or user experience, enabling IT and the organization to benefit from flexibility, agility and lower TCO.  I do at this point want to highlight that this is different to the personalization management provided by the leading VDI vendors (Citrix, Microsoft, VMware etc), as their in-built functionality is typically designed for their delivery platform, not each other’s.   In essence, further to the advanced personalization and simplification of desktop management, AppSense also enables an organization to use combinations of both existing technologies, and (potentially) more importantly, any future VDI delivery technologies and vendors.
 
I have just found a very nice blog covering the functionality of not only AppSense Environment Manager, but also the base technology inherent within the leading VDI service providers – Citrix, VMware and Microsoft.  Hopefully from this blog post, and the information over at GenerationV, you will see how AppSense bridges the gap between the roaming user and a dynamic, flexible VDI model..

For more information on this, the GenerationV Profile Management blog can be found here

AppSense Technical University Training For Partners

I am excited about writing this one, the much awaited 2009 AppSense Technical University is soon upon us! It will take place in October and November!!  Following on from our previous events, there are some exciting new developments at AppSense that we would like to share with you; amongst other topics:

• User Introduced Applications (UIA) Technology – do we need, and how do we enable, users to install applications into non-persistent VDI sessions, and have the applications (and settings and preferences) remain available in the next non persistent vdi session?!
• AppSense Management Suite Version 8.1 Product RoadMap
• ‘Policy & Personalization’ best practices across virtual and multi OS platform environments

 

Why attend the AppSense Technical University?

The AppSense University is a ‘free of charge’ event to our AppSense Certified Solution Partners, and is a great chance to meet up with the AppSense Technical teams, as well as your peers from within the community. As a valued member of our Certified Solutions Partner program, you are invited to this comprehensive technical update and networking event.

The 2 day event will include in-depth, hands on training designed to enable you to provide consultancy services and implement the AppSense Management Suite for prospects and customers.

Register for further information

As always, AppSense is hosting several Technical University events in locations around the globe. If you are interested in attending an AppSense Technical University, click on the country or region most relevant to you and we will keep you informed of the event details:

United States, November 2009 

United Kingdom, October 2009

Norway, November 2009

DACH Region, November 2009

BeNeLux, November 2009

Australia, October/November 2009

We look forward to seeing you there!

Best Regards,

The AppSense Technical University Team.

Website: http://www.appsense.com
Email: university@appsense.com
Telephone: +44 (0)1928 793 444

Review of AppSense Environment Manager 8 by vExpert Tom Howarth

Tom Howarth (a VCP/vExpert specializing in Thin Client & Virtualization solutions) and author of www.PlanetVM.net has published a comprehensive review of AppSense Environment Manager Version 8.0

Tom is well known and highly respected within the VMware and Citrix communities and as such, this positive review comes with high regards.  In Tom’s concluding words he describes AppSense Environment Manager as, “It is a Ronseal product – it does what it says on the tin.”

The article can be viewed at http://planetvm.net/blog/?p=122

Profile Corruption, Last Write Wins, And Profile Rollback

One of the biggest problems in a SBC (Microsoft Terminal Services or Citrix XenApp) and VDI (Citrix XenDesktop and VMware View) environment is that of the issues caused by the dreaded Roaming Profile.  One such issue which plagues both users and IT Support desks alike is Profile Corruption.

Profile corruption is seen as innevitabele when using roaming profiles, and can leave a user locked out of their desktop for hours, support desks inundated and overwhelmed with support cases, and is a huge drain on resources at great cost to a business.

AppSense Environment Manager not only prevents Profile Corruption, but also enables IT Support desks to reduce other profile related support cases from being a 2 hour resolution process, to just 5 or 10 minutes.  This not only improves user satisfaction, but makes for a more efficient, and lower cost support desk.

Profile corruption can occur through the overwriting of user settings as a user logs off from concurrent working sessions and settings made in each separate desktop try and write back to a central store.  Often overwriting each other, causing conflict, and leading to corruption

With AppSense Environment Manager, when a user launches an application, regardless of how it is delivered to a user (local install, Citrix, Microsoft App-V, VMware ThinApp, InstallFree etc…), we inject a Profile Virtualization Component (PVC) into the running process which allows any personalized settings, i.e. writes to the registry or file system, to be virtualized and therefore effectively redirected to a ‘local virtualization cache’ located on the user’s endpoint or within the user session itself (in the case of TS/XenApp).  This is an automated process, no need for manually specifying which registry keys or settings to capture. 

When the application is closed (not just at user logoff), the contents of the ‘local virtualization cache’ (only those [delta] changes made by the user during this running instance of the application) are then synchronized to a back-end database server so that a centralized copy of the user’s personalization settings is now available and able to be streamed back into open concurrent sessions or across multiple delivery mechanisms.

This eliminates the last write wins at the session level by not writing back to NTUSER.DAT at logoff. Significantly reducing the window for corruption as settings are syncronized back throughout the user session, not all in their entirity at logoff. 

So now as an additional benefit, settings can be shared across concurrent sessions as the next time the user launches the same application, be it from the same or a different concurrent session, the contents of the ‘local virtual cache’ are checked to see if the settings are up-to-date.  If they are, the user will get their latest personalization settings from the local cache.  If the settings are out-of-date, then the new delta user personalization settings for that specific application will be streamed down to the endpoint device on-demand.

With remediation tools such as Profile Rollback, application settings (which are stored in the SQL database at a per application level for each user) can be rolled back with just a couple of clicks in the AppSense console.  This takes 2 hour support calls down to just 5 or 10 minutes, and the beauty is, as the user settings are virtualized and so are not part of the desktop itself, the user need not log off their session for the rollback to occur.  Merely close and re-open the application in question..