September 2, 2009
Live from VMworld 2009 – A press release shows that VMware are to OEM the RTO Virtual Profiles Product into VMware View.
On the recent announcement at VMworld 2009, VMware are planning to OEM the RTO Virtual Profiles™ technology into VMware View – this is great news, and yet another proof point of the importance of user personalization in the virtual desktop space. It looks as though VMware have made a similar move Citrix did some months back when they acquired SepagoPROFILES for inclusion into their Xen line, and it makes total sense.
Let’s take a minute to appreciate the basic premise of how to reduce desktop TCO through virtualization. The only way to deliver cost-effective virtual desktops is to standardize the corporate image. However, if you standardize, then you also have to provide personalization capabilities in order to get the user adoption needed to make the transition to virtual desktops a success. In this respect, providing some level of personalization baked into platform solutions such as View is necessary.
By adding RTO technology, VMware will leverage the Windows User Roaming Profile – which has been successfully used in Terminal Services environments for many years. This will certainly ease some of the pains typically associated with Roaming Profiles, such as profile corruption and slow logon times. However, in more complex, enterprise environments, something more than profile management is required to provide a local PC equivalent experience from a virtualized, standard corporate desktop (as Sumit Dhawan has explained here). Personalizing a virtual desktop requires the ability to automatically set-up and configure the desktop based on the user’s role and context (e.g. what printers they can use, what drives they can access, use of peripheral devices), support for the installation and persistence of user-installed applications, as well as the application of all user-customized settings across all applications. All these in combination are known as the ‘user environment’, and the most important characteristic of the user environment is that it is client OS and delivery mechanism agnostic – effectively providing a ‘follow me’ user personality anywhere, using any delivery method and to any device. This is simply not possible using profile management alone, and why a User Environment Management Solution is required.
The thing is, most companies don’t have homogeneous desktop estates. This is true in physical PCs today and will also be the case in their virtualized equivalents. Companies typically use combinations of delivery technologies, applications (corporate and non-corporate), client OS and devices to deliver an optimum, productive working experience to their employees. Based on extensive experience with many customers rolling out desktop virtualization projects, we know that successful (i.e. low-cost, high adoption) virtual desktops require the ability to automatically deliver non-persisted, leveraged corporate OS and apps on-demand from a centralized source. To this fresh, clean desktop session must then be added the independently-managed user environment as described above – note this must be added selectively in response to user actions. We are well beyond profile management now!
Adding RTO Virtual Profiles into the View offering will certainly enable VMware’s customer base to start to roll-out Windows XP based virtual desktops (Windows Vista & Windows 7 will be supported in future releases) in a controlled way, while providing some personalization capabilities. As these implementations start to grow, the need for a more comprehensive treatment of the user environment will become essential.
User personalization is an exciting and rapidly-growing space! We’re working closely with VMware, Citrix, Microsoft and our joint customers to ensure successful and viable virtual desktop roll-outs …..we look forward to seeing this vital part of the new desktop paradigm grow in importance over the coming months and years!
Pete Rawlinson
VP WW Marketing, AppSense
Live from VMworld 2009 – A press release shows that VMware are to OEM the RTO Virtual Profiles Product into VMware View. Press Release can be found here
2 Comments |
CAL, Citrix, CTP, Edgesight, general, Group Policy, Laptop, Licensing, Microsoft, Mobile Device, Per Device, roaming profiles, rto, rumor, rumour, Sepago, Streaming, TS, user environment management, User Profile Manager, VDI, virtual profiles, VMware, VMworld, XenApp, XenApp 5, XenDesktop | Tagged: AppSense, Citrix, Corruption, Desktop Virtualization, Environment Manager, Last Write Wins, Lockdown, Logon Scripts, Logon Times, Microsoft, NTUser.DAT, Personality, Personalization, Profile, profiles, Registry keys, Registry Settings, roaming profiles, rto, RTO Virtual Profiles, Sepago, SepagoPROFILE, Software Restriction, UEM, user environment management, VDI, View, virtual profiles, VMware, VMworld, Xen, XenApp, XenDesktop |
Permalink
Posted by peterjr11
August 31, 2009
Sumit Dhawan over in the Citrix XenDeskop group has posted a very interesting article in the run up to VMworld 09. I’m also hearing some interesting rumors about activity in user personalization space. Sumit makes some very important points….which are all based on actual customer implementations.
I’m also over in San Francisco attending VMworld this week and no doubt will hear about lots of upcoming companies and technologies, aiming to address the challenges of virtualized desktop management. It’s great we have so many brains fixed on these issues now, but remember it’s all about what can actually be implemented in a customer environment. We have to be pragmatic. Through working with a substantial stable of customers, we know there is a right way to address the challenges of user personalization in desktop estates, and agree with the points Sumit makes in his blog. Looking forward to more dialog on this!
Pete Rawlinson
VP WW Marketing, AppSense
Here is a quick excerpt from Sumit’s blog post along with link:
‘On the run up to VMworld 2009, there seems to be an increasing amount of activity on the subject of user personalization in VDI. Even Gartner has written about dynamic workspace, which has user personalization as a key element of the stack. What does this mean? What is user personalization all about? And, where does it need to be? Let’s take a closer look…….’
The full post can be found here.
1 Comment |
Citrix, CTP, Edgesight, gartner, roaming profiles, rumor, rumour, Sepago, Streaming, TS, user environment management, User Profile Manager, VDI, VMware, VMworld, XenApp, XenApp 5, XenDesktop | Tagged: AppSense, Citrix, customers, Desktop Virtualization, Environment Manager, gartner, Personality, Personalization, Policies, Profile, profiles, Registry keys, Registry Settings, ROI, Rollback, SBC, UEM, user environment management, VDI, VMware, VMworld, XenApp, XenDesktop |
Permalink
Posted by peterjr11
August 28, 2009
This is the fifth installment in a series of posts about the new features and options in AppSense Version 8 Service Pack 2. (If you have not yet downloaded this latest release, you can read more info and download it from here )
AppSense Environment Manager 8.0 Service Pack 2 introduces a new condition – Run Once.
When the Run Once condition is utilized on a specific trigger, the condition ensures that any child actions or conditions only run once during that logged on session.
This condition is available only from trigger nodes that run more than once per session, and therefore excludes the following:
- Computer | Startup
- Computer | Shutdown
- User | Logon
- User | Logoff
Each Run Once condition uses its own unique internal variable to monitor when the condition is satisfied. This enables any number of conditions to be utilized but only once within the current session. So, for example, you could pop up a ‘maintenance’ warning message only the first time a specific application is launched within that session.
Tip It is possible to change the Run Once condition to become a ‘Run More than Once’ condition by editing an existing Run Once condition and selecting ‘Ctrl‐Alt‐Right Click’ in the dialog to bring up a new counter spin control. Altering the counter value from ‘1’ to the desired number will change the action to a ‘Run More than Once’ action.
P:S
As this is an ever growing blog topic, the previous posts on the other new features we have detailed can be found below:
NEW FEATURE No. 1 – AppSense Environment Manager 8.0 Service Pack 2 – Run As
NEW FEATURE No. 2 – AppSense Environment Manager 8.0 Service Pack 2 – Connect As
NEW FEATURE No. 3 – AppSense Environment Manager 8.0 Service Pack 2 – Improved compression and data handling protocol
NEW FEATURE No. 4 – AppSense Environment Manager 8.0 Service Pack 2 – Manipulation of files in Personalization Analysis
NEW FEATURE No. 5 – AppSense Environment Manager 8.0 Service Pack 2 – Run Once
NEW FEATURE No. 6 – AppSense Environment Manager 8.0 Service Pack 2 – Group SID Refresh
NEW FEATURE No. 7 – AppSense Environment Manager 8.0 Service Pack 2 – Trigger Action Time Audit Event
NEW FEATURE No. 8 – AppSense Environment Manager 8.0 Service Pack 2 – Stop If Fails
NEW FEATURE No. 9 – AppSense Environment Manager 8.0 Service Pack 2 – New Application Categories in the User Interface
NEW FEATURE No. 10 – AppSense Environment Manager 8.0 Service Pack 2 – Refresh
NEW FEATURE No. 11 – AppSense Environment Manager 8.0 Service Pack 2 – Registry Hive Exclusions
7 Comments |
general, Group Policy, user environment management | Tagged: AppSense, Environment Manager, Logon Scripts, Personality, Policies, Profile, profiles, Registry keys, Registry Settings, UEM, user environment management |
Permalink
Posted by Oliver Sills
August 27, 2009
7 Comments |
Citrix, general, Mobile Device, TS, user environment management, VDI, VMware | Tagged: AppSense, Citrix, Corruption, Desktop Virtualization, Environment Manager, Last Write Wins, Logon Scripts, Logon Times, Personality, Personalization, Policies, Profile, profiles, Registry keys, Registry Settings, Rollback, UEM, user environment management, VDI, View, VMware, XenApp, XenDesktop |
Permalink
Posted by Oliver Sills
August 26, 2009
This is the third installment in a series of posts about the new features and options in AppSense Version 8 Service Pack 2. (If you have not yet downloaded this latest release, you can read more info and download it from here )
AppSense Environment Manager 8.0 Service Pack 2 introduces a new protocol for transferring data between the endpoint device and the server database which holds all the user personalization settings.
The change means that the Personalization Server now benefits as it has to do a lot less processing in order to insert or extract the required data from the database, and can therefore support a lot more users and even faster response times.
Part of this change is to store the user’s personalization data in a compressed format in the database, which means the required database footprint is a lot smaller (in some cases by a factor of 10).
Internal performance tests yielded the following results:
- 87.5% increase in performance scalability between version 8.0 and 8.0 SP2.
- 45.0% increase in performance scalability between version 8.0 SP1 and 8.0 SP2.
Note: On upgrade to Service Pack 2, User Personalization data is in the old protocol format. This data is upgraded to the new format, in the database, on demand as applications are used and such, will incur a small performance hit on first launch. However, once all endpoints are upgraded to Service Pack 2 and all data in the database has been upgraded, the performance of User Personalization will be much higher than previous releases and scalability will be dramatically improved.
As always, if you have any questions or require any further information, please do get in touch.
P:S
As this is an ever growing blog topic, the previous posts on the other new features we have detailed can be found below:
NEW FEATURE No. 1 – AppSense Environment Manager 8.0 Service Pack 2 – Run As
NEW FEATURE No. 2 – AppSense Environment Manager 8.0 Service Pack 2 – Connect As
NEW FEATURE No. 3 – AppSense Environment Manager 8.0 Service Pack 2 – Improved compression and data handling protocol
NEW FEATURE No. 4 – AppSense Environment Manager 8.0 Service Pack 2 – Manipulation of files in Personalization Analysis
NEW FEATURE No. 5 – AppSense Environment Manager 8.0 Service Pack 2 – Run Once
NEW FEATURE No. 6 – AppSense Environment Manager 8.0 Service Pack 2 – Group SID Refresh
NEW FEATURE No. 7 – AppSense Environment Manager 8.0 Service Pack 2 – Trigger Action Time Audit Event
NEW FEATURE No. 8 – AppSense Environment Manager 8.0 Service Pack 2 – Stop If Fails
NEW FEATURE No. 9 – AppSense Environment Manager 8.0 Service Pack 2 – New Application Categories in the User Interface
NEW FEATURE No. 10 – AppSense Environment Manager 8.0 Service Pack 2 – Refresh
NEW FEATURE No. 11 – AppSense Environment Manager 8.0 Service Pack 2 – Registry Hive Exclusions
8 Comments |
Citrix, general, Laptop, Mobile Device, TS, user environment management, VDI, VMware, XenApp, XenDesktop | Tagged: AppSense, compression, concurrent users, Corruption, customers, database, Desktop Virtualization, Environment Manager, Last Write Wins, Logon Scripts, Logon Times, Personality, Personalization, personalization data, Profile, profiles, protocol, Registry keys, Registry Settings, Rollback, service pack 2, Support Calls, UEM, user environment management, VDI, version 8, View, VMware, XenApp, XenDesktop |
Permalink
Posted by Oliver Sills
August 7, 2009
There are a number of different ways that you can capture a profile that you want to subsequently use as a mandatory profile. My preferred approach is to logon as a non-administrative test user, run whatever applications are needed and configure as appropriate, logoff and then take the resulting ntuser.dat, obviously renamed to ntuser.man, as the mandatory profile’s registry hive. I generally do not have any folders in the folder specified for the mandatory profile – it just contains the ntuser.man file and nothing else. *** Update: However, on Vista, Win7 and WS08, the empty folder AppData\Roaming does need to be created. In addition, if none of the folders that by default are used for items such as “My Pictures” and “My Music” exist in the base profile, these special folders will not be available to the user who is assigned this mandatory profile. However, it is strongly recommended that folder redirection is used to provide these special folders, if required, rather than using the defaults provided in the locally cached profile folder hierarchy. ***
Once the ntuser.man file has been copied away, I load it as a hive in regedit and then check various elements of it; namely:
- Security – the Access Control Entries (ACEs) for the user used to generate the profile should be removed and an Everyone – Full Control ACE added in its place. It is not actually ideal to open up security to this extent but since we don’t know what user is going to use the profile, we cannot lock it down much further although it could be done with a tool such as subinacl.exe [http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b] at logon. For VDI environments, which are necessarily single user, it probably doesn’t matter but for Terminal Services, it means that a user with access to HKEY_USERS through regedit or other tools/scripts/macros can read and write/delete any other logged on user’s registry settings.
- Search the hive for the username of the user used to generate the hive and delete/replace the values as appropriate. Note that there is no guarantee that changing a REG_SZ value to a REG_EXPAND_SZ and using “%Username%” or “%UserProfile%” in place of the actual username or locally cached profile folder respectively will work since it is up to the application that reads the value to implement environment variable expansion. Don’t be tempted to delete a whole key unless you are prepared to test that no ill effects occur. For instance, deleting the key “HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders”, because it contains values with the path to the generating user’s locally cached profile folder, will cause problems at logon whereas deleting all of the values in the key, but not the key itself, does not cause issues.
- Delete all policy registry keys such as “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies” and “HKCU\Software\Policies” (unless of course you want to apply GPO like lockdown this way but it can cause confusion).
- Strip out anything that you do not want – the best mandatory profiles are generally the simplest. There is, unfortunately, no easy way of deciding what should be stripped out. I tend to focus on Most Recently Used (MRU) lists such as those for opened documents, searches, runs and so on. The benefit of starting with the default user profile rather than a “contaminated” user profile is that this step, generally, is not required.
- Check all autorun locations, such as “HKCU\Software\Microsoft\Windows\CurrentVersion\Run” and “RunOnce”. It is usually best to have nothing in these keys and have things run at logon via other means.
- Set application defaults, such as disabling splash screens, either by running the application and configuring it or by directly editing the registry if you know what keys/values need setting.
Once you have unloaded the hive and quit regedit, delete all .log and similar files that may have been created when the hive was loaded. Also check that the folder containing the ntuser.man file and the file itself are owned by the local administrators group and have no write/delete access for non-administrators. This is particularly important if the mandatory profile will be local to the system it is used on rather than through a share since share level permissions can also help protect the hive from accidental or deliberate damage.
Finally, thoroughly test the mandatory profile works as desired when assigned to a representative, non-administrative, user and the available applications are run.
I hope this has been of use, and if you have any questions or comments, please do let us know.
4 Comments |
Citrix, user environment management, XenApp, XenDesktop | Tagged: Domain, GPO, Group Policy, logon, mandatory, NTUser.DAT, Profile, profiles, registry, Registry keys, Registry Settings |
Permalink
Posted by guyrleech
July 24, 2009
As a leading user environment management vendor, AppSense are in a unique position in that we have been involved many VDI projects and rollouts, of which the majority vary in architecture, technology and requirements. One thing that does however remain the same between such projects is that of the requirement for user personalization management.
For many years the roaming profile provided user personalization in SBC environments, however as VDI deployments become more and more complex, with varying methods of desktop and applications delivery, along with multiple desktop operating systems and subsequently, profile versions, the roaming profile is no longer able to provide the user with their required settings in such (complex?) scenarios.
Furthermore, these desktops must now be constructed and configured based on the context of the user and/or connecting device. i.e. mapping specific printers local to the user and device dependent on the location of the user logging on, or applying security policies to hide or remove access to network drives, folders, data and functionality such as copy and paste or print, again, based on the location of the user. Whereby the desktop delivered to a user when connected locally inside the corporate LAN is different to that of the desktop delivered to the same user when connecting remotely from outside of the LAN.
One more point to consider is that of enabling the user to freely roam between the server hosted or provisioned virtual desktop, and the users local desktop device such as their PC or roaming laptop. How do you as IT enable user settings to automically follow the user between different platforms?
AppSense Environment Manager was designed from the ground-up with functionality to accommodate the above requirements, making it, or, other user environment management solutions essential to the mass adoption of VDI on an enterprise scale. In essence, AppSense provides the ability to encompass multiple delivery technologies and OS platforms by allowing the user to roam between the paradigms without any noticeable change to their desktop or user experience, enabling IT and the organization to benefit from flexibility, agility and lower TCO. I do at this point want to highlight that this is different to the personalization management provided by the leading VDI vendors (Citrix, Microsoft, VMware etc), as their in-built functionality is typically designed for their delivery platform, not each other’s. In essence, further to the advanced personalization and simplification of desktop management, AppSense also enables an organization to use combinations of both existing technologies, and (potentially) more importantly, any future VDI delivery technologies and vendors.
I have just found a very nice blog covering the functionality of not only AppSense Environment Manager, but also the base technology inherent within the leading VDI service providers – Citrix, VMware and Microsoft. Hopefully from this blog post, and the information over at GenerationV, you will see how AppSense bridges the gap between the roaming user and a dynamic, flexible VDI model..
For more information on this, the GenerationV Profile Management blog can be found here
Leave a Comment » |
Citrix, Group Policy, Laptop, Licensing, Mobile Device, Per Device, Printing, Uncategorized, user environment management, VDI, VMware, XenApp, XenDesktop | Tagged: Application Manager, AppSense, Citrix, customers, Desktop Virtualization, Environment Manager, GPO, Group Policy, Last Write Wins, Logon Scripts, Logon Times, Mapping, NTUser.DAT, Performance Manager, Personality, Personalization, Profile, profiles, Registry keys, Registry Settings, ROI, Rollback, SBC, UEM, user environment management, VDI, View, VMware, XenApp, XenDesktop |
Permalink
Posted by Gareth Kitson
July 22, 2009
I am excited about writing this one, the much awaited 2009 AppSense Technical University is soon upon us! It will take place in October and November!! Following on from our previous events, there are some exciting new developments at AppSense that we would like to share with you; amongst other topics:
- User Introduced Applications (UIA) Technology – do we need, and how do we enable, users to install applications into non-persistent VDI sessions, and have the applications (and settings and preferences) remain available in the next non persistent vdi session?!
- AppSense Management Suite Version 8.1 Product RoadMap
- ‘Policy & Personalization’ best practices across virtual and multi OS platform environments

Why attend the AppSense Technical University?
The AppSense University is a ‘free of charge’ event to our AppSense Certified Solution Partners, and is a great chance to meet up with the AppSense Technical teams, as well as your peers from within the community. As a valued member of our Certified Solutions Partner program, you are invited to this comprehensive technical update and networking event.
The 2 day event will include in-depth, hands on training designed to enable you to provide consultancy services and implement the AppSense Management Suite for prospects and customers.
Register for further information
As always, AppSense is hosting several Technical University events in locations around the globe. If you are interested in attending an AppSense Technical University, click on the country or region most relevant to you and we will keep you informed of the event details:
United States, November 2009
United Kingdom, October 2009
Norway, November 2009
DACH Region, November 2009
BeNeLux, November 2009
Australia, October/November 2009
We look forward to seeing you there!
Best Regards,
The AppSense Technical University Team.
Website: http://www.appsense.com
Email: university@appsense.com
Telephone: +44 (0)1928 793 444
1 Comment |
CAL, Citrix, Group Policy, Licensing, Per Device, Printing, user environment management, VDI, VMware, XenApp, XenDesktop | Tagged: Active Directory, Application Manager, Applications, AppSense, Citrix, Environment Manager, GPO, Group Policy, Last Write Wins, Lockdown, Logon Scripts, Logon Times, Microsoft, NTUser.DAT, Performance Manager, Personality, Personalization, Policies, Printing, Profile, profiles, reduce costs, Registry keys, Registry Settings, ROI, Rollback, Security, Software Restriction, Support Calls, UEM, user environment management, VDI, View, VMware, XenApp, XenDesktop |
Permalink
Posted by Gareth Kitson
July 21, 2009
I had a great day on Tuesday. An AppSense client had an issue where their remote workers experienced their Citrix applications timing out on them.
After connecting, and using application 1, by the time they go to use application number 2, it had timed out, and when they try to restart it, Web Interface had timed out as well.
So the clients question was “How can AppSense help me?!”.
Enter “ENVIRO-MAN” from the left of screen. All dressed in pretty green and looking surprisingly like the Environment Manager Product Manager :-)
“Your session timeouts do not scare me” he roared as he landed awkwardly on the photocopier, injuring his knee.
While “ENVIRO-MAN” proceeded to bore one of the office staff with stories about the mighty Blackpool Football Club, I decided to dig in and fix the problem.
Session Timeouts are controlled by a number of parameters – as examples, there are some per server settings based on type of connection (RDP or ICA) and some user based settings set in Active Directory.
However, if you require more granularity, that’s where AppSense Environment Manager lives…
By using a Group Policy Action (Set ADM Policy / Set ADMX Policy), I was able to load in the ADM settings from the “C:\Windows\inf” directory. I then typed “session” into the filter, and up came the Terminal Server Session Timeout setting… Magic :-)
By using EM Rules/Conditions I could now vary the Session timeouts based on IP address, Client Name, or even by integrating it into the results of Citrix AAC filters :-)
I demoed it to the client (they were blown away), thanked ENVIRO-MAN for his help and left to help the next client in need.
All in a good days work :-)
1 Comment |
Citrix, general, Group Policy, Per Device, user environment management, XenApp | Tagged: AAC, Active Directory, AppSense, Citrix, customers, Domain, Environment Manager, GPO, Group Policy, IP Address, Mapping, Microsoft, OU, Policies, Profile, Registry Settings, SBC, Support Calls, UEM, user environment management, XenApp |
Permalink
Posted by shanewescott
July 8, 2009
Tom Howarth (a VCP/vExpert specializing in Thin Client & Virtualization solutions) and author of www.PlanetVM.net has published a comprehensive review of AppSense Environment Manager Version 8.0
Tom is well known and highly respected within the VMware and Citrix communities and as such, this positive review comes with high regards. In Tom’s concluding words he describes AppSense Environment Manager as, “It is a Ronseal product – it does what it says on the tin.”
The article can be viewed at http://planetvm.net/blog/?p=122
Leave a Comment » |
Citrix, Group Policy, Per Device, Printing, Uncategorized, user environment management, VDI, VMware, XenApp, XenDesktop | Tagged: AppSense, Citrix, Environment Manager, GPO, Group Policy, Last Write Wins, Lockdown, Logon Scripts, Logon Times, Mapping, Microsoft, NTUser.DAT, Personality, Personalization, Policies, Printing, Profile, profiles, Registry keys, Registry Settings, Rollback, UEM, user environment management, VDI, View, VMware, XenApp, XenDesktop |
Permalink
Posted by Gareth Kitson