I set up the Symantec Workspace Virtualization infrastructure and software over the course of a couple of evenings and took screenshots with great detailed descriptions, all documented and ready to share. I started to upload the pictures up to my website but then decided it was very time consuming and had very little reward. Why? That’s due to a couple of reason, one being that Symantec to their credit have great documentation, it’s really excellent and should be a baseline for other vendors to aspire to, even aside from Symantecs own documentation and blogs, other members of the IT Community have many tutorial videos and blogs they posted themselves. Secondly, during the setup of the tools, creation of the virtual applications (layers) and streaming, I came to the conclusion that this solution is pretty outdated (I will touch on this further down) and this blog post may be of little interest to many. So, instead of being a detailed run through of the solution, I’d like to skim through the setup from a high level perspective and give my own insight and feedback on the product.
Firstly, Symantec Workspace virtualization uses a concept called ‘layering’ in which your virtual application contains a known good base layer of the application which can be reverted to incase of corruption and a writable layer for common runtime use. Each application is called a ‘layer’. Like other application virtualization solutions, Symantec Workspace Virtualization provides application isolation, so each layer can be isolated. Unlike some other app virtualization solutions though, Symantecs solution by default is not isolated to the same level as others, you will notice that limitations that exist with some other solutions are not an issue here when using the products default configurations. e.g. shell extensions work. This is because the layer is much more like a regularly installed application. Unfortunately this means with some applications, multiple versions even when in layers of the same application may not work side by side. Unless, that is, if you enforce the level of isolation you want.
Here in the Virtualization Admin tool, You can see that you can choose to ‘Hide’ the layer from certain components running in your environment. e.g. You could choose to hide from the operating system. Doing this may prevent certain functionality from work. But to their credit. Symantec have provided that flexibility in setting the level of isolation.
The setup of the Workspace streaming environment is actually very straight forward, if you follow the Admin PDF download from the Symantec site you can set it all up in no time. There’s multiple different setup options available e.g. You could setup everything on one server (single node) for the sake of a Proof of Concept, you could have the different components on multiple servers. The components I speak of are the Database which stores application information, as well as license info, reporting info etc. It appears to store a lot of very useful data which is great because that’s been a bone of contention for me with other products out there in the past. There’s also a large set list of out of the box reports which you can generate. There’s an App Portal, which can provide a web front end for users to run Virtual applications from, so IIS is required for that. You will need 3 available Firewall ports and obviously a Server or multiple servers, depending on your environment. You may also want to use a Filer to store your virtual application on, in order to use the Application Streaming feature. Alternatively you could just share a folder on the server itself for all users who should be able to get the virtual applications but that’s not ideal. Best Practice as always would be to put the Database on a dedicated SQL box but again if you are doing a POC, putting it on the same server should work.
If you have used App-V or even XenApp Profiling and you are experienced with the concept of streaming and ‘isolation’ you likely have had to allow multiple isolated virtual applications to ‘see’ each other in order to work. As some applications can be dependent on another, so in some cases you do not want the apps to be isolated from one another. Well, you can allow dependent apps to work with one another, Just like with App-V Connection groups\DSC as you’ll see below. With the streaming, you get the benefit of a streamlined application upgrade process and you also eliminate the need for sometimes problematic and always time consuming installations. As again much like other solution, apps are not installed but instead can be streamed down on demand from a central server. When an application is provisioned to a user and their client\agent is refreshed the shortcut appears very quick. You can also select the level of pre-caching on a per application basis e.g. you can set that only the icon is cached, or you could do the entire application if you’d like. So, enough of the similarities and the basics of application streaming. Let’s cover some of the unique features and limitations of this product.
The above screenshot is to prove you can Add Dependent layers during the capturing phase. So you can set your isolation and allow virtual applications to work with one another. It’s very straight forward and simple to do.
One pretty cool feature is that after you perform your install capture you could create a directory on the capture machine with files in it and then simply drag it into the directories GUI as seen above and it gets added to your package! I thought that was really cool and unique.
An issue I have with VMWare ThinApp is the fact that out of the box a the Capture tool will scan the entire machine for changes and include everything which is created or modified into a virtual package. App-V has a pre-set exclusion list. Well, so does the Symantec Composer tool, in fact, there’s several very useful out of the box application specific templates for some very common and often times challenging applications. I think the list above is pretty impressive. You can also create your own application templates, you get prompted after capturing, whether you would like to save as a template.
As you can see in the screenshot above there’s a slew of different ‘trigger’ points with Symantec Workspace Virtualization. This is a scripters dream as you can theoretically get very creative with these events. It also can possibly provide a great means for resolving troublesome issues with a virtual application.
The absolute favorite feature of mine with Workspace Virtualization is the license control options. It’s so powerful in the above screenshot you can see that I can pick a maximum number of users who can be licensed to my application and also how many concurrent users can use the app.
You can also choose to store license information in the console\database for each licensed application. This, while not providing any functional purpose, does provide a centralized store and easily queried source for your application licenses information.
You can choose what action is taken when an application is idle on a users machine.
And as you can see in the console screenshot above. You can set an expiry date for your applications. You do not require to use Workspace virtualization for this license control piece, it’s optional to buy a different product separately which does not provide you with the streaming capabilities but just the licensing part.
When you are creating your virtual applications the best practice is to browse to the CMD.exe before beginning the capture and setting that as an application. This is because the capture uses monitoring and so if you do not browse to the cmd.exe and say, instead browse to your .msi or setup.exe which you wish to capture then once the install is complete the capture will finish which is not ideal because you really should launch the app before completing the capture to ensure any and all splash screens or post-install configurations steps have been completed. I wish there was a better solution that this, it works but seems poorly thought out. In the console under application information you may notice there’s a space for an icon..in all apps I created this was blank and there was just an option to upload an icon. Whenever I try to upload an icon, the icon that was captured and placed with the output .xpf etc. it complains that the damn thing is too big. The Environment variables section is pretty confusing. But all in all the functionality of the tools is pretty good.
Yes the setup is very straight forward but as I alluded to in the beginning of this post, as a reason for not doing a longer post on this product, is as you set the tool up, you’ll notice that this tool is quite old. You’ll notice this during different points of the setup e.g. You can have a SQL or Oracle DB for the backend, Only SQL 2005 is supported, which as you may know is not supported on Server 2012. When you attempt to spin up the Console for adding applications for streaming, you’ll get a prompt to Install Java….version 6. Not to be too anal about this but the experience as an Admin just feels tired and old. The GUI looks outdated. It still works but I would like to think a newer version is on the horizon, but the fact is, it’s using such old pre-requisites does not paint a pretty picture for the future of the product line. No SCCM 2012 or Powershell integration or really much integration with other products at all. Relatively speaking, that is.
As you can see in the screenshot above, the list of Operating Systems does leave a bit to be desired, as you cannot set Windows 8 or Windows 2012 as a valid OS for your applications to run on, but hopefully a newer version is released to compete with App-V 5.0 and the possible release of a new ThinApp version.