Saturday, October 31, 2009

There’s an APPSENSE for that!

By:Rick Rohne

Having trouble getting acceptance with your VDI Profile Management? There’s an APPSENSE for that!
Do your User profiles get corrupt leaving you to resetting your user profiles? There’s an AppSense for that!
Do your users complain about logon times? There’s an AppSense for that!
Having trouble with silo servers overwriting User profiles? There’s an AppSense for that!
Do Executables take up all the CPU or Memory on your servers or desktops? There’s an AppSense for that!
Do you have multiple VDI images due to application compliance and security? There’s an AppSense for that!

I recently spent a few days with the US AppSense team to learn the new features of AppSense Management Suite 8 and to learn how AMS8 applies to todays technology, especially on the VDI and Application Virtualization front. Here are some of my key take aways from my time with AppSense.

Who is AppSense

AppSense has been around for over ten years helping Admins manage the end user experience on PC's and Server Based Computing Solutions... Environment Manager, Application Manager, and Performance Manager are the three core products that make up the AppSense Management Suite, each component compliments an SBC and VDI environment in its own unique way.

Profile/Personality Management

AppSense Environment Manager ‘EM’ stores User Application Preferences in a database, not a file system, and it only stores changes to the profile. This has many advantages.
First of all, User Preferences are tracked by a central management engine. This allows the users’ personality for an application to be streamed at application launch and application close events. (Not at logon and log off events). The idea behind this is to ensure that the user logon times are optimized and that only personality settings that are needed are transferred. This configuration alone can reduce your logon times exponentially.

EM also stores and streams only the personality 'changes' in files and the registry. This reduces the application launch time because the personality settings (delta’s) are merged into the local profile or mandatory profile stored on the server or vdi (not the Network). Plus, since it only get’s streamed at application launch, logon times are not affected.

Due to the architecture of EM, an administrator no longer has to store profiles for different PC’s, Terminal Servers, VDI’s, or silo’s on different file shares (even if the operating systems are different). Environment Manager stores user personalities in a central intelligent database, so you can store all the users’ settings by “user” not by system Role. This can be taken one step further by using AppSense to aid in the migration of users’ settings from Windows XP to Windows 7 without causing any corruption.
EM also has a scripting engine, that allows an administrator to map drives, printers, Environmental Variables, and set registry values based on events such as application startup, application shut down, RDP and ICA connect, reconnect and disconnect. The Script engine has location awareness and is not limited to just logon and logoff events. Of course, there are so many other things you can do with Environment Manager, but I don’t have the time or the space to cover all of them.

Managing VDI and SBC performance

Performance Manager is a part of the suite that has been around for a long time and is very popular in the Citrix XENApp environments. Well known for Multi-User Environments, the PM engine runs at the kernel level and manipulates the cpu scheduler so that all users on a system get equal time to the processor. This can easily be observed in a multi user environment when a single user launches a complex task that overwhelms the system and spikes the CPU to 100%. All Users on that system have to wait until the process completes before their processes are executed. These concepts can also be introduced in a VDI environment to control CPU, Disk, and memory utilization on the physical Server allowing a better end user experience across the board.
System Resource Entitlement ensures that a consistent experience is delivered to end users during process start and throughout the entire execution of the process. System Resource Entitlement can be considered the QoS of a VDI and MU environment. These QoS features can be applied to Network, Memory, and Disk utilization and applied by user, group or application across the entire enterprise.
Managing Application Compliance & Security

With Application Manager ‘AM’, Apps can be controlled without the management overhead of GPO's, file system permissions, or complex scripts...
In a VDI or published Desktop environment, Admins might be tempted to install all of the Applications that are used by the company on a single image, and then manage the applications by modifying the file permissions of the executables. This can be very time consuming, and can easily become a maintenance nightmare due to the complexities of most organizations. Admins might also decide to have a core image for every type of user in an organization. While this solves compliance issues, it introduces many new challenges in the way of updating core images and preventing image sprawl. Application Manager solves this by managing accessible or prohibited resources based on user or device criteria. Admins can release one image to an entire organization, while controlling application access centrally.

Traditional Application authorization lists are generally based on executable names, which can easily be compromised by copying and renaming the executable. AM Trusted Ownership removes this risk by only allowing executables to run that trusted owners or administrators have installed. If an executable is launched that was not installed by a trusted owner, the executable simply won’t run. One very common discussion that I find myself in is "how to manage Anti-Virus Updates in a VDI environment". Obviously, every time a ghost VDI is provisioned, it must update its anti-virus from a parent server, thus causing extra startup processing and network utilization. By using Application Entitlement and Trusted Ownership you can reduce the dependency for Anti-Virus Software in a VDI environment by locking down the systems to only execute trusted processes. I know I'm going to see a lot of flack on this, but take a test drive, and you will see what I'm talking about.

Using Application Manager, you can have a single VDI or Terminal Server image with All Applications Installed, while ensuring that compliance and security are maintained.

The Run Down

So, If AppSense has been around all this time, what is so special about their products now? The short answer is, AppSense has had 10 years of practice for what is about to be the event of a lifetime! Let's face it, VDI is the big buzz word of the year(s), and everyone wants a piece of the vdi-pie. Some of the key issues that seems to be slowing the VDI rollout's revolve around "User Experience", "Profile Management", and of course, "The overall management" of the Infrastructure. AppSense can help you roll out and manage your VDI environment, while also applying to your existing PC and SBC environment.

Looking for more information on AppSense

blog comments powered by Disqus
Microsoft Virtualization, Citrix, XENServer, Storage, iscsi, Exchange, Virtual Desktops, XENDesktop, APPSense, Netscaler, Virtual Storage, VM, Unified Comminications, Cisco, Server Virtualization, Thin client, Server Based Computing, SBC, Application Delivery controllers, System Center, SCCM, SCVMM, SCOM, VMware, VSphere, Virtual Storage, Cloud Computing, Provisioning Server, Hypervisor, Client Hypervisor.