Application Virtualisation
By Peter Worlock
Application Virtualisation offers exciting new ways of executing and distributing applications. Peter Worlock explores this brave new world.
HardCopy Issue: 46 | Found In: Systems, Virtualisation | Published: 01/11/2009 | Last Revision: 06/07/2010
Virtualisation is undoubtedly the technology of the day. With virtual servers now commonplace in the IT environment, vendors have begun to bring virtualisation to the desktop, and most recently to applications and other areas. Microsoft, for example, breaks its virtualisation offerings into five segments: server hardware, server software, presentation (where user sessions are isolated from each other), desktop and applications.
The case scenario differs for each level of virtualisation but there is also considerable overlap – many organisations that have invested in virtual servers are now moving to add desktop and application virtualisation. But if you’re running virtualised servers or desktops, why consider the virtual scenario for applications?
Inside the box
The virtual desktop
Some organisations are implementing virtual desktop solutions, such as Quest’s vWorkspace, as an alternative to application virtualisation. Sitting conceptually between virtual servers and virtual apps, the virtual desktop offers many of the benefits of both. For example, you get the benefits of easier application and operating system roll-outs, reduced support costs, and central management and security. Quest vWorkspace lets you create a complete desktop environment, including operating system, applications and necessary supporting files. You can then deploy the virtual desktop either as a fully-hosted solution on individual PCs or, as with some virtual app systems, streamed over a network from central servers.
Application virtualisation offers solutions to a variety of problems. Across the board benefits include long-term cost savings (although the initial investment can be substantial), greater security, and simpler IT management. In all cases the benefits derive from the sandboxed nature of the virtualised application.
In simple terms, most technologies operate in similar fashion. The virtualising program creates a snapshot of a barebones OS installation, and another after your application has been installed. The differences between the two are then used as a reference to package the application into a single, self-contained executable file holding registry entries, libraries and anything else that the application needs to run. Exactly what is packaged depends on the targeted platforms. A single virtualisation could be designed to run on any 32-bit version of Windows, for example.
Some virtualising products will encapsulate everything necessary into a single run-time file while others require a small virtualisation layer to be installed on the client machine. But in either case, application virtualisation carries much less overhead than a full server or desktop virtualisation, and suffers lower performance penalties as a result.
For IT service and support, this greatly simplifies application deployment and maintenance. For example, it gives you the ability to deploy an application across the organisation regardless of whether client machines are running Windows XP, Vista or Windows 7. It also simplifies the upgrade process – instead of having to install upgrades and patches on every machine you can create a new, upgraded virtual app for rapid distribution to all users.
Other advantages include support for legacy applications that may not run under new operating systems. And because each virtual application runs inside the sandbox, it solves the problem of incompatible applications that might otherwise overwrite each other’s files, or require incompatible libraries and device drivers.
For mobile workers, the advantages are even greater. With virtualised applications, it is possible to create a complete working environment, with all the necessary applications, drivers, libraries and data, on a single disk or USB stick. This allows anyone to work at a public computer, a locked-down or kiosk PC, or at any machine within an organisation, without installing additional software or changing the PC setup in any way. Disconnect your media and there’s no trace you were there.
For software developers, the technology offers further advantages, allowing you to create self-contained apps that run instantly without installation or setup, without administrator privileges, and regardless of the underlying operating system. While obviously allowing for rapid deployment across an organisation, virtualised applications also simplify the development process itself by allowing you to support multiple versions of an operating system without testing for limitless variations.
Virtual choices
There is a wide range of application virtualisation solutions available today, from comparatively simple tools that create standalone virtual apps suitable for mobile workers and a limited number of desktops, to comprehensive networked systems that make it possible to move to a complete virtualised deployment across an entire organisation.
In the last two years, many of the leading vendors in server virtualisation have moved to add application virtualisation, often through acquisition of smaller developers. VMware acquired Thinstall in 2008, Symantec acquired Altriris, Microsoft bought out Softricity, while Citrix built its own solution but renamed it XenApp to emphasise the application component. Choosing between them is not just a question of finding the best-fit feature set; in many cases it might be preferable to stick with an existing vendor if you already use its virtualised server solutions. But there are other issues since some offerings are better suited to the corporate IT department, others to the solo IT professional, still others to software developers.
One of the key differences between the various application virtualisation solutions is the distinction between standalone and streamed systems. In the former, applications are encapsulated as a single executable file and can therefore run from a single disk or USB memory stick. With streamed systems, virtual apps are run entirely or largely from a central server, and a virtualisation layer or agent must be installed on the client machine. When the virtual app is run on the client, only the code blocks needed for execution are delivered across the network and are then cached locally.
Some vendors offer one or other approach, while some allow both. Obviously each method has pros and cons. Standalone applications, for example, run at close to the native performance of a traditionally-installed application, and are the only choice when fast network access is not available.
Streamed applications have lower performance and storage requirements, and after the initial caching can also run at close to standalone performance levels. Streaming also offers unique advantages where compliance and licensing issues must be addressed since it offers centralised access, control and record-keeping.
Understanding the solutions from different vendors can be difficult, not least because each has a slightly differing definition of application virtualisation. Some even prefer to avoid the name altogether – search the Symantec website, for example, and you’ll find precious few mentions of the phrase. Instead, Symantec prefers to talk about ‘endpoint’ virtualisation and has renamed its solution to that effect.
A comprehensive guide to the competing solutions is beyond the scope of this article and would require something approaching a book in length. But this overview should at least help you determine which vendors are worth exploring for your own particular requirements.
2X Software
2X Software’s virtualisation solution is a low-cost and simple approach that lets you run Windows apps on a range of client hardware including Macintosh and Linux.
As the name suggests, the 2X ApplicationServer for Windows Terminal Services is a streaming solution that allows networked users to run applications remotely. Any applications you need to be virtualised are simply published on a Terminal Server. The client, installed on each target desktop or laptop, then treats the applications as if they were available locally. Applications appear on the local desktop or on the Start menu, and administrators can create file associations so that opening a file on the client automatically launches the required application across the network.
The 2X solution is one of the simplest available, yet offers a number of benefits missing from more complex systems, including the ability to run Windows applications on Macintosh and Linux clients, or to run apps from the Web. And because of the streaming nature, it also provides for access control and licensing compliance since you can specify which users and groups have access to which applications.
Flexera Software
Flexera's AdminStudio simplifies the creation of MSI installers for the leading virtualisation environments by pre-scanning MSI packages, resolving conflicts and bundling common applications into virtual suites.
While not a virtualisation solution in itself, Flexera’s AdminStudio simplifies the process of deploying virtualised apps by simplifying and streamlining the creation of MSIs for installation to virtual environments including Microsoft’s App-V, VMware ThinApp, and Citrix XenApp. It also comes with Assistants for each of those environments which walk you through the virtualisation process.
Additional features include the ability to pre-scan existing MSIs to determine which are good candidates for virtualisation, and the ability to apply fixes to some applications that would otherwise fail in the virtualised environment. Particularly noteworthy is the ability to create Virtual Application Suites where apps commonly deployed together, such as a mail client, web browser and Adobe Reader, can be virtualised into a single package.
Microsoft
Microsoft’s App-V offers a complete but complex environment shown here in much-simplified form. At (1) the application is packaged in the Application Virtualisation Sequencer. Access and licensing controls can be applied at (2) before the virtual app is streamed across the network at (3). Not shown is the ability to create an MSI package for deployment on disconnected client machines. The architecture is similar to environments from Symantec, VMware and Citrix.
Microsoft’s App-V technology is undoubtedly among the most comprehensive solutions, but at the price of fearsome complexity. Attempting to discover basic information about App-V is difficult because, although Microsoft publishes an avalanche of documentation, there is little of an introductory nature.
In essence, App-V is a tightly integrated subset of Windows Server and demands a substantial Microsoft network infrastructure. Basic requirements include the Microsoft System Center Application Virtualisation Management Server, which in turn requires Windows Server 2003 or 2008, IIS 7.0, the Microsoft .NET Framework 2.0 or higher, Microsoft SQL Server, and Active Directory Domain Services and Microsoft DNS under Windows Server. Additional components include the App-V Sequencer, the App-V streaming server, and either a Desktop or Terminal Services Client.
An additional issue is that the App-V desktop client is only available to Software Assurance customers as part of the Microsoft Desktop Optimization Pack.
Once you’ve met those requirements, App-V allows you to implement almost any flavour of virtualisation, either standalone or streaming (although both require the installation of an agent on the client machine). As you’d expect, there is wide-ranging support for access and licensing control.
Features in App-V 4.5 include streaming virtual apps from an IIS server, and the ability to create MSI packages direct from the Sequencer. The recent 4.5 SP1 release also offers new capabilities and integration with Windows 7, including the ability to pin virtual applications to the taskbar, increase IT control with AppLocker integration, and reduce network traffic for streaming apps by eliminating the need for an IIS Server in every branch.
Support for 64-bit platforms and applications is only available in the 4.6 beta, which is currently scheduled for release early next year.
Symantec
Earlier this year Symantec upgraded its virtualisation solutions in the integrated Endpoint Virtualisation Suite, a range of tools that covers what other vendors call desktop, application and presentation virtualisation. Although presented as a group of related tools, there is some degree of overlap.
Virtualisation for the developer
As noted earlier, application virtualisation has some specific advantages for developers and it is no surprise that several vendors target this area. Xenocode has perhaps the most complete offering with its Virtual Application Studio ISV edition which allows you to ship your entire application in a single executable with all DLLs and data files. Such executables can be run directly from USB keys or demo CDs, or from the Web.
The Xenocode approach allows you to develop virtual applications from the start, rather than choosing virtualisation at the client delivery stage. In addition to reducing the need to support multiple operating system versions, including Vista, it lets you eliminate thousands of test and deployment variables and reduce support calls.
Virtualisation will play a big role in the forthcoming release of Microsoft’s Visual Studio 2010, with a range of tools and technologies that exploit the power of virtualisation to simplify development and testing. They include the Visual Studio Lab Management 2010, which lets you create virtualised environments for testing, take environment snapshots or revert to earlier snapshots, interact with virtual machines through the environment viewer, and define test settings for the environments. The goal is to eliminate or reduce the problems associated with code testing where testers encounter bugs that they find they cannot reproduce on development systems.
Development tools vendor Embarcadero also exploits virtualisation with its InstantOn technology. This is part of their All-Access suite and creates virtualised versions of its software range, including Delphi, JBuilder, C++Builder, Rapid SQL, ER/Studio and others. The solution delivers the benefits of virtualisation – instant access to isolated apps in standalone mode, streaming access via the network, licence control – with associated benefits including reduced licensing costs, simpler support and more reliable development environments.
Workspace Streaming provides application streaming across the network with the associated benefits of access and licence management, and does so using standard MSI packages. Most competing solutions require the creation of new MSI packages for virtualised apps. In the area of standalone application virtualisation, Symantec now offers Workspace Virtualisation. Completing the suite are Workspace Corporate and Workspace Remote. These combine desktop virtualisation with some application virtualisation features including the ability to package local and remote applications in one ‘workspace’ that the user can transfer between machines.
Limitations include the need for an installed agent, which means Symantec’s virtualised apps cannot run on a locked-down or kiosk PC, and there is no support for 64-bit environments. VMware VMware’s ThinApp supports both standalone and streamed virtualisation. Standalone applications require no agent to be installed and run in user-mode so you can create virtual app suites that will run on locked-down PCs and that make no changes to the client computer. The high level of isolation means that you can, for example, run Office 97, 2003 and 2007 on the same PC without conflict. At the same time, ThinApp can operate in streaming mode, allowing applications to be run across the network. Uniquely, it supports 64-bit versions of Windows Server 2003 and 2008, although there is no support for 64-bit applications. Unlike Microsoft’s App-V and Symantec’s Endpoint Virtualisation Suite, it does not provide any features for access or licensing control, nor will it create logs and reports of application usage.
Xenocode
Xenocode’s Virtual Application Studio combines the concepts of application and desktop virtualisation, but does so in a way that incurs very little overhead. The heart of the system is the Xenocode Virtual Operating System, a lightweight emulation of the core Windows APIs including the file system, registry and other subsystems. It is embedded with each virtualised app, which means you can create complete, isolated standalone apps that require no client install and can run on a locked-down PC. This approach adds only 400k of storage overhead and, the company says, has “negligible” runtime performance impact.
Although Xenocode does not support 64-bit applications, it does allow 32-bit apps to run in 32-bit mode on 64-bit operating systems, and there is native support for Windows XP, 2000 and Vista, and for Windows Server 2003 and 2008. Additionally you can add common runtime environments to your virtual applications, including .NET, Silverlight, Java, Flash and Shockwave.
The standalone nature of Xenocode applications means there is no support for network streaming, and therefore no access and licensing controls.
Virtual worlds, real problems
Like many technologies, application virtualisation can appear to be a magic bullet for many of the ailments in modern IT. Unfortunately, the reality can be harsher. For example, many applications cannot be virtualised, often because they require tight integration with the underlying hardware or operating system. Security and utility software such as anti-virus applications are a good example. Although the performance of virtualised apps can be impressive, particularly once the required code has been locally cached, those applications that demand the utmost in performance, such as 3D and other processor-intensive graphics apps, may be poor candidates for virtualisation.
More often you find that vendors have yet to embrace the benefits of virtualisation and their licensing will forbid you from taking advantage. Issues such as per-CPU and per-user licensing will have to be addressed.
Assuming these problems can be overcome, application virtualisation does promise a real return on investment including simpler administration and support, reduced development and deployment timescales, and the ability to employ a wider variety of applications and operating systems.