|
App-V is part of the MDOP suite, which you might already own, check your licensing. https://technet.microsoft.com/en-us/windows/mdop.aspx Very few people here seem to talk about it, even though it's a nice value add. It allows you to bubble, package, and deploy applications fairly quickly, and container-izes them into a specific folder in c:\programdata\appv that contains a virtual registry and virtual filesystem. Userspace changes get expanded out into the user's profile. In short, it's nice for
Very little infrastructure is required to test it. You'll need to install the APP-V sequencer on a VM. Windows Search Services and Windows Defender and other AV programs should be off. Using a VM for packaging is a good idea, snapshot your system in a pristine condition. I actually package on a system off the domain. Revert to your pristine image every time you package or update a package. The install is as straightforward as hammering through next. Install the APP-V client, version 5.1 needs Powershell 3 and .NET Framework 4.5. The install is as straightforward as hammering through next and can be done silently. The sequencer outputs a .appv file. You can test it on a client via Powershelgl add-appvclientpackage "\\path\to\appv" | publish-appvclientpackage -global The PS cmdlets are all nicely documented on Microsoft's site. If you want to use it in production, you'll want to consider either SCCM integration(which is VERY easy, can even leave the sequencer separate), or the App-V Deployment Server + Reporting Server We use SCCM, so I can't speak a ton to the latter. Citrix has some native hooks into App-V in later versions, though any version of Citrix can utilize an App-V package as long as you're on Windows 2008 or better. It's very similar to VmWare Thinapp, it requires only slightly more infrastructure, but I've had better success rates in general with App-V, and it includes a method of managing deployments. It's NOT good for drivers, don't go there.
|
# ? Mar 1, 2016 03:03 |
|
|
# ? Apr 20, 2024 02:02 |
|
I am thinking about looking at this for very simplified software distribution. It would have to be standalone mode, I think. People and infrastructure are too spread out to stream things.
|
# ? Mar 1, 2016 20:29 |
|
Any good starting tutorials on creating our own packages? Most of the Google results I saw looked like marketing fluff. I loved when Thinstall worked properly, but it was more of a headache than it was worth, and I would love to see how the tech has progressed!
|
# ? Mar 3, 2016 02:39 |
|
So looking at Wikipedia, this is actual virtualization but because of all the ways it's integrated with the host system it shouldn't be used for security purposes, but only for convenient packaging/distribution of software, right? It's sort of a shame this isn't built into Windows (at least the standalone version) and more well publicized, too.
|
# ? Mar 3, 2016 14:52 |
|
mystes posted:So looking at Wikipedia, this is actual virtualization but because of all the ways it's integrated with the host system it shouldn't be used for security purposes, but only for convenient packaging/distribution of software, right? Good news friends! Microsoft announced App-v is becoming a standard feature in Windows 10 recently. We don't know when but it will happen. What do you mean used for security purposes? It allows you to keep using your old software that expects to be able to write a ini hardcoded to a certain location that you can't write to in a modern OS without giving extra permissions on the system. There is a exclusion list for executable file types that you are not allowed to write the the virtual file system even when you have chosen to give full control inside the bubble. Anyone looking for more info on App-v should check out tmurgent.com he write great background articles and has a bunch of handy tools. E: for reading comprehension. NihilismNow fucked around with this message at 23:38 on Mar 3, 2016 |
# ? Mar 3, 2016 23:22 |
|
NihilismNow posted:Good news friends! Microsoft announced App-v is becoming a standard feature in Windows 10 recently. We don't know when but it will happen. quote:What do you mean used for security purposes? It allows you to keep using your old software that expects to be able to write a ini hardcoded to a certain location that you can't write to in a modern OS without giving extra permissions on the system. There is a exclusion list for executable file types that you are not allowed to write the the virtual file system even when you have chosen to give full control inside the bubble.
|
# ? Mar 4, 2016 19:59 |
|
mystes posted:That's pretty cool. It is not really a VM. App-v processes are hooked by a filter driver (like citrix, appsense or a ACT shim) and their api requests are redirected. It is still the regular OS handling things and the processes show up like regular processes in taskmanager. One of the design goals with app-v 5 was to let the applications integrate more with the local OS like they were regularly installed applications. In app-v 4 the virtual environment was more isolated from the OS. But even then the isolation worked the other way around: The OS couldn't see the application files and registered classes/objects etc but the virtualized application can see system files and such. It is not a sandbox. With app-v 5 you cannot write executable files to the VFS (there is a long exclusion list of filetypes you are not allowed to write in the VFS) and you need admin rights to add the app-v package to your system. If you package software that does bad things app-v absolutely will not protect you anymore than if you packaged it as a MSI.
|
# ? Mar 4, 2016 21:43 |
|
Oh, thanks for explaining that. That's not quite as exciting, but still clearly useful in certain situations.
|
# ? Mar 4, 2016 22:01 |
|
NecroBob posted:Any good starting tutorials on creating our own packages? Most of the Google results I saw looked like marketing fluff. You'll want a clean sequencing machine. It makes the most sense to do this a VM. If you don't already have a VM environment, VirtualBox is free. https://www.virtualbox.org/wiki/Downloads Install your sequencing OS - you'll want to package on your lowest common denominator OS, for us that's Windows 7. You'll need to install the Sequencer prereqs - https://technet.microsoft.com/en-us/library/mt346482(v=vs.85).aspx Then install the sequencer - basically click the installer and hammer through next. Shut down and disable the Windows Defender and Windows Search services Snapshot your VM! This is your packaging machine. Sequencing is as easy as running the sequencer, and following the on-screen prompts. It listens while you install your app. It will output a folder with a .appv file when done. That is your packaged app. It's part of the MDOP package, which you can download from your volume licensing site https://www.microsoft.com/Licensing/servicecenter/default.aspx Or MSDN It is a Microsoft licensed product, though, not free, but a lot of shops have software assurance and it's included. Otherwise there's an additional licensing fee.
|
# ? Mar 5, 2016 00:23 |
|
AlternateAccount posted:I am thinking about looking at this for very simplified software distribution. It would have to be standalone mode, I think. People and infrastructure are too spread out to stream things. You can do that, but you're forgoing central management, and you'll have to write custom Powershell scripts to push software out or detect what's out there. In theory centralized management is supposed to save you time, gives you a common interface to update\deploy packages. It very quickly integrates with SCCM if you have that up - so in our case we didn't need any extra infrastructure. Just a share to host the packages on.
|
# ? Mar 5, 2016 00:30 |
|
Full infra can also work with slow links. You are going to have to deliver the actual bits in the package one way or another. After streaming the package is cached (by default) so it is not like they are going to be streaming the package from your central repository every day. You can also set a GPO (or a client setting) to have them cache the entire package locally as soon as it is published to them. Or you could put the packages on a DFS that is replicated out to branch offices. A custom powershell script to publish packages works and i've seen it in some environments (though mostly in the very early days of app-v 5) but you will not really be saving any bandwith and it will make it more difficult to use and manage features like custom deploymentconfigs and connectiongroups.
|
# ? Mar 5, 2016 13:19 |
|
I've done this in the past when it was still Softricity and MS just bought it and I wasn't really impressed to be honest. I don't know if it is still this way, but my general impression of the App-V stuff was that it was a big hassle. Some points:
My general impression is that outside of some slick demo's, it is really more of an hassle that it is worth. Simple applications usually work well but these are usually not the applications that make you look for a solution like this in the first place. You want this for something like Autocad or an ERP system. YMMV of course. Mr Shiny Pants fucked around with this message at 19:50 on Mar 5, 2016 |
# ? Mar 5, 2016 19:47 |
|
|
# ? Apr 20, 2024 02:02 |
|
Mr Shiny Pants posted:I've done this in the past when it was still Softricity and MS just bought it and I wasn't really impressed to be honest. I've worked some with SoftGrid years ago, it wasn't nearly as good. Microsoft re-wrote most of it with 5.0. quote:The one thing you really want this for are applications that are a pain to install or to keep updated. The problem with these apps is that they are usually also a pain to get working with these kind of systems. Stuff broke and not in easily identifiable ways. quote:
You can easily run stuff referencing another package with appvve, there's also connection groups. It works OK. quote:Sequencing apps is not something you do on the side so to speak, this becomes a day job and I don't know if it something you like to do the whole day: fixing other peoples crappy installers, software etc. etc. I do packaging on the side. Our Citrix engineer has done a lot of customizations to the farm, and they re-image via provisioning services on a very frequent basis, there are tons of group policies and restrictions. Rather than trying to script installers that are not designed for scripting, or looking into MSI packaging software we don't own, it's a lot easier to run App-V. quote:To be honest compared to Linux and Mac OSX installing software is a pain in the rear end on Windows. You have: Click Once, MSI, Install Shield, The registry etc. etc. It all gets really messy, really quick. I'd say I probably have a 75% success rate with App-V and packaging without any screwing around. By that I mean, run the sequencer, hammer through next on an installer + patches, complete the package, let the end user test it, and it "just works". You're not going to get 100%. My guess is that it will get better and better for compatibility, it's Microsoft on Microsoft technology, as opposed to Thinapp, which is third party. SSH IT ZOMBIE fucked around with this message at 02:28 on Mar 6, 2016 |
# ? Mar 6, 2016 02:25 |