Transcript Title of Presentation

Lionel Cau
José Luis Auricchio
Microsoft Practice Manager
Sogeti Switzerland
Account Technology Specialist
Microsoft Switzerland
Applications concerns during a migration
Vista / 7 applications compatibility issues
Introducing the ACF program
Microsoft Support Policy
Sogeti's ADA is part of Microsoft ACF
Application Deployment Analysis
Microsoft ACT (Application Deployment Toolkit)
Migration and application virtualisation
App-V
MED-V
Terminal Server
Conclusion
Positive Feedback From Enterprise IT Pros
60%
Percentage of IT Pros that
expect to have deployed
Windows Vista on a
majority of the PCs in their
company within in the next
12 months
Source: MSPulse Survey, 12/2008
Migration takes too long, how do I preserve other IT
operations from risk?
I don’t know all the applications my users have !
What tools and guidance is available?
What’s the best way to test applications?
Can we make the application compatibility process more
predictable?
How do we validate tools and processes?
Can someone just do all the work for me?
Application running compatibility issues
Things that tend to change between releases
Version checking
Changes required for greater security
WRP – protecting registry and system files
User Account Control (UAC)
Internet Explorer - Lower Rights IE (LoRIE)
Microsoft Graphical Identification and Authentication (GINA)
Windows Display Driver Model
Session 0 Isolation
OS innovation
64-bit Windows Vista (32-bit Drivers and 16-bit code)
Firewall/Anti-Virus platform
Deprecated functions
WinHelp, D3DRM, DHTML, NTLPSSP, ……
Windows Vista networking stack has been completely rewritten
Several new features and protocols enhancements.
Firewall-hook driver functions and the filter-hook driver functions have
been deprecated.
The R-series tools, including rexec, rsh, finger, etc.
The IPX protocol has been deprecated
Transport Driver Interface (TDI) filter drivers written in Kernel mode may
not work properly.
Windows Vista removes the following Windows XP components:
WinHelp, D3DRM, DHTML and NTLPSSP
GINA
If an application takes advantage of the Graphical Identification and
Authentication (GINA) mechanism of Windows XP, this software will not
install or run on Windows Vista.
Operating System Versioning
Application is checking the Operating system version and is
following a different code path. The internal version number for
Windows Vista is 6, Windows XP is version 5.x
Application is violating the Windows Resource
Protection (WRP).
Attempts to write new registry keys or values to protected registry
keys may fail indicating “access was denied”.
Attempts to write to protected resources may fail if they rely on
registry keys or values.
Windows Servicing.
Installers attempting to replace, modify or delete OS files and/or
registry keys protected by WRP may fail indicating that the
resource could not be updated.
Application deployment issues
Standard and customized .msi packages
New Vista desktop and workplace
Installation Kernel mode drivers
Installation 16-bit components
Hardcoded path
Installation GINA based DLLs
Unauthorised registry / folder access
Missing components
 ACF is an initiative that teams Microsoft with service partners to help
our customers overcome application compatibility challenges.
 Application Compatibility Factory (ACF) helps enterprise customers
assess and remediate Line Of Business (LOB) and custom applications
quickly and cost effectively.
 ACF partners have access to deep technical training, the latest
technical information and an evolving remediation database.
 ACF can benefit customers who are deploying Windows® Vista or 7
and Office 2007 and have or have not identified potential application
compatibility issues.
 ACF program has unblocked over 1.4 million desktop seats and tested
and remediated over 55K applications
Deployment Tools for Windows Vista
BDD 2007
ACT 5.0
Portable
Deployment Kit
Architectural
Design
Sessions
“What is ACF?”
Application
Compatibility
Factory
Windows Vista ACF
Assess
Remediate
Validate
Enterprise
Applications
Windows Vista
Compatible
Applications
Costs
Quality
The Application Compatibility Factory (ACF) connects
Enterprise customers with ACF Partners to deliver high
volume, low cost application compatibility and remediation
services
Microsoft selected a small number of ACF partners, and
has invested in helping them to build Windows Vista
application compatibility expertise. Microsoft has validated
the methodologies and support infrastructures of ACF
Partners, as well as given them exclusive access to deep
technical training, to ensure that they are qualified to
execute early-phase Windows Vista and Office 2007
compatibility programs
High Volume:
• Specialized partners with
dedicated capacity
• Cumulative experience and faster
learning curves
• Access to Microsoft SWAT teams
Higher Quality:
• Microsoft validated partners and
methodologies
• Access to product developers
• Cumulative experience and faster
learning curves
Reduced Costs:
• High degree of partner specialization
• Global delivery
• Process automation
Microsoft Support Lifecycle Policy
http://support.microsoft.com/lifecycle
The Microsoft Support Lifecycle policy took effect in October 2002, and applies to most products
currently available through retail purchase or volume licensing and most future release products.
Through the policy, Microsoft will offer a minimum of:
10 years of support (5 years Mainstream Support and 5 years Extended Support) at the supported
service pack level for Business and Developer products
5 years Mainstream Support at the supported service pack level for Consumer/Hardware/Multimedia
products
3 years of Mainstream Support for products that are annually released (for example, Money, Encarta,
Picture It!, and Streets & Trips)
Phased approach
Make an inventory of hardware, applications and
packages
Exclude Vista/7 compliant applications
Analysis of non-compliant applications
Can we fix the non-compliant applications?
Benefits
Realistic budget and planning, low impact on business
Early involvement of suppliers
Managed expectations
Sogeti expertise
10 years experience in migration and testing project
Realistic goal (test to migrate, don’t test to test)
Application Portfolio exhaustive testing occurs too
late in the project
install and distribution test
functional acceptance tests
user acceptance tests
Risks
huge effort for application admins
drifting project (Time, Budget)
bad IT organization image
Costs too much (2 500 to 3 000 hours for 500
applications)
Application
Applicationinventory
inventory
Windows impact analysis
Application virtualisation analysis
Report + presentation of findings to management +
conclusion + recommendations
4
Compatibility Exchange
Desktop Topology
Europe
2
Finance
HR
North America
Log Processing
Service and DB
Internet
1
Data Collection Package/Compatibility Evaluators
Inventory
IE
Vista
Update
Etc…
3
Application
Compatibility
Manager
Betty
Wilma
17
Traditional approach
Testing applications
installation and distribution
test
Functional Acceptance test
User Acceptance test (Pilot)
Project risks
large effort Application
Managers /Business
unmanageable project (rework and re-test)
2.500 hrs for 500 MSI
packages
(≈ 5 hrs / MSI package)
ADA assisted
Application Mgr impact
functional Acceptance test
(≈ 150-200 appl.)
modified applications
(≈ 100-150 appl.)
replaced applications
(≈ 50 appl.)
Pilot
User Acceptance test
Test effort (estimate)
for 500 applications : 1400 hrs
(≈ 3 hr / MSI package)
By using ADA methodology, the budget required for compatibility testing
and remediation can be decreased by 30 to 40%
The global saving can be above 50% using Offshore Delivery capabilities
Facts
Reason non-compliance
Nature of issues
What to do
Supplier
new version, update, drivers
Fix application
policies & rights
fixes (OS – applications)
virtualisation (automated)
shims / repackage
Architecture
App-V, Med-V, Terminal Services, Citrix
Hyper-V
App-V
RDS
MED-V
Virtual PC
VECD
Above the kernel virtualization for applications
Applications are virtualized per
instance:
Files (incl System Files)
Registry
Fonts
.ini
COM/DCOM objects
Services
Semaphores, Mutexes
Name Spaces
Applications do not get installed
or alter the operating system
Yet Tasks process locally on the
host computer
Dramatically reduces application
conflicts and regression testing
Multiple versions of the same application
Office 2007 and Office 2003
Branched versions of the same application
Office 2003 and Office 2003 SP1
Multiple JRE Versions
Multiple MDAC versions
Multiple Oracle Drivers
Different configurations of the same application
Same database client, two different target database configurations
Virtual configurations of local applications
Internet Explorer add-ins (JRE, ActiveX, etc.)
Packaging is now separated from
production constraints thanks to the App-V
virtualization abstraction layer
What it does
Creates a package with
a full OS
What it is good for
Resolve incompatibility
between applications
and a new OS
Run two environments
on a single PC
Applications
Operating System
Hardware
What it does
Creates a package of an
application
Eliminates software
install
Isolates each application
What it is good for
Resolve conflicts
between applications
Simplify application
delivery and testing
Application-to-OS Compatibility Solution
Run legacy applications in a Windows® XP/2000
environment
MED-V leverages Microsoft Virtual PC, to enable
enterprise deployment of local desktop virtualization
Virtual images repository and deployment
Centralized virtual images repository for image creation/testing
Standard MSI for corporate software distribution
Auto-install package for self deployment
(via removable media (e.g. DVD) or from a website)
Efficient image delivery and updates over LAN or WAN
(using TrimTransfer de-duplication technology based on IIS)
Centralized management and monitoring
Centralized management server to control deployed VMs
Image provisioning based on Microsoft Active-Directory ®
users/groups
User authentication (online over SSL or offline based on local cache)
Support heterogeneous environments
Automate first-time virtual machine setups
(e.g. initial network setup, unique computer name, domain join)
Adjust VPC memory allocation based on available RAM on host
Centralized database for client activity and events
Usage policy and data transfer control
Per user/group usage policies (e.g. expiration, time limits for
offline work)
Host-guest data transfer control (e.g. copy-paste, file transfer,
printing)
Automatic redirection of predefined websites (e.g. corporate
intranet) to the virtual environment
End-user experience
Background VM management - hide the Virtual PC session from
the user, and automatically troubleshoot
“Publish” applications from VPC image to host Start Menu
Single desktop experience – applications that run in the VPC
seamlessly appear side-by-side with native applications
(including task-bar, tray-icons)
File transfer tool – share files between host and guest
Run an application in one location but have
it be displayed and controlled in another
only screen images, keystrokes and mouse
movements are sent over the network.
35
Solution
Advantages
Drawbacks
Typical scenario
APP-V










MED-V





Remote
Desktop
Services
(Terminal)




Virtual
Desktop
Infrastructure
(Hyper-V +
VECD + RDS)


Use local resources
Inter application compatibility preserved
Offline usage
fast delivery of applications (streaming just what
you need to launch and run the application)
seamless integration for customer
packaging takes less time as with classic msi
tools
workstation security enhanced due to application
isolation within its own bubble


virtual applications have to be sequenced,
distributed and maintained
relies on a APP-V infrastructure or an SCCM
infrastructure or a third party software distribution
solution infrastructure
there' s no guarantee that a non compatible
application will run on Vista / 7 once virtualized



Use local resources
Offline usage
if the application works on XP, there's a
guarantee it will work as a MED-V application on
VISTA / 7
seamless integration for user
· workstation security is nearly maximum due to
the fact that the virtualized application is running on
its own operating system

client is already installed by default on MS client
platform
seamless integration is possible
use fewer local resources and fewer network
bandwidth than any other virtualization solution
workstation security is maximum due to the fact that
the virtualized application is not running on the RDS
client
same as RDS +
performance are excellent since this solution
combines the effectiveness of a Terminal
session + the effectiveness of an enterprise
virtual machines solutions with a real hypervisor
(unlike MED-V)











need to setup, distribute and maintain virtual
machines
relies on a MED-V infrastructure
need to run a whole additional virtual operating
system (higher impact on workstation
requirements and performance)
current solution's limitations could be annoying
(virtual applications use by default the local
drives of the underlying virtual machine, no USB,
...)
no offline mode
not suitable for some applications types such as
video, 3D, VoIP…
terminal server farms to maintain
one RDS server can only handle #50 remote
sessions at a time (when a APP-V or a MED-V
server can handle #2'000)
same as RDS +
complex architecture to maintain involving not
only a RDS environment but also an hyper-V one
need to setup and maintain virtual machines
resource required are higher than other
solutions (5 VMs per CPU core + 1Go RAM
per VM)








application conflict with another one
application not compatible with Vista but
running as an APP-v application
application is not multi-user but works well
as an APP-v application running on a RDS
server
need for flexible deployment with upgrade
options
no packages available and no packagers
available
need for reducing application testing
application not compatible with Vista / 7
with no workaround
not a lot of Vista incompatible
applications to deal with (or all the
incompatible applications are not
conflicting with each other
application not compatible with Vista but
running on a Windows server 2003
application is multi user compatible
low network bandwidth available and/or
slow network link between workstation
and server
same as RDS +
machines configuration quite identical
throughout the company
14 – 15 avril 2010, CICG
Premium Sponsoring Partners
Classic Sponsoring Partners