It can often be difficult to decouple applications from the operating system they are running, but there are several ways to do this. Here’s a solution that Mark Van Noy, who manages the virtual desktop infrastructure at the University of Colorado Boulder, found to solve this problem. Mark previously contributed to my column here on TechGenix with articles on using VMware Horizon to connect to remote computers and using Turbo.net, FlexApp, and App-V as application virtualization solutions. Now let’s listen to Mark walk us through his approach to app layering, which he explains in detail with screenshots and PowerShell sample scripts at the end of his walkthrough.
Overlaying apps using VHD
Decoupling applications from the operating system has remained an elusive goal for many IT organizations. Several commercial offers promise to provide application layers, most often using proprietary methods. These overlay methods allow individual applications to be added at will to a base operating system, or even in some cases to have the operation itself managed as a layer so that a pool of systems can be added. exploitation does not need to be maintained for multiple use cases. With some use of containerization technologies, which are admittedly still proprietary, it is possible to use integrated virtual hard disk technology, VHD, in Windows to attach applications to an operating system at the time of the release. execution.
The first thing needed is a method of containerizing applications. Simply installing anything other than the simplest applications on a virtual hard drive will not work because local writes to the registry or user profiles will not be picked up by the virtual hard drive. Examples of technologies that containerize applications include Microsoft’s App-V, VMware’s ThinApp, and Turbo.Net. A special mention should be made of LiquidWare’s FlexApp, as this product handles application containerization and virtual hard disk attachment natively as part of their product. Since I used to prototype Turbo.Net this solution, I’ll use it for all future examples.
Benefits of overlay applications
Any application layering technology promises to move applications out of the operating system, so that less of golden images must be managed. Ideally, a single golden Windows image can be kept and corrected. Version control is much easier with the overlay because an updated version of the software is automatically released to users the next time they log in when the container in the VHD is updated. The overlay also enables storage deduplication since applications are stored once in a VHD instead of using space on the local physical computer. Most VDI solutions have built-in deduplication strategies that can already be used for virtual machines. Many existing commercial solutions are designed with VDI in mind, which binds them to virtual machines. This often creates a situation where different processes need to be in place to manage the virtual office infrastructure computers and physical offices. By using application containerization technologies and placing these containers in VHD files, the application overlay can be applied to any Windows computer. In addition, the solution allows images to be managed in a simple process of mounting the VHD locally, then copying the containers to the VHD or removing them to add, remove or update software.
How to overlay apps with Turbo.net
First, an empty VHD must be created. Click on Start, and then type “diskmgmt.msc” to view Disk Management on a Windows 10 client. In Disk Management, click action and select Create a virtual hard disk. Choose a convenient location for the VHD. It can be a local path or a network share. Make sure to select VHD rather than VHDX for the virtual drive type. At the time of this writing, the PowerShell cmdlet required to mount a VHDX is only present when Hyper-V is also installed on the system. This is probably why Microsoft’s MSIX App Attach technology for Azure virtual desktops requires the installation of Hyper-V, which would normally be a rather odd thing to install on a virtual machine. Once created VHD, it must be initialized and formatted like any new physical disk.
Once the VHD is created and formatted, it appears just like any other disk. Note that virtual hard disks have a light blue icon instead of the standard gray. A formatted VHD has a drive letter assigned to it by default. A specific mount point could be specified instead, so it’s easy to manage. Double clicking on a VHD file will automatically mount the VHD allowing files to be moved to and from the VHD like any other disk.
The next step is to copy the Turbo containers – .svm the files in the language Turbo – the empty VHD. There isn’t much to it. Drag and drop, control-c with control-v, robocopy, Get-Item or right click, all is well.
The last step in making the overlay work is to make sure the Turbo client is installed and set up the correct scripts to run. Please note that examples of PowerShell scripts listed at the end of this article assume that Turbo was installed for all users. If Turbo is installed for an individual user, the executable path is in the user’s% LOCALAPPDATA% cmd path rather than in Program Files (x86). The VHD mount script should be run with elevated permissions, which can be managed by running the VHD attachment as a scheduled task run as an administrative account – not SYSTEM. Although it requires administrative permissions for collecting VHD information, the Add Applications script will work correctly when assigned to a User Connection GPO. Also, if you are using Turbo, make sure the spoon / clean, spoon / base, and xvm SVMs are installed as they are the glue that makes Turbo containers work. Without them, app hooks will show in the Start menu, but apps won’t launch. (The PowerShell scripts shown in the images below are listed at the end of the article for easy copy and paste.)
Performance is always a concern in everything we do in IT. We can increase the performance of saved apps while logging in by using Turbo Cache shared among all users rather than having each user’s cache live on their local machine. To do this, I created another empty VHD and configured it to mount to% LOCALAPPDATA% Cache on initialization instead of getting a drive letter on mount. This cache VHD is then mounted on startup just like the application’s VHD, and a login script tells the Turbo client to point to% LOCALAPPDATA% Cache instead of the default% PROGRAMDATA% Turbo Containers Repo. The following facilities during the application connection were up to 50% faster after the implementation of a shared cache.
Note on Ivanti User Workspace Manager
The original proof of concept for using VHD layers containing Turbo containers was handled entirely by the Ivanti User Workspace Manager. More specifically, the Policy component of the environmental manager was used. This solution has provided ease of configuration management based on events, additional granularity regarding the timing of the connection process. Working to remove User Workspace Manager from the process took a lot of trial and error to come to a solution. For example, UWM automatically manages the elevation required to mount a VHD so that this step can be configured in user space in UWM instead of running with elevation for the whole machine. There are other tools that do similar things, like Liquidware’s ProfileUnity product. We have been using User Workspace Manager since it was called AppSense, so we have a lot of product knowledge, but that in no way suggests that User Workspace Manager is a requirement.
Some final thoughts
So should we use the app overlay? Honestly, with Turbo, probably not. Turbo has its own built-in subscription feature that does the same basic thing with less work. Subscriptions remove all applications from a specified workspace. Assuming the Turbo client is already installed for all users, a simple login script such as “turbo Subscribe marketing” (without the quotes) would overlay all the apps in the marketing workspace without having to work with VHD files. .
Some scenarios where VHD overlay continues to make sense are kiosk-style computers where user profiles do not persist between connections, branch offices that have fast storage available and relatively slow connections to Turbo servers, and organizations that have some form of application containerization that does. not have the equivalent Turbo subscription functionality. A good example of this is App-V. Using App-V containers in VHD files combined with startup and login scripts essentially provides the functionality of MSIX App Attach without the limitations of only being able to be used in Azure Virtual Desktops and having to install Hyper- V on client computers that are not otherwise. will use Hyper-V. There are definitely more scenarios where this technology could be a boon. Keep in mind that there is always a delay while waiting for Network Attached Storage to mount virtual hard disks and present applications.
PowerShell Scripts Examples
Run-TurboSVM.ps1
# Connect to the drive
$imagePath = 'your.fileshare.hereVHDTurbo-Test-Layer.vhd'
$drive = Get-DiskImage -StorageType VHD -ImagePath $imagePath
# Determine the mounted drive letter
$letter = (($drive | Get-Disk | Get-Partition | Get-Volume).DriveLetter) + ':'
# Enumerate all the SVMs available on the mounted drive
$svm = Get-ChildItem -Path $letter
# Iterate over each SVM adding appropriate shortcuts
foreach ($entry in $svm)
{
& "C:Program Files (x86)TurboCmdturbo.exe" import svm --name $entry.BaseName $entry.FullName
& "C:Program Files (x86)TurboCmdturbo.exe" installi --skip-installed --offline $entry.BaseName
}
Mont-VHD.ps1
$imagePath = 'your.fileshare.hereVHDTurbo-Test-Layer.vhd' $vhd = Mount-DiskImage -StorageType VHD -Access ReadOnly -ImagePath $imagePath
Set-TurboCache.ps1
$letter = $env:LOCALAPPDATA + 'Cache' # Specific configuration command to set the Turbo config to use the VHD as cache. & "C:Program Files (x86)TurboCmdturbo.exe" config --gci-expiration=0 --gci-interval=0 --image-cache-size=0 --image-path=$letter # Make sure the core VMs are in the cache or else no packages will launch; critical. & "C:Program Files (x86)TurboCmdturbo.exe" pull spoonbrew/clean,spoonbrew/base,/xvm
Featured Image: Shutterstock
Publication displays:
26
