SlideShare a Scribd company logo

Vmware thin app architecture

S
solarisyougood

The document provides an overview of VMware ThinApp, including its architecture, isolation modes, package formats, deployment methods, and key features. ThinApp uses a virtual operating system and sandbox model to deliver applications in a compressed executable file format while isolating them from the underlying system. It supports various isolation modes and deployment options and also includes capabilities like scripting, memory sharing, boot services, and application linking.

Related slideshows

UKOUG - 25 years of hints and tips
UKOUG - 25 years of hints and tipsUKOUG - 25 years of hints and tips
UKOUG - 25 years of hints and tips
 
Lisa12 methodologies
Lisa12 methodologiesLisa12 methodologies
Lisa12 methodologies
 
OpenStack Neutron Tutorial
OpenStack Neutron TutorialOpenStack Neutron Tutorial
OpenStack Neutron Tutorial
 
1 of 36
© 2009 VMware Inc. All rights reserved VMware ThinApp™ Fundamentals Architecture
2 Download full SET  Student Guide & Internal & Confidential Update Daly https://goo.gl/VVmVZ0 -- VMware ThinApp 4 Fundamentals Release Notes - R3.2 http://ouo.io/EZknL 00 ThinApp 4 Fundamentals Services Kit Document Map http://ouo.io/ton36w 01 ThinApp Fundamentals Consultant Overview http://ouo.io/RdoIZR 02 ThinApp Fundamentals Consultant FAQ http://ouo.io/IEuvM 03 ThinApp Fundamentals Demo Environment Build Procedures http://ouo.io/qcCXB 04 ThinApp Fundamentals Sample Demo Procedures http://ouo.io/j5g4L 05 Technical Overview - Microsoft App-V 4.6 http://ouo.io/3rahxZ 06 Technical Overview - Citrix XenApp 6 http://ouo.io/SG8ptm A1 ThinApp Jumpstart Overview http://ouo.io/X179NA A2 ThinApp Overview http://ouo.io/4gblv A3 ThinApp Architecture http://ouo.io/4SafK A4 Using ThinApp http://ouo.io/p95Xy A5 ThinApp Administration http://ouo.io/6E57G A6 Basic Application Concepts http://ouo.io/H3Mifk
3 Agenda  In This Presentation We Will • Review ThinApp Architecture and key concepts • Review the different Isolation Modes • Discuss different package formats and deployment methods • Provide an overview of the Capture and Build environment
4 VMware ThinApp Virtualized App Architecture Windows Operating System ThinApp Compressed Container (EXE) Virtual OS (VOS) Application Registry Access File Access Virtual Registry Virtual File System Physical Registry Physical File System Sandbox
5  ThinApp Compressed Container • Encapsulates applications and their associated dependencies into a single EXE or MSI file • Comprised of: • Very small (~600K) client built into each EXE package • Allows for clientless execution of ThinApp application packages • Virtual operating system (VOS) • Virtual file system (VFS) • Virtual registry (VREG) VMware ThinApp Virtualized App Components Windows Operating System ThinApp Compressed Container (EXE) Virtual OS (VOS) Application Registry Access File Access Virtual Registry Virtual File System Physical Registry Physical File System Sandbox Windows Operating System Physical Registry Physical File System Sandbox ThinApp Compressed Container (EXE) Virtual Registry Virtual File System Virtual OS Application Registry Access File Access
6 VMware ThinApp Virtualized App Components  VOS (Virtual Operating System) • Uses virtual file system (VFS) and virtual registry (VREG) to transparently merge virtual system environment with physical system environment • Controls the ability of the virtualized application to access the resources of the underlying physical OS • Allows ThinApp packages to be OS independent • ThinApp runtime operations • Process loading • DLL loading • Thread and process management Windows Operating System Physical Registry Physical File System Sandbox ThinApp Compressed Container (EXE) Virtual Registry Virtual File System Virtual OS Application Registry Access File Access
7 VMware ThinApp Virtualized App Components  Sandbox • Private, per-user and per-app directory where all application runtime changes are stored • User configurable settings (such as web browser home page or favorites, Word default template customizations or custom dictionary) • Allows user settings to persist • Can be managed using third-party persona management tools • Location is configurable • Default is %AppData%Thinstall • Network share (for example, home drive) • Removable USB volume • VMware View™ user data disk • Return apps to default behavior by deleting the sandbox Windows Operating System Physical Registry Physical File System ThinApp Compressed Container (EXE) Virtual OS Application Registry Access File Access Virtual Registry Virtual File System Sandbox
8 VMware ThinApp Virtualized App Components  Virtual File System (VFS) • VFS embedded in application package (read-only) • File system sandbox (read-write) • Holds runtime changes by application • Embedded virtual files extracted to sandbox if any file modification operation takes place • Changing file timestamp or attributes • Opening file with write access • Truncating file • Renaming file • Moving file Windows Operating System Physical Registry Physical File System Sandbox ThinApp Compressed Container (EXE) Virtual OS Application Registry Access File Access Virtual Registry Virtual File System
9 VMware ThinApp Virtualized App Components  Virtual Registry • Stores registry settings used by application/VOS • Three manifestations • Application project files • Unicode text files • Files and related keys can be modified • Application package • Embedded VREG (read-only) • Compressed format • VREG sandbox (read-write) • Stores differences from embedded format as application makes registry writes Windows Operating System Physical Registry Physical File System Sandbox ThinApp Compressed Container (EXE) Virtual OS Application Registry Access File Access Virtual File System Virtual Registry
10 VMware ThinApp Architecture  Kernel Mode versus User Mode • Kernel mode – Most privileged level of access • Application has full access to all underlying resources • Application instability can impact other applications or result in catastrophic system failure (BSOD) • User mode – Restricted level of access • Application is prevented from accessing underlying resources without first making a request through a system call to the kernel  ThinApp Applications Operate Entirely in User Mode • Requisite permissions are encapsulated during application capture and build • Includes applications that require local admin rights when installed natively • Allows for hardening of the app without having to soften the desktop
11 VMware ThinApp File System Isolation Modes  File System Isolation Modes • When system elements outside of a ThinApp package are modified, isolation modes determine the level of interaction between the native file system and the virtual environment • Three isolation modes – Merged, WriteCopy, and Full • Can be set on a per-directory and per-registry subtree basis • Configured during application capture or post-capture • Virtual elements within the ThinApp package, when modified, are always written to the sandbox
12 Windows Operating System ThinApp Compressed Container (EXE) Virtual OS Application Registry Access File Access Virtual Registry Virtual File System Physical Registry Physical File System Sandbox (defaults to user’s profile) VMware ThinApp File System Isolation Modes  Merged (Full Write Access) • Applications have visibility to and can modify physical system elements outside of the ThinApp package as needed • Allows users to create, modify, and save files in familiar locations (such as Desktop, My Documents, C:User) • Recommended for applications (such as Microsoft Office) that write to standard system directories ThinApp package has visibility to physical file system/ registry Data written to physical file system/registry Reads Writes
13 VMware ThinApp File System Isolation Modes  WriteCopy (Restricted Write Access) • ThinApp copies changes to the file system and registry to the sandbox so that only copies are modified, not the actual physical data • Excludes changes in Desktop and My Documents • Recommended for legacy or untrusted applications, or locked down desktops • Useful in multiuser environments where write operations to the file system can impact more than one user Windows Operating System ThinApp Compressed Container (EXE) Virtual OS Application Registry Access File Access Virtual Registry Virtual File System Physical Registry Physical File System Sandbox (defaults to user’s profile) Write operations intended for physical file system/registry written to Sandbox instead ThinApp package has visibility to physical file system/ registry Reads Writes
14 VMware ThinApp File System Isolation Modes  Full (No Read/Write Access) • Provides complete isolation from all physical system elements • Manual user access to network, file, and print are still available • Recommended for avoiding conflicts between coexisting copies of applications • Useful if another version of the application is already natively installed • Can only be configured post-capture in package.ini or attributes.ini files Windows Operating System ThinApp Compressed Container (EXE) Virtual OS Application Registry Access File Access Virtual Registry Virtual File System Physical Registry Physical File System Sandbox (defaults to user’s profile) ThinApp package has no visibility to physical file system/ registry Write operations intended for physical file system/registry written to Sandbox instead Writes Reads
15 VMware ThinApp File System Isolation Modes  File System Isolation Modes in Summary Isolation Mode System Elements Virtual Elements Merged mode (Full Write Access) App can read and modify system elements App can create and modify virtual elements in sandbox WriteCopy mode (Restricted Write Access) App can read system elements Changes to system elements modified on copy in sandbox App can create and modify virtual elements in sandbox Full mode (No Read/Write Access) App cannot read or modify system elements App can create and modify virtual elements in sandbox
16 Deploying VMware ThinApp Packages  Deploying ThinApp Packages • Determine package format • EXE, MSI, or DAT • Determine deployment method • Stream from network share • Deploy locally using electronic software distribution (ESD) solution • Use portable media • Deliver to virtual desktops using VMware View
17 Deploying VMware ThinApp Packages  ThinApp Package Format • EXE file • Local storage on laptops and workstations • USB flash media • VMware View virtual desktops • MSI file • Distribute through third-party electronic software distribution (ESD) solutions • VMware View virtual desktops • Required format for View 4.5 integration • Same as copying the EXE to the local machine and registering it using Thinreg.exe • DAT • Use if EXE files will be greater than 200MB • Windows XP and 2000 cannot show shortcut icons for large EXE files
18 Deploying VMware ThinApp Packages  Support for MSI Packages • ThinApp allows for deploying application packages larger than 2GB in a single MSI file • Native MSI and CAB files do not support sizes greater than 2GB • Does not require separate CAB files or data files for content greater than 2GB • MSI package must be created using ThinApp • ThinApp MSI files are compatible with all versions of Windows Installer • No requirement for a particular version to be installed on the client
19 Deploying VMware ThinApp Packages  Deployment Methods – Electronic Software Distribution (ESD) • Deploy ThinApp packages in MSI format through existing ESD solutions to managed desktops • Selectively deploy applications and dependencies to users and computers according to a wide range of administrator-set criteria • Leverage existing process and workflow • ESD solutions do not differentiate ThinApp MSI files from traditionally packaged MSI files • Application performance based on local resources
20 Deploying VMware ThinApp Packages  Deployment Methods – Streaming • Stream from Windows fileserver share • No desktop client or specialized server infrastructure required • Users double-click icon on UNC path or shortcut to launch application • Stream is optimized for fastest launch • Block-level delivery • Additional code is streamed as needed • Packages load directly into memory • No disk I/O required • Excludes sandbox activity • Beneficial for VMware View environments • Read-only network share is only infrastructure requirement • Use DFS or other namespace-based access and replication technologies for branch offices
21 Deploying VMware ThinApp Packages  Deployment Methods – Using Portable Media • Run applications from portable media devices on any endpoint • Enable workforce mobility and full application portability without compromising security • No install required • User mode execution allows for deployment on locked down PCs
22 Deploying VMware ThinApp Packages  Deployment Methods – VMware View • Simplify software delivery • Eliminate application conflicts • Integration without dedicated server infrastructure • Streamline patch updates • Modify one package for an entire environment • Perform in-place upgrades • Reduce storage • Reuse templates • Reduce image size and complexity • Deliver applications from network
23 Deploying VMware ThinApp Packages  View 4.5 Further Simplifies Application Management Through Integrated Application Assignment • Application Dashboard provides: • Inventory of ThinApp applications managed by VMware View • Optimized assignment process per application group • Visibility into ThinApp status on desktops, event auditing, and the like • Assign ThinApp applications to: • Individual View desktop • Pool of View desktops • Deliver ThinApp applications as: • Full – deployed to the end user device as a self-contained executable • Streaming – streamed to the end user device from a network share on-demand • Packages must be MSI format
24 VMware ThinApp Features  Scripting Substantially Extends the Power and Flexibility of ThinApp • Change the behavior of the virtualized application by executing custom code before starting a packaged application, during runtime, or after an application exits • Examples • Timeout an application on a specific date • Run a .bat file from a network share inside the virtual environment • Import a .reg file at runtime • Stop a virtual service when the main application quits • Copy an external system configuration file into the virtual environment on startup • ThinApp supports Microsoft Visual Basic Scripting Edition (VBScript) • A VBScript is added to root of package project folder before building • Called when each and every parent process (entry point) and child process is executed (unless using callback functions) • Scripts in other languages can be called from a primary VBScript
25 VMware ThinApp Features  Scripting (cont.) • Scripts are executed for every process; however, to ensure proper timing execution, ThinApp has callback functions that are executed only when one of the four application timings are triggered: • OnFirstSandboxOwner • Called when the first ThinApp application is launched (that is, the sandbox becomes locked) • Not called when a second ThinApp application is launched from the same ThinApp package as long as the first ThinApp application is still running • OnFirstParentStart • Called prior to the ThinApp application being launched • Occurs whether or not another application has the sandbox locked open • OnFirstParentExit • Called when the parent process (entry point) is closed • OnLastProcessExit • Called when the very last process in the application exits (whether parent or child process)
26 VMware ThinApp Features  Scripting (cont.) • ThinApp API functions execute ThinApp-specific actions and interact with ThinApp runtime • Allow for additional configurations that would otherwise not be possible or would take an extensive amount of VBScript code to accomplish • Can be used in a script or configured as a package.ini parameter • Examples • ExpandPath – Converts a path from macro format to system format • AddForcedVirtualLoadPath – Loads DLLs from a specified path as virtual DLLs • WaitForProcess – Waits until the designated process has finished running • RemoveSandboxOnExit – Deletes the sandbox when the application closes • ExecuteExternalProcess – Runs a command that exists outside the virtual environment
27 VMware ThinApp Features  Memory Sharing • Memory pages from one instance of an application are shared with other instances of the same application • Application packages must be run from the same location • Applies to shared, multiuser environments such as Terminal Server • Shared even when users are logged into different sessions • Example: Microsoft Office loads common DLLs into different applications • One copy of MSO.dll loaded for all Office apps App Instance #2 App Instance #1 Shared Memory Page Unique Page Unique Page Unique Page
28 ThinApp 4.5 ThinApp 4.6 VMware ThinApp Features  Boot Time Services Support • Captured applications that contain Windows services can now have virtualized services start automatically during boot time • Virtual service is captured during packaging, but can be registered on the physical machine as a physical service using ThinReg • When the physical machine boots, the service is started using the natively installed service management tools • Offers faster launch times than if application had to wait for virtual service to launch • Services are available to all users using the virtual application • Configured in package.ini file • In ThinApp versions before 4.6, services could be started using entry points that manually start services natively
29 VMware ThinApp Features  Application Link (AppLink) • Dynamically combine ThinApp packages at runtime on end‐user systems • Allows shared components and dependent applications to be kept in separate packages • Create single package for interdependent application components (such as Acrobat Reader, Java, .NET) • Create application update packages without modifying the base package • Packages can be any size • AppLink follows a “chain” through other AppLinked ThinApp packages DependencyPrimary Application Primary Application
30 VMware ThinApp Features  AppLink (cont.) • Configured as required or optional in package.ini file • RequiredAppLinks – If a dependent application fails to launch, base application closes with error message • OptionalAppLinks – Ignores errors and the main application is launched even when an import operation fails • Sandbox changes made to linked packages are stored in the base package’s sandbox • Changes made to AppLinked Adobe package are not visible when Adobe is launched as standalone • Use common sense when using AppLinks • Be mindful of introducing unnecessary operational complexity • As the number of AppLinks increases, negative impacts to application launch time are possible
31 ThinApp 4.5 ThinApp 4.6 VMware ThinApp Features  AppLink (cont.) • Supports use of wildcards for both directories and filenames • Allows greater flexibility in specifying target dependency locations • Example – Link a single virtualized instance of IE6 with a directory containing all relevant IE plug-ins • OptionalAppLinks=plugins**.dat
32 ThinApp 4.5 ThinApp 4.6 VMware ThinApp Features  ThinDirect • Associate URL with specific ThinApp browser package • End users continue using native browser and virtual browser will appear when necessary • No longer need to remember which Web pages or apps require virtual browser • A browser helper object is installed in the native instance of Internet Explorer • Native IE is completely unaffected by ThinDirect (and remains fully supported by Microsoft) • ThinApp is user-mode execution only and no system drivers installed
33 ThinApp 4.5 ThinApp 4.6 VMware ThinApp Features  ThinDirect (cont.) • Plug-in is configured during app packaging process and embedded in ThinApp package • User-defined URLs control when virtual browser is launched • Packaged browser redirects to the native browser after user is done (also referred to as “FatDirect”) • Similar to a file type association for browsers • Works with multiple browsers • ThinDirect can redirect to Chrome, Firefox, Opera, and Safari • Admin controlled URLs through GPO • Computer Configuration • User Configuration
34 VMware ThinApp Packaging Environment  Capture and Build (CnB) Environment • Use the ThinApp application Setup Capture • Pre-installation and post-installation snapshot • ThinApp project created using differences between snapshots • Use a virtual machine if possible • Ideal for provisioning baseline desktop OS images and reverting back to the same pristine state between captures • If traditional desktop must be used, access to third-party disk imaging utility for creating clean restore point (such as Symantec Ghost or Acronis TrueImage) is recommended • Packaging machine known as “CnB source” VMware Workstation ThinApp Utilities on Network Share CnB Source Desktop VM (Install candidate application here) Mounted drive Capture and Build (CnB) Environment Setup Capture Template (Baseline OS)
35 VMware ThinApp Packaging Environment  Setup • VM templates • Create a library of CnB source VMs if multiple client operating systems exist • Oldest OS and patch level supported for application is used during capture • Each CnB source VM: • C drive (base OS + service packs and hot fixes + free space) • Size depends on application (typically 20-30GB) • Avoid installing antivirus software • Take VM snapshot prior to packaging application • ThinApp utilities • Store on central network share • Default project save location matches the launch location of the Setup Capture utility • If run from CnB source, remember to copy the project folders off the CnB source before discarding the snapshot
36 VMware ThinApp Fundamentals VMware, Inc. 3401 Hillview Ave Palo Alto, CA 94304 Tel: 1-877-486-9273 or 650-427-5000 Fax: 650-427-5001

More Related Content

Vmware thin app architecture

  • 1. © 2009 VMware Inc. All rights reserved VMware ThinApp™ Fundamentals Architecture
  • 2. 2 Download full SET  Student Guide & Internal & Confidential Update Daly https://goo.gl/VVmVZ0 -- VMware ThinApp 4 Fundamentals Release Notes - R3.2 http://ouo.io/EZknL 00 ThinApp 4 Fundamentals Services Kit Document Map http://ouo.io/ton36w 01 ThinApp Fundamentals Consultant Overview http://ouo.io/RdoIZR 02 ThinApp Fundamentals Consultant FAQ http://ouo.io/IEuvM 03 ThinApp Fundamentals Demo Environment Build Procedures http://ouo.io/qcCXB 04 ThinApp Fundamentals Sample Demo Procedures http://ouo.io/j5g4L 05 Technical Overview - Microsoft App-V 4.6 http://ouo.io/3rahxZ 06 Technical Overview - Citrix XenApp 6 http://ouo.io/SG8ptm A1 ThinApp Jumpstart Overview http://ouo.io/X179NA A2 ThinApp Overview http://ouo.io/4gblv A3 ThinApp Architecture http://ouo.io/4SafK A4 Using ThinApp http://ouo.io/p95Xy A5 ThinApp Administration http://ouo.io/6E57G A6 Basic Application Concepts http://ouo.io/H3Mifk
  • 3. 3 Agenda  In This Presentation We Will • Review ThinApp Architecture and key concepts • Review the different Isolation Modes • Discuss different package formats and deployment methods • Provide an overview of the Capture and Build environment
  • 4. 4 VMware ThinApp Virtualized App Architecture Windows Operating System ThinApp Compressed Container (EXE) Virtual OS (VOS) Application Registry Access File Access Virtual Registry Virtual File System Physical Registry Physical File System Sandbox
  • 5. 5  ThinApp Compressed Container • Encapsulates applications and their associated dependencies into a single EXE or MSI file • Comprised of: • Very small (~600K) client built into each EXE package • Allows for clientless execution of ThinApp application packages • Virtual operating system (VOS) • Virtual file system (VFS) • Virtual registry (VREG) VMware ThinApp Virtualized App Components Windows Operating System ThinApp Compressed Container (EXE) Virtual OS (VOS) Application Registry Access File Access Virtual Registry Virtual File System Physical Registry Physical File System Sandbox Windows Operating System Physical Registry Physical File System Sandbox ThinApp Compressed Container (EXE) Virtual Registry Virtual File System Virtual OS Application Registry Access File Access
  • 6. 6 VMware ThinApp Virtualized App Components  VOS (Virtual Operating System) • Uses virtual file system (VFS) and virtual registry (VREG) to transparently merge virtual system environment with physical system environment • Controls the ability of the virtualized application to access the resources of the underlying physical OS • Allows ThinApp packages to be OS independent • ThinApp runtime operations • Process loading • DLL loading • Thread and process management Windows Operating System Physical Registry Physical File System Sandbox ThinApp Compressed Container (EXE) Virtual Registry Virtual File System Virtual OS Application Registry Access File Access
  • 7. 7 VMware ThinApp Virtualized App Components  Sandbox • Private, per-user and per-app directory where all application runtime changes are stored • User configurable settings (such as web browser home page or favorites, Word default template customizations or custom dictionary) • Allows user settings to persist • Can be managed using third-party persona management tools • Location is configurable • Default is %AppData%Thinstall • Network share (for example, home drive) • Removable USB volume • VMware View™ user data disk • Return apps to default behavior by deleting the sandbox Windows Operating System Physical Registry Physical File System ThinApp Compressed Container (EXE) Virtual OS Application Registry Access File Access Virtual Registry Virtual File System Sandbox
  • 8. 8 VMware ThinApp Virtualized App Components  Virtual File System (VFS) • VFS embedded in application package (read-only) • File system sandbox (read-write) • Holds runtime changes by application • Embedded virtual files extracted to sandbox if any file modification operation takes place • Changing file timestamp or attributes • Opening file with write access • Truncating file • Renaming file • Moving file Windows Operating System Physical Registry Physical File System Sandbox ThinApp Compressed Container (EXE) Virtual OS Application Registry Access File Access Virtual Registry Virtual File System
  • 9. 9 VMware ThinApp Virtualized App Components  Virtual Registry • Stores registry settings used by application/VOS • Three manifestations • Application project files • Unicode text files • Files and related keys can be modified • Application package • Embedded VREG (read-only) • Compressed format • VREG sandbox (read-write) • Stores differences from embedded format as application makes registry writes Windows Operating System Physical Registry Physical File System Sandbox ThinApp Compressed Container (EXE) Virtual OS Application Registry Access File Access Virtual File System Virtual Registry
  • 10. 10 VMware ThinApp Architecture  Kernel Mode versus User Mode • Kernel mode – Most privileged level of access • Application has full access to all underlying resources • Application instability can impact other applications or result in catastrophic system failure (BSOD) • User mode – Restricted level of access • Application is prevented from accessing underlying resources without first making a request through a system call to the kernel  ThinApp Applications Operate Entirely in User Mode • Requisite permissions are encapsulated during application capture and build • Includes applications that require local admin rights when installed natively • Allows for hardening of the app without having to soften the desktop
  • 11. 11 VMware ThinApp File System Isolation Modes  File System Isolation Modes • When system elements outside of a ThinApp package are modified, isolation modes determine the level of interaction between the native file system and the virtual environment • Three isolation modes – Merged, WriteCopy, and Full • Can be set on a per-directory and per-registry subtree basis • Configured during application capture or post-capture • Virtual elements within the ThinApp package, when modified, are always written to the sandbox
  • 12. 12 Windows Operating System ThinApp Compressed Container (EXE) Virtual OS Application Registry Access File Access Virtual Registry Virtual File System Physical Registry Physical File System Sandbox (defaults to user’s profile) VMware ThinApp File System Isolation Modes  Merged (Full Write Access) • Applications have visibility to and can modify physical system elements outside of the ThinApp package as needed • Allows users to create, modify, and save files in familiar locations (such as Desktop, My Documents, C:User) • Recommended for applications (such as Microsoft Office) that write to standard system directories ThinApp package has visibility to physical file system/ registry Data written to physical file system/registry Reads Writes
  • 13. 13 VMware ThinApp File System Isolation Modes  WriteCopy (Restricted Write Access) • ThinApp copies changes to the file system and registry to the sandbox so that only copies are modified, not the actual physical data • Excludes changes in Desktop and My Documents • Recommended for legacy or untrusted applications, or locked down desktops • Useful in multiuser environments where write operations to the file system can impact more than one user Windows Operating System ThinApp Compressed Container (EXE) Virtual OS Application Registry Access File Access Virtual Registry Virtual File System Physical Registry Physical File System Sandbox (defaults to user’s profile) Write operations intended for physical file system/registry written to Sandbox instead ThinApp package has visibility to physical file system/ registry Reads Writes
  • 14. 14 VMware ThinApp File System Isolation Modes  Full (No Read/Write Access) • Provides complete isolation from all physical system elements • Manual user access to network, file, and print are still available • Recommended for avoiding conflicts between coexisting copies of applications • Useful if another version of the application is already natively installed • Can only be configured post-capture in package.ini or attributes.ini files Windows Operating System ThinApp Compressed Container (EXE) Virtual OS Application Registry Access File Access Virtual Registry Virtual File System Physical Registry Physical File System Sandbox (defaults to user’s profile) ThinApp package has no visibility to physical file system/ registry Write operations intended for physical file system/registry written to Sandbox instead Writes Reads
  • 15. 15 VMware ThinApp File System Isolation Modes  File System Isolation Modes in Summary Isolation Mode System Elements Virtual Elements Merged mode (Full Write Access) App can read and modify system elements App can create and modify virtual elements in sandbox WriteCopy mode (Restricted Write Access) App can read system elements Changes to system elements modified on copy in sandbox App can create and modify virtual elements in sandbox Full mode (No Read/Write Access) App cannot read or modify system elements App can create and modify virtual elements in sandbox
  • 16. 16 Deploying VMware ThinApp Packages  Deploying ThinApp Packages • Determine package format • EXE, MSI, or DAT • Determine deployment method • Stream from network share • Deploy locally using electronic software distribution (ESD) solution • Use portable media • Deliver to virtual desktops using VMware View
  • 17. 17 Deploying VMware ThinApp Packages  ThinApp Package Format • EXE file • Local storage on laptops and workstations • USB flash media • VMware View virtual desktops • MSI file • Distribute through third-party electronic software distribution (ESD) solutions • VMware View virtual desktops • Required format for View 4.5 integration • Same as copying the EXE to the local machine and registering it using Thinreg.exe • DAT • Use if EXE files will be greater than 200MB • Windows XP and 2000 cannot show shortcut icons for large EXE files
  • 18. 18 Deploying VMware ThinApp Packages  Support for MSI Packages • ThinApp allows for deploying application packages larger than 2GB in a single MSI file • Native MSI and CAB files do not support sizes greater than 2GB • Does not require separate CAB files or data files for content greater than 2GB • MSI package must be created using ThinApp • ThinApp MSI files are compatible with all versions of Windows Installer • No requirement for a particular version to be installed on the client
  • 19. 19 Deploying VMware ThinApp Packages  Deployment Methods – Electronic Software Distribution (ESD) • Deploy ThinApp packages in MSI format through existing ESD solutions to managed desktops • Selectively deploy applications and dependencies to users and computers according to a wide range of administrator-set criteria • Leverage existing process and workflow • ESD solutions do not differentiate ThinApp MSI files from traditionally packaged MSI files • Application performance based on local resources
  • 20. 20 Deploying VMware ThinApp Packages  Deployment Methods – Streaming • Stream from Windows fileserver share • No desktop client or specialized server infrastructure required • Users double-click icon on UNC path or shortcut to launch application • Stream is optimized for fastest launch • Block-level delivery • Additional code is streamed as needed • Packages load directly into memory • No disk I/O required • Excludes sandbox activity • Beneficial for VMware View environments • Read-only network share is only infrastructure requirement • Use DFS or other namespace-based access and replication technologies for branch offices
  • 21. 21 Deploying VMware ThinApp Packages  Deployment Methods – Using Portable Media • Run applications from portable media devices on any endpoint • Enable workforce mobility and full application portability without compromising security • No install required • User mode execution allows for deployment on locked down PCs
  • 22. 22 Deploying VMware ThinApp Packages  Deployment Methods – VMware View • Simplify software delivery • Eliminate application conflicts • Integration without dedicated server infrastructure • Streamline patch updates • Modify one package for an entire environment • Perform in-place upgrades • Reduce storage • Reuse templates • Reduce image size and complexity • Deliver applications from network
  • 23. 23 Deploying VMware ThinApp Packages  View 4.5 Further Simplifies Application Management Through Integrated Application Assignment • Application Dashboard provides: • Inventory of ThinApp applications managed by VMware View • Optimized assignment process per application group • Visibility into ThinApp status on desktops, event auditing, and the like • Assign ThinApp applications to: • Individual View desktop • Pool of View desktops • Deliver ThinApp applications as: • Full – deployed to the end user device as a self-contained executable • Streaming – streamed to the end user device from a network share on-demand • Packages must be MSI format
  • 24. 24 VMware ThinApp Features  Scripting Substantially Extends the Power and Flexibility of ThinApp • Change the behavior of the virtualized application by executing custom code before starting a packaged application, during runtime, or after an application exits • Examples • Timeout an application on a specific date • Run a .bat file from a network share inside the virtual environment • Import a .reg file at runtime • Stop a virtual service when the main application quits • Copy an external system configuration file into the virtual environment on startup • ThinApp supports Microsoft Visual Basic Scripting Edition (VBScript) • A VBScript is added to root of package project folder before building • Called when each and every parent process (entry point) and child process is executed (unless using callback functions) • Scripts in other languages can be called from a primary VBScript
  • 25. 25 VMware ThinApp Features  Scripting (cont.) • Scripts are executed for every process; however, to ensure proper timing execution, ThinApp has callback functions that are executed only when one of the four application timings are triggered: • OnFirstSandboxOwner • Called when the first ThinApp application is launched (that is, the sandbox becomes locked) • Not called when a second ThinApp application is launched from the same ThinApp package as long as the first ThinApp application is still running • OnFirstParentStart • Called prior to the ThinApp application being launched • Occurs whether or not another application has the sandbox locked open • OnFirstParentExit • Called when the parent process (entry point) is closed • OnLastProcessExit • Called when the very last process in the application exits (whether parent or child process)
  • 26. 26 VMware ThinApp Features  Scripting (cont.) • ThinApp API functions execute ThinApp-specific actions and interact with ThinApp runtime • Allow for additional configurations that would otherwise not be possible or would take an extensive amount of VBScript code to accomplish • Can be used in a script or configured as a package.ini parameter • Examples • ExpandPath – Converts a path from macro format to system format • AddForcedVirtualLoadPath – Loads DLLs from a specified path as virtual DLLs • WaitForProcess – Waits until the designated process has finished running • RemoveSandboxOnExit – Deletes the sandbox when the application closes • ExecuteExternalProcess – Runs a command that exists outside the virtual environment
  • 27. 27 VMware ThinApp Features  Memory Sharing • Memory pages from one instance of an application are shared with other instances of the same application • Application packages must be run from the same location • Applies to shared, multiuser environments such as Terminal Server • Shared even when users are logged into different sessions • Example: Microsoft Office loads common DLLs into different applications • One copy of MSO.dll loaded for all Office apps App Instance #2 App Instance #1 Shared Memory Page Unique Page Unique Page Unique Page
  • 28. 28 ThinApp 4.5 ThinApp 4.6 VMware ThinApp Features  Boot Time Services Support • Captured applications that contain Windows services can now have virtualized services start automatically during boot time • Virtual service is captured during packaging, but can be registered on the physical machine as a physical service using ThinReg • When the physical machine boots, the service is started using the natively installed service management tools • Offers faster launch times than if application had to wait for virtual service to launch • Services are available to all users using the virtual application • Configured in package.ini file • In ThinApp versions before 4.6, services could be started using entry points that manually start services natively
  • 29. 29 VMware ThinApp Features  Application Link (AppLink) • Dynamically combine ThinApp packages at runtime on end‐user systems • Allows shared components and dependent applications to be kept in separate packages • Create single package for interdependent application components (such as Acrobat Reader, Java, .NET) • Create application update packages without modifying the base package • Packages can be any size • AppLink follows a “chain” through other AppLinked ThinApp packages DependencyPrimary Application Primary Application
  • 30. 30 VMware ThinApp Features  AppLink (cont.) • Configured as required or optional in package.ini file • RequiredAppLinks – If a dependent application fails to launch, base application closes with error message • OptionalAppLinks – Ignores errors and the main application is launched even when an import operation fails • Sandbox changes made to linked packages are stored in the base package’s sandbox • Changes made to AppLinked Adobe package are not visible when Adobe is launched as standalone • Use common sense when using AppLinks • Be mindful of introducing unnecessary operational complexity • As the number of AppLinks increases, negative impacts to application launch time are possible
  • 31. 31 ThinApp 4.5 ThinApp 4.6 VMware ThinApp Features  AppLink (cont.) • Supports use of wildcards for both directories and filenames • Allows greater flexibility in specifying target dependency locations • Example – Link a single virtualized instance of IE6 with a directory containing all relevant IE plug-ins • OptionalAppLinks=plugins**.dat
  • 32. 32 ThinApp 4.5 ThinApp 4.6 VMware ThinApp Features  ThinDirect • Associate URL with specific ThinApp browser package • End users continue using native browser and virtual browser will appear when necessary • No longer need to remember which Web pages or apps require virtual browser • A browser helper object is installed in the native instance of Internet Explorer • Native IE is completely unaffected by ThinDirect (and remains fully supported by Microsoft) • ThinApp is user-mode execution only and no system drivers installed
  • 33. 33 ThinApp 4.5 ThinApp 4.6 VMware ThinApp Features  ThinDirect (cont.) • Plug-in is configured during app packaging process and embedded in ThinApp package • User-defined URLs control when virtual browser is launched • Packaged browser redirects to the native browser after user is done (also referred to as “FatDirect”) • Similar to a file type association for browsers • Works with multiple browsers • ThinDirect can redirect to Chrome, Firefox, Opera, and Safari • Admin controlled URLs through GPO • Computer Configuration • User Configuration
  • 34. 34 VMware ThinApp Packaging Environment  Capture and Build (CnB) Environment • Use the ThinApp application Setup Capture • Pre-installation and post-installation snapshot • ThinApp project created using differences between snapshots • Use a virtual machine if possible • Ideal for provisioning baseline desktop OS images and reverting back to the same pristine state between captures • If traditional desktop must be used, access to third-party disk imaging utility for creating clean restore point (such as Symantec Ghost or Acronis TrueImage) is recommended • Packaging machine known as “CnB source” VMware Workstation ThinApp Utilities on Network Share CnB Source Desktop VM (Install candidate application here) Mounted drive Capture and Build (CnB) Environment Setup Capture Template (Baseline OS)
  • 35. 35 VMware ThinApp Packaging Environment  Setup • VM templates • Create a library of CnB source VMs if multiple client operating systems exist • Oldest OS and patch level supported for application is used during capture • Each CnB source VM: • C drive (base OS + service packs and hot fixes + free space) • Size depends on application (typically 20-30GB) • Avoid installing antivirus software • Take VM snapshot prior to packaging application • ThinApp utilities • Store on central network share • Default project save location matches the launch location of the Setup Capture utility • If run from CnB source, remember to copy the project folders off the CnB source before discarding the snapshot
  • 36. 36 VMware ThinApp Fundamentals VMware, Inc. 3401 Hillview Ave Palo Alto, CA 94304 Tel: 1-877-486-9273 or 650-427-5000 Fax: 650-427-5001