New App-V Book! “Microsoft Application Virtualization Advanced Guide” Now Available for Pre-Order

December 12, 2011 at 1:01 am | Posted in App-V, Books | 4 Comments
Tags: , , , ,

For several months I’ve been working in a new App-V book:Microsoft Application Virtualization Advanced Guide”, containing advanced topics to cover all what you need to know to master Microsoft Application Virtualization processes. This book includes also new features in App-V 4.6 SP1.

The “Microsoft Application Virtualization Advanced Guide” represents my second App-V book; the previous one “Getting Started with Microsoft Application Virtualization 4.6” was developed a year ago with the basic guidance and step-by-step to get IT administrators started with App-V. This new book is currently available for pre-order in Packt Publishing website (paperback and eBook versions) and hopefully soon enough in Amazon’s (including a Kindle edition).

advanced

This advanced book will cover the necessary guidelines and step-by-steps processes to dominate App-V. Starting with detailed description of its architecture, including some rare advanced topics, and moving through the instructions to implement those advanced guidelines. Here’s an overview of the areas we will cover:

  • Perform sequencing in complex environments including scenarios where App-V is normally not supported.
  • Deploy applications in complex scenarios, including the use of Providers Policies to enforce licensing and other company’s policies.
  • Get hands on in how to implement the scripting process within App-V applications and also review how to use App-V command lines.
  • Troubleshoot App-V, covering the installation process of this platform, but also normal sequencing issues and deployment problems delivering applications.
  • Scale-up App-V implementations by using failover and load balanced scenarios.
  • Review App-V integration with VDI (Virtual Desktop Infrastructure) and Remote Desktop Services.
  • Integrate App-V with System Center Configuration Manager (SCCM) 2012.
  • Understand the new approach appearing in SCVMM 2012 with Server App-V to virtualize servers’ applications.
  • Examine 3rd party tools available in App-V to complement your implementation.

Note: We will not cover the topics reviewed in the “Getting Started” book. This version assumes that we’ve already implemented and used Microsoft App-V; presumes that we are looking to optimize our implementation and learn advanced concepts.

And as an exclusive note, here are the chapter’s names to be included in this book:

  1. Taking a Deep Dive into App-V.
  2. Sequencing in Complex Environments.
  3. Deploying Applications in Complex Environments.
  4. Handling Scripting and App-V Command Lines.
  5. Troubleshooting App-V.
  6. Scaling Up App-V Implementations.
  7. Integrating App-V with Virtual Desktop Infrastructure (VDI).
  8. Integrating App-V with System Center Configuration Manager (SCCM) 2012.
  9. Integrating Server App-V with Private Clouds.
  10. Appendix A: Reviewing App-V Microsoft and 3rd Party Tools.

In this book, which will contain approximately 450 pages total, I had the great pleasure to work again with Packt Publishing and the same crew of App-V experts that made important contributions in my first book: Aaron Parker, Kevin Kaminski and Nick Källén.

Stay tuned for more news about the book and hopefully a new giveaway copy to all my blog readers! :)

[Events] Overview of Code Camp 2011 and Materials

December 5, 2011 at 12:20 am | Posted in App-V, Deployment, Events, Microsoft Deployment Toolkit (MDT), Virtual Desktop Infrastructure (VDI), Windows Server 2008 R2 | Leave a comment
Tags: , , , , , ,

 

I’ve had the great pleasure to present in October, once again, in one of the main Microsoft events in Argentina, Code Camp 2011. This time with two new tracks: “Desktop of the Future” and “Standardizing Windows Server 2008 R2 images”.

As I mentioned earlier in older posts of mine, Code Camp is an event organized and developed by Microsoft Academics which is held in some important universities of Buenos Aires, this time the selected institution was, as a few years back, Universidad Abierta Interamericana (UAI).

image

The event contains over 50 tracks presented by students and professionals not only as IT but also as developers. Some of the main topics this year were: Windows Azure, Cloud Computing, SQL Server 2012, Mango and Windows Phone, XBOX and Kinect, VDI, Deployment solutions and so on.

Regarding my topics, the tracks were focused on Virtual Desktop Infrastructure (VDI) integrated with App-V; and a deep dive into Microsoft Deployment Toolkit (MDT) to automate Windows Server’s deployments.

Desktop of the Future

I’ve presented this session (the original Spanish name: “El Escritorio del Futuro”) with Emiliano Estevez, friend and colleague of mine in Algeiba IT where he works as the Services Director.

This track introduces Virtual Desktop Infrastructure (VDI) technology as a result for some current demands in today’s business. By reviewing some of the basic concepts of VDI, we’ve completed the main steps to prepare the Virtual Desktops infrastructure in our company using Hyper-V and Remote Desktop Services (RDS).

codecamp01

We’ve also introduced App-V as the main solution to optimize application management in virtual desktops scenarios, and also with the highly important “Shared Cache” feature to save a lot of money in storage. And finally we had a quick glance about Server App-V, the new technology included in SCVMM 2012 to virtualize server’s applications.

The presentation can be downloaded from this link.

Standardizing Windows Server 2008 R2 Images

This track (the original Spanish name: “Estandarizando Servidores Windows Server 2008 R2”) was presented with another colleague in Algeiba IT, Alejandro Barrionuevo, who’s working as an IT Consultant.

In this session, we’ve reviewed with Alejandro the main benefits of using Microsoft Deployment Toolkit (MDT) 2010, combined with other free tools, to standardize and automate the deployment for Windows Server 2008 R2 OS. We had a quick look about understanding the Solution Accelerators from Microsoft.

We had a detailed look about the process involved in this automation, including some practical demos about using MDT 2010 task sequences, scripts and also editing MDT files used in the deployment process for a complete automated deployment.

codecamp02

The presentation can be downloaded from this link.

[Interview] Question and Answer Session with Aaron Parker (App-V MVP)

September 20, 2011 at 4:32 pm | Posted in App-V, Interviews | Leave a comment
Tags: , , , ,

 

aaronI’m introducing a new set of articles in my blog: Interview sessions with some colleagues and technology geeks. In this first article I had the great opportunity to start a quick question and answer session with one of the geekiest App-V guys around the world: Aaron Parker.

Aaron made an important contribution in my App-V book “Getting Started with Microsoft Application Virtualization 4.6”, not only as an official reviewer but with his blog which contains several interesting articles about virtualization using a valuable approach.

You can find more about Aaron following him on Twitter: @stealthpuppy.

Here’s the Q&A session I had with Aaron:

1. To start with the interview, can you give us a quick synopsis about yourself and your experience?

I am a desktop and application virtualization and delivery architect currently working for Kelway in the UK. Previous to my current role I’ve been working on various application virtualization, user virtualization and desktop deployment projects around London. Before coming to the UK, I worked for various VARs in my native Australia where I was doing mostly Citrix XenApp and desktop deployments.

1261_01_052. In all the experience you have regarding virtualization, how could you explain application virtualization for someone who had never heard about App-V or any other similar platform?

Application virtualization is really just another application deployment method. Where it differs from traditional deployment methods is its ability to make the desktop more dynamic rather than a monolithic blob that we’ve had to deal with in the past. Application virtualization allows us to deliver applications on demand and to users, where ever they are, rather than physical devices.

3. Why do you think that application virtualization did not appear massively just yet in organizations?

Many organisations still look at desktop deployment the old way, i.e. create a static, monolithic SOE, and have failed to recognise the benefits in approaching desktop virtualisation in layers. Small organisations that are still using imaging products such as Symantec Ghost and have stuck with OEM licenses, may find that change can be costly – if their current approach works, why change?

It has also been disappointing to see a lack of support from application vendors for application virtualization in general. Companies such as Attachmate should be applauded for supporting their products under App-V. Momentum requires application vendors to do more than they have currently (which is next to nothing).

Note:
In case you are wondering why there are terms like “organizations” and “organisations” in the same text, this is regarding the American and British spelling differences; both are valid.

4. Can you name the top reasons of why application virtualization must be considered in any organization?

If you’re interested in creating a user-centric model of your computing resources (both hardware and software) then the desktop needs to be broken down into layers to make it dynamic. Application virtualization is just one of those layers. A dynamic desktop is more flexible and allows us to deliver applications based on identity and context.

4484_07_0405. Do you think that Virtual Desktop Infrastructure (VDI) + Application Virtualization represents the future of desktops?

In the short term – yes, But I also think that VDI (as in a hosted virtual desktop based on a Windows client OS) has limited use cases – it suits only 10 to 20% of users. Coming from an SBC background, I know that I can deliver a desktop from the data centre, cheaper, faster and more efficiently with SBC (TS, RDS, Citrix XenApp, Quest vWorkspace etc).

In the long term – no. Windows as we know it today won’t be around forever. It will evolve along with new application architectures that will render today’s desktop model obsolete.

6. With all the possibilities regarding application virtualization (App-V, ThinApp, XenApp, and so on), do you think that there’s one among all that stands out or depends on each scenario?

Absolutely depends on your scenario – the choice of application virtualization product is often not a technical one (as much as we’d like it to be).

7. Regarding Microsoft’s App-V, which are the features included in the latest version that you like the most?

The 4.6 SP1 Sequencer has some great features around sequencing workflow, recommendations before sequencing, displaying what was excluded post sequencing and sequencing templates. These features help to produce better quality packages.

8. Even though there’s no official word from Microsoft, which are the features that you think may (or want to) include the App-V 5.0 version?

I would like to see isolation as something that we could turn off and on. Isolation of a virtual application is great for the majority of cases; however being able to remove isolation as a per-package behaviour would allow use to virtualise many more applications.

I hope you enjoyed this article and I’m pretty sure I’ll get back with some more interviewers and Q&A sessions.

App-V Book Available in Kindle Edition

August 9, 2011 at 12:56 am | Posted in App-V, Books | Leave a comment
Tags: , , , , ,

 

Not so much for a recent, but still I think represents as great news: The App-V book, “Getting Started with Microsoft Application Virtualization 4.6 is available in Kindle version, in Amazon site of course.

kindle

So for all those geek Kindle owners (I’m not one, unfortunately) there’s a chance to take a great look to my App-V book using Amazon’s device.

And seems that the availability of the Kindle version also keeps pushing the popularity of the book, since in Amazon.com is ranked as a top seller book in Microsoft section.

#83 in Amazon.com:

image

Also in Amazon.co.uk (#58):

image

Starwind iSCSI SAN 5.7 Available

August 6, 2011 at 8:11 pm | Posted in Cluster | Leave a comment
Tags: , , , ,

 

Starwind released recently a new version of their iSCSI SAN solution, Starwind 5.7. It includes several new features that scale up this already great SAN solution, providing some important improvements regarding performance, monitoring and usability for IT administrators.

Some of the improvements included:

  • Re-worked and re-designed completely from the scratch all-new HA (high-availability) engine 2x-3x faster compared to previous versions.
  • Quality of Service (QoS) options added.
  • Data de-duplication with variable block size (512 byte – 256 KB) to save on storage especially in hypervisor scenarios.
  • Performance monitor included in Starwind console.
  • Snapshot manager.
  • Targets and servers can be arranged in groups.
  • Event notification in system tray.

image

Within this post we’ll review some of the newest features included, testing them in some scenarios. Here’s what we are going to do:

1. Reviewing Starwind iSCSI SAN 5.7 installation

2. Reviewing improvements in Starwind management console.

3. Reviewing usability and GUI new features.

4. Configuring HA and synchronization priority.

You can download Starwind iSCSI SAN software using this link, previous registration required.

For a detailed step-by-step of creating and configuring a Windows Server 2008 R2 cluster using Starwind check my previous article: Five Easy Steps to Configure Windows Server 2008 R2 Failover Cluster using Starwind iSCSI SAN.

Reviewing Starwind iSCSI SAN 5.7 Installation

As any other version of this solution, the installation steps are pretty simple. Just completing the wizard we’ll have it ready to use it.

image

We can also install the components separately, in case we want to remotely manage the iSCSI platform.

image

Once installed, to get started we need to use the “Connect” option and as a reminder, the default credentials used in Starwind are:

User: root
Password: starwind

image

Reviewing Improvements in Starwind

The management console looks pretty much the same, but adding some interesting tweaks that will be very helpful for IT admins.

The first one is one of the most important ones, the “Performance” tab included. Within this window we can monitor in real time the performance in the current load of the server and targets.

image

We can retrieve the following graphics: CPU/RAM load (for a quick comparison), CPU load, RAM load, total IOPS and total bandwidth.

image

The second one is a really simple one, but very helpful. The possibility to create target groups, this lets us easily identify in our servers the right collection.

image

As a third improvement in the usability of this management console we have the Event notifications in system tray, with this tweak we can receive notification as soon as there is a change in the configuration and availability of our servers and targets.

image

Configuring HA and synchronization Priorities

As mentioned earlier, the main feature regarding performance changes is the one represented by including asynchronous mode for HA targets.

If you are taking your initial steps with Starwind you are probably wondering about HA targets and asynchronous options, let’s take a quick look about the definitions on each of these concepts:

What are HA (High Availability) Targets?

As we’ve reviewed in my previous chapter, creating clusters and provide high availability for a Windows Server service using Starwind is one of the main purposes of this solution and a very simple task to do. But Starwind also includes the possibility to apply high availability in the shared storage we are providing.

image

When we are creating our Starwind device (basically the LUN we are going to share among hosts) we can configure it as a “High Availability device”, which can be present in two different Starwind servers. In case the primary server fails, the second one (partner server) can still offer the device without affecting availability.

What about synchronization of the device?

When we are using HA devices, there are two shared disks: one in primary server and the other one in partner server. These are two different devices, meaning that they must be replicated and synchronized.

Here is when the synchronous/asynchronous mode appears.

If the replication is presented synchronous, every change (“write”) in the device must be replicated to the partner device to complete the operation. If we don’t have a good design or the bandwidth presented between these two is not a good one, the performance of HA targets reduces significantly.

Synchronous replication example (image taken from cisco.com):

image

If we are using asynchronous replication, the “write” operation does not have to wait for the replication between the two devices to be completed, improving performance.

Asynchronous replication example (image taken from cisco.com):

image

The use of synchronous or asynchronous replication must be carefully studied analyzing all factors.

Using HA devices and synchronization options

Creating a target requires only running a simple wizard (as seen in my previous chapter); using HA devices only differs in a few options:

1. Select the “Add target” option.

2. Select “Target Alias” and using “Hard Disk” to create our HA device.

3. Select “Advanced Virtual”.

image

4. Select “High Availability device” and click on “Next”.

image

5. Specify the partner server options by providing IP address (or FQDN), port, type of authentication and credentials.

6. In “Virtual Disk Parameters” complete the path for these two devices, primary and partner.

7. In “Data synchronization channel parameters” configure the synchronization interface, heartbeat interface and priority of each server.

image

8. Select the option “Clear virtual disks” if we are using devices we’ve just created.

image

Note that these options available here can be very helpful if we created a non-HA device and later we decide to convert it in HA.

9. Select the desired option in “HA device cache parameters”.

image

10. Complete the wizard and we’ll have our high available device ready.

Once completed the wizard, we get the chance to configure the synchronization options.

image

Where we can set the synchronization priorities: “Faster synchronization” represents the synchronous mode (waiting the replication to complete the operation) or “Faster client requests processing” represents the asynchronous mode.

image

The improvements regarding performance will vary depending on the environment we are using, but it could represent 2 or 3 times faster than previous implementations. Cheers to that!

Note:

There are some reports about slow performance in cluster environments using iSCSI, pass-through disks on Hyper-V hosts; this is a known issue in Windows Server 2008 R2 and there’s a Microsoft KB available to solve this problem: http://support.microsoft.com/kb/2020559

More Resources

Here are more resources you can find to take a deep dive in Starwind and Windows Server cluster solutions:

Microsoft Deployment Toolkit (MDT) 2012 Beta 1 Available!

June 5, 2011 at 12:51 pm | Posted in Microsoft Deployment Toolkit (MDT) | Leave a comment
Tags: , , , ,

 

Microsoft has just released as a public beta the newest version of Microsoft Deployment Toolkit (MDT) 2012 with a few important updates:

  • Supporting System Center Configuration Manager (SCCM) 2012.
  • Using Lite Touch Installation (LTI), great improvements in the client side look-n-feel.
  • Also for LTI, behind-the-scenes enhancements for partitioning, UEFI (Unified Extensible Firmware Interface), and user state migration.
  • Some minor bugs fixed.

MDT 2012 Requirements

Same as MDT 2010:

  • Windows Automated Installation Kit (WAIK) 2.0. You can download it from here.
    Note: The download page indicates that the WAIK version is “1”; but don’t worry, the actual version is 2.0.
  • MSXML 6.0
  • PowerShell.
  • .Net Framework 3.5 SP1. Available for download here.
    Note: Even though .Net Framework 2.5 SP1 is not a requirement for MDT 2010 installation; one of its features, User-Driven Installation (UDI), does requires the latest Microsoft Framework installed.

MDT 2012 Look-n-Feel

For what I’ve seen so far, the user experience of the Deployment Workbench console is pretty much the same.

mdt2012a01

Also, the “Help Topics” are the same used in MDT 2010. But don’t worry, this is completely normal in this Beta version.

mdt2012a02

MDT 2012 Beta 1 Download

The beta is available in this link from Microsoft Connect, and I’m pretty sure that I’ll be testing it soon enough.

To check my previous posts about step-by-step deployments using Microsoft Deployment Toolkit (MDT), please check the articles in MDT Category.

Cheers!

App-V Course in the US: Approach, Experience and More

May 3, 2011 at 8:19 pm | Posted in App-V, Course / Workshop, Events, Training | Leave a comment
Tags: , , , , , ,

 

A few weeks ago I had the big pleasure to visit the US (New Jersey and New York), courtesy of a company which invited me to coach an App-V training course in their facilities. I had a wonderful experience and in this post I would like to share with you the technical and non-technical approach, experience and more I had in those 8 days.

The App-V training course and workshop intended to provide not only all the basic knowledge regarding App-V, but to also give a complete guidance and step-by-step process in App-V installation, deployment, sequence and maintenance.

The Request

The original request appeared in my inbox in 2010, the idea appeared simple right away, they’ve said:

We are looking for an application virtualization solution for our main company app; we are very interested in App-V but we have no experience handling this technology. We need a complete overview of the platform, understand how to use it and apply it in our scenario”.

So, we’ve started talking about their expectations, getting a deeper understanding about the company app, the scenario where it should be deployed, etc.

App-V Training Course Program

After a bunch of e-mails and phone calls about getting all the information about the scenario, application involved, and general expectations, the training course program looks something like this:

appv_program

Here’s a detailed look about each day approach:

Day 1 – Overview and Preparing the Environment

  • day1Since the attendees had mix knowledge about general IT concepts, I decided to take a quick look about some key components: Active Directory, IIS, SQL Server, virtualization concepts, cloud service models, etc.
  • Understanding App-V components, features, benefits and implementation models.
  • Prepare the entire environment in the “hands-on” section of the day. Full-Infrastructure
  • Reviewing automation techniques for deploying the App-V client.

Day 2 – Sequencing Applications

  • Getting started with the sequencing process, understanding the phases involved and best practices.
  • Sequence simple applications to understand sequencing. day2
  • Deep review about company’s application: Environment, requirements, restrictions, integration with the OS and other applications, common use cases, etc.
  • Start with the sequencing process of the company’s application.
  • Publishing and deploying App-V packages to client machines.

Day 3 – Advanced Options in Sequencing

  • Deeper look in the sequencing process. Handling Feature Block 1, security descriptors to protect some files within the App-V package. day3
  • Troubleshooting applications sequencing and deployment process. Understanding log files and common errors.
  • Reviewing Dynamic Suite Composition. Even though company’s application does not require any other package, the concept of interconnecting virtual apps is still important.
  • Handling Active Upgrade. Reviewing different type of modifications in an existing package: Editing or upgrading.

Day 4 – Deployment Methods

  • Reviewing how to size and selecting the environment for a desired App-V implementation. day4
  • Understanding the RTSP/S and HTTP/S streaming. How to fit each in the desired scenario.
  • Since the application usage required the scenario with users connecting from different geographic places to a same server, we’ve reviewed necessary steps for publishing App-V to External networks outside the organization.
  • Step-by-step processes for implementing HTTP/S streaming.
  • A complete Hands-On for App-V Standalone scenario.

Day 5 – App-V and RDS | Securing the Environment

  • Understanding the Remote Desktop Services, RDS, role in Windows Server 2008 R2 (formerly known as Terminal Services). day5
  • Reviewing RemoteApp. Similarities and differences with App-V; pros and cons; and understanding when RemoteApp is best suited.
  • Hands-on using company’s application with RemoteApp.
  • How to integrate App-V into an existing Remote Desktop Services scenario.
  • Reviewing Virtual Desktop Infrastructure (VDI) scenarios, integration with App-V and the shared cache feature.

The Result

The result of the course / workshop was great, the attendees had the chance to understand and implement App-V in their scenario and I could interact with an interesting requirement and deployment.

[geekyComment] Not only I enjoyed preparing and coaching this App-V workshop [/geekyComment] thanks to the great hospitality I also had the chance to visit New York City and a bunch of touristic places.

Just hangin’ in Times Square :)timesquare

App-V Giveaway and the Happy Winner

April 11, 2011 at 12:18 am | Posted in App-V, Books | 1 Comment
Tags: , , , ,

 

The contest ended in February, but I didn’t have the chance to publish the winner in my blog so I decided to take a moment and share with all blog readers the happy winner for the App-V book.

Ian Walters from Webster, NY received a few weeks ago the book and kindly is sharing with us a quick pic. Thank you Ian!

photo

For all those who didn’t get the chance to win this time, remember that the book is still available in the following sites:

Thank you all for participating!

Reviewing GFI LANGuard

March 13, 2011 at 2:41 pm | Posted in GFI LANGuard | 1 Comment
Tags: , , , , ,

 

GFI, in the variety of products that they offer, is always looking to provide some interesting security tools to facilitate our jobs as IT professionals. One of the most complete security platforms available is GFI LANGuard, which provides detailed network auditing options and security scanning for your organization.

With no large or complex requirements, GFI LANGuard gives us some nice features:

  • Powerful network scanning options without the need of agents to deployments.
  • Reviews and controls vulnerabilities, updates/service packs status (for operating systems and applications), TCP and UDP ports open, and hardware and software inventory.
  • Remediation options for deploying updates and service packs, deploy applications and the possibility for removing unauthorized software from machines.
  • Detect and deploy non-Microsoft software to protect the entire operating system.

GFI LANGuard Requirements

The requirements for installing GFI LANGuard for a mid-size company (10 to 500 computers to scan) are:

Hardware
  • Processor: 2GHz
  • Storage: 2GB.
  • Memory: 2GB.
Software
  • Operating System: Windows XP SP2 or higher. Including Vista, 7, Windows Server 2003 and Windows Server 2008.
  • Supported databases: Microsoft Access (installed locally by default) and SQL Server 2000 or higher (SQL Server Express is supported). If you have a large environment, is highly recommended to use a SQL Server instance instead of the Microsoft Access.
  • .NET Framework 2.0
  • For target clients, WMI is required for Windows operating systems (available in Windows 2000 or higher) and SSH for UNIX/Linux machines.

Note: Windows 2000 SP4 is also supported but since this operating system is no longer supported by Microsoft, using it is not recommended.

Installation

As any other GFI product, the installation is a straightforward process.

1. Download the GFI LANGuard trial.

2. Run the installer and complete the wizard.

languard01

3. The only thing you should have available at this point is the account which you would like to use to execute operations on target machines. This account must have administrative privileges in the domain.

languard02

Scanning the Network

Once the software is installed, using it is pretty much intuitive. Let’s take a quick look about the scanning process:

1. Open GFI LANGuard console.

2. Select the type of scan you would like to use:

  • Quick scan: Looks for high security vulnerabilities in OS. This can be changed according to the profile we choose.
  • Full scan: Looks for all type of vulnerabilities.
  • Custom scan: We can change the profile, credentials and other options used in the scan.
  • Schedule scan: Schedule scans can set the time where the scans will be executed in a determined time period. Also you can select options for: Automatically deploy updates or un-install software; trigger e-mail notifications; etc.

languard03

3. A short two step wizard will show where you can select the scope of the scan: local computer, specific computer or the entire domain.

languard04

4. Select an alternative credentials for this scan and click on “Scan”.

languard05

5. Once the scan is completed, we can take a quick glance about the status of all machines by selecting “Analyze”.

languard06

6. Here we can evaluate the vulnerabilities, system patching status, ports open, hardware, software, etc.

languard07

Once we have the computers analyzed, we can easily switch to the “Remediate” console where in easy steps we can deploy missing patches, un-install software, etc.

Updates Deployment

With the scan process completed, we finally get to the fun part, the remediation process. Here we can execute tons of actions to solve the problems we found in the auditing process. One of the actions we would like to execute is definitely the updates deployment.

GFI LANGuard offers the possibility to deploy windows operating system updates, patches and service packs; and also 3rd party software updates.

Let’s take a look at the process:

1. Access the “Remediate” console in GFI LANGuard.

2. For the Microsoft patches, select the option “Deploy Microsoft Patches”. These should be the same we can find in Windows Update.

3. Review the updates and mark on those you would like to deploy. By default, all are marked.

languard08

4. Review also “Deploy Microsoft Service Packs”.

5. In “Deploy non-Microsoft Patches” we can review updates for all other software which is left out by Windows Update.

languard09

6. We can also review and select previously installed updates for uninstallation.

7. Once we complete marking all of the updates, we can set to deploy those updates immediately or in a specific schedule.

Managing Software with GFI LANGuard

Another interesting aspect in GFI LANGuard is the options available for managing software in client machines. We can set to uninstall unauthorized applications in our network or deploy custom software to guarantee our machines are following the right baseline.

Adding Unauthorized Software

If we are looking to add unauthorized applications for automatically removing it, the process involved is the following:

1. Access “Configure” pane in GFI LANGuard console.

2. In applications inventory select the application you would to add as unauthorized software, right-click and select “Configure”.

languard10

3. A wizard will start that will let us select in which scanning profile will be marked as unauthorized. Complete the wizard.

languard11

Before completing this configuration we must validate the uninstall procedure to guarantee that GFI LANGuard can perform the removal.

4. Access auto-install validation and you should see the “Validation pending” status of the application; click “Validate”.

languard12

5. A new wizard will pop up to confirm the uninstall procedure. This process WILL NOT uninstall the application in the remote machine, will only validate the process.

languard13

6. Complete the wizard with the selected target machine.

Note: An important note about this process is that we must have the application installed in a target machine to be selected and get a validated removal.

Removing Applications in One Client

If we’ve discovered one application that we would like to instantly remove from a machine, we can do so in the “Remediate” pane.

1. Select “Uninstall Applications” and select those to remove.

languard14

2. We can uninstall the application immediately or we can schedule the uninstall process.

Deploying Custom Software

GFI LANGuard gives us the chance to use automated deployment process to install applications in our target machines:

1. Access “Remediate” pane and select “Deploy Custom Software”.

languard15

2. Select “Add” to put in the application you would like to deploy. Take note that you can add specific parameters to the applications, for example, to complete a silent installation.

languard16

3. Select the target computers you would like to deploy the software.

4. And finally select the deployment schedule, which can be immediate or in a specific date and time.

Other Features

GFI LANGuard also offers some other common tools which are present daily for must IT guys, here are some:

  • DNS Lookup: This is a handy tool most of us use when we need to validate name resolution within our domain or using an external DNS server.
  • Traceroute: When we are having connectivity problems, we can quickly verify in GFI LANGuard console the number of hops to reach it.
  • Whois: Retrieves information from a particular IP or hostname.
  • Enumerate computers or users: Retrieves the number of computers/users found in he domains and/or workgroups in our networks. In computer, it also shows the operating system on each computer.
  • SNMP Auditing: Reports weak SNMP strings available in the network, using dictionary attacks (from file snmp-pass.txt).
  • SNMP Walk: To probe your network nodes and retrieve SNMP information (for example, OID’s).
  • SQL Server Audit: Test the passwords vulnerabilities of SQL accounts, including the “sa” account.

languard18

Conclusions

As a quick summary of this review:

Pros
  • Using GFI LANGuard offers a simple way to audit our networks to observe vulnerabilities and easily solve this by deploying software and or packages.
  • Integrates with UNIX/Linux machines to cover also heterogeneous environments.
  • The possibility to deploy 3rd party updates represents an important feature to guarantee protection even with non-Microsoft software.
  • GFI LANGuard using scanning profiles lets us to scale up our auditing process, providing different options in our scans.
  • We can optimize our time using auto remediation options in scheduled scans.
Cons
  • Uninstalling applications requires software to be installed in at least one computer available to test the uninstallation process, which should require manual work every time we found an unauthorized application.
  • Besides deploying software and updates, real time actions like stopping a malicious service or process detected is not possible. The only option available is using a Remote Desktop option.

Running periodically auditing processes in our network is not very common in organizations, using GFI LANGuard can simplify us this task to maintain a secure baseline in our environment.

Resources

Here are some additional resources for GFI LANGuard:

App-V Book Giveaway!

February 10, 2011 at 12:00 pm | Posted in App-V, Cool Stuff, Documentation, Free Stuff | 2 Comments
Tags: , , , , , , ,

 

As a celebration since my App-V Book: Getting Started with Microsoft Application Virtualization 4.6 has just been published, I want to give away a free paperback version among my blog readers.

giveaway

Here’s the deal:

  • All you need to do is email me at augusto@augustoalvarez.com.ar with the subject: “App-V Book”.
  • Include in the email body your full name plus the address where you would like for us to send the copy.
  • I’ll close up the contest on February 25. All the emails sent until that date will be included in the election, which will be completely random.
  • I’ll notify the winner in the following days and we’ll ship a free copy of “Getting Started with Application Virtualization 4.6”.

For more information about the book and the free chapter available for download, check this last post of mine.

To avoid any problems, here are some disclaimers:

  • Only one email by person will be included. Do not use different mail accounts to participate several times.
  • Emails that don’t include person’s full name and address will not be considered valid.
  • We’ll cover the expenses regarding shipment but we are not responsible for extra fees or taxes other countries may include in the package.

Remember that the book is available in the following stores: Packt Publishing; Amazon.com; Amazon.co.uk and Lehmans.

Good luck!

Next Page »

Blog at WordPress.com. | Theme: Pool by Borja Fernandez.
Entries and comments feeds.

Follow

Get every new post delivered to your Inbox.

Join 62 other followers