You are on page 1of 28

VMware ThinApp

Product Overview and Technical Discussion

2009 VMware Inc. All rights reserved

The VMware ThinApp Solution

Agentless architecture
Single file EXE, MSI
No installation or changes to registry
Zero management required on end point device
Seamlessly fits into any environment
No streaming server hardware or software needed
Plugs into any existing management framework
Run Virtually Any Application from Any Device
Desktop, USB, flash, terminal services, Citrix
Any windows application simple to complex
Supporting components can be run side by side (Java, .Net)
Ensuring security without compromising user flexibility
User-Mode execution
Virtual Registry/File System protects underlying host OS
No pre-installed agent required on underlying OS

Create Conflict Free Desktops

Problem:
Tightly coupled relationships between OS,
Applications and Data
Symptoms:

Application Conflicts
Complex Compatibility Test Matrices
Diminished Time to Deployment
Loss of User Productivity
Increased helpdesk support calls
Solution: VMware ThinApp

Agentless application virtualization


decouples applications and data
from the OS

2009 Readers Choice Award


2010 Best product in category
www.virtualizationreview.com

How ThinApp Works


VMware ThinApp Links the Application, Virtual Operating System
(VOS), File System and Registry into a Single EXE MSI File

Application Encapsulation

Windows
Operating System

& Isolation

Intercepts file and system calls


Process Loading- start exe from

ThinApp Secure
Compressed Container (EXE)

VOS, Launch from host OS


(Virtual/Physical).

Application
Registry Access

Virtual
Registry

Physical
Registry

File Access

Virtual
File System

Physical
File System

DLL Loading. Loads


EXE/DLL/OCX dependencies.

Virtual OS

Sandbox

Thread & Process Management.


VOS tracks all processes and
threads inside virtual registry
(Sandbox of Runtime
Modifications).

ThinApp 4.5

Whats new

ThinApp 4.5 whats new


Full Windows 7 support

Performance Accelerator

Virtualize legacy apps on


older Windows platform for
deployment to Windows 7

Reduced page file usage and


increased memory sharing for
faster delivery at reduced
bandwidth consumption

Relink

Registry Transaction Protection

Upgrade existing ThinApp


packages without the need of
application project files

Ensure registry file integrity and


eliminate potential data corruption
due to crash or system failure

ThinApp SDK

Enhanced Supportability
Customers have option to
share packaging results with
VMware for better support.

Published APIs to allow for


integration of ThinApp with
third party software

ThinApp Community Portal


Users can upload
application instructions and
share with the community

Windows 7 and Server 2008 R2 Support


Full support for the following Windows operating systems at the same level
as Windows XP and Windows Vista
Windows 7 (32-bit and 64-bit)
Windows Server 2008 R2

New applications captured on older platforms (XP or Vista) can still run on
Windows 7/Server 2008

Windows 7/Server 2008 can also be used to capture new applications


Best practice: Capture platform <= Deployment platform

Seamless Package Upgrades with Relink Tool


Upgrades ThinApp runtime within existing
packages.
Makes older ThinApp packages Win 7
compatible.

Does NOT require original project rebuild.

Preserves original ThinApp packages as


.BAK files.
Ensure disk space is available!

Supports wildcards and recursion.


Easy command line & scripting potential.

Syntax:
relink [-Recursive] <path_to_package> \*.exe *.dat *.msi
Examples: relink -recursive c:\Thinapps\*.exe

relink AdobeReader.exe

ThinApp 4.5 Performance Accelerator


Significant performance improvements in VDI environments w/shared storage.
Shorter application startup time
Lower network bandwidth consumption
Lower disk IOPs
Reduced memory consumption and page file usage

Implemented with new PACKAGE.INI parameter


OptimizeFor=Memory

Streaming Improvements from ThinApp 4.0.4 to 4.5


Launch Time (sec)

Mem Used (MB)

Network Payload (KB)

Excel

-46.4 %

-57.8 %

-42.0 %

Word

-23.5 %

-88.7 %

-38.9 %

PPT

-34.5 %

-35.6 %

-36.6 %

Outlook

-48.3 %

-57.7 %

-38.9 %

Adobe

-20.5 %

-0.7 %

-44.1 %

Setup Capture Changes


Improvements made to Setup Capture wizard for enhanced customer experience.
Context-sensitive Help, Help buttons, and External Links added to many screens.

Technical Discussion

Architecture

Technical Architecture User Mode Architecture


User mode architecture provides transparency and best in class compatibility.
ThinApp packaged apps do not require kernel mode for CPU-level privileges.
- No more BSODs!!
- Host OS and other apps are protected from potential corruptions by app modifications.
ThinApp packaged apps do not require Admin mode for OS-level privileges.
- No more Local Admins!
- Users can run apps on locked-down PCs or Kiosks as guest user.
Ring 3

Applications

Ring 2

Device Drivers

Ring 1

Device Drivers

Ring 0

Kernel

Least Privileged

Most Privileged

Technical Architecture Sandbox & Isolation


Sandboxing & Isolation Modes provide security and persistence.
ThinApp redirects all runtime changes to private, per-user/per-app sandbox location.
Sandbox location is configurable:
- Network share (i.e. Home Drives).
- Removable USB volume or VMware View User Data Disk.
- User-specific directory (i.e. %appdata%\thinstall).
- Honors system variables (i.e. %UserName%, %ComputerName%, etc.)
Reset apps to default behavior by deleting the sandbox.

Technical Discussion

Deployment Options

ThinApp Deployment Scenarios


Stream From Share

Locally Deploy

Flash Device

Efficiently Stream

Deploy ThinApp

Enable Workforce

Applications to

Packages through

Mobility And Full

Multiple Users

existing

Application

From a Single

distribution to

Portability Without

Network Share

managed desktops

Compromising
Security

ThinApp Streaming from Network Share


Cost Efficient Application
Density on the LAN

Deliver applications to
multiple users from
a single network share
Stream into memory without
local disk footprint
Read-only Network Share is
only support burden
Utilize DFS for replication
and branch office solution
Excellent mechanism for
integration with View
desktops

File Server Network Share


Enterprise software Licenses

Locally Deploy with Existing Management Framework


Locally Deploy

Deliver using existing process and


workflow to variety of End Points.

Leverage existing workflow


to distribute as MSI or Exe
packages

Package / Publish

Distribute

Application performance
based on local resources

Simplicity for harvesting


inventory and usage

3rd Party Config


Management

Various Endpoints

ThinApp from USB


Enabling Mobility without
Compromising on Security

USB Applications

Run applications from Flash

ThinApp (EXE or MSI)

devices on any end point

ThinApp VOS

User-mode only execution

Applications

allows for deployment on


locked-down PCs

End users can continue with


their activity with their favorite
applications

No Install Required!

Kiosk

Locked Down
Desktop

Laptop

Home PC

Simplify Desktop Delivery with View


Simplify Software Delivery
(no agents/infrastructure)
Freedom from application
conflicts.
Integration without dedicated
server infrastructure.
Streamline Patch Updates
Modify 1 app for an entire
environment.
In place upgrades.
Reduce Storage
Reuse templates.
Reduce image size and
complexity.
Apps delivered from network.

Technical Discussion

Features & Process

Application Link Connect ThinApps

Primary Application

Seamless Interoperability

Dependency

Primary Application

Enhance License Management

ThinApp packages can talk

Reduces package size to

together and with OS


Enables interoperability
between virtual applications
and underlying OS

ease deployment and delivery


Enhances software license
management tracking via
current inventory tools

Application Sync : Update ThinApp Packages


Package / Publish

Manage Mobility with Ease

Deliver

HTTP/HTTPS/FILE Server
App
(Version C)

Manage applications in the


extended enterprise: Partners,
Subsidiaries

Ship only what they need,


when they need it

App
(Version B to C)

App
(Version A to C)

Enable Workforce Mobility

Flexible delivery to a variety of


devices (USB, Thin Client, PC)

Conflict free application


SMB/HTTP/HTTPS Byte Level Updates
over WAN/LAN via Active Directory

updates for unmanaged PCs


(WAN)

Introduction to Application Packaging

Steps for packaging an application with ThinApp:


The Setup Capture utility creates a baseline snapshot before the
application is installed (pre-scan)
The application is traditionally installed
The Build phase of Setup Capture creates the virtualized application
package (post-scan)
Set package entry points and package options
Finish by browsing and building the project

Pre-scan

Install
application

Post-scan

Set package
options

Browse and
build package

Active Directory Integration


Primary Integration Points
1. Role Based Access To Applications

2. Access Control and Distribution

Desktop Integration Questions


How do I register applications?
Deploy MSI Packages

Use ThinReg in a Script


Answer: Application
Registration

Application Virtualization Grey Areas


Every appvirt product has these four issues!
Competitors have additional issues!
Drivers Drivers cannot be virtualized as they are Windows OS Level controlled
components which must interface with a logical or physical device.
COM Plus COM Plus objects cannot be virtualized as they are Windows OS Level
controlled components (ThinApp can virtualize COM objects).
Network DCOM Network DCOM objects cannot be virtualized (DCOM a.k.a.
Local DCOM objects can be virtualized by ThinApp) as there are two sides to
Network DCOM objects a local and a remote side.

Windows Components ThinApp does not support virtualizing some OS Level


Windows components such as DNS (client/server), DHCP (client/server),
WINS (client/server), IIS, etc.

Wrap Up
Agentless
Agentless Architecture
Architecture
No compatibility issues with multiple
versions
No backend infrastructure requirements
100% User mode execution

Wide Platform Support

Support for 16, 32 & 64bit Windows.

Windows NT Win 7, W2K W2K8.


Citrix XenApp & MS Terminal
Services.

Agentless
Architecture
Works
with What
You Have Now!

Various multiple .NET and Java


runtimes.

HP

IBM

Multiple versions of Internet Explorer


run IE 6, IE 7, & IE8 on the same
machine (Not Easy!).

BMC (Marimba)

CA

SMS/SCCM

BigFix

LanDesk

Many, Many More!

Confidential

Q&A

Thank You!