Augusto Alvarez

Blog
Contact

Implementing App-V – Part IV: Sequencing Applications

Other posts in this series:

Implementing App-V – Part I: Introduction to Application Virtualization

Implementing App-V – Part II: Choosing and Preparing the Environment

Implementing App-V – Part III: Integrating Clients

Ok, we had a good look about the entire App-V platform so far: Explanation about application virtualization and the components involved in App-V (Post I); installation of the App-V Server including some troubleshooting tips (Post II); integrating App-V client components, testing the default application and some troubleshooting about this process as well (Post III).

Now it is time to sequence some real applications and deliver them to clients. As always, I’m going to start with an easy one, so you can see all the tricks involved to get the things working. But first, we must prepare the App-V Sequencer machine.

As we’ve seen in Post I, the main component involved in the sequencing process is the App-V Sequencer.

Sequencer Quick Checklist

Use the same base operating system for both, Sequencer and Target (client) machines. Microsoft does not support using different type of OS between these two. Off the record: I’ve used many applications that worked perfectly when this requirement was not fulfilled.
The Sequencer machine must have a second partition available. The common use for this one is to assign the Q:\ drive letter.
Sequencer and Client machine must have the same Windows Installer version.
In the Sequencer machine ensure that the directories %TMP%, %TEMP% (user temporal data) have sufficient space, since the application use this directory to store temporal sequencing data.
Before sequencing an application you should close all other programs, including Antivirus.
As a recommended best practice, use VirtualPC or any other type of virtual machine for the App-V Sequencer. Combine this using snapshots or differencing disks to always have available a fresh OS to deploy applications.

For more information about the sequencing process and requirements, check the Sequencing Guide from Microsoft and also the Sequencing Best Practices.

App-V Sequencer Setup

Once you’ve checked all the requirements mentioned above, the installation process is quite simple and straight forward.

App-V Sequencer main window:

Sequencing Applications Step-by-Step

As I mentioned earlier my first pick will be a simple application, this will allow us to get familiarized with the sequencing process. I want to start showing the App-V compatibility with some non-Microsoft applications, I’ll be using Mozilla Firefox.

1. In the App-V Sequencer program window select “New Package”.

2. A new wizard will start, select the package name “Firefox”.

3. In the next window you are ready to get started with the applications installation and capture, so you can start creating the installation folder in the Q:\ drive.

Within this folder, the application will store all the program files and the sequencer will use them to package the application.

Note: You don’t need to place the installer inside this folder.

4. Click on “Begin Monitoring” to start the installation process.

5. The capture process will start by selecting the folder in the Q:\ drive.

6. Once you’ve selected the folder, the virtual environment will start to load, wait for the “Monitoring started. Please begin installation” message appears.

7. Locate the installer and start the installation process.

8. In the installation process, the main step will be in the destination folder option that the program use to place the program files. Select the folder you’ve selected to be monitored. In my case: Q:\Firefox.

9. Once the installation is complete and you verified that the program was installed correctly, get back to the sequencer window and click on “Stop Monitoring” and click on “Next”.

10. In the next window you can add some more files inside the package. This can help you if you are using customized applications, that need to load local files.

In my case I don’t need any.

11. In the next window, the sequencing process detects the applications that compose Mozilla Firefox, in my case the Firefox standard app and the Firefox safe-mode.

You can add new ones, remove the detected and modify the components involved: File type associations and icons.

For every application shown here, we will need to make a small change. Click on each application in the right list, and select the “Edit” option. In the “OSD File Name” you will probably see a long name, like “Mozilla Firefox 1.9.1.3523.osd”.

You need to change this one removing all the spaces in the name, like “Firefox.osd”.

Change this in all applications involved and click on “Next”.

12. The next step is optional, where you can launch the applications for a final check that they are working properly. Click on “Next”.

13. Sequencing process is complete. Click on “Finish”.

14. The package is ready for the final customization regarding the application deployment.

In the App-V Sequencer window, select the “Deployment” tab and change the Protocol option to “RTSP” (this will automatically change the Port to 554), and in the Hostname option select the name of the App-V Server, in my case “appv-server”.

In the Operating System list, you can add all the baselines where this application can become available. And note also the option to generate an MSI package, that you can use it with the App-V Stand Alone mode (explained in Post I of this series) and/or System Center Configuration Manager (SCCM) integration with App-V.

15. Before saving the package, you can explore other options within the Sequencer, like the registry files that are modified by the application.

Once you are done, click on save this package locally.

With the project saved, you can check on the files created and verify that the OSD files were not created with names composed by blank spaces.

Adding the Package to the Server

Now that the package has been sequenced and created, it is time to add it to the server.

1. Copy the files created in the App-V Sequencer to the “content” folder in the App-V Server.

2. In the App-V Server, open the App-V console. Right click in Applications and select “Import Applications”.

3. Select the SPRJ file for the Mozilla Firefox and click “Open”.

4. In the General Information window, accept the default options and click on “Next”.

5. In the “Published Shortcuts” select the shortcuts that the clients will have created.

6. In the “Access Permissions” select the group that will load this application. In my case, I’m using Domain Admins.

7. In the “Summary” window, click on “Finish”.

And now you have the application ready in your App-V Server to be deployed.

Testing the Application

After completing the importing wizard, the application is ready to be deployed in the client machines.

Access the client machine, and if you want to avoid the process of log-off and log-on to test it, locate the App-V Client console (C:\Program Files\Microsoft Application Virtualization Client\SftCMC.msc), select “Publishing Server” and click on “Refresh Server”.

The new icons will appear in the desktop or in the places you’ve selected.

Mozilla Firefox starting

Troubleshooting App-V Published Applications

The most common error about App-V applications I’ve experienced are regarding the firewall exceptions discussed in the Post III of this series. But, there’s also another problem that appears related to the package it self.

If the package that you’ve created, the OSD file name uses spaces between, like “Mozilla Firefox 1.9.1.3523.osd”:

Then most likely when you try to deploy this application, after importing it in the server, you’ll get these errors:

“The package requested could not be found in the system data store or the files associated with this package could not be found on the server”. “Error code: 4513CDC-1690150A-20000194”

To fix this, you’ll need to regenerate the sequenced application as shown above, editing the application information and remove any blank spaces in the OSD file name.

More Resources

Other posts in this series:

Implementing App-V – Part I: Introduction to Application Virtualization

Implementing App-V – Part II: Choosing and Preparing the Environment

Implementing App-V – Part III: Integrating Clients

[Events] Overview of Run Reloaded in Buenos Aires

January 18, 2010 at 3:41 am | In Events | Leave a Comment
Tags: Conferences, Events, Run Reloaded

As I mentioned to you before, I presented in the Run Reloaded event that took place here in Buenos Aires in last November. I had the pleasure to give two presentations: Geo Clustering with Windows Server 2008 R2 and Group Policies with Windows 7 and Windows Server 2008 R2.

The event gather some great presentations about several of the new technologies introduced by Microsoft: Windows 7, Windows Server 2008 R2, SQL Server 2008 R2, Exchange Server 2010, Sharepoint 2010, etc.

And the public response was also amazing, thousands of people showed up in this two-day event, that also had several simultaneous conferences given in the Universidad Argentina de la Empresa (UADE).

Multi Site Clustering with Windows Server 2008 R2

I presented this track with Roberto Dilello and we had the chance to revisited a previous track of mine presented in Code Camp 2009.

This time I had the chance to take a deeper review about the multi site clustering architecture, their benefits, requirements and how to configure them in Windows Server 2008 R2 Failover Cluster.

You can download the multi site clustering presentation (Spanish) from here.

Windows 7 and Windows Server 2008 R2 Group Policies

Presented with Leandro Amore, making an overview of the changes made since Windows Vista about the Group Policies management.

Taking a closer look to the ADMX migrator, PowerShell, Starter GPOs, Group Policies preferences, etc.

The group policy presentation can be downloaded from here (Spanish as well).

Cheers!

[Events] Run Reloaded: Buenos Aires

November 21, 2009 at 2:40 am | In Events | 1 Comment
Tags: Conferences, Events, Run Reloaded

After presenting at the Code Camp this year, I’ve started to prepare my participation in a new and upcoming event: Run Reloaded – November 24 and 25 – Universidad Argentina de la Empresa (UADE).

This event will officially introduce to the community the brand new Microsoft technologies: Windows 7, Windows Server 2008 R2, SQL Server 2008 R2, Exchange Server 2010, Sharepoint Server 2010, and may others, including devs technologies.

The event is divided in two days, and each day will have the IT and the developers sessions. Here is the schedule and registration links for the IT sessions (Spanish):

Day 1 Registration

Day 2 Registration

More info about Run Reloaded here.

About my conferences:

- Multi Site Clustering with Windows Server 2008 R2: Taking a little bit deeper about my previous presentation, checking the benefits of geo clusters and what are the necessary requirements. I’ll be presenting it with Roberto Dilello.

- Group Policies with Windows 7 and Windows Server 2008 R2: Reviewing the improvements and features that we can adopt using group policies with the just released operating systems: Windows 7 and Windows Server 2008 R2. I’ll be together with Leandro Amore.

See each other then!

GFI WebMonitor without ISA Server

November 17, 2009 at 11:20 am | In GFI WebMonitor | 1 Comment
Tags: GFI WebMonitor, ISA Server, Monitoring, Security

A while ago I had the chance to review GFI Webmonitor, an ISA Server add-on that enhances significantly the possibilities for web access and download control. Now, GFI introduces a great and brand new option within web monitor possibilities: GFI WebMonitor version that does not require an ISA Server installation.

You can download the free 30-day trial here. And even more, once the trial expires, the software switches to freeware mode; where you maintain the monitor features but the security and access control are removed.

Differences with the ISA Server add-on version? None

The first thing I’ve started to wonder about this product is: It doesn’t require ISA Server, so which capabilities and features will be lost? Well I had a great surprise there, not only maintains all the features, but also there a few new ones.

GFI WebMonitor dashboard, same as the ISA add-on version

Reviewing New GFI WebMonitor

As you can see, the dashboard looks the same, but let’s take a closer look about the tool and find out a little bit more.

Installation Process

Same, again. As we’ve seen it in my previous post, the installation is a very simple and intuitive process; the same one is included here. In my environment I’ve installed GFI WebMonitor on a Windows Server 2008, working just as a member server in my lab environment.

At the end of the installation, you’ll get all the necessary hints to start working with GFI WebMonitor.

Based on my configuration, the simple proxy mode is selected

The last message: All that you actually need to configure your clients

Configuring Clients

With the last image, you’ve already had all the necessary information to configure your clients. Just configure your browser proxy server options.

Internet Explorer Proxy Server options

Remember that you can automatically configure these options using Group Policies in your domain. User Configuration > Windows Settings > Internet Explorer Maintenance > Connection > Proxy Settings

Group Policies: Proxy Server option for IE

Configuring the Server

Before start testing your clients with the proxy options, you should verify that the machine working as a proxy has the 8080 port open to receive connection from the clients.

Just add an exception in your firewall to allow traffic

You can also configure in your GFI WebMonitor a few more options related to the proxy settings: Authentications and chained options.

You can use anonymous, basic and integrated authentication for proxy clients

Chained Proxy: When you have a separate proxy or firewall in your network.

The rest of the configurations within GFI WebMonitor, you’ll find the exact same as my previous review:

- Statistics: Nice data parsing showing bandwidth consumption, sites history, users history. One of my favorites within this stats is the “top policy breakers”: users that more times have tried to access content prohibited by your policies.

- White and Black lists. The name isn’t that simple as the configuration needed to block websites and content.

Blacklisting facebook.com

And the clients will receive a message like this:

- Web Filtering Policies: All the policies defined here will allow you to manage access to certain sites and even pre defined categories to specific users, groups or even IP address. Including the time window in which each policy will apply. Pretty simple to configure and set.

- Security: This section represents one of the most powerful within this tool, you get the chance to configure Download Control Policies (which users can download what and when); IM Control Policies (allowing or blocking IM); and my favorite Virus Scanning.

All the content that is downloaded from the clients will be scanned with three different antivirus engines: BitDefender, Kaspersky and Norman antivirus; all of them with databases updated constantly.

Every time a user downloads a file, by default, the window that will appear:

And virus scanning, of course

And GFI WebMonitor also gives you the “Quarantine” section to analyze blocked downloaded content.

One of the new features introduced is the “Hidden Downloads” section. That show downloads which were unattended by users that could reveal malware or unwanted applications within the network.

More Resources and Troubleshooting

Installation and Configuration

- How can I exclude some websites from passing through the GFI WebMonitor proxy?

Troubleshooting

- Mozilla Firefox keeps asking for credentials repeatedly
- Integrated authentication fails with GFI WebMonitor 2009 Standalone Proxy
- Internet Explorer is unable to retrieve my new wpad.dat configuration

Conclusions

- This tool represents a great way to easily use and configure a proxy server in your network in just a few seconds. From the installation process to the web filtering policies, all of them represent very intuitive and simple processes; you don’t need expert knowledge in firewall or proxy servers.

- Removing the ISA Server requirement, you almost have no excuse to give it a try if you are concerned with your current bandwidth consumption and access control.

- The security section gives you a nice bonus and avoiding having viruses or malware within your network. You know the feeling, having just one negligent user can become in several work hours for your help desk department.

If you are considering implementing new security policies in your company, you should know that what people usually access every day on the web it is a significant matter.

Cheers!

Implementing App-V – Part III: Integrating Clients

November 7, 2009 at 7:32 pm | In App-V | 4 Comments
Tags: App-V, application virtualization

Other posts in this series:

Implementing App-V – Part I: Introduction to Application Virtualization

Implementing App-V – Part II: Choosing and Preparing the Environment

Implementing App-V – Part IV: Sequencing Applications

We’ve already talked about Application Virtualization and some common scenarios (Post I), talked about the existing models in App-V and how to install the App-V Management Server (Post II); now it’s time to work with the App-V clients.

I was considering to not include this post and go directly to sequencing applications, but most of the errors and blocking issues that appear in App-V are related on not having a environment properly installed.

The process will start with the App-V Desktop Client installation.

App-V Desktop Client Installation

Select a client machine that will receive some of the sequenced applications and you shouldn’t have any problem with this installation, pretty straight forward:

1. Double click on the installer and most likely you will be needing to install a few components before starting.

2. The wizard starts and click on “Next”.

3. Accept the License Agreement.

4. Select your option for Microsoft Update.

5. Select “Custom” installation option.

6. Accept the default installation path.

7. Data Location, the default preferred drive letter by convenience is used the letter “Q” (avoiding to collide with possible network drives).

8. Then you can select the cache size that the client machine will use. Every time that the client downloads applications, it will use the local cache for every time the application needs to be loaded again in the session. You can use the default option provided.

9. On Runtime Package Policy Configuration use the default options adding the “On Publishing Refresh” option inside “Automatically Load Application”.

10. On "Publishing Server” complete the options used for your App-V Server. And since I won’t be using SSL for the communication, I’m selecting the type “Application Virtualization Server” and “Port” 554.

11. Click on “Install” and we are ready to go.

Testing the Default Application

As we’ve seen it before, once you install the App-V Management Server a default application is installed.

We are going to use it to validate that our environment is ready to go and start sequencing applications. Unfortunately you will need a few steps before publishing the application:

1. First of all, re check the configurations mentioned in Post I of this series:

- Ensure that the Application Management Server service has started.

- The content folder (C:\Program Files\Microsoft System Center App Virt Management Server\App Virt Management Server\content\) must be shared with proper permissions: “Everyone” the “Read & Execute”, “List folder contents” and “Read” access.

- If you have the firewall enabled, ensure that you enable the exceptions for inbound connections with the programs sghwdsptr.exe and sghwsvr.exe. Both located in “C:\Program Files\Microsoft System Center App Virt Management Server\App Virt Management Server\bin\”.

To make a first quick check about the connectivity, you should always start using “telnet appv-server 554” to ensure that the ports are open between the hosts.

What Happens If I Don’t Complete The Requirements?

If any of those are not in place, the error code that you should be receiving when you try to access an application is: “The Application Virtualization Client could not establish a connection to the Application Virtualization Server” “Error code: 4513CDC-19D06A0A-10000004”.

And in the Event Viewer you’ll see a bunch of warning messages and one error: “The Application Virtualization Client could not connect to stream URL ‘RTSP://appv-sequencer:554/application‘” along with the same error code.

2. With all that in place, time to get the application ready. Access the App-V Management console, open the Default Application Properties. In the General tab, the OSD and Icon path must be using a UNC path, like in my case: “\\appv-server\content\”.

3. Shortcuts tab will let you decide where you want to insert the client’s shortcuts.

4. Access Permissions: Here you can select all the domain groups that will have access to this application.

5. Edit the DefaultApp.osd file that is stored within the content folder mentioned. Look for the “Implementation” area and replace the name of the server using the current name of the actual server.

6. Login to the client machine using credentials that belong to the group you just gave access to the application. You will see the Default Applications shortcuts already in place, double click the shortcut.

And there you have it, your environment is ready to receive and launch applications.

Note:

Remember that by default, the applications are refreshed once the user logins to the client computer.

If you want to avoid this process, in the client computer access “C:\Program Files\Microsoft Application Virtualization Client” folder and double click “SftCMC.msc”. Inside “Publishing Servers” right-click the name of the server and select “Refresh Server”.

With that, any update on the applications published should be shown in the client.

In a few days more, I’m publishing the fourth part of the series: sequencing applications.

Other posts in this series:

Implementing App-V – Part I: Introduction to Application Virtualization

Implementing App-V – Part II: Choosing and Preparing the Environment

Implementing App-V – Part IV: Sequencing Applications

Free E-Book: Introducing Windows Server 2008 R2

October 23, 2009 at 12:21 am | In Books, Cool Stuff, Free Stuff, Windows Server 2008 R2 | 1 Comment
Tags: Books, E-Books, Free Stuff; Windows Server 2008 R2; Cool Stuff

Microsoft Press introduced a great technique to get more readers: Giving away free books, as simple as that. And this time with a great proposal: Introducing Windows Server 2008 R2.

Even though it is a short book (200 pages) you’ll see that there are several topics that you might be interested in. Here are the chapters involved:

Chapter 1 What’s New in Windows Server R2
Chapter 2 Installation and Configuration: Adding R2 to Your World
Chapter 3 Hyper-V: Scaling and Migrating Virtual Machines
Chapter 4 Remote Desktop Services and VDI: Centralizing Desktop and Application Management
Chapter 5 Active Directory: Improving and Automating Identity and Access
Chapter 6 The File Services Role
Chapter 7 IIS 7.5: Improving the Web Application Platform
Chapter 8 DirectAccess and Network Policy Server
Chapter 9 Other Features and Enhancements

You will find several information about important improvements introduced in this version, like: Hyper-V R2 (Live Migration and storage hot add feature); VDI; IIS 7.5; BranchCache and DirectAccess.

Enjoy!

[Events] Code Camp 2009 at Buenos Aires

October 17, 2009 at 7:10 pm | In Events | 1 Comment
Tags: Code Camp, Code Camp 2009, Events

Again, another excellent Microsoft event took place last month: Code Camp 2009. And I had the great pleasure to participate with two conferences, Hyper-V and Windows Server 2008 R2 Clustering.

Code Camp Buenos Aires series officially began in 2007 and appeared as a great opportunity for students and academic cells interact directly with the community, not only participating in conferences but also preparing small demos and telling their story about their work with Microsoft’s technologies.

I had the chance to participate in all of them, but this year’s Code Camp represented the biggest event of the series, with over 50 conferences regarding IT, developing, gaming, methodologies. Here’s a quick review of my participation:

Hyper-V Para Suegras

Translated in “Hyper-V for Mother-In-Laws” (don’t ask me, ask Alejandro Ponicke, he came up with the title). I presented this one with a good friend of mine, Alberto “Beto” Ortega.

The main idea resided in present an introduction to virtualization and Hyper-V with the main features included in Windows Server 2008 R2. Using also a small review of Hyper-V clustering and Live Migration.

The presentation for Hyper-V (in Spanish) can be download it from here.

Desmitificando Clustering en Windows Server 2008 R2

Translated in “Demystifying Clustering in Windows Server 2008 R2”. Here, I had the chance to go a little further about Hyper-V clustering and presented the main idea and benefits of clustering with Windows Server 2008 R2.

We’ve made a small review about the process in Windows Server 2003 and the process using Windows Server 2008 R2, features included like cluster validation, Clustered Shared Volume (CSV), Geo Clusters, clustering myths and best practices. And also we’ve discussed about clustering with SQL Server, using a demo of a SQL Server 2008 R2 (CTP August) cluster.

The presentation for clustering (Spanish also) can be download it from here.

As always, I had a lot of fun and I’m looking forward for the next event: Windows 7 and Windows Server 2008 R2 Official Launch (late November). We’ll see each other then!

Here’s some of the crew involved: Miguel Saez and Alejandro Ponicke

Cheers!

Free E-Book: Deploying Windows 7 Essential Guidance

October 17, 2009 at 7:00 pm | In Cool Stuff, Free Stuff | 2 Comments
Tags: Books, Cool Stuff, Free Stuff, Windows 7

Fresh and free new book available from Microsoft Press and Microsoft TechNet! Deploying Windows 7: Essential Guidance.

This book contains ten chapters from Windows 7 Resource Kit, so if you ever read one of these Resource Kits, you would know that the content it is very complete and interesting. Some of the topics discussed in this free book:

Planning Deployment
Testing Application Compatibility
Developing Disk Images
Migrating User State Data
Deploying Applications
Volume Activation
Using Windows Deployment Services (WDS)
Using Microsoft Deployment Toolkit (MDT)

I know, I know, I was missing the free e-books offers from Microsoft too.

Here’s a little bonus: Microsoft also published as a free download the Chapter 23 of the Windows 7 Resource Kit, “Supporting Users Using Remote Assistance”.

To review some of my posts about deploying Windows 7, check this category:

http://blog.augustoalvarez.com.ar/category/microsoft-deployment-toolkit-mdt/

Cheers!

Windows Server 2008 R2 and Windows 7: BranchCache

July 26, 2009 at 12:55 pm | In BranchCache, Windows 7, Windows Server 2008 R2 | 6 Comments
Tags: Branch Offices, Branch Offices Cache, BranchCache, Windows 7, Windows Server 2008 R2

The arrival of Windows Server 2008 R2 and Windows 7 is just around the corner and I don’t have to tell you that there are a lot of expectations. Common users are concentrating almost all the attention with the client operating system, but I can assure you that having those new platforms, Windows Server 2008 R2 and Windows 7, will give a new perspective for all users and IT guys.

One of the highlights that you can watch having this two boys together is BranchCache, focused mainly in optimizing your WAN bandwidth using special cache options.

As the name says it, BranchCache works in scenarios with branch offices where clients interact and request files from the headquarters. A common and current scenario is related when you access an internal website with the servers located in the main office, each branch office client will request the files directly with the headquarters every time a user intends to communicate with the site, significantly affecting the WAN link with the same data transmitted over and over.

BranchCache is a simple idea that caches every content downloaded from the main office using a server or other branch clients, so every time that a second client tries to download the content, the request is directly handled within the branch office optimizing the WAN link and downloading time.

How Does It Work?

There are no complex configurations and you can even use an option that does not include a server. There are two types of BranchCache deployment options: Distributed Cache (no server) and Hosted Cache Mode (Windows Server 2008 R2 server involved as the cache server).

Keep in mind that the environment will only work with Windows Server 2008 R2 and Windows 7 clients.

Distributed Cache

Windows 7 branch office clients store a copy of the content that is downloaded from the main office, and makes it available to other clients in the branch office every time that they try to retrieve those files.

Hosted Cache

Within this scenario, all the cache content is stored and controlled in a Windows Server 2008 R2 that retrieves all the requests made from branch clients and keeps all the data locally to answer any other requests for the same content.

Microsoft recommends to use this mode on branch offices with over 10 clients.

What About Cache Authorization and Updates?

These are common questions that you may be asking yourself right now:

Q: If the files are stored in a local cache within the branch office (distributed among clients or on a server), that means that all branch users will have access to these files?

A: No. There is an authorization phase that the requestor must complete before receiving the file. In a distributed BranchCache mode, when the client requests the data, the server (main office) authorizes, or not, the cache content to be delivered to the branch office client. In a Hosted Cache mode, the cache server keeps identifiers with the permissions for each cached content, giving access only to authorized clients.

Q: What about if the file changes when it was already cached by clients or a server? The file is distributed out-to-date to branch clients?

A: No. Whenever a change is made on a folder that is distributed with BranchCache, a new identifier (the same used for access authorization) it’s send to branch cache clients (if the mode is set as Distributed Cache); or send it directly to the cache server (if the mode is configured as Hosted Cache).

Configuring BranchCache

In this section I’ll give you small step-by-step BranchCache procedure. There are basically three steps to complete the environment:

1. Configure the headquarters Windows Server 2008 R2 that contains the data that must be cached.

2. Configure the Windows 7 branch clients that will use the cached content.

3. Configure the Windows Server 2008 R2 as Hosted Cache server, if that’s the option you selected for your environment.

The complete reference to achieve this deployment can be found in BranchCache Early Adopter’s Guide.

1. Configuring the File/Web Server

a. Add the feature from Server Manager: BranchCache.

Remember, it’s a feature not a role.

b. If this is going to be a file server, you must add the “File Services” role and the service “BranchCache for remote files”.

c. Configure the Group Policy to enable BranchCache.

Active Directory it is not a requirement for BranchCache, but surely it is recommended for centralized management. You can use an Active Directory or local policy to apply to this server.

The GPO can be located in Computer Configuration > Policies > Administrative Templates > Network > Lanman Server > Hash Publication for BrandCache

The options when you Enable this GPO are self explained: For all shares, files shares tagged and disallow hash publications.

2. Client Configuration

Ok, now you have the server configured to be able to distribute the BranchCache shares. Now it’s time to configure the clients to understand this type of cache. It is easily done with Group Policies, and again, this can be done in a domain environment by linking GPOs or just using Local Group Policies.

a. Access GPOs editing MMC: Computer Configuration > Policies > Administrative Templates > Network > Turn on BranchCache > Enabled.

b. On the same GPO list, you’ll find the rest of the necessary configurations according to the chosen model.

If you are using Distributed Cache, enable “Turn on BranchCache – Distributed Caching Mode”. And the same for hosted cache, “Turn on BranchCache – Hosted Cache mode”.

c. [optional] You can also set other interesting values using this set of GPOs, like latency values or setting a percentage of your disk space dedicated to this cache.

d. Ensure that you have configured the firewall inbound policies to allow BranchCache connections. More info about this on the document mentioned above: BranchCache Early Adopter’s Guide.

3. Configure the Cache Server

For obvious reasons, the communication between the parties involved must be secured and the data available must be guaranteed as updated and correct. That’s why if you are using Hosted Cache Mode, a certificate will be present to achieve a SSL communication and guarantee that data is not modified by an attacker.

It is important to note that the presence of a Certificate Authority (CA) server it is not a requirement, the certificate can be prepared directly from the file/web server and then imported to the Hosted Cache server.

a. First, enable the BranchCache feature from Server Manager.

b. Deploy the certificate inside Certificates (Local Computer) > Personal.

c. Access the certificate properties, the details page will show you the “Thumbprint” field. Copy to the clipboard.

d. Link the certificate to BranchCache with “netsh”:

NETSH HTTP ADD SSLCERT IPPORT=0.0.0.0:443 CERTHASH=<thumbprint> APPID={d673f5ee-a714-454d-8de2-492e4c1bd8f8}

More Resources

Here are some other guides and interesting links you can find about this feature.

That’s pretty much in this BranchCache overview and kind of walkthrough.

Cheers!

Implementing App-V – Part II: Choosing and Preparing the Environment

July 12, 2009 at 10:35 pm | In App-V, Virtualization | 6 Comments
Tags: App-V, application virtualization, Virtualization

Other posts in this series:

Implementing App-V – Part I: Introduction to Application Virtualization

Implementing App-V – Part III: Integrating Clients

Implementing App-V – Part IV: Sequencing Applications

After the first post about App-V and application virtualization technologies we had a nice review about the platform. So, if you feel like this type of technology can add some value to your organization, let’s start playing around.

Before you begin, let’s talk about the available models in App-V that will help you choose the strategy according to your platform. The architecture is prepared to support almost any scenario, including low-bandwidth branches offices or even offline deployments.

App-V Models

Stand-Alone Mode

This is the minimalist mode of App-V with no infrastructure required but the machine that packages the application, “sequencer” from now on, and the App-V Desktop Client.

Sequencing the application adds all the necessary files into one package and generates an MSI file that you can use to deploy manually, by group policy or using SMS/System Center Configuration Manager.

This mode is focused when you have several offline users (do they even exist at this point?), or when you have already SCCM deployed and you don’t want to add a App-V Server.

Streaming Mode

This model it is also focused on platforms that do not want Management Servers. The components present here are the streaming server, sequencer to package applications and the App-V client.

The Streaming Server as the name says it, streams the applications to the clients on demand. The server does not use a SQL database, the permissions are set and maintain based on ACLs (access control lists).

You can use it on low-bandwidth links like branch offices to optimize the application deployment.

Full Infrastructure Model

The full model contains the full set of components in App-V: Management Server, Sequencer, Streaming server and App-V Client. In most cases, the streaming server it is completely optional since the application streaming can be executed from the Management Server, delivering applications on demand to users.

Using a Management Server will add the applications shortcuts publication within the process of deployment. And includes more features for reporting, using a SQL database.

Applications in this model are associated to security groups in Active Directory. And you can also manage centrally the applications licenses.

We are going to focus this set of posts in a Full Infrastructure Model, using a Management Server, Sequencer and a App-V Desktop Client.

Enough with the explanations, let’s get to work.

Installing App-V Management Server

The process it is a little tricky, but we’ll try to set clear all the necessary requirements before running the installation wizard.

Pre-Requisites

This is the list of minimum requirements:

Windows Server 2003 SP1 or superior
IIS 6 role installed with ASP.Net
.Net Framework 2.0
MMC 3.0
SQL Server 2005 Express SP2

Before proceeding with the installation take a closer look to what are the SQL and IIS configurations necessary that we are going to review next.

Here’s the environment that I’ll be using:

Active Directory and DNS platform in place.
Windows Server 2008 (32-bit)
IIS 7 role installed with ASP.Net
SQL Server 2005 Express SP2.

SQL Special Considerations

The SQL Express can be installed with the default options, but, as I mentioned it before, there are a few SQL configurations that needed to be set before the App-V installation process:

1. Open SQL Server Surface Area Configuration Tool from the SQL Server Start Menu folder.

2. Click on Surface Area Configuration for Features.

3. Inside of “CLR Integration”, click the option for “Enable CLR Integration”.

4. Inside of “OLE Automation” click “Enable OLE Automation”.

5. Close “Surface Area Configuration for Features”.

6. Click “Surface Area Configuration for Services and Connections”.

7. Inside “Remote Connections” select “Local and Remote Connections” and set “Using both TCP/IP and named pipes”.

8. Restart the SQL Server services to apply all changes.

IIS Considerations

Since I’m using Windows Server 2008 and IIS 7 for the Management Server installation, there are a few considerations about it.

Install ASP.Net feature with all pre-requisites.
Windows Authentication feature enabled.
IIS 7 Management Tools with Management Service and IIS 6 Management Compatibility features installed.

Step-by-Step App-V Management Server Installation

One completed the pre-requisites and considerations, let’s start with the installation.

1. With the App-V installation media, double click the setup executable.

2. Welcome page, click on “Next”.

3. Accept the License Agreement and click on “Next”.

4. Select “Custom” setup type.

5. Here you can modify installation components (not recommended) or change the installation directory. Click on “Next”.

6. Select the SQL Server instance where the database will be stored. In my case, I’m using the same server with one instance. Click on “Next”.

7. Select “Create a new database”. Maintain the suggested database name “APPVIRT”. You can also modify the location for the database files. Recommended for this type of server to store the database on a different hard drive than the operating system.

8. Leave deselected the option for “Use enhanced security”. You can set secure connections with this server, that will require of course for a certificate. Out of the scope in our case.

9. Leave the default value for the RTSP (Real Time Streaming Protocol): 554.

10. Select the group that will have full access to the App-V Management Server console. In my case, I’m selecting only “Domain Admins” to give access. This option can be modify later.

11. Select the provider group, that by default will have access to the enabled applications. In my case, I will select only “Domain Admins” and later personalize each application for each group.

12. Select the folder where the applications packages will be stored. Leave the default “C:\Program Files\Microsoft System Center App Virt Management Server\App Virt Management Server\content\”. Click on “Next”

13. On the “Ready to Install the Program” window click on “Install”.

After a few moments you will have the App-V Management Server fully installed.

14. Recommended: Reboot the server.

IMPORTANT: If any of the pre-requisites and considerations mentioned above are not completed, you will receive a message like this when you start the installation:

“Error 25109. The installation program could not create the configuration data store. Please see the installation log file for more information”

Post-Installation Procedures

There are basically three more tasks to execute after the App-V Management Server installation is completed to guarantee the proper functionality:

1. Once the server is rebooted, you will need to verify the “Application Virtualization Management Server” service. If you are running on a virtualized environment, you will need to manually start the service.

2. Share the “content” folder created for the applications packages (by default C:\Program Files\Microsoft System Center App Virt Management Server\App Virt Management Server\content\). Give to “Everyone” the “Read & Execute”, “List folder contents” and “Read” access.

3. If you have the firewall enabled, ensure that you enable the exceptions for inbound connections with the programs sghwdsptr.exe and sghwsvr.exe. Both located in “C:\Program Files\Microsoft System Center App Virt Management Server\App Virt Management Server\bin\”.

Note: If these firewall exceptions are not in place, you will also have problems with App-V clients trying to receive and execute the application packages. We’ll check that later.

And yes, you can now open the “Application Virtualization Management Console” and start working with the platform.

Make sure that you deselect the “Use Secure Connection” if you didn’t install a certificate for App-V.

Other Resources

As an interesting option to evaluate your App-V Management Server environment is the Microsoft Application Virtualization Best Practices Analyzer.

It verifies general configurations in your Management and/or Streaming Server 4.5, and notify about possible anomalies as a diagnostic tool. Requires the presence of Microsoft Baseline Configuration Analyzer to generate the reports.

In this example, the warning generated is about the database been stored in the same place as the Management Server.

I’ll be reviewing in the next posts how to prepare clients and applications to be deployed by App-V. I’ll be using Microsoft Office 2007 as the sequenced application.

Other posts in this series:

Implementing App-V – Part I: Introduction to Application Virtualization

Implementing App-V – Part III: Integrating Clients

Implementing App-V – Part IV: Sequencing Applications

Cheers!

Blog at WordPress.com. | Theme: Pool by Borja Fernandez.
Entries and comments feeds.

	jason on Implementing App-V – Par…
	Mariusz on WSUS 3.0 : Connecting, Managin…
	Augusto Alvarez on Windows Server 2008: Creating …
	John on Windows Server 2008: Creating …
	Augusto Alvarez on Microsoft Deployment Toolkit 2…

Sequencer Quick Checklist

App-V Sequencer Setup

Sequencing Applications Step-by-Step

Adding the Package to the Server

Testing the Application

Troubleshooting App-V Published Applications

Multi Site Clustering with Windows Server 2008 R2

Windows 7 and Windows Server 2008 R2 Group Policies

Differences with the ISA Server add-on version? None

Reviewing New GFI WebMonitor

Installation Process

Configuring Clients

Configuring the Server

More Resources and Troubleshooting

Conclusions

App-V Desktop Client Installation

Testing the Default Application

What Happens If I Don’t Complete The Requirements?

Hyper-V Para Suegras

Desmitificando Clustering en Windows Server 2008 R2

How Does It Work?

Distributed Cache

Hosted Cache

What About Cache Authorization and Updates?

Configuring BranchCache

1. Configuring the File/Web Server

2. Client Configuration

3. Configure the Cache Server

More Resources

App-V Models

Stand-Alone Mode

Streaming Mode

Full Infrastructure Model

Installing App-V Management Server

Pre-Requisites

Step-by-Step App-V Management Server Installation

Post-Installation Procedures

Other Resources

About Me

Contact Me

Visitors Map

Recent Posts

Category Cloud

Top Posts in Last 24hs

Recent Comments

Technorati