No BS, Vendor Neutral Comparison of Application Layering Solutions
46
Application Layering How it all works, where to use it, and where it's going Any modifications from original BriForum Session are in RED Ron Oglesby @RonOglesby Chief Solution Architect Unidesk
-
Upload
unidesk-corporation -
Category
Software
-
view
279 -
download
5
Transcript of No BS, Vendor Neutral Comparison of Application Layering Solutions
Application LayeringHow it all works, where to use it, and where it's going
Any modifications from original BriForum Session are in RED
Ron Oglesby@RonOglesby
Chief Solution ArchitectUnidesk
WARNING:Tech presentations are frozen in time• It’s Sept 21st of 2016• Vendors constantly release updates and change/update their product.• Make sure to see what companies have added, changed, removed,
reconfigured or made better if you are looking at this in the future!
• VENDORS: If you are watching this in January of 2018 don’t get mad & call me, or post comments because I am talking about features from 3 versions back of your product.• It’s just BriForum… lighten up
Thanks To:• Jason Mattox, CTO at Liquidware Labs• Yuhua Lu, Product Manager at Citrix• Brad Rowland/Kevin Goodman at FSLogix• 3 anonymous VMW reviewers of the AppVolumes slides• Rory Monaghan, Application packaging stud (Unidesk, FSLogix &
AppVolumes Feedback)• Jarian Gibson, Just an awesome dude (FSLogix feedback)• 1 anonymous reviewer of AppDisk and LWL for “Tech Guy’s Notes”
What are we going to talk about?• Some fundamentals/basics of layering • Inside the magic: file system filter examples, registry virt• The mechanics of layers: disk mount, assignments, infrastructure
• A checklist of things to understand when looking at and testing layering products• Applying those questions to the vendors in the app layering space• A talk about the future possibilities with layering in a cloud and hybrid
world
What is Layering?• Gartner calls it: An application layer abstracts a desktop-installed application from the base OS in order to deliver it to multiple desktops. Typically, a layered application is stored as an independent virtual disk, which is then attached or streamed to a virtual desktop. Layered applications are injected into the desktop and are visible to both the OS and other applications, thereby allowing applications to behave as they would if natively installed.• Great, but what does that really mean?
Who cares about ANOTHER App deployment tool????• My “The Promise of App-V/Softricity” Speech• Reinvigorated when ThinApp was acquired… (anyone remember the
thumb drive with apps on them in the demo?!)• Organizations are looking for a different, simpler, real-time way to
deploy Windows apps, and they want the Unicorn. • Perfect app compatibility with the functionality of
natively installed apps, all delivered in real time with no delay or performance impact and magically making even ‘bad’ apps work, while also isolating exactly when needed. • Oh… and with no IT experience needed to implement.
Layering isn’t a replacement for isolation• App Isolation has been used incorrectly for a lot of years. • It is awesome for isolating ‘bad’ & version touchy applications.• But because of inherent flaws in app compatibility and level of
expertise needed to make it functional, it generally cannot become a standard app deployment tool for most IT orgs.
• Isolation is like medicine. Great in the right doses & applied at the right place. Sometimes detrimental to the patient if you attempt to use preemptively / all the time.
Who plays in the space?• Companies with a layering software (alphabetical order):• Citrix – AppDisk • Citrix – PVD (not app Layering, but lets mention it)• Liquidware Labs – FlexApp • Unidesk• VMware – AppVolumes
• Though not exactly “App Layering” in the ‘classic’ sense• FSLogix
Basic Components of Layering Tech• In guest:
• File System• Registry• Logic around services, drivers, startup, scripts, etc• Hooks to login process
• Infrastructure• Virtual Disks• Disk mount models• Layer assignment model• Actual infrastructure needs
Layering the File System
Layering the File System
Executing Windows Env:
Transient/Writable Layer/Volume:
App Layer (FireFox):
App Layer (Office):
Operating System:
READ
READ
READ
Profile, UIAs, temp
READ
WRI
TE
Copy on write:
Layering the File System (Layer Priority)
Writable Layer:
App2 Layer:
App1 Layer:
File 5File 4
File 3
Layering File System Logic
What Windows “Sees”
Windows OS Layer:File 1 File 2
File 4
File 1 File 2 File 3 File 5File 4
App2 Layer:
App1 Layer:
File 5File 4
File 3 File 4
Layering the File System (Layer Priority)
Writable Layer:
Layering File System Logic
What Windows “Sees”
Windows OS Layer:File 1 File 2
File 1 File 2 File 3 File 5File 4
File System ‘Deleted’ Objects/Delete Tokens
Writable Layer:
App2 Layer:
App1 Layer:
File 3 File 5File 4
File 1 File 2 File 3
File System Logic
What Windows “Sees”
DTFile 4
DTFile 1
File 2 File 3 File 5
Demo• Live demo of a file system filter results to show the layering concepts
Basic Layering Disk Mounts
Windows OS Disk
Windows Env.
Layering Agents
Disk Mounted to the Virtual Machine
Layering agent blends the FS and registry
“Virtual Machine” mount of a layer
Layering Mgmt Server
Hypervisor /Mgmt Server
Reconfiguration of the Virtual Machine (Mount Disks)
Call to APIs to mount disks
Credential pass to find authorized layers
Basic Layering Disk Mounts
Windows OS Disk
Windows Env.
Layering Agents
Windows VHD mount used to connect to the Volume
Layering agent blends the FS and registry
“In Guest” mount of a layer
Layering Mgmt Server
Hypervisor /Mgmt Server
Credential pass to find authorized layers
Basic Layering Assignment Types
* Pre-login/Machine Assigned assigned doesn’t necessarily mean “boot level” applications
User Assignment(at login)
Machine Assignment(pre-login)*
Pool/Delivery Group Assignment(pre-login)
• Layers are assigned to groups or individual users
• Mounted/attached at login• Can be Machine mount or In-
Guest mount• Layers are disconnected at
logoff (sometimes machine reset)
• Used for writable / personalization layers
• Assigned based on computer name (sometimes OU container)
• Can be specific machines, or based on machine names
• Disks attached to machine pre-login (often near boot time, or just after boot once agent starts)
• Assigned to a specific Delivery Group/Pool.
• All machines in the pool receive same layers.
• Layers attached at boot, but Layering Software not started until boot process complete.
How to look at a layering software• You should understand certain things when starting a POC with
Layering:• Supported Hypervisors and Guest OS • Infrastructure requirements (primary site, cloud and DR)• Layer Assignment model (by user, by machine, pre-boot, at login)• Disk mounting options (in-guest vs VM level)• Application Compatibility/Layer Conflict Resolution/Boot dependent apps• Layer creation AND updating process (update and rollback)• Typical customer environment (how are 80% of their customers deploying the
layers today)?• How it will/wont integrate with your existing environment/tools, processes or
models.
Citrix AppDisk• Overview image of architecture…
• There isn’t one
Citrix AppDisk Key Questions• Supported hypervisors and Guest Oss• XenApp/XenDT Delivery Controller version 7.8 is required• If using AppDNA, AppDNA 7.8 w/ SQL db• Client OS’s and Server match the 7.8 supported guests• Hypervisors: vSphere and XenServer • Cloud: none at this time
• Infrastructure requirements:• VM type storage (VMFS, NFS, etc) Apps stored with machines• When using w PVS, layers are not stored w/PVS images in the PVS Store• Must have (separate from the controller) AppDNA installation for app/layer
priority
Info verified by Yuhua Lu - Citrix
Citrix AppDisk Key Questions• Disk mount type• Machine Mount - Pre-login / boot
• Layer Assignment • Assigned to Delivery groups (machines), not specific users or user groups
• Application Compatibility• Attached at boot but some boot time apps will not work.• Conflict resolution mechanisms between layers requires AppDNA to
determine conflicts between layers, and recommend layer priority
Info verified by Yuhua Lu - Citrix
Citrix AppDisk – A Tech Guy’s Notes• Applications Layers (AppDisk) or Personalization layer (PVD), but not
both simultaneously. • Apps assigned to Delivery Groups (not AD groups)• “Free” with every edition of XenApp, XenDT, you might already own it.• AppDNA (available in Platinum only) is really used for determining
Layer Priority and conflict issues in layers. Use AppDNA then set layer priority manually.
Info verified by Yuhua Lu - Citrix
Liquidware Labs FlexApp
FlexApp-Simple VHD vs Advanced VMDK
FlexApp Key Questions• Supported hypervisors and Guest Os’s
• Guest OS: Win7, Win8.1, Win10, Srvr 2012R2, Srvr 2008 R2• Hypervisors (client & mgmt. services): vSphere Storage based VMDK, Other Hypervisors/cloud
using in Guest VHD
• Infrastructure requirements:• Simple VHD
• Single Management console • Replicated File Share for VHD’s• Replicated File Share for configuration and policies
• Advanced VMDK• Clustered Management Console up to 50 nodes for scaling• vCenter if using advanced VMDK disk type/machine mount
• Overlapping VHD and VMDK requirements • FlexApp Packaging console
Info verified by Jason Mattox – CTO LWL
FlexApp Key Questions• Disk mount type
• Machine mount (VMDK)• In-Guest mount (VHD)
• Layer Assignment • User or Machine (Plus a context aware filters) * See Tech Guy notes…
• Application Compatibility• Micro Isolation, allow two files or registry keys to exist at the same time pointing the layer to its own
version of the file or registry key.• Layer Priority, smaller issue since FlexApp have Mirco isolation. • Other stuff they do for app compat/to make apps work.
• Merge Registry when different layers all want to update the same key for things like %path%• Micro isolation
• Any notes on drivers, or what not• PnP drivers• Application based printers, PDF, image etc.etc.
Info verified by Jason Mattox – CTO LWL
FlexApp– A Tech Guy’s Notes• App Layers are assigned by user/group, but LWL also has a large policy
engine for layer attachment By: (as their CTO says) OU, Group, IP Range, Host name, Site, If Exist, OS version, Day of week, If you need coffee, If you need a nap, if @T_REX_VDI tweeted today….• Often packaged with, but does not require, ProfileUnity – ProfileUnity
is what kicks off FlexApp, but UEM features do not need to be enabled nor licensed.• Console for creating and updating layers is separate from ProfileUnity
console. (manages both VMDK and VHD layers)
Info verified by Jason Mattox – CTO LWL
Unidesk
Layered Image
Citrix PVSCitrix MCSVMW ComposerAzure
Windows Layered Image
Guest Layering Services
Std Network Share(UNC Path accessible)
Unidesk Key Questions• Supported hypervisors and Guest Oss• Guest OS: Win7, Win8, Win10, Srvr 2012R2, Srvr 2008 R2• Hypervisors (client & mgmt. services): vSphere, Hyper-V, XenServer (q4)• Cloud support (client & mgmt. services) Azure, Amazon
• Infrastructure requirements:• 1 Virtual Appliance • Share (UNC accessible storage) for central Layer Repository• Additional, replicated shares as needed• vCenter if automating with vSphere/Horizon View
Info verified by Ron Oglesby Unidesk Geek
Unidesk Key Questions• Disk mount type
• In-guest (VHD)• In Image (injected layers)
• Layer Assignment • User/Group based on AD (at Login)• Layers also assigned to images (PVS, MCS, Composer, etc) via Layered Images
• Application Compatibility• Supports boot time apps w/ services/drivers (example VDA, AV, View Agent)• Conflict resolution based on automated layer priority• Cross Layer Merging for .NET apps, driver store, Office/IE plugins, etc.• Supports prerequisite/dependent layers for building new layers
Info verified by Ron Oglesby Unidesk Geek
Unidesk – A Tech Guy’s Notes• (TP) App Layers assigned by AD, attached at login (UNC path)• Supports at-login attachment with XenApp/RDSH• Applications can be “injected” into images for img mgmt. systems like
PVS, MCS, Composer, etc, etc• Change from Unidesk 3 to 4, Unidesk is no longer the virtual machine
provisioning mechanism (not everyone likes that)• Programmatically limits layer assignment to the OS the layer was
created on (no taking a Win7 package and assigning to Win10)
Info verified by Ron Oglesby Unidesk Geek
VMware AppVolumes
AppVolumes Key Questions• Supported hypervisors and Guest Oss
• Guest OS: Win7, Win8, Win10, Srvr 2012R2, Srvr 2008 R2 • Hypervisors (client & mgmt. services): vSphere, other hypervisors (with VHD)• Cloud support (client & mgmt. services) Use VHD mount for cloud env.
• Infrastructure requirements:• Management Servers (Windows), SQL DB• VM accessible disk storage (in 2.10 with vsphere), VHD, network accessible• 2.x Recommend 1 Mgmt server per a 1,000 desktops (2,000 max)
• Recommend that you load balance to scale multiple managers ( while using 1 DB)• Virtual Appliance for the mgmt. server and DB in (in 3.0)
• No public scale/sizing info on this yet*
Info verified by
AppVolumes Key Questions• Disk mount type• Machine Mount and optional VHD/In-Guest (in 2.10) • VHD/In-Guest and VMDK possible (in 3.0)
• Layer Assignment • User or Machine assignment, OU, Group (user or machine) assignment
• Application Compatibility• Automatic layer priority system for conflicts. Have an specific set of rules for
known applications (applications known to conflict) Manual priority for unknown apps• Certain boot level apps work by starting services and drivers after AV agent
starts. Agents, Anti-virus, etc not recommended in AppStacks.
Info verified by
AppVolumes – A Tech Guy’s Notes• Rest API available for both 2.x & 3.x for automation• Replication of AppStacks available between vCenters/different storage systems
possible• AppVolumes 3.0 is not recommended for production use at this time
• New features like AppToggle, Appapture/Isolation and a single unified console• Focus is around cloud based used cases/service providers.• Upgrade path will become available for 2.x customers
• Leverages AppStacks (combinations of numerous apps into a single disk)• Rory M – 2.x Bolts on to existing VMW environment very simply• In-guest mount to VHD possible in 2.x, most common w/ VMW inf. is VMDK
machine mount. 3.x is going to push people towards VHD
Info verified by
What about that FSLogix? Is it Containers? Layers? What's a Profile Container? WTH?
FSLogix… Layering?• How to they describe themselves? • FSLogix is a profile and application provisioning solution for physical and virtual
desktops• Delivers applications from single base image or Application Containers (layers)• Profile Container consolidates user profile to single VHD, eliminating Folder Redirection• Uses “Rulesets” to govern application visibility rules - applications install natively and are
not sequenced or repackaged
• They look at the mgmt. from a holistic image perspective (A Unified Base Image). • But they also understand that some things need to “bolt on” from an app or
personalization perspective.
Info verified by Brad Rowland- FSLogix
FSLogix
Unified Base Image• All users can share a common
base image (apps, plugins, etc)• Filter allows multiple app
versions to install side-by-side
FSLogix Filter Driver
Profile Container andApplication Containers
• Windows VHD mount• User profile resides
fully in single VHD
User Workspace
Info verified by Brad Rowland- FSLogix
FSLogix Key differences w/ typical layering• What is similar• Runtime customization on a per user basis.• File system filter use with AD based assignments of apps
• What is different:• Overall model is reversed from typical layering • Includes Base Image Management, Profile Container, and App Containers in
one stack / One tool
Info verified by Brad Rowland- FSLogix
FSLogix – A Tech Guy’s Notes• Cool abilities unique to FSLogix – Like: Multiple versions of java can be
used by different webpages in the same running session• Basic premise is that you have a SINGLE image with all apps installed.
Start there. • Works with App-v (for machine publishing, you can use FSLogix to
cloak apps not needed.) or use for stuff that typically doesn’t work (print drivers)• Sometimes causes confusion in deciding what should go in the Unified
Base Image vs app container
Info verified by Rory M, Brad Rowland – FSLogix &
So where is all this going?
The realities of cloud and multi-hypervisor• You will not have hypervisor access… and if you do, each one is VERY
different
• Disk models change between providers and hypervisors
• Management servers (for multiple sites or hybrids) must be easy to replicate, easy to maintain.
What this means to layering tech• VHD(x)/in-guest will become the norm• Machine mounts will have to go away/used rarely• Replication tech for layers (DR or active use) will become much easier
Next tech leaps for layering companies?• Further refinement of cross layer merging• Use on physical machines becomes a reality (really)• This requires logic around caching of layers, connectivity logic, etc
• Integration into other systems (such as SCCM and what not)• Metro type apps delivery and integration• RDSH/Session aware (user context aware) layering• Layering companies will have to figure out the Personalization disk
limitation of a user accessing from more than one machine• Cloud delivery of the appliances (and layer storage) will become real…
Questions?If I don’t have the answer, I will mumble something unintelligible until
I can find the vendor in the audience and bring them up!
@RonOglesby
