FlexApp’s Unspoken Features: What are They?

FlexApp technology is a popular tool used for application layering, virtualization and delivery. While some of its features are well-known, there are some that are overlooked and not talked about enough. In this blog post, we will explore some of the under-the-hood features of FlexApp and explain how they work.

AppData and HKCU Handling

One of the key features of FlexApp is its ability to handle AppData and HCKU. When an application writes into these areas, FlexApp has special handling for layering. This is because these paths are often used as part of the application’s normal install routine, or they may be written to by the packaging administrator during testing or setting default preferences. If these areas of the profile are captured into the layer and do not exist in the user’s profile, FlexApp will physically copy or write them into the user’s profile. This ensures that the user has the necessary read and write access to these areas of the profile going forward.

Corrective Profile Path Tattooing

Another important feature of FlexApp is corrective profile path tattooing. This refers to the practice of capturing the profile path of the packaging administrator and storing it in the layer. This can create issues when an application stores a path to a non-existent location in the HKCU’s registry. FlexApp will flag this kind of event during the packaging process so that on activation of the layer, the registry value that points to the non-existent path can be corrected and pointed to the user’s correct profile path.

Micro Isolation

Micro isolation is a feature of FlexApp that helps to handle conflicts between layers. While FlexApp is not a full-blown isolation technology like Microsoft App-V, it does have some light isolation between layers. This means that when a conflict occurs, each layer will be redirected back to its own version of files or registry. For example, if each layer has a different version of a DLL in a common location that would normally be a last virtual write wins scenario and could crash the application, FlexApp’s micro isolation feature will ensure that each layer has access to its own version of the DLL. Here is a quick demo of Micro Isolation visually that should help your understanding of the technology.

Session Isolation

Session isolation is a feature of FlexApp that allows for handling different applications for different users when working on multiuser systems like Citrix Virtual Apps or Microsoft AVD. This makes layering on multiuser systems extremely flexible. This feature has also been extended to on-boot applications, which I recently wrote about here.

In conclusion, FlexApp’s unspoken features are an important part of its overall functionality. These features ensure that the user has access to the necessary parts of the profile, prevent conflicts between layers, and make layering on multiuser systems more flexible. Understanding these features can help users get the most out of their FlexApp technology and improve the overall user experience.

How Stratusphere UX Login Breakdown Can Help Identify Login Bottlenecks

Login times are critical for end-users and management, and any delay can impact productivity and user experience. However, identifying the root cause of login slowdowns can be challenging, given the number of factors that can contribute to it. Is it the machine group policy, user group policy, user environment management software, application layering product, antivirus software, security software, or some login script? Stratusphere UX Login Breakdown can help you identify the culprit and take corrective, prompt action.

Before you begin fixing the issue, it’s best to establish a baseline of your environment’s capabilities. You can create a test environment by taking a machine that closely matches your users, removing any antivirus or security software, blocking inheritance on any group policies, disabling any user environment management software and any application layering technology. This baseline provides a goal to work towards and helps hold products or people accountable for causing too much overhead in login times.

Once you have established a baseline, you can start identifying the culprit. With Stratusphere UX Login Breakdown, you can break down the login process into its constituent parts and analyze which parts are taking the most time. For example, you can identify inefficient group policies and take corrective action. You can either clean up the group policy and test your logins again or move most of the group policy to a user environment management product, like ProfileUnity, that is more effective in processing time than group policy.

Similarly, you can identify inefficient user environment management software, which can cause delays by running the regedit.exe command repeatedly to import settings or user preferences. Stratusphere UX Login Breakdown can provide a per-process breakdown of the entire login, helping you identify and address these inefficiencies.

Application layering products can also contribute to login delays by blocking the login from the user while it activates layers or by consuming too many CPU resources during the login. Stratusphere UX Login Breakdown can provide visibility into how much CPU is being consumed during the login, enabling you to optimize resource allocation and speed up logins. ProfileUnity FlexApp can assign application layers on boot and speed up logins by removing contention during the login process.

Antivirus and security software can be challenging to optimize for login performance, given that they are inline to process open, file system R/W, and network R/W. With Stratusphere UX Login Breakdown, you can analyze how much overhead your antivirus and security software are adding to all processes duration times and how much CPU they are consuming during the login. Taking a Login Breakdown snapshot before and after removing antivirus and security software this gives you the proof of the overhead to consult with your antivirus and security teams.

Finally, login scripts can spawn from various places, causing delays during login. With Stratusphere UX Login Breakdown, you can get the entire script duration and any process launched from that script. This visibility helps the script owner optimize the script and reduces resource consumption during the login, resulting in faster login times.

In conclusion, Stratusphere UX Login Breakdown is a powerful, non-invasive tool that can help you track down login bottlenecks with ease. With its ability to break down the login process into its constituent parts, you can identify the root cause of delays and take corrective, prompt action to improve login times, making your end-users and management happy.

Simplifying Disaster Recovery and Business Continuity with Microsoft FSLogix and ProfileUnity’s Portability

Using profile containers, like FSLogix or ProfileUnity’s ProfileDisk container, can present challenges when it comes to disaster recovery and business continuity. Issues such as localized corruption caused by network or storage outages, performing backups on large containers, replicating for DR, and setting up an active-active desktop deployment are just a few of the challenges organizations face.

This is where ProfileUnity’s portability comes into play. With its ability to compress user profiles into a smaller, more efficient backup format, ProfileUnity’s portability solves many of the issues associated with disaster recovery and business continuity. By targeting the file system and registry with surgical precision, the engine excludes large files like the Outlook cache that can be easily re-created from the cloud, making the archived copy of the profile much smaller and more manageable. In addition, the portability engine only writes out what has changed in the session, resulting in fewer files to manage and less network traffic to replicate.

Corruption recovery is also simplified with ProfileUnity’s portability. By removing the corrupt profile container and allowing the portability engine to restore and populate a new container with only what is needed for the user to continue working, organizations can quickly recover from localized corruption without the need for a full restore.

Backing up a large profile container can also be a challenge. ProfileUnity’s portability engine version of the user’s profile is typically between 100 – 1000 MB in size, making it much more practical to backup. In the event of container corruption, simply remove the corrupt container and have the user log in again. The portability engine will take care of re-populating the newly created container with the user’s preferences.

Replicating a large, monolithic file that is locked for 8-12 hours a day can also be impractical. However, ProfileUnity’s portability engine archives are stored in many small files that are not locked while the user is logged in, making replication options almost infinite and very cost-effective. Any SMB file-level replication technology, Azure blob replication, or even Amazon S3 replication can be used to replicate the archives.

For organizations looking to set up an active-active desktop, unique profile containers at each site that do not replicate would be used. The portability engine archives can then be replicated and, since the engine only writes out changes that occur within sessions, replication is fast and efficient.

Our team has been hard at work continuing to develop new features for our products, and we’re excited to announce that our next version of ProfileUnity will include a new template specifically designed to simplify disaster recovery and business continuity for Microsoft’s FSLogix profile container. With this template, our customers will be able to take advantage of out-of-the-box solutions that help ensure business continuity in the event of localized corruption, storage outages, and other common challenges. We believe that this new template will be a valuable addition to our product and will help our customers to better manage their FSLogix profile containers. The next version is due in April 2023.

In conclusion, using ProfileUnity’s portability on top of a profile container like Microsoft’s FSLogix or ProfileUnity’s ProfileDisk is an excellent way to simplify disaster recovery and business continuity. With its surgical precision and ability to compress user profiles into a more efficient format, ProfileUnity’s portability provides organizations with an effective recovery plan from container corruption, replication for DR or active-active desktop deployments.

Instant Application delivery with FlexApp 6.8.5 Cloaking

Instantly delivering applications to users can be a challenge, as even FlexApps can take some time to activate. For instance, it may take 14 seconds for 15 FlexApps to become available. This can cause users to log in to their desktops before the application shortcuts for all 15 apps are ready to use.

To address this issue, we’ve introduced FlexApps on boot. However, the current implementation of FlexApps on boot has a small drawback: all FlexApps on boot are visible to all users logging in to the RDS host or desktop pool. This necessitates creating multiple pools to segment applications that are layered on boot. While this reduces image management, it increases the number of pools to manage, even if they come from the same image.

But with ProfileUnity FlexApp 6.8.5, we have new technology that solves both image sprawl and pool sprawl. When you assign FlexApps on boot, you now have the option to cloak the FlexApps that a user is not entitled to at login. For instance, if you have two apps on boot, one for accounting and the other for marketing, both apps are layered into the OS on boot, so users don’t have to wait for layering to occur. During login, however, the marketing user won’t be able to see the accounting app, and vice versa.

In addition, we offer predictive block caching. FlexApps are typically streamed over the network, but it’s sometimes better to run the app from our block cache to speed up the user experience. However, downloading all the needed blocks can take time. With predictive block caching, we know what blocks are needed to achieve near-native speeds, eliminating the need to download all blocks while the user waits.

To summarize, we remove activation times (FlexApps on boot), launch times (block caching), download times (predictive block caching), reduce image management (using FlexApps), and reduce pools (FlexApps on boot with cloaking).

To accomplish this, first set up ProfileUnity as a Service. then enable the “Enable Cloaking for on-boot FlexApps” checkbox in ProfileUnity FlexApp 6.8.5 when assigning FlexApps on boot. Then, in the normal login configuration, assign the relevant on-boot FlexApps to the appropriate users. This will ensure that users only have access to the applications they need, while reducing image sprawl and pool sprawl.

Overall, this approach simplifies application delivery and management while improving the user experience. Users can log in quickly and seamlessly access the applications they need, without being burdened by unnecessary apps or activation times.

ProfileUnity with FlexApp 6.8.5, Best Practices out of the box!

Capturing applications with FlexApp can sometimes be challenging, and there are a few best practices that are critical to success. However, these steps can be time-consuming, and it’s easy to overlook important details. In some cases, this can lead to an unsuccessful deployment.

To simplify the process and ensure best practices are followed, ProfileUnity FlexApp 6.8.5 now includes out-of-the-box tools and features to help streamline the application capture best practices.

First, FlexApp now includes a built-in runtime installer, which allows you to easily install all the necessary .NET and C++ runtimes on the packaging OS. This eliminates the need to track down individual runtimes from Microsoft, saving time and reducing complexity.

Second, FlexApp also includes a custom optimizer tool specifically designed for capture. This tool ensures that the capture OS is optimized for the capture process, with minimal extraneous activity or noise. This is especially important since you may not have access to VMware’s or Citrix’s optimizer tools, and different optimizer settings are required for capture OS versus end user images.

Finally, FlexApp automatically performs rollbacks in between captures to prevent cross-contamination between applications. This ensures that each application is captured in a separate layer, without interfering with other applications layers.

By incorporating these best practices out-of-the-box, ProfileUnity FlexApp 6.8.5 simplifies the application capture process, reducing the risk of errors and ensuring a successful deployment. With these tools and features, you can capture applications quickly and easily, and deliver them to users with confidence.

More cloud! ProfileUnity with FlexApp 6.8.5 adds SAML and Azure Active Directory group support

ProfileUnity has added support for SAML and Azure Active Directory groups, offering greater cloud functionality to its users.

With console support for SAML, users can now access their ProfileUnity console using a cloud Identity Provider (IDP). This approach offers numerous benefits, including:

  • Two-factor authentication: Depending on the IDP configuration, users can use an authentication application on their phone, receive an SMS message, or even use a physical token for added security.
  • Centralized auditing: By centralizing all ProfileUnity console access to an IDP, IT teams gain access to full audit trails for login attempts. This allows for easy auditing without needing direct access to the ProfileUnity console.

By integrating SAML support, ProfileUnity has made it easier for users to leverage SSO to login the ProfileUnity console even more securely, and IT teams to manage and monitor those access attempts.

ProfileUnity has also recently released an update that introduces support for Azure Active Directory groups. This new feature enables the context-aware filtering system to make decisions based on a user’s Azure Active Directory group membership, making it particularly beneficial for users who work on an operating system that is not typically joined to an NT Domain or does not have a consistent connection to the corporate network.

One of the best aspects of this update is that it requires no changes to the client-side or user experience for the ProfileUnity client to query Azure Active Directory group membership. To get started, simply set up the console with the necessary Azure Active Directory access required to perform group queries.

With Azure Active Directory group support, ProfileUnity users can now take advantage of enhanced filtering capabilities, making it easier to manage. This upgrade provides greater flexibility and convenience for businesses looking to maintain secure and efficient IT operations while using Azure Active Directory.

Once the console has access to perform your Azure Active Directory Group queries the filter system will show Azure Active Directory groups.

Once you have setup your Azure Active Directory Group filter and tied it to a module, like shortcuts, FlexApp,.etc., the system will take care of enabling the client access to query your Azure Active Directory Groups.

MSIX App Attach and FlexApp – Better Together

MS-LW.png

Now that Azure WVD is GA, you are starting to hear more about MSIX and the strategy of attaching applications to a WVD OS. MSIX is the Windows app package format that provides a modern packaging experience to all Windows apps. The MSIX package format preserves the functionality of existing app packages and/or install files in addition to enabling new, modern packaging and deployment features to Win32, WPF, and WinForm apps.
Continue reading

Application Layer Editing, Sledgehammer or Scalpel?

In comparison to traditional ways to install applications and other application delivery methods that have been around for quite some time – such as application virtualization – application layering technology is still in its early stages. Because app layering is relatively new, tools for editing existing layers are unfortunately sparse.

You might ask, “Why would I need to edit an application layer?” Well, you could find yourself needing to edit registry keys for an application layer because you want the application to behave differently. So, how would you edit registry keys for a layer that is already created? The default answer for all layering vendors (assuming they can even edit layers, you should ask!) is to put the layer back into capture or packaging mode and make your registry changes there. Sure, this will work, but this is a “sledgehammer” approach when a “scalpel” may be better. When you put a layering tool into capture mode, it records all changes that happen to the operating system. This is a bit heavy-handed when you’re only trying to make a single registry key change.

Continue reading

ProfileDisk: The Profile Easy Button!

Today, I want to talk about ProfileDisk and its benefits using FlexDisk or VHD.  ProfileDisk is a new major feature scheduled for ProfileUnity 6.5,  targeted for release in Q1 of 2015.

Before I talk about ProfileDisk, let’s level set about ProfileUnity itself and how it deals with the user profile. Today, ProfileUnity uses its portability engine to backup and restore users’ profiles. This engine is highly optimized to make backup and restore of a user’s profile as fast as possible. This engine archives the profile into smaller parts that also include a checksum so that the solution can sort through what does and does NOT need to be save or restored. Out of the box, ProfileUnity comes with templates that cover 85% of the user profile, Windows settings, application settings, etc. ProfileUnity’s portability engine backups up and restores profile on login, logoff or on triggers for example on PCoIP or ICA disconnect  the users profile can be saved. This approach gives you great control over how much or how little of the profile you want to make portable. But this approach also sometimes requires you to create a portability rule for paths that are not captured out-of-the-box. Customers have told us they want a fully persistent desktop, leveraging non persistent VDI but without having to configure many portability rules.    Essentially, they want a feature that would act as an “easy button” or “catch all” for users’ profiles. Continue reading

FlexDisk, a Robust VMDK Delivery System

In just a few weeks, Liquidware Labs will go live with the introduction of FlexDisk, heralding a new evolution in User Management.  ProfileUnity with FlexApp already boasts some of the fastest logon times and smoothest Application Layering in the industry.  However, even our own current impressive performance will pale in comparison to ProfileUnity User Environment Management with new FlexDisk technology.  FlexDisk, planned for release in ProfileUnity v6.5 in Q1 2015, will deliver the entire user profile and application layers to both persistent and non-persistent desktops with unmatched speed and flexibility. Continue reading