Sie sind auf Seite 1von 660

O F F I C I A L M I C R O S O F T L E A R N I N G P R O D U C T

10324A
Implementing and Managing Microsoft
Desktop Virtualization
ii Implementing and Managing Microsoft Desktop Virtualization

Information in this document, including URL and other Internet Web site references, is subject to change without notice.
Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people,
places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain
name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright
laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be
reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic,
mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft
Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject
matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this
document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no
representations and warranties, either expressed, implied, or statutory, regarding these manufacturers or the use of the
products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of
Microsoft of the manufacturer or product. Links may be provided to third party sites. Such sites are not under the control of
Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any
changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from
any linked site. Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply
endorsement of Microsoft of the site or the products contained therein.

2010 Microsoft Corporation. All rights reserved.

Microsoft, and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or
other countries.

All other trademarks are property of their respective owners.

Product Number: 10324A

Part Number: X17-41915


Released: 10/2010
MICROSOFT LICENSE TERMS
OFFICIAL MICROSOFT LEARNING PRODUCTS - TRAINER EDITION
Pre-Release and Final Release Versions
These license terms are an agreement between Microsoft Corporation and you. Please read them. They apply to the Licensed
Content named above, which includes the media on which you received it, if any. The terms also apply to any Microsoft
updates,
supplements,
Internet-based services, and
support services
for this Licensed Content, unless other terms accompany those items. If so, those terms apply.
By using the Licensed Content, you accept these terms. If you do not accept them, do not use the Licensed
Content.

If you comply with these license terms, you have the rights below.
1. DEFINITIONS.
a. Academic Materials means the printed or electronic documentation such as manuals, workbooks, white papers,
press releases, datasheets, and FAQs which may be included in the Licensed Content.
b. Authorized Learning Center(s) means a Microsoft Certified Partner for Learning Solutions location, an IT
Academy location, or such other entity as Microsoft may designate from time to time.
c. Authorized Training Session(s) means those training sessions authorized by Microsoft and conducted at or
through Authorized Learning Centers by a Trainer providing training to Students solely on Official Microsoft Learning
Products (formerly known as Microsoft Official Curriculum or MOC) and Microsoft Dynamics Learning Products
(formerly know as Microsoft Business Solutions Courseware). Each Authorized Training Session will provide training on
the subject matter of one (1) Course.
d. Course means one of the courses using Licensed Content offered by an Authorized Learning Center during an
Authorized Training Session, each of which provides training on a particular Microsoft technology subject matter.
e. Device(s) means a single computer, device, workstation, terminal, or other digital electronic or analog device.
f. Licensed Content means the materials accompanying these license terms. The Licensed Content may include, but
is not limited to, the following elements: (i) Trainer Content, (ii) Student Content, (iii) classroom setup guide, and (iv)
Software. There are different and separate components of the Licensed Content for each Course.
g. Software means the Virtual Machines and Virtual Hard Disks, or other software applications that may be included
with the Licensed Content.
h. Student(s) means a student duly enrolled for an Authorized Training Session at your location.
i. Student Content means the learning materials accompanying these license terms that are for use by Students and
Trainers during an Authorized Training Session. Student Content may include labs, simulations, and courseware files
for a Course.
j. Trainer(s) means a) a person who is duly certified by Microsoft as a Microsoft Certified Trainer and b) such other
individual as authorized in writing by Microsoft and has been engaged by an Authorized Learning Center to teach or
instruct an Authorized Training Session to Students on its behalf.
k. Trainer Content means the materials accompanying these license terms that are for use by Trainers and Students,
as applicable, solely during an Authorized Training Session. Trainer Content may include Virtual Machines, Virtual Hard
Disks, Microsoft PowerPoint files, instructor notes, and demonstration guides and script files for a Course.
l. Virtual Hard Disks means Microsoft Software that is comprised of virtualized hard disks (such as a base virtual hard
disk or differencing disks) for a Virtual Machine that can be loaded onto a single computer or other device in order to
allow end-users to run multiple operating systems concurrently. For the purposes of these license terms, Virtual Hard
Disks will be considered Trainer Content.
m. Virtual Machine means a virtualized computing experience, created and accessed using Microsoft Virtual PC or
Microsoft Virtual Server software that consists of a virtualized hardware environment, one or more Virtual Hard Disks,
and a configuration file setting the parameters of the virtualized hardware environment (e.g., RAM). For the purposes
of these license terms, Virtual Hard Disks will be considered Trainer Content.
n. you means the Authorized Learning Center or Trainer, as applicable, that has agreed to these license terms.
2. OVERVIEW.
Licensed Content. The Licensed Content includes Software, Academic Materials (online and electronic), Trainer Content,
Student Content, classroom setup guide, and associated media.
License Model. The Licensed Content is licensed on a per copy per Authorized Learning Center location or per Trainer
basis.
3. INSTALLATION AND USE RIGHTS.
a. Authorized Learning Centers and Trainers: For each Authorized Training Session, you may:
i. either install individual copies of the relevant Licensed Content on classroom Devices only for use by Students
enrolled in and the Trainer delivering the Authorized Training Session, provided that the number of copies in use
does not exceed the number of Students enrolled in and the Trainer delivering the Authorized Training Session, OR
ii. install one copy of the relevant Licensed Content on a network server only for access by classroom Devices and
only for use by Students enrolled in and the Trainer delivering the Authorized Training Session, provided that the
number of Devices accessing the Licensed Content on such server does not exceed the number of Students
enrolled in and the Trainer delivering the Authorized Training Session.
iii. and allow the Students enrolled in and the Trainer delivering the Authorized Training Session to use the Licensed
Content that you install in accordance with (ii) or (ii) above during such Authorized Training Session in accordance
with these license terms.
i. Separation of Components. The components of the Licensed Content are licensed as a single unit. You may not
separate the components and install them on different Devices.
ii. Third Party Programs. The Licensed Content may contain third party programs. These license terms will apply to
the use of those third party programs, unless other terms accompany those programs.
b. Trainers:
i. Trainers may Use the Licensed Content that you install or that is installed by an Authorized Learning Center on a
classroom Device to deliver an Authorized Training Session.
ii. Trainers may also Use a copy of the Licensed Content as follows:
A. Licensed Device. The licensed Device is the Device on which you Use the Licensed Content. You may install
and Use one copy of the Licensed Content on the licensed Device solely for your own personal training Use and
for preparation of an Authorized Training Session.
B. Portable Device. You may install another copy on a portable device solely for your own personal training Use
and for preparation of an Authorized Training Session.
4. PRE-RELEASE VERSIONS. If this is a pre-release (beta) version, in addition to the other provisions in this agreement,
these terms also apply:
a. Pre-Release Licensed Content. This Licensed Content is a pre-release version. It may not contain the same
information and/or work the way a final version of the Licensed Content will. We may change it for the final,
commercial version. We also may not release a commercial version. You will clearly and conspicuously inform any
Students who participate in each Authorized Training Session of the foregoing; and, that you or Microsoft are under no
obligation to provide them with any further content, including but not limited to the final released version of the
Licensed Content for the Course.
b. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, you give to Microsoft, without
charge, the right to use, share and commercialize your feedback in any way and for any purpose. You also give to
third parties, without charge, any patent rights needed for their products, technologies and services to use or interface
with any specific parts of a Microsoft software, Licensed Content, or service that includes the feedback. You will not
give feedback that is subject to a license that requires Microsoft to license its software or documentation to third parties
because we include your feedback in them. These rights survive this agreement.
c. Confidential Information. The Licensed Content, including any viewer, user interface, features and documentation
that may be included with the Licensed Content, is confidential and proprietary to Microsoft and its suppliers.
i. Use. For five years after installation of the Licensed Content or its commercial release, whichever is first, you
may not disclose confidential information to third parties. You may disclose confidential information only to
your employees and consultants who need to know the information. You must have written agreements with
them that protect the confidential information at least as much as this agreement.
ii. Survival. Your duty to protect confidential information survives this agreement.
iii. Exclusions. You may disclose confidential information in response to a judicial or governmental order. You
must first give written notice to Microsoft to allow it to seek a protective order or otherwise protect the
information. Confidential information does not include information that
becomes publicly known through no wrongful act;
you received from a third party who did not breach confidentiality obligations to Microsoft or its suppliers;
or
you developed independently.

d. Term. The term of this agreement for pre-release versions is (i) the date which Microsoft informs you is the end date
for using the beta version, or (ii) the commercial release of the final release version of the Licensed Content, whichever
is first (beta term).
e. Use. You will cease using all copies of the beta version upon expiration or termination of the beta term, and will
destroy all copies of same in the possession or under your control and/or in the possession or under the control of any
Trainers who have received copies of the pre-released version.
f. Copies. Microsoft will inform Authorized Learning Centers if they may make copies of the beta version (in either print
and/or CD version) and distribute such copies to Students and/or Trainers. If Microsoft allows such distribution, you
will follow any additional terms that Microsoft provides to you for such copies and distribution.
5. ADDITIONAL LICENSING REQUIREMENTS AND/OR USE RIGHTS.
a. Authorized Learning Centers and Trainers:
i. Software.
ii. Virtual Hard Disks. The Licensed Content may contain versions of Microsoft XP, Microsoft Windows Vista,
Windows Server 2003, Windows Server 2008, and Windows 2000 Advanced Server and/or other Microsoft products
which are provided in Virtual Hard Disks.
A. If the Virtual Hard Disks and the labs are launched through the Microsoft Learning Lab Launcher,
then these terms apply:
Time-Sensitive Software. If the Software is not reset, it will stop running based upon the time indicated on the
install of the Virtual Machines (between 30 and 500 days after you install it). You will not receive notice before
it stops running. You may not be able to access data used or information saved with the Virtual Machines
when it stops running and may be forced to reset these Virtual Machines to their original state. You must
remove the Software from the Devices at the end of each Authorized Training Session and reinstall and launch
it prior to the beginning of the next Authorized Training Session.
B. If the Virtual Hard Disks require a product key to launch, then these terms apply:
Microsoft will deactivate the operating system associated with each Virtual Hard Disk. Before installing any
Virtual Hard Disks on classroom Devices for use during an Authorized Training Session, you will obtain from
Microsoft a product key for the operating system software for the Virtual Hard Disks and will activate such
Software with Microsoft using such product key.
C. These terms apply to all Virtual Machines and Virtual Hard Disks:
You may only use the Virtual Machines and Virtual Hard Disks if you comply with the terms and
conditions of this agreement and the following security requirements:
o You may not install Virtual Machines and Virtual Hard Disks on portable Devices or Devices that are
accessible to other networks.
o You must remove Virtual Machines and Virtual Hard Disks from all classroom Devices at the end of each
Authorized Training Session, except those held at Microsoft Certified Partners for Learning Solutions
locations.
o You must remove the differencing drive portions of the Virtual Hard Disks from all classroom Devices at
the end of each Authorized Training Session at Microsoft Certified Partners for Learning Solutions locations.
o You will ensure that the Virtual Machines and Virtual Hard Disks are not copied or downloaded from
Devices on which you installed them.
o You will strictly comply with all Microsoft instructions relating to installation, use, activation and
deactivation, and security of Virtual Machines and Virtual Hard Disks.
o You may not modify the Virtual Machines and Virtual Hard Disks or any contents thereof.
o You may not reproduce or redistribute the Virtual Machines or Virtual Hard Disks.
ii. Classroom Setup Guide. You will assure any Licensed Content installed for use during an Authorized Training
Session will be done in accordance with the classroom set-up guide for the Course.
iii. Media Elements and Templates. You may allow Trainers and Students to use images, clip art, animations,
sounds, music, shapes, video clips and templates provided with the Licensed Content solely in an Authorized
Training Session. If Trainers have their own copy of the Licensed Content, they may use Media Elements for their
personal training use.
iv. iv Evaluation Software. Any Software that is included in the Student Content designated as Evaluation
Software may be used by Students solely for their personal training outside of the Authorized Training Session.
b. Trainers Only:
i. Use of PowerPoint Slide Deck Templates . The Trainer Content may include Microsoft PowerPoint slide decks.
Trainers may use, copy and modify the PowerPoint slide decks only for providing an Authorized Training Session.
If you elect to exercise the foregoing, you will agree or ensure Trainer agrees: (a) that modification of the slide
decks will not constitute creation of obscene or scandalous works, as defined by federal law at the time the work is
created; and (b) to comply with all other terms and conditions of this agreement.
ii. Use of Instructional Components in Trainer Content. For each Authorized Training Session, Trainers may
customize and reproduce, in accordance with the MCT Agreement, those portions of the Licensed Content that are
logically associated with instruction of the Authorized Training Session. If you elect to exercise the foregoing
rights, you agree or ensure the Trainer agrees: (a) that any of these customizations or reproductions will only be
used for providing an Authorized Training Session and (b) to comply with all other terms and conditions of this
agreement.
iii. Academic Materials. If the Licensed Content contains Academic Materials, you may copy and use the Academic
Materials. You may not make any modifications to the Academic Materials and you may not print any book (either
electronic or print version) in its entirety. If you reproduce any Academic Materials, you agree that:
The use of the Academic Materials will be only for your personal reference or training use
You will not republish or post the Academic Materials on any network computer or broadcast in any media;
You will include the Academic Materials original copyright notice, or a copyright notice to Microsofts benefit in
the format provided below:
Form of Notice:
2010 Reprinted for personal reference use only with permission by Microsoft Corporation. All
rights reserved.
Microsoft, Windows, and Windows Server are either registered trademarks or trademarks of
Microsoft Corporation in the US and/or other countries. Other product and company names
mentioned herein may be the trademarks of their respective owners.
6. INTERNET-BASED SERVICES. Microsoft may provide Internet-based services with the Licensed Content. It may change
or cancel them at any time. You may not use these services in any way that could harm them or impair anyone elses use
of them. You may not use the services to try to gain unauthorized access to any service, data, account or network by any
means.
7. SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some rights to use the
Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation,
you may use the Licensed Content only as expressly permitted in this agreement. In doing so, you must comply with any
technical limitations in the Licensed Content that only allow you to use it in certain ways. You may not
install more copies of the Licensed Content on classroom Devices than the number of Students and the Trainer in the
Authorized Training Session;
allow more classroom Devices to access the server than the number of Students enrolled in and the Trainer delivering
the Authorized Training Session if the Licensed Content is installed on a network server;
copy or reproduce the Licensed Content to any server or location for further reproduction or distribution;
disclose the results of any benchmark tests of the Licensed Content to any third party without Microsofts prior written
approval;
work around any technical limitations in the Licensed Content;
reverse engineer, decompile or disassemble the Licensed Content, except and only to the extent that applicable law
expressly permits, despite this limitation;
make more copies of the Licensed Content than specified in this agreement or allowed by applicable law, despite this
limitation;
publish the Licensed Content for others to copy;
transfer the Licensed Content, in whole or in part, to a third party;
access or use any Licensed Content for which you (i) are not providing a Course and/or (ii) have not been authorized
by Microsoft to access and use;
rent, lease or lend the Licensed Content; or
use the Licensed Content for commercial hosting services or general business purposes.
Rights to access the server software that may be included with the Licensed Content, including the Virtual Hard Disks
does not give you any right to implement Microsoft patents or other Microsoft intellectual property in software or
devices that may access the server.
8. EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and regulations. You must
comply with all domestic and international export laws and regulations that apply to the Licensed Content. These laws
include restrictions on destinations, end users and end use. For additional information, see
www.microsoft.com/exporting.
9. NOT FOR RESALE SOFTWARE/LICENSED CONTENT. You may not sell software or Licensed Content marked as NFR
or Not for Resale.
10. ACADEMIC EDITION. You must be a Qualified Educational User to use Licensed Content marked as Academic Edition
or AE. If you do not know whether you are a Qualified Educational User, visit www.microsoft.com/education or contact
the Microsoft affiliate serving your country.
11. TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you fail to comply with
the terms and conditions of these license terms. In the event your status as an Authorized Learning Center or Trainer a)
expires, b) is voluntarily terminated by you, and/or c) is terminated by Microsoft, this agreement shall automatically
terminate. Upon any termination of this agreement, you must destroy all copies of the Licensed Content and all of its
component parts.
12. ENTIRE AGREEMENT. This agreement, and the terms for supplements, updates, Internet-based services and
support services that you use, are the entire agreement for the Licensed Content and support services.
13. APPLICABLE LAW.
a. United States. If you acquired the Licensed Content in the United States, Washington state law governs the
interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws principles. The laws
of the state where you live govern all other claims, including claims under state consumer protection laws, unfair
competition laws, and in tort.
b. Outside the United States. If you acquired the Licensed Content in any other country, the laws of that country
apply.
14. LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the laws of your country.
You may also have rights with respect to the party from whom you acquired the Licensed Content. This agreement does
not change your rights under the laws of your country if the laws of your country do not permit it to do so.
15. DISCLAIMER OF WARRANTY. The Licensed Content is licensed as-is. You bear the risk of using it.
Microsoft gives no express warranties, guarantees or conditions. You may have additional consumer rights
under your local laws which this agreement cannot change. To the extent permitted under your local laws,
Microsoft excludes the implied warranties of merchantability, fitness for a particular purpose and non-
infringement.
16. LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM MICROSOFT AND
ITS SUPPLIERS ONLY DIRECT DAMAGES UP TO U.S. $5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES,
INCLUDING CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES.
This limitation applies to
anything related to the Licensed Content, software, services, content (including code) on third party Internet sites, or
third party programs; and
claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence, or other tort to the
extent permitted by applicable law.
It also applies even if Microsoft knew or should have known about the possibility of the damages. The above limitation or
exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental, consequential
or other damages.
Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in this agreement
are provided below in French.

Remarque : Ce le contenu sous licence tant distribu au Qubec, Canada, certaines des clauses dans ce contrat
sont fournies ci-dessous en franais.
EXONRATION DE GARANTIE. Le contenu sous licence vis par une licence est offert tel quel . Toute utilisation de ce
contenu sous licence est votre seule risque et pril. Microsoft naccorde aucune autre garantie expresse. Vous pouvez
bnficier de droits additionnels en vertu du droit local sur la protection dues consommateurs, que ce contrat ne peut modifier.
La ou elles sont permises par le droit locale, les garanties implicites de qualit marchande, dadquation un usage particulier
et dabsence de contrefaon sont exclues.
LIMITATION DES DOMMAGES-INTRTS ET EXCLUSION DE RESPONSABILIT POUR LES DOMMAGES. Vous
pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de dommages directs uniquement hauteur de
5,00 $ US. Vous ne pouvez prtendre aucune indemnisation pour les autres dommages, y compris les dommages spciaux,
indirects ou accessoires et pertes de bnfices.
Cette limitation concerne:
tout ce qui est reli au le contenu sous licence , aux services ou au contenu (y compris le code) figurant sur des sites
Internet tiers ou dans des programmes tiers ; et
les rclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilit stricte, de ngligence ou
dune autre faute dans la limite autorise par la loi en vigueur.
Elle sapplique galement, mme si Microsoft connaissait ou devrait connatre lventualit dun tel dommage. Si votre pays
nautorise pas lexclusion ou la limitation de responsabilit pour les dommages indirects, accessoires ou de quelque nature que
ce soit, il se peut que la limitation ou lexclusion ci-dessus ne sappliquera pas votre gard.
EFFET JURIDIQUE. Le prsent contrat dcrit certains droits juridiques. Vous pourriez avoir dautres droits prvus par les lois
de votre pays. Le prsent contrat ne modifie pas les droits que vous confrent les lois de votre pays si celles-ci ne le
permettent pas.
Implementing and Managing Microsoft Desktop Virtualization ix
x Implementing and Managing Microsoft Desktop Virtualization

Acknowledgements
Microsoft Learning would like to acknowledge and thank the following for their contribution towards
developing this title. Their effort at various stages in the development has ensured that you have a good
classroom experience.

Gary DunlopContent Developer


Gary Dunlop is based in Winnipeg, Canada and is a technical consultant and trainer for Broadview
Networks. He has authored a number of Microsoft Learning titles and has been an MCT since 1997.

Damir Dizdarevic Content Developer


Damir Dizdarevic is a manager of the Learning Center at Logosoft d.o.o. (Sarajevo, Bosnia and
Herzegovina) and an MCT. He has worked as a subject matter expert and technical reviewer on several
MOC courses, and has published more than 350 articles in various IT magazines such as Windows ITPro.
He is an MVP for Windows Server Infrastructure Management, and an MCSE, MCTS, and MCITP (Windows
Server 2008 and Exchange Server 2007). He specializes in Windows Server and Exchange Server.

Slavko Kukrika Content Developer


Slavko Kukrika has been a Microsoft Certified Trainer (MCT) for over 12 years. He holds title Business
Desktop Deployment Specialist among others. He has delivered many courses on standardized desktop
deployment, on such topics as Windows Vista Preinstallation and Microsoft Deployment Toolkit.

Stan Reimer Content Developer


Stan Reimer is president of S. R. Technical Services Inc, and he works as a consultant, trainer and author.
Stan has extensive experience consulting on Active Directory and Exchange Server deployments for some
of the largest companies in Canada. Stan is the lead author for two Active Directory books for Microsoft
Press, and is currently working on an Exchange Server 2010 Best Practices book, also for Microsoft Press.
For the last six years, Stan has been writing courseware for Microsoft Learning, specializing in Active
Directory and Exchange Server courses. Stan has been an MCT for 11 years.

Nelson Ruest Technical Reviewer


Nelson Ruest is a technology futurist, who is focused on virtualization and constant service delivery.
Together with his partner, Danielle Ruest, Nelson has written more than a dozen books and hundreds of
articles on Microsoft technologies. He recently concluded an extended multicity tour on virtualization in
the US.
Implementing and Managing Microsoft Desktop Virtualization xi

Contents
Module 1: Overview of Desktop and Application Virtualization
Lesson 1: Overview of Virtualization 1-3
Lesson 2: Overview of Virtualization Management 1-20
Lesson 3: Planning an Application and Desktop Virtualization
Deployment 1-38
Lab: Planning Desktop Virtualization Scenarios 1-52

Module 2: Implementing Windows Virtual PC and Windows XP Mode


Lesson 1: Installing Windows Virtual PC 2-3
Lesson 2: Configuring Windows Virtual PC 2-20
Lesson 3: Installing, Configuring, and Managing the
Windows XP Mode 2-35
Lesson 4: Creating and Deploying Custom Images of
Windows XP Mode 2-43
Lab: Implementing Windows Virtual PC and Windows XP Mode 2-53

Module 3: Implementing Microsoft Enterprise Desktop Virtualization


Lesson 1: Overview of MED-V 3-3
Lesson 2: Implementing MED-V Management Servers 3-16
Lesson 3: Implementing a MED-V Client 3-23
Lab: Implementing MED-V 3-31

Module 4: Configuring and Deploying MED-V Images


Lesson 1: Configuring MED-V Images 4-3
Lesson 2: Deploying MED-V Images 4-16
Lab: Configuring and Deploying MED-V Images 4-25

Module 5: Managing a MED-V Deployment


Lesson 1: Implementing the MED-V Workspace Policy 5-3
Lesson 2: Working with a MED-V Workspace 5-17
Lesson 3: Reporting and Troubleshooting MED-V 5-26
Lab: Managing a MED-V Deployment 5-34

Module 6: Implementing Microsoft Application Virtualization


Lesson 1: Introduction to Application Virtualization 6-3
Lesson 2: Planning for Application Virtualization 6-15
Lesson 3: Deploying Application Virtualization Servers 6-27
Lab: Implementing Application Virtualization 6-36

Module 7: Planning and Deploying App-V Clients


xii Implementing and Managing Microsoft Desktop Virtualization

Lesson 1: Overview of the App-V Client 7-3


Lesson 2: Installing and Configuring the App-V Client 7-14
Lab A: Deploying the App-V Client in Stand-Alone Mode 7-24
Lesson 3: Managing Client Configuration Features 7-28
Lab B: Managing Client Configuration Features 7-41

Module 8: Managing and Administering Application Virtualization


Lesson 1: Using the Application Virtualization Management Console 8-3
Lesson 2: Publishing Applications into the App-V Environment 8-12
Lab A: Publishing Applications in the App-V Environment 8-27
Lesson 3: Performing Advanced Administration Tasks for
Application Virtualization 8-32
Lab B: Implementing License Enforcement 8-43

Module 9: Sequencing Applications for Virtualization


Lesson 1: Overview of Application Sequencing 9-3
Lesson 2: Planning and Configuring the Sequencer Environment 9-11
Lesson 3: Performing Application Sequencing 9-19
Lesson 4: Advanced Sequencing Scenarios 9-27
Lab: Sequencing Applications for Virtualization 9-37

Module 10: Configuring Remote Desktop Services and RemoteApp


Lesson 1: Overview of RDS 10-3
Lesson 2: Publishing RemoteApp Programs by Using RDS 10-13
Lesson 3: Accessing RemoteApp Programs from Clients 10-27
Lab: Configuring RDS and RemoteApp Programs 10-42

Module 11: Implementing User State Virtualization


Lesson 1: Overview of User State 11-3
Lesson 2: Configuring Roaming Profiles and Folder Redirection 11-15
Lab: Implementing User State Virtualization 11-30

Module 12: Configuring Virtual Desktop Infrastructure


Lesson 1: Overview of Windows Server 2008 R2 Hyper-V 12-3
Lesson 2: Introduction to VDI 12-17
Lesson 3: Configuring Personal and Pooled Virtual Desktops 12-31
Lab: Configuring Virtual Desktop Infrastructure 12-42

Module 13: Summary of Desktop Virtualization Technologies


Lesson 1: Review of Desktop Virtualization Technologies 13-3
Lesson 2: Real-World Usage Scenarios 13-17

Lab Answer Keys


About This Course xiii

About This Course


This section provides you with a brief description of the course, audience, suggested prerequisites, and
course objectives.

Course Description
This five-day, instructor-led course provides you with the knowledge and skills to implement and manage
desktop virtualization solutions. This course provides an overview of virtualization and the various
Microsoft products that you can use to implement and deploy a virtualization solution. The course
explains how to configure and manage a MED-V deployment. Then, it describes the procedures for
deploying an App-V solution by implementing App-V servers and clients and by sequencing applications.
The course then covers the configuration of Remote Desktop Services and RemoteApp programs. Finally,
the course describes the concept of user state virtualization and procedures for configuring the Virtual
Desktop Infrastructure (VDI).

Audience
This course is intended for Microsoft Windows Server 2008 system and desktop administrators who
will manage and implement desktop and application virtualization technologies within their networks.

The students for this course typically are responsible for implementing their organizations desktop and
application virtualization, or their information technology (IT) management has directed them to research
and/or implement desktop and application virtualization in the existing environment. Students should
have a minimum of 1.5 years of experience working with Windows Server 2008 as a server or desktop
administrator. This course does not require prior experience with virtualization. However, we highly
recommend familiarity with virtualization concepts and management tools.

Student Prerequisites
This course requires that you meet the following prerequisites:
Basic skills with Windows Command line
Monitoring and Management Tools
Networking
AD DS, including Group Policy deployments
Performance Monitoring
Troubleshooting

Course Objectives
After completing this course, students will be able to:
Plan desktop virtualization scenarios.
Implement and configure Windows Virtual PC and the Windows XP mode.
Implement Microsoft Enterprise Desktop Virtualization.
Configure and deploy MED-V images.
Manage a MED-V deployment.
Implement App-V servers.
Plan and deploy Application Virtualization clients.
xiv About This Course

Administer the App-V infrastructure by using the App-V Management Console.


Sequence applications for deployment by using the App-V infrastructure or a standalone installation.
Configure and use Remote Desktop Services and RemoteApp programs.
Implement user state virtualization.
Configure and use Virtual Desktop Infrastructure.

Course Outline
This section provides an outline of the course:

Module 1, Overview of Desktop and Application Virtualization

Many organizations are exploring the use of virtualization to optimize their information technology
environment and to streamline their IT management practices. Microsoft provides several products and
technologies that enable organizations to implement virtualization solutions in many different ways. This
module provides an overview of the Microsoft virtualization technologies and provides information on
planning and managing virtualized environments.

Module 2, Implementing Windows Virtual PC and Windows XP Mode

Windows 7 has introduced new version of Microsoft Virtual PC software, to support creating virtual
machines with various operating systems within same virtual environment. Also, Windows 7 brings
Windows XP Mode, a pre-created virtual machine with Windows XP Professional SP3 installed, for
supporting older applications and to make migration to Windows 7 more convenient. In this module, you
will learn how to configure and use Windows Virtual PC, virtual machines as well as how to use Windows
XP Mode.

Module 3, Implementing Microsoft Enterprise Desktop Virtualization

Microsoft Enterprise Desktop Virtualization (MED-V) is an enterprise solution that enables incompatible or
unsupported applications to be available in a virtual environment, and then used by the end users as if
they were installed locally on their computers. However, the applications availability from the virtual
environment is seamless, or invisible, to the user. It provides a virtual environment for legacy applications,
and it enables central administration of applications.
MED-V is built on Windows Virtual PC 2007 Service Pack 1 (SP1), and it is available for Windows clients
such as the Windows XP, Windows Vista, and Windows 7 operating systems.

Module 4, Configuring and Deploying MED-V Images

MED-V uses virtualization to provide an isolated environment, in which you can run legacy applications
and publish applications to the host. A virtual image contains the virtual machine and MED-V enables
central management of the images. There are certain prerequisites that you must meet when you create a
MED-V image. This module describes the purpose and functionality of MED-V images, and the procedures
for configuring and testing of the images. The module also explains how to pack and upload MED-V
images to the image repository on a MED-V server.

Module 5, Managing a MED-V Deployment

Managing the MED-V environment typically is one of the most time-consuming activities for MED-V
administrators. After you deploy the MED-V infrastructure, you must define MED-V Workspaces by
configuring MED-V policies. You then need to enable the workspaces for the users and set options to
configure the workspaces that will be available to the users.
About This Course xv

MED-V users work in two separate environments, the host operating system and the MED-V Workspace. If
you seamlessly integrate published applications with the host, users typically cannot differentiate them
from the locally installed applications.

Besides a configurable virtual environment and a seamless integration with the host, MED-V also provides
reporting and diagnostics capability. The reporting feature requires Microsoft SQL Server, and it logs
MED-V events and provides three basic report types. The MED-V client provides a diagnostics mode,
policy updates, and diagnostic log gathering that you can use to troubleshoot MED-V issues.

Module 6, Implementing Microsoft Application Virtualization

The Microsoft Application Virtualization 4.5 Service Pack 1 (App-V 4.5 SP1) and the App-V 4.6 client and
sequencer software provide the latest updates to application virtualization technology. This release
includes new capabilities that make it easy for enterprise Information Technology (IT) organizations to
support large-scale, global application virtualization implementations. This module provides an overview
of application virtualization and App-V components. The module also covers the App-V infrastructure, the
deployment scenarios, and the procedures for installing and configuring App-V servers and App-V clients.

Module 7, Planning and Deploying App-V Clients

The App-V Client software is the one component that you always require to implement Microsoft App-V
solutions. Therefore, deploying the App-V client requires careful consideration of various factors. You
should consider the best client to deploy, the method of deployment, and the configurations required for
the deployment. You should also be aware of the prerequisites for installing the client.

This module provides an overview of the desktop and remote desktop client including the several
installation methods. The module also describes the recommendations for deploying and managing the
App-V client.

Module 8, Managing and Administering Application Virtualization


After you deploy the Microsoft Application Virtualization (App-V) infrastructure, you should be able to
manage and administer the App-V solution by using the Application Virtualization Management Console
to perform daily management tasks. This console enables you to control the entire App-V environment
from a single workstation. You deploy the Application Virtualization Management Console on the
administrative workstation, and then use it to perform administrative tasks, such as publishing virtualized
applications, modifying published applications, and configuring version upgrades.
This module provides an overview of the Application Virtualization Management Console and the
permissions that users must have to administer the App-V Management Server. The module also covers
the steps you must take to perform these administrative tasks, and how to enforce license compliance and
manage server groups and server objects.

Module 9, Sequencing Applications for Virtualization

To use applications in an App-V solution, you must first package them into a form that can run in a
virtualized environment. You can use the Microsoft Application Virtualization (App-V) Sequencer to create
these application packages.

You can sequence applications that you plan to deploy by using the App-V infrastructure or standalone
installation. By using App-V sequencing, you create a set of files that contain the all the information about
the application that is required for the application to run in a virtual environment. The App-V Sequencer
provides several packaging options that you can choose based on your specific requirements.
This module describes how to use install and configure the App-V Sequencer to create application
packages. The module also describes how to upgrade existing packages and create standalone packages.
xvi About This Course

Module 10, Configuring Remote Desktop Services and RemoteApp

Remote Desktop Services (RDS) provide a form of virtualization known as presentation virtualization.
Although you connect to a remote desktop or to individual remote applications, your experience is similar
to running local applications on your computer. With features such as device redirection, single sign-on,
and RD Easy Print, it is not easy to distinguish between remote and local applications.

This module provides an overview of Remote Desktop Services and their role services, and the procedures
for connecting to an RD Session host. The module also describes RemoteApp programs the methods for
accessing them. The module also explains how to using RD Gateway to access RDS infrastructure securely
from an external network.

Module 11, Implementing User State Virtualization

User state virtualization is a concept that allows administrators to provide more flexible client
environments, and to provide users with ability to have documents and settings following them from
computer to computer. Also, this concept provides better ability to backup and centralize user data, as
well as to prevent data loss.

This module discusses technologies that provide user state virtualization and various ways to provide
virtualization. This module also discusses how to configure roaming profiles and users folder redirection
as part of user state.

Module 12, Configuring Virtual Desktop Infrastructure

Using virtualization technologies for desktop virtualization can be very convenient. Microsoft provides
virtual desktop infrastructure (VDI) as a technology that relies on Hyper-V and Remote Desktop Services
(RDS) to enable administrators to configure virtual desktops as working environments instead of real
physical desktop computers. In order to use VDI, you should be familiar with Hyper-V, RDS as well as with
features and configuration procedures for VDI.

Module 13, Summary of Desktop Virtualization Technologies

This module summarizes the various desktop virtualization technologies that are covered in this course.
The module compares the features of these technologies, and it also provides examples of real-world
scenarios in which you would implement these virtualization technologies.
About This Course xvii

Course Materials
The following materials are included with your kit:

Course Handbook A succinct classroom learning guide that provides all the critical technical
information in a crisp, tightly-focused format, which is just right for an effective in-class learning
experience.

Lessons: Guide you through the learning objectives and provide the key points that are critical to
the success of the in-class learning experience.

Labs: Provide a real-world, hands-on platform for you to apply the knowledge and skills learned
in the module.

Module Reviews and Takeaways: Provide improved on-the-job reference material to boost
knowledge and skills retention.

Lab Answer Keys: Provide step-by-step lab solution guidance at your finger tips when its
needed.

Course Companion Content on the http://www.microsoft.com/learning/companionmoc/ Site:


Searchable, easy-to-navigate digital content with integrated premium on-line resources designed to
supplement the Course Handbook.

Modules: Include companion content, such as questions and answers, detailed demo steps and
additional reading links, for each lesson. Additionally, they include Lab Review questions and answers
and Module Reviews and Takeaways sections, which contain the review questions and answers, best
practices, common issues and troubleshooting tips with answers, and real-world issues and scenarios
with answers.
Resources: Include well-categorized additional resources that give you immediate access to the most
up-to-date premium content on TechNet, MSDN, Microsoft Press
Student Course files on the http://www.microsoft.com/learning/companionmoc/ Site: Includes the
Allfiles.exe, a self-extracting executable file that contains all the files required for the labs and
demonstrations.
Course evaluation At the end of the course, you will have the opportunity to complete an online
evaluation to provide feedback on the course, training facility, and instructor.

To provide additional comments or feedback on the course, send e-mail to


support@mscourseware.com. To inquire about the Microsoft Certification Program, send e-mail
to mcphelp@microsoft.com.
xviii About This Course

Virtual Machine Environment


This section provides the information for setting up the classroom environment to support the business
scenario of the course.

Virtual Machine Configuration


In this course, you will use Microsoft Virtual Server 2005 R2 with SP1 to perform the labs.

The following table shows the role of each virtual machine used in this course:

Virtual machine Role


10324A-NYC-DC1 Windows Server 2008 R2 domain controller in the Contoso.com
domain

10324A -NYC-CL1 Windows 7 client in the Contoso.com domain

10324A -NYC-CL2 Windows 7 client in the Contoso.com domain

10324A -NYC-CL3 Windows 7 client in the Contoso.com domain

10324A -NYC-SVR1 Windows Server 2008 R2 member server in the Contoso.com domain

10324A -NYC-SVR2 Windows Server 2008 R2 member server in the Contoso.com domain

10324A -NYC-SVR3 Windows Server 2008 R2 member server in the Contoso.com domain

Software Configuration
The following software is installed on each VM:
Windows Server 2008 R2 Enterprise
Windows 7

Classroom Setup
Each classroom computer will have the same virtual machine configured in the same way.
All of the virtual machines are deployed on each student computer.

Course Hardware Level


To ensure a satisfactory student experience, Microsoft Learning requires a minimum equipment
configuration for trainer and student computers in all Microsoft Certified Partner for Learning Solutions
(CPLS) classrooms in which Official Microsoft Learning Product courseware are taught.
The classroom computers require the following hardware and software configuration.

Hardware Level 6
Intel Virtualization Technology (Intel VT) or AMD Virtualization (AMD-V) processor
Dual 120 gigabyte (GB) hard disks 7200 RM SATA or better*
6 GB RAM expandable to 8GB or higher
DVD drive
Network adapter
Super VGA (SVGA) 17-inch monitor
About This Course xix

Microsoft Mouse or compatible pointing device


Sound card with amplified speakers

*Striped
Additionally, the instructor computer must be connected to a projection display device that supports
SVGA 1024 x 768 pixels, 16-bit colors.
xx About This Course
Overview of Desktop and Application Virtualization 1-1

Module 1
Overview of Desktop and Application Virtualization
Contents:
Lesson 1: Overview of Virtualization 1-3
Lesson 2: Overview of Virtualization Management 1-20
Lesson 3: Planning an Application and Desktop Virtualization
Deployment 1-38
Lab: Planning Desktop Virtualization Scenarios 1-52
1-2 Implementing and Managing Microsoft Desktop Virtualization

Module Overview

Many organizations are exploring the use of virtualization to optimize their information technology (IT)
environment and to streamline their IT management practices. Microsoft provides several products and
technologies that enable organizations to implement virtualization solutions in many different ways. This
module provides an overview of the available Microsoft virtualization technologies, and provides
information on planning and managing virtualized environments.
Overview of Desktop and Application Virtualization 1-3

Lesson 1
Overview of Virtualization

During the last few years, virtualization has become a key component to enable organizations to deal with
the cost and complexity of managing an IT environment. You can use virtualization to decrease how much
it costs significantly to provide IT services by enabling organizations to decrease the number of physical
servers they need to provide network services and applications. You also can use virtualization to provide
new options for deploying or managing applications for users.

This lesson provides an overview of the various options available for enabling virtualization within the IT
infrastructure.
1-4 Implementing and Managing Microsoft Desktop Virtualization

Challenges of Traditional Network Environments

Key Points
Most organizations consider using virtualization because of the challenges that they are facing and the
associated benefits that it provides. The following sections describe some of the challenges that
organizations are facing.

Data Centers Are Reaching Capacity


In many organizations, data centers quickly reach capacity for power and space. These organizations
frequently deploy new servers for every new project or requirement. However, most organizations find it
cost-prohibitive to build new data centers.

Data centers also require large amounts of power for cooling and running servers. As the cost of
electricity increases, this can add significant cost to running the IT infrastructure and waste resources.

Server Utilization Is Very Low


Most servers run at very low utilization, which is a problem that often exacerbates capacity for data
centers. It is common for servers to run at less than 10 percent of capacity. This issue typically develops
over time as organizations purchase more-powerful servers to replace end-of-life, underutilized servers.
For example, it is common for organizations to replace old servers that are running at less than 5 percent
utilization with new servers that are several times more powerful, but without a corresponding increase in
server load.

Managing Physical Servers Requires Significantly More Effort


As organizations have deployed more and more physical servers, the amount of effort required to
manage these servers has increased. With each server, you must manage hardware failures and replace
hardware as the warranty expires or as the hardware ages. In many cases, moving servers to new physical
hardware requires significant effort.
Overview of Desktop and Application Virtualization 1-5

Supporting Legacy Systems Can Be Difficult


Legacy hardware and systems become increasingly costly to maintain. Many organizations have business
applications that were developed many years ago, and which the organizations have not upgraded to run
on new operating systems or hardware. Maintaining the old systems is expensive, and the potential of
system failure is high. However, the cost of updating the systems typically is very expensive.

Application Compatibility Can Be Complicated


Most large organizations run many different applications, frequently including different versions of the
same applications. The applications can be expensive to deploy and maintain, and they may be
incompatible, either with the operating systems that the organization deploys or with other required
applications.

User Environments Are More Flexible


In a traditional IT environment, most users work at desktop computers located in the organizations
offices. These desktop computers run a single operating system and all of the applications that users
require. However, organizations are replacing this traditional environment with a much more complex
work place. In many organizations, users work from outside the office, either as part of a mobile workforce
or from home. Users now use a wide variety of clients, including portable computers, which frequently are
disconnected from the network, Internet kiosks, home computers, and mobile devices.

Question: Why are your organizations exploring the use of virtualization?


1-6 Implementing and Managing Microsoft Desktop Virtualization

Virtualization Modes

Key Points
Virtualization separates the components of the applications and operating system that users work with
from the actual physical components that provide the application or operating system services. For
example, virtual machines provide all of the functionality of physical servers. However, the operating
system is not tied to any particular piece of hardware, and can be made available where it is most
convenient. Applications traditionally run on an operating system that is running on a particular piece of
hardware. With application and presentation virtualization, those applications might run on a centralized
server or in a virtual environment that is completely portable to other operating systems or hardware
devices.

Virtualization Solutions
Microsoft provides virtualization solutions that address the virtualization requirements for most
organizations:
Server virtualization. Windows Server 2008 Hyper-V and Microsoft Virtual Server 2005 release 2
(R2) enable server virtualization, so that you can run multiple virtual machines on a single physical
server. This allows you to utilize server hardware resources more fully while allowing you to maintain
operational isolation and security.
Application virtualization. Application virtualization enables you to run applications in a virtualized
environment on a users desktop. Application virtualization separates the application configuration
layer from the desktop operating system, which reduces the potential for application conflicts. With
application virtualization, you isolate the application from the underlying operating system because
you encapsulate it in a virtual environment. With application virtualization, you also can configure
centralized servers to distribute the applications and simplify the distribution of updated virtual
applications. Microsoft Application Virtualization (App-V) is an example of an application
virtualization platform.
Desktop virtualization. You can provide desktop virtualization by running Microsoft Virtual PC on the
Windows Vista operating system, or Windows Virtual PC and Windows XP Mode on the Windows
Overview of Desktop and Application Virtualization 1-7

7 operating system. Desktop virtualization enables you to run multiple operating systems on a single
workstation, and to run an incompatible legacy or line-of-business (LOB) application in a virtual
machine that you host on a more-current desktop operating system.
Microsoft provides a way to manage a complex desktop virtualization environment through Microsoft
Enterprise Desktop Virtualization (MED-V). With MED-V, you can create and manage a centralized
collection of Virtual PC images, and then deliver those images to client computers as necessary.
Presentation virtualization. Remote Desktop Services (RDS) in the Windows Server 2008 R2 operating
system provides presentation virtualization. RDS is an upgrade of Terminal Services, which was in
previous Windows versions. Presentation virtualization enables you to run applications and maintain
application storage on centralized servers, while providing users with a familiar application interface
on their workstations.
Microsoft also provides Virtual Desktop Infrastructure (VDI), which integrates the functionality of
presentation and desktop virtualization. With VDI, you configure desktop operating systems as virtual
machines that are hosted on a Hyper-V infrastructure. These virtual machines are made available to users
through an RDS infrastructure, so that users can connect to the virtual machines through a Remote
Desktop Protocol (RDP) connection.
User state virtualization. User state virtualization enables users to take advantage of separating their
files and profile information from a specific computer, which makes it easy for users to begin working
when you issue them a new computer. User state virtualization also makes it easy for users to move
between computers, or to experience the same desktop environment when using one of the other
virtualization technologies.
Virtualization management. One of the critical components in deploying virtualization is your ability
to manage the solution, including both the physical and virtual components. The Microsoft System
Center suite of tools provides virtualization management. Tools such as Microsoft System Center
Configuration Manager, System Center Operations Manager, and System Center Virtual Machine
Manager (VMM) provide a familiar set of tools for managing both the virtual environment and the
physical layer that hosts the virtual environment.
Cloud computing. Cloud computing enables organizations to purchase IT services from external
organizations. These IT services can include e-mail service hosting, Web site hosting, or online
applications. With cloud computing, organizations can purchase only the services that they require
without significantly increasing the cost and complexity of managing their IT infrastructure.
1-8 Implementing and Managing Microsoft Desktop Virtualization

What Is Server Virtualization?

Key Points
Server virtualization enables you to configure one or more virtual machines that emulate a physical
computer. Multiple virtual machines can run on one physical server, with all of the virtual machines
sharing the resources available on the physical server.
Microsoft provides three products for server virtualization:
Microsoft Virtual Server 2005 R2
Windows Server 2008 Hyper-V
Windows Server 2008 R2 Hyper-V

Note: Windows Server 2008 R2 Hyper-V uses the same underlying technology to enable server
virtualization as Windows Server 2008, but it also provides improved performance and significant new
features, including Live Migration and Cluster Shared Volumes.

Benefits of Server Virtualization


Server virtualization provides many benefits, which include:
Server consolidation. Many servers that organizations deploy are underutilized. By deploying multiple
virtual machines on fewer physical servers, you can increase the server resource utilization
significantly while decreasing the number of physical servers. You can deploy many virtual machines
on one physical server. In most organizations, this will result in a significant decrease in power and
space consumption in the data centers.
Service or application isolation. Server virtualization enables you to run each service or application on
an isolated operating system. This means that you can prevent one application from impacting
another application when upgrades or changes are made. This is preferable to running multiple
applications or services on a single operating system.
Overview of Desktop and Application Virtualization 1-9

Simplified server deployment. By creating standard virtual machine builds, you can deploy new server
builds more easily. Because you are deploying virtual machines rather than physical servers, you also
do not need to acquire new hardware, and locate data center space and power, for each new server.

Note: You may need to invest in new server and storage hardware when you first implement server
virtualization, but an important result of server virtualization is the decrease in the number of physical
servers that your organization has.

Increased service and application availability. Because the service or application no longer connects
directly to a specific piece of hardware, it is much easier to ensure high availability and recoverability.
With Live Migration in Windows Server 2008 R2, you can move a virtual machine to another physical
server with users experiencing little or no service outage.
Multiple operating systems can run on one consistent platform. With server virtualization, you can
deploy multiple operating system technologies on a single hardware platform. For example, you can
deploy Windows Server 2003, Windows Server 2008, and Linux on one Windows Server 2008 R2
Hyper-V host. Server virtualization also makes it much easier to replace hardware when it becomes
obsolete or fails.
1-10 Implementing and Managing Microsoft Desktop Virtualization

What Is Desktop Virtualization?

Key Points
Desktop virtualization provides new options for deploying client desktops by enabling several ways to
virtualize the desktop. Traditionally, users work on a specific piece of hardware that is running a single
operating system and all applications.

Client-Hosted Desktop Virtualization


Client-hosted desktop virtualization uses Microsoft Virtual PC on Windows Vista and Windows Virtual PC
on Windows 7 to enable users to run multiple virtual machines on their Windows desktop. Client-hosted
desktop virtualization creates a separate environment on the desktop, allowing incompatible legacy or
LOB applications to operate within their native environment on a more-current desktop operating system.
In Windows 7, Microsoft provides a preconfigured Windows XP virtual machine that can be run as a
Windows Virtual PC virtual machine. Windows XP mode enables you to run applications seamlessly from a
Windows 7 computer or from the Windows XP virtual machine.

Virtual Desktop Infrastructure


VDI extends the concept of desktop virtualization by running client operating systems as virtual machines
on a data centers servers. This means that the virtual client computers are not running on the user
desktop, but on a centralized
Hyper-V environment in the data center. Users can interact with the virtual machines by using regular
computers or thin clients, and then establishing remote desktop connections to the virtual machines. In
Windows Server 2008, VDI has been integrated with RDP to provide a consistent client experience.

VDI enables you to centralize a users desktop for easier management. The users have an individualized
desktop experience with full administrative control over desktop and applications. Therefore, VDI can be a
very effective solution for users who need to access their work environment from anywhere, including
from a PC that their company does not own. By centralizing the management of the client virtual
Overview of Desktop and Application Virtualization 1-11

machines, you do not need to be as concerned about the location or the device from which the user is
connecting.

Microsoft Enterprise Desktop Virtualization


The Microsoft Desktop Optimization Pack (MDOP) includes MED-V, which enhances the management of
the virtual machines that deploy to user desktops. MED-V adds four additional features and advantages
on top of Virtual PC to enable enterprise deployment of desktop virtualization:
A virtual image repository and delivery of images, which simplifies the process of creating, testing,
delivering, and updating virtual images.
Centralized management and monitoring, which manages the life cycle of a virtual machine.
Usage policy and data transfer control, which is an endpoint agent that enforces usage policies for
the virtual machine.
A seamless end-user experience.
1-12 Implementing and Managing Microsoft Desktop Virtualization

What Is Application Virtualization?

Key Points
You can use application virtualization to create virtual applications that you then can distribute to user
desktops. Each virtual application includes its own registry entries, specific dynamic-link libraries (DLLs),
and other resources. When you deploy a virtual application, it uses its own copy of these shared resources.
Because the virtual application runs in an isolated environment, incompatible applications can share the
same workstation.
Microsoft App-V is an application virtualization solution.

Benefits of Application Virtualization


Application virtualization provides the following benefits:
Application virtualization enables organizations to run potentially incompatible applications on the
same client computer. Applications commonly share various application or operating system
components with other applications on the client computer. For example, one application might
require a specific version of a DLL, while another application on that system might require a different
version of the same DLL. Installing both applications may result in one of the applications overwriting
the DLL that the other requires. With application virtualization, each application can have its own
version of all required files and settings on the client computer.
Application virtualization makes preparation significantly easier. Since you encapsulate applications in
an isolated virtual environment, there is less of a requirement to test new applications for conflicts
with existing applications before you roll them out.
From the users perspective, a virtual application looks just like any other application. The user may
start it from the Start menu, from a desktop icon, or by file extension association. The application
appears in Task Manager, and it can use printers, network connections, and other resources that
attach to the machine.
Virtual applications are easy to deploy and manage. You can stream a virtual application from a
server, on demand, so the user can download it automatically the first time he needs to use it. If you
Overview of Desktop and Application Virtualization 1-13

must update an application, administrators can update the servers version of the application, and the
updated files then download the next time the client computer needs to run the application.
1-14 Implementing and Managing Microsoft Desktop Virtualization

What Is Presentation Virtualization?

Key Points
Presentation virtualization runs applications on a central server, with only the application interface, mouse
movements, and keystrokes sent across the network between the central server and the client computer.
Presentation virtualization creates virtual sessions in which the executing applications project their user
interfaces remotely. Each session might run only a single application, or it might present users with a
complete desktop that offers multiple applications.
Presentation virtualization was available for several Windows Server versions as Terminal Services. In
Windows Server 2008 R2, the name for the presentation virtualization feature is Remote Desktop Services,
or RDS.

Benefits of Presentation Virtualization


Running applications on a shared server offers several benefits, including:
You can centralize your data. This means that you can store it safely on a central server rather than on
multiple desktop machines, which improves security because information is not spread across many
different systems.
You can reduce the cost of managing applications significantly. For example, rather than updating
each application on each individual desktop, you can change only the single shared copy on the
server. Presentation virtualization also allows using simpler desktop operating system images or
specialized desktop devices, commonly called thin clients, both of which can lower management
costs.
You can combine application virtualization with presentation virtualization to reduce the issues with
incompatibilities between applications. You can install App-V applications on RDS host servers, and
then run multiple instances of potentially incompatible applications on the centralized server.
In some cases, presentation virtualization can improve performance. For example, if a client or server
application needs to access large amounts of data from a central database, it may be quicker to run
Overview of Desktop and Application Virtualization 1-15

the application on an RDS host that is located close to the data, rather than pull the data across a
slow network connection to the client.
1-16 Implementing and Managing Microsoft Desktop Virtualization

What Is Microsoft Desktop Optimization Pack?

Key Points
MDOP provides a package of desktop management and virtualization solutions that is available for
Microsoft Software Assurance customers. Many of the application and desktop virtualization products are
available as part of MDOP. MDOP includes the following components:
Microsoft App-V. This application virtualization and streaming solution transforms applications into
centrally managed services that are available when and where you need them.
Microsoft MED-V. This provides deployment and management of virtual PC images. You can deploy
these virtual PC images to user desktops to address application compatibility issues.
Microsoft Asset Inventory Service. This hosted service runs a complete scan of the software installed
on every computer in your environment, and then provides you with intelligent reports and analysis
to understand and better manage your software assets.
Microsoft Diagnostic and Recovery Toolset (DaRT). This provides powerful tools to accelerate desktop
repair for unbootable desktop computers.
Microsoft Advanced Group Policy Management. This enables Group Policy object (GPO) versioning,
change management, and delegation.
Microsoft Desktop Error Monitoring. This makes desktops more stable by causing the client to send
error messages, as they occur, to a central database.

Note: You can download all of the tools, with the exception of App-V, only as part of the MDOP. App-
V is available as a separate download.
Overview of Desktop and Application Virtualization 1-17

What Is Cloud Computing?

Key Points
Cloud computing is a new virtualization option that enables organizations to purchase IT services from
Internet-based service providers or to provide IT services through the Internet. These services can include
servers, storage, or networking resources. The services may be running on virtual environments based on
Hyper-V or one of the other virtualization options. The actual server and storage deployment is largely
transparent to the users who consume the services. They typically are concerned only with being able to
access their required applications easily.

A cloud computing environment normally includes:


A data center that contains virtualization hosts and storage. In the Microsoft solution, these hosts are
running Hyper-V.
Virtual servers, storage and network resources located in the data center.
A highly available and high bandwidth network connection to the Internet.
Automated processes and tools for deploying and configuring virtual machines. These processes may
be managed entirely by the online service provider, or may be exposed to the customer to manage
their own virtual environment.
Tools for managing the interaction of local and cloud computing. Many organizations still host most
IT services locally even as they begin to move some services to the cloud. You can use this integration
tool to ensure that users can gain seamless access to both local and cloud resources. For example,
most organizations will still run Active Directory Domain Services (AD DS) locally. Ideally, users
should be able to authenticate once to their local domain, and gain access to all required services
regardless of whether they are located internally or in the cloud.

Benefits of Cloud Computing


Cloud computing provides several benefits for organizations:
1-18 Implementing and Managing Microsoft Desktop Virtualization

Flexible deployment options. The organization may host the data center that provides cloud services
or an external hosting provider, such as Microsoft or a third party, may host it.
Scalability. In a cloud-computing scenario, all service components are virtual, which makes it very easy
to scale up or down, as necessary. For example, if an organization requires more resources, it can
deploy additional virtual machines in the data center. If the organization requires fewer resources, it
can save money by removing virtual machines or by reusing the physical resources for another
purpose.
Potential for decreased cost. By purchasing online services from a hosting provider, organizations
often can implement services for a cost that is significantly less than hosting the services locally.
More reliable and effective services. Some services require constant monitoring and specialized skills.
By purchasing these services from an online service provider, organizations can take advantage of the
infrastructure and skills that are available at the hosting provider, but which may be prohibitively
expensive for a small organization.

Question: Has your organization moved any services to an environment that is hosted online? If so, which
services?
Overview of Desktop and Application Virtualization 1-19

Discussion: Implementing Virtualization Solutions

Key Points
Contoso, Ltd is a large enterprise with multiple locations, and data centers in London, New York City, and
Sydney, Australia. Contoso, Ltd also has several smaller branch offices and many users who work outside
of the office.
Contoso, Ltd has collected the following information about the current computing environment:
Server utilization for most of the data center servers is less that 10%.
Contoso, Ltd has deployed multiple servers in many of the branch offices. These servers are difficult to
deploy and manage because the wide are network (WAN) links to some of the branch offices that
have very little available bandwidth.
Many of the users working outside of the office require a standard set of business applications. Some
of the users who run these applications are mobile users who are using company-issued laptops,
while other users work from home on their personal computers.
Contoso, Ltd has developed a large number of business applications, using different development
platforms, and many of the applications do not use current technologies or may not run on the latest
operating systems.

Question: How will virtualization help Contoso, Ltd address the issues in its current computing
environment?
1-20 Implementing and Managing Microsoft Desktop Virtualization

Lesson 2
Overview of Virtualization Management

Implementing virtualization can add complexity to your IT infrastructure management. Virtualization


requires that you manage both the physical and virtual environments.

The design of many of the Microsoft System Center tools helps you manage the virtualized data center.
This lesson introduces some of the issues that relate to managing a virtualized environment, and
introduces the System Center products that you can use to manage and maintain the virtual
environments.
Overview of Desktop and Application Virtualization 1-21

Managing a Virtual Environment

Key Points
Virtualization technologies provide a range of benefits. Yet as an organizations computing environment
becomes more virtualized, it also may become more complex. A virtualized environment that you do not
manage well can be less reliable, and more expensive, than its unvirtualized counterpart. For example, if
an organization implements a Hyper-V environment without considering high availability, a single server
failure may affect many virtual servers. If an organization implements VDI or MED-V, an outage in the
server infrastructure may prevent users from accessing the virtual desktops that they need to do their
work.

There are several issues that you should consider regarding the deployment and management of
virtualized environments.
One of the primary benefits of a virtualized environment is the option to deploy almost any virtual
component rapidly. If you require an additional server, it is easy to deploy a new virtual machine in
Hyper-V. If you must update an application or deploy a new one, App-V or Windows Server 2008 R2
RemoteApp makes it easy. However, to take advantage of the rapid deployment features, you must
have the required infrastructure in place. This may require additional planning, tools for deploying
components quickly, and monitoring to verify that the additional resources are available on the
current infrastructure.
You realize the many benefits of virtualization when you centralize the virtual components on a small
number of physical servers. This means that it is critical to ensure that the physical servers are highly
available, or that you configure the service or application deployment to be highly available. This
requires advanced monitoring and management tools.
You often perform the management of physical and virtual machines by using separate management
solutions. This may mean that administrators must learn how to use multiple tools, which may not
provide consistent information. Using a single set of administrative tools to manage both
environments simplifies the management processes.
1-22 Implementing and Managing Microsoft Desktop Virtualization

Managing multiple desktops, applications, and servers is complex. With virtualization, the complexity
level may increase because each physical computer now has additional components that you must
manage. For example, a desktop computer running Windows 7 also may be running a Windows XP
mode virtual machine. To ensure your networks security, you must install and manage updates and
antivirus products on both the Windows 7 computer and Windows XP mode virtual machine. A
management system that can handle all assets, regardless of whether they are virtual or physical,
saves time and reduces the number of required resources.
Effective physical and virtual machine management can optimize the benefits of using virtualization
technologies. This includes monitoring and managing hardware and software in a distributed
environment. Monitoring both the software running on physical machines, and the physical machines
themselves, enables administrators to know what is happening in their environment. It also lets them
respond appropriately to running tasks and taking other actions to fix problems that occur.
Overview of Desktop and Application Virtualization 1-23

Overview of Microsoft System Center

Key Points
Microsoft developed the Microsoft System Center products and solutions, which assist enterprises with the
planning, delivery, and operation lifecycle of their entire infrastructure. These solutions capture and
aggregate knowledge about an infrastructure, policies, processes, and best practices. They can help
optimize the IT structure, reduce costs, improve application availability, and enhance service delivery.

You can use many of the System Center products to manage your virtualized IT environment and your
physical components, as well.
You can use System Center to manage the virtual environment in the following ways:
A fundamental challenge in systems management is monitoring and managing the hardware and
software in a distributed environment. Operations Manager 2007 R2 enables operations staff to
monitor both the software running on physical machines and the virtual machines themselves, given
the strong similarities between physical and virtual environments. Additionally, you also can use
Operations Manager 2007 to monitor and manage virtual machines and other aspects of a virtualized
world.
Another concern for people who manage a computing environment is installing software and
managing its configuration. While it is possible to perform these tasks manually, automated solutions
provide a better approach in all but the smallest environments. To allow this, Microsoft provides
System Center Configuration Manager 2007. Similar to Operations Manager, Configuration Manager
handles virtual environments in much the same way as physical environments.
As organizations move towards virtualization for their current servers, the process of converting the
physical machines to virtual machines, and then managing the virtual machines, can be complex. To
address this situation, Microsoft provides VMM 2008 R2, which you can use to manage virtual
machines on hosts running Microsoft Virtual Server 2005, Hyper-V, or VMware. Among other things,
this tool helps you choose the virtualization workloads, creates the virtual machines that will run
those workloads, and converts physical computers to virtual machines. You also can integrate
1-24 Implementing and Managing Microsoft Desktop Virtualization

VMM 2008 R2 with Operations Manager 2007 R2 to provide enhanced reporting and management
capabilities.
To ensure that you can recover a virtualized environment, you must ensure that you deploy a
disaster-recovery system that can back up and restore both the physical servers and virtual machines.
You can use System Center Data Protection Manager 2007 Service Pack 1 (SP1) and Data Protection
Manager 2010 to back up and restore servers running the virtual and virtualized components.
Overview of Desktop and Application Virtualization 1-25

Using Virtual Machine Manager to Manage Virtual Environments

Key Points
VMM is the primary tool that you use to manage virtual machines that are running on Hyper-V. VMM
provides a management tool that lets you manage multiple physical host computers and the virtual
machines that are running on the host computers.
VMM provides the following features:
Enables management of virtual environments that are running on different host platforms. You can
use VMM 2008 to manage host computers and virtual machines that are running Windows Server
2008 or Windows Server 2008 R2 Hyper-V, Virtual Server 2005 R2, and VMware ESX Server. With
VMM, you can use a single interface to manage the host server configuration, and deploy and
manage virtual machines on the host servers.
Physical and virtual machine conversion. You can use VMM to convert a physical computer to a
virtual machine while the physical machine is online. You also can use VMM to convert Virtual Server
2005 and VMware-based virtual machines to Hyper-V.
Intelligent virtual machine placement. When you create a new virtual machine or use VMM to move a
virtual machine from one host to another, VMM 2008 analyzes the available physical hosts and
provides a recommendation as to the best location for the virtual machine. You can integrate this
process with Operations Manager 2007, which enables the intelligent placement process to factor in
past performance characteristics to ensure the best possible match between the virtual machine and
its host hardware.
Self-Service Portal. VMM provides the Service Manager Self-Service Portal that enables users to create
and manage their own virtual machines. The VMM administrators retain complete control of the
environment, because they can set permissions that restrict which users can create virtual machines,
what templates users can use to create virtual machines, and where users can create the virtual
machines.
VMM Library. VMM 2008 provides a centralized library to store various virtual machine components,
such as offline machines, templates, virtual hard disks, and other virtualization components.
1-26 Implementing and Managing Microsoft Desktop Virtualization

Administrators can use the components in the library to deploy virtual machines rapidly using
standardized templates.
Windows PowerShell integration. VMM 2008 is built on the command line and scripting
environment that Windows PowerShell provides. VMM provides Windows PowerShell cmdlets that
allow administrators automate VMM management tasks.
Operations Manager 2007 integration. VMM 2008 includes the Performance and Resource
Optimization (PRO) feature, which enables dynamic management of virtual resources though
management packs for Operations Manager 2007. The PRO feature enables administrators to set
rules for moving or configuring virtual machines based on the host server performance.

Note: For detailed information on deploying and managing System Center Virtual Machine Manager
2008 R2, see Course 10215A, Implementing and Managing Microsoft Server Virtualization.
Overview of Desktop and Application Virtualization 1-27

Protecting Virtualized Environments with Data Protection Manager

Key Points
Data Protection Manager (DPM) is a solution for disk-based and tape backups that enables you to back
up physical servers and virtual machines. After an initial full backup, the express backups that DPM
performs are significantly faster than typical full backups, because DPM backs up only disk block changes.
You can use DPM to back up both the host server and the guest virtual machines.

Host Backups
Host backups require that you install a DPM protection agent only on the host server, not in each virtual
machine. This can result in significant cost savings when compared to guest backup, which requires that
you install the DPM protection agent in each virtual machine.
You can perform a host backup of a single virtual machine. When you perform a host backup, this backs
up the entire virtual machine as a single unit. However, the backup is not application aware. Therefore,
you can recover only the entire virtual machine, not just specific data.

Virtual Machine or Guest Backups


A guest backup uses the same process as backing up a physical server. You install a DPM protection agent
on each virtual machine, and then DPM communicates with that agent to perform the backup. Because
the DPM protection agent is running in the virtual machine, it is aware of the applications running in the
server. This allows granular recovery of data within the virtual machine. For example, a backup performed
on a virtualized Exchange server could recover a single message database.

You can use guest backups to back up both virtual machines that support Volume Shadow Copy Service
(VSS) backups and virtual machines that do not. You cannot use a VSS back up to back up the virtual
machine if the guest operating system does not support VSS or if an application in the guest does not
support VSS.
1-28 Implementing and Managing Microsoft Desktop Virtualization

When backing up a guest virtual machine that does not support VSS, DPM has to hibernate the guest, and
then perform a host-based backup of the virtual machine. DPM takes a snapshot of the virtual machine,
and then the virtual machine is restored. The outage experience with this method is very short, but
noticeable. After the guest resumes, the backup occurs from the snapshot, and DPM backs up only disk
blocks that have changes. This results in a backup process that is much faster than a typical full backup of
virtual machine files.

If the operating system and applications in the guest support VSS backups, the DPM protection agent
uses VSS writers to make data within the guest consistent. Applications running on the guest must have
an appropriate VSS writer. The hypervisor then provides the DPM protection agent with access to the
consistent version of the data for backup. There is no interruption in service at any point during the
backup process. The backup is completely transparent to users.
Overview of Desktop and Application Virtualization 1-29

Monitoring Virtual Environments by Using Operations Manager 2007

Key Points
You can use Operations Manager 2007 R2 to monitor servers and their applications from a central
location. To do this, you install an agent on remote systems. The agent gathers events and performance
information about the remote systems, and then forwards it to Operations Manager 2007. The data that
the agent gathers is based on rules that Operations Manager 2007 stores and distributes to the agent
monitoring each server. Operations Manager 2007 also generates alerts based on the rules.
You create the rules in Operations Manager 2007 by importing management packs. The rules in
management packs are appropriate for most environments, and are based on best practices. However,
you can modify the rules to meet the needs of your specific environment. You also can create your own
rules.
Centralized monitoring and alerting is important for any environment, but it is particularly important for
virtualized environments where you can add many additional resources quickly and easily.

Monitoring Host Computers


You can use Operations Manager 2007 to monitor host server performance by using the same
management packs that you would use to monitor other Windows servers. Additionally, Operations
Manager 2007 provides a number of management packs to integrate with virtualization technologies,
including:
Server Virtualization Management Pack for System Center Operations Manager 2007 helps to
monitor the health and performance of VMM components, including library servers, self-service Web
servers, and the entire virtualized environment.
Application Virtualization 4.5 Management Pack monitors the health and performance of Microsoft
Application Virtualization Management Servers and Microsoft Application Virtualization Client
requests.
1-30 Implementing and Managing Microsoft Desktop Virtualization

Windows Server Hyper-V Management Pack monitors the health and performance on Hyper-V host
computers.
Remote Desktop Services Management Pack monitors each of the Remote Desktop server roles.

Virtualization Reports
Operations Manager 2007 also provides several reports that you can use to plan and monitor the
virtualized environment, including:
The Virtualization Candidates report helps to identify physical computers that are good candidates
for virtualization. This report displays performance and hardware information for physical computers,
which you can sort and filter to select the appropriate candidates.
The Virtual Machine Allocation report enables you to calculate chargeback to cost centers, such as
departments. To use this report, you must assign a cost center to the appropriate virtual machines.
The Virtual Machine Utilization report contains information about the utilization of virtual processors,
memory, and disk space in virtual machines. You can use this report to identify virtual machines that
need additional resources or that have been allocated too many resources.
The Host Utilization report contains information about the utilization of processors, memory, and disk
space on hosts. You can use this report to identify hosts that need virtual machines removed or that
have sufficient resources free for hosting additional virtual machines.
The Host Utilization Growth report shows the percentage of change in resource usage and number of
virtual machines. You can use this for trend analysis, to predict when you will require additional hosts.

Monitoring Virtual Machines


You also can monitor the virtualization guests just as you would a physical server. This involves installing
the Operations Manager agent on each guest. After you install the agent, you can monitor both the guest
operating system and applications installed in the guest. To monitor specific applications in a guest, a
management pack for that application is imported into Operations Manager 2007.
Overview of Desktop and Application Virtualization 1-31

Maintaining a Virtual Environment by Using Configuration Manager 2007

Key Points
You can use Configuration Manager 2007 R2 to manage and maintain both physical and virtual
environments, and it treats a virtual machine just like any standard physical machine. Depending upon
deployment settings, you can manage a virtual environment by:
Automatically deploying the Configuration Manager client through standard discovery and
deployment methods. You can discover both physical and virtual machines, and automatically deploy
the Configuration Manager client to both.
Maintaining inventory of all virtual clients that are deployed throughout the environment.
Deploying applications through standard software deployment mechanisms. You can deploy
applications to both virtual and physical machines.
Managing software updates for both physical and virtual machines through standard update
processes.
Deploying virtualized applications to desktop clients. You can integrate Configuration Manager with
App-V 4.5 or newer to distribute the virtual applications prepared in App-V to desktop computers.
Integrating with Virtual Machine Manager 2008 and the Offline Virtual Machine Servicing Tool to
maintain updates on virtual machines stored within a VMM library. One of the biggest challenges in a
virtual environment is managing virtual machines that are not always running on the network, or
maintaining virtual machines that are stored within virtual machine libraries. You can accomplish this
by integrating features provided by Virtual Machine Manager 2008 and the Offline Virtual Machine
Servicing Tool version 2.0.1.
1-32 Implementing and Managing Microsoft Desktop Virtualization

Managing Desktop Virtualization

Key Points
Desktop virtualization enables you to run multiple desktop operating systems, either on a users client
computer or on a server running Hyper-V. Implementing desktop virtualization can increase the
complexity of managing your network in several ways:
Individual users may use multiple desktops, both physical and virtual. In a traditional network, you
only have to ensure that you update and configure one client computer per user to meet the
corporate standards. With desktop virtualization, each user may have several client computers that
you must maintain.
As users move from one desktop computer to another, they might have very different user
environments on each computer. For example, they might configure their desktop on their main
computer with short cuts, mapped drives, and other settings. When they launch a virtual desktop, the
customized settings may not be available, which leads to user inefficiency.
Deploying virtual desktops can be difficult. If only a few users in your organization need virtual
desktops, you might be able to manually enable and configure the virtual desktops. However if you
have a large number of users that need to use virtual desktops, it becomes very difficult to manually
configure each virtual desktop. In this scenario, you need some means to automate the deployment
of standardized virtual desktops.
Microsoft provides several tools for managing desktop virtualization:
You can use tools such as Configuration Manager to manage both physical and virtual desktops. With
Configuration Manager, you can monitor and maintain updates on all computers.
You can use the user state virtualization technologies to provide users with a consistent experience on
all desktops. You can use tools such as Group Policy and roaming user profiles to configure the user
desktop, map network drives, and redirect folders so that these settings are available across multiple
desktop computers.
Overview of Desktop and Application Virtualization 1-33

You can use MED-V to configure, manage, and deploy virtual desktops based on Virtual PC 2007.
With MED-V, you can create standard virtual desktop computers and then deploy them to users.
You can use VDI to manage a centralized virtual desktop deployment. With VDI, you can configure
standard virtual desktops that will run on a Windows Server 2008 R2 Hyper-V server, and provide RDP
access to those virtual machines. You can configure virtual machines with the same configuration for
all users, or you can provide a virtual desktop that the user can customize.
1-34 Implementing and Managing Microsoft Desktop Virtualization

Managing Application Virtualization

Key Points
You can use application virtualization to enable users to run virtual applications on their user desktops.
Implementing application virtualization increases the complexity of managing the user environment in
several ways.
Users may need to be able to run the applications in several different desktop scenarios. They may
need to run the applications from desktop computers in the office, on mobile computers that may be
connected to the corporate network, connected from the Internet, or disconnected from all networks.
Users in different locations in the organization may require access to the same applications.
Distributing applications to users in locations such as branch offices can be complicated.
Virtual applications may require security updates or users might require new versions of the virtual
applications. Applying updates to virtual applications is more difficult than updating client operating
systems or applications that are installed on the client operating systems.
You must prepare applications to run in a virtual environment before you can deploy them to users.
Some applications may require fairly complex virtual environments.
Microsoft provides several tools for managing the application virtualization environment.
You can use the App-V Management server to manage the deployment of virtual applications to
client computers. The App-V Management console provides a single location for configuring and
deploying virtual applications.
App-V provides a variety of options for deploying virtual applications to users. App-V can use
multiple protocols, and also provides options for deploying multiple servers in different locations to
deploy the same applications. You can also create virtual applications as .msi files, which you can then
deploy by using Group Policy or Configuration Manager, or install them on client computers that are
disconnected from the network.
You can update App-V applications with new versions on the App-V Management server and the
applications will automatically be distributed to clients.
Overview of Desktop and Application Virtualization 1-35

You can use the App-V Sequencer to package applications to prepare them for deploying them to
client computers. The App-V sequencer provides a wizard-driven approach for creating virtual
applications, and also provides complete customization of the virtual environment that the
application will run in.
1-36 Implementing and Managing Microsoft Desktop Virtualization

Managing Presentation Virtualization

Key Points
Presentation virtualization enables users to run applications installed on centralized servers. Implementing
presentation virtualization introduces some complexities to managing an organizations network.
Users who are not familiar with desktop virtualization may not understand how to launch remote
applications and how the remote application interacts with their usual desktop environment.
Users may need to connect to the remote applications from a variety of locations. These locations
could include computers on the internal network as well as from computers in branch offices or
computers outside the network.
In a desktop virtualization deployment, multiple applications may be installed on the same host
server. Some of these applications may not be compatible with other applications running on the
same server.
Windows Server 2008 R2 provides several features that optimize the deployment of presentation
virtualization:
Remote Desktop RemoteApp. With RemoteApp, you can publish the shortcuts for applications
running on the RD Session Host computer on the user desktop. Users can launch the application
using the normal procedures, and the applications user interface appears on the desktop as if that
application were running locally.
Remote Desktop Web Access. RD Web Access provides another means for users to launch
RemoteApps or connect to remote desktops. RD Web Access provides a Web site that lists all of the
applications and desktops that the user has permission to access.
Remote Desktop Gateway. RD Gateway provides a secure way for users outside of the organization to
connect to applications running on the RD Session Host computers. With RD Gateway, all RDP
connections are tunneled through HTTPS.
RemoteApp and Desktop Connections. This client application allows users running Windows 7 to
easily connect to RemoteApp programs and Remote Desktops. When you configure RemoteApp and
Overview of Desktop and Application Virtualization 1-37

Desktop Connections, all of the applications and remote desktops that the user can access are listed
on the users Start menu. This list is dynamically updated as new applications or remote desktops
become available.
You can combine application virtualization with presentation virtualization by deploying virtual
applications on a Remote Desktop Session Host server. This enables organizations to run applications
that are not compatible with other applications on the same server, and make both applications
available to users through RDS.
1-38 Implementing and Managing Microsoft Desktop Virtualization

Lesson 3
Planning an Application and Desktop Virtualization
Deployment

Application and desktop virtualization provide organizations with options for managing application
compatibility issues, and you can use them to address some of the issues with deploying new desktop
operating systems. These tools also provide options for deploying applications to users outside an
organization or who run thin or mobile clients.

This lesson describes some of the scenarios for deploying application and desktop virtualization, and
provides guidance for planning these virtualization solutions.
Overview of Desktop and Application Virtualization 1-39

Scenarios for Desktop and Application Virtualization

Key Points
Desktop and application virtualization are designed to address issues with which many large organization
need to deal. These issues relate to the applications that users need to be able to run, and to the locations
or physical systems that users are using to run the applications.

Application Compatibility Issues


In many organizations, a primary reason for deploying desktop and application virtualization is to address
application compatibility issues. The issues can take one of two forms:
An application may not be compatible with the desktop operating system. Many organizations have
applications that were developed many years ago using technologies very different from what current
desktop operating systems expect. These applications may not run on the new desktops, or they may
require extensive changes to the operating system or application in order to run.
Two applications may not both be able to run on the same desktop computer. In some cases,
applications may use incompatible technologies or may require different versions of the same
application file. Some users may be required to run both applications.

Mobile Users
Many organizations have a mobile workforce that may work both inside and outside the office. In most
cases, these users carry laptop computers, but the users may need to be able to do their work regardless
of whether they are connected to the internal network, connected to the Internet, or completely
disconnected from any network.

Standard Users
In many organizations, large groups of users require the same user desktop with access to the same set of
applications. In some cases, users may require access to just one or two applications. In other cases, they
may require access to a complete set of business applications. Traditionally, the organization assigns these
users to a standard business desktop computer.
1-40 Implementing and Managing Microsoft Desktop Virtualization

If the standard user environment is quite static, and the organization assigns all users to an individual
desktop computer, there may not be any reason to implement virtualization for these users. If the users
need to run incompatible applications, the users may require solutions for addressing application
compatibility. In some cases, you may be able to deploy thin clients to all standard users, and then use
VDI to provide the users with the required work environment.

External Users
Some organizations have users who work from outside the corporate network and who do not use
computers that the internal IT department manages. These users may be contract workers, consultants, or
people who work from home. Frequently, these users require access to a very specific set of applications
or servers, and do not require a full desktop or set of applications.

Question: What types of workers do you have in your organization? What options will you explore to
virtualize their environment?
Overview of Desktop and Application Virtualization 1-41

Choosing a Desktop and Application Virtualization Solution

Key Points
Microsoft provides several different options for implementing desktop and application virtualization. You
can use some of the solutions to address more than one business scenario.

Desktop Virtualization
You can use desktop virtualization to address the following scenarios:
Application and operating system compatibility issues. If applications require an older operating
system, consider deploying Windows Virtual PC or Windows XP Mode. These options mean that users
can run the older operating system in a virtual machine that is running on the user desktop.
External users. If external users need access to a full desktop computer rather than just an application,
consider enabling this by using VDI. With VDI, you can provide users with a preconfigured desktop
that includes all of the applications required for their tasks.
Mobile users. If a large number of mobile users require virtual desktops, consider managing the
virtual desktop deployment by using MED-V. By doing this, you can manage and distribute the
appropriate virtual machines to all users while the users are connected to the network. Users can then
take these virtual desktops with them when they leave the office.

Application Virtualization
You can use application virtualization to address the following scenarios:
Compatibility issues with running multiple applications on a single host. If two applications cannot
both run on the same operating system, consider using App-V to create an isolated environment in
which one or both of the applications can run.
Application compatibility issues in presentation virtualization scenarios. You can deploy the App-V
client on Remote Desktop Session Host servers, which enables potentially incompatible applications
to run on the same remote server.
1-42 Implementing and Managing Microsoft Desktop Virtualization

Presentation Virtualization
You can use presentation virtualization to address the following scenarios:
Mobile or external users. Implement Remote Desktop Gateway and provide access to only the specific
applications or computers that are required. With Remote Desktop Gateway, you can restrict what
users can connect to and what they can access. For additional security, you can integrate RD Gateway
with Network Access Protection to ensure that clients are compliant with your corporate security
requirements.
Application compatibility issues. For scenarios where applications require separate environments,
consider deploying one of the applications in an RDS deployment. By using features such as
RemoteApp, you can make the user experience with both applications virtually identical.

User State Virtualization


You can integrate user state virtualization with most other virtualization technologies. For example, you
can use user state virtualization to ensure that users have a consistent work environment when they use
their standard desktop, a virtual desktop, or a virtual application.
Overview of Desktop and Application Virtualization 1-43

What Are Virtualization Solution Accelerators?

Key Points
To assist organizations in developing and delivering a virtualization strategy, Microsoft has developed free
solution accelerators. These automated tools help accelerate assessment, planning, and deployment of
Microsoft technologies, such as Windows Server 2008 or virtualization.
Some of the Microsoft Virtualization Solution Accelerators include:
Microsoft Assessment and Planning Toolkit (MAP). You can use MAP to conduct network-wide
deployment-readiness assessments that focus on whether you can migrate Microsoft technologies
from servers to desktops and applications. Using MAP, you now can determine which servers you can
upgrade to Windows Server 2008 R2, which servers you can migrate to virtual machines on Windows
Server 2008 R2 Hyper-V, which applications you may want to virtualize by using App-V, and which
client computers you can upgrade to Windows 7.
Infrastructure Planning and Design Guides. The Infrastructure Planning and Design (IPD) Guides are
free guides that describe the architectural considerations, and also streamline the design processes,
for planning of Microsoft infrastructure technologies. Each guide addresses a unique infrastructure
technology or scenario including server virtualization, application virtualization, terminal services
implementation, and more. Microsoft has released the following IPD guides that relate to
virtualization:
Selecting the Right Virtualization Technology
Windows Server Virtualization
Windows Server 2008 R2 Remote Desktop Services.
Microsoft Application Virtualization 4.6
Windows Optimized Desktop Scenarios
Microsoft Enterprise Desktop Virtualization
1-44 Implementing and Managing Microsoft Desktop Virtualization

Hyper-V Security Guide. Implementing virtualization can increase the number of security issues that
you must consider because you need to secure both the host computer and the virtual machines. The
Hyper-V Security Guide provides guidance and recommendations to address key security concerns
about server virtualization.
Security Compliance Management Toolkit Series. This includes several different security toolkits that
you can use to help your organization plan, deploy, and monitor security baselines for Windows
operating systems, including Windows 7, Windows Vista, and Windows Server 2008, and for
applications such as the Microsoft Office 2007 system and Internet Explorer 8.
Microsoft Deployment Toolkit. This provides guidance and tools to accelerate the deployment of
client and server operating systems. The Microsoft Deployment Toolkit supports the deployment of
Windows Server 2003, Windows Server 2008, the virtualization role on Windows Server 2008, and
other applications. Most organizations use the Microsoft Deployment Toolkit primarily to deploy
client desktops.
A typical IT project lifecycle includes three core phases: planning, delivery, and operation. Solution
accelerators provide guidance and tools for each of these three key elements of the Microsoft Operations
Framework (MOF).
Overview of Desktop and Application Virtualization 1-45

What Is the Windows Optimized Desktop Scenarios IPD?

Key Points
The Windows Optimized Desktop Scenarios IPD provides detailed guidance for mapping user and
business requirements that relate to end users to the Microsoft desktop and application virtualization
solutions. The guide includes two components:
Windows Optimized Desktop Scenario Assessment. This document provides detailed information on
how to use the desktop scenarios and selection tool to identify virtualized solutions for your work
place.
Windows Optimized Desktop Scenario Selection Tool. The Microsoft Excel spreadsheet enables you
to select the user and business requirements that apply to your user populations, and then it
identifies which desktop scenarios and virtualization solutions apply to your user population.

Using the Windows Optimized Desktop Scenarios IPD


When using this guide, you will complete the following steps:

1. Understand the Windows Optimized Desktop scenarios. The guide groups users into one of the
following scenarios:
Office Worker.
Mobile Worker.
Task Worker.
Contract Worker.
Access from Home.
2. Identify the target user populations for which you want to optimize desktops. In most organizations,
you will not be able to implement virtualization for all users at once, so it is important that you
identify the specific group of users that are included in the current project.
1-46 Implementing and Managing Microsoft Desktop Virtualization

3. Match user groups with scenarios. You can use the Windows Optimized Desktop Scenario Selection
Tool to map the user population to the desktop scenarios. This tool asks a series of questions related
to user and business requirements, and then indicates the desktop scenario that applies to the user.
4. Preview the scenario solutions. For each desktop scenario, the guide provides a mapping of potential
virtualization products and technologies that can be used to address the requirements.
5. Evaluate relevant Windows Optimized Desktop scenarios. As a final step, you will evaluate the
potential solutions to determine which solutions best suit* your organizations requirements or
capacity. The tool provides multiple solutions for each scenario, so you will need to identify which of
the solutions you will implement.
Overview of Desktop and Application Virtualization 1-47

Demonstration: Identifying Desktop Virtualization Scenarios

Key Points
In this demonstration, you will see how to use the Windows Optimized Desktop Scenario Select Tool v1.1
to identify desktop virtualization scenarios and solutions.

Demonstration steps:
1. On the NYC-CL3 computer, start the Windows Optimized Desktop Scenario SelectionTool
v1.1.xls from Documents folder.
2. Review the options available on the Instructions and Scenario Selection tabs.

Question: What do you think of the Windows Optimized Desktop Scenarios Selection Tool? Are there
selection criteria missing? How will you use the results that this tool produces?
1-48 Implementing and Managing Microsoft Desktop Virtualization

Virtualization and Licensing

Key Points
Microsoft provides many different licensing options depending on the customers requirements. At the
highest level, Microsoft provides the following licensing options:
OEM: You can purchase this type of license only when you purchase a new computer.
Retail: You can purchase this type of license separately from a new computer purchase, and you can
use it to upgrade current software or install new software. With this option, each copy of the software
requires a separate license.
Volume license: This type of license provides the most flexibility as it is the only type of license that
you can use to deploy multiple copies of software with a single license.

Volume License Options


Most organizations will purchase volume licenses to ensure that a single license can be used to deploy
Microsoft software to multiple computers. As organizations consider buying volume licenses, they have
the following three options:
Open License (for organizations with 250 or less desktops) or Select Agreement (for organizations
with 250 or more desktops). With this option, organizations can choose the desktop operating
systems and the specific applications that will deploy with each desktop. Software Assurance is an
option with this type of licensing.
Open Value or Enterprise Agreement. With this option, organizations identify a standard desktop with
applications and client access licenses, and then licenses all of its desktops based on this standard
desktop. The organizations pay for the cost of purchasing the software, and this option includes
Software Assurance.
Open Value Subscription or Enterprise Value Subscription. With this option, organizations identify a
standard desktop with application, and then licenses all desktops based on this standard desktop. The
organizations pay an annual fee for renting the software, and this option includes Software Assurance.
Overview of Desktop and Application Virtualization 1-49

Note: With the volume license options, organizations also have the option of including client access
licenses (CALs). The CAL options include a core CAL, which enables access to Windows Servers,
Exchange Servers, Microsoft Office SharePoint, and a System Center Configuration Manager client.
Additional CAL options include Office Communication Server CALs, Operations Manager licenses, and
an Enterprise CAL option, which includes enterprise access to Exchange Server, SharePoint Server, and
Office Communications Server.

Microsoft Licensing and Virtualization


Implementing desktop virtualization can increase the complexity of determining what licenses you
require. In general, the following principles apply:
Microsoft licensing is consistent regardless of whether applications or desktops run in a virtual or
physical environment. For example, to run Microsoft Office in a virtual machine requires the same
license as running the applications on a physical computer. Accessing a SharePoint server from a
virtual machine requires the same CAL as accessing SharePoint from a physical computer.
In a desktop virtualization deployment, Microsoft provides a subscription license called Windows
Vista Enterprise Centralized Desktops (VECD) which allows customers to use Windows in virtual
machines centralized on server hardware. With the Windows Vista Enterprise and Windows 7
Enterprise editions, users can run four or less additional desktop operating systems in virtual
machines. To run virtual desktops in a VDI deployment, you will need RDS CALs and licenses for all
desktop operating systems that are running simultaneously.
In an application virtualization deployment, you can run virtual applications using the same license
that you use for running local applications. If you license a desktop to run Microsoft Office, you can
run the Office applications locally or in a virtual environment.
You can issue RDS CALs per device or user. You can reuse per-device licenses but these license types
do limit the number of devices that can connect at one time. Per user licenses enable users to connect
using multiple devices.
Some virtualization licenses are available only to customers with Software Assurance. For example,
MED-V is available only with MDOP, which is available only to customers with Software Assurance.
1-50 Implementing and Managing Microsoft Desktop Virtualization

Planning a Virtualization Deployment

Key Points
You can use desktop and application virtualization to address significant business requirements within
organizations. However, within large organizations that have diverse user groups, implementing
virtualization can be complicated and likely will not address all business requirements at once. Consider
the following recommendations when planning a desktop and virtualization deployment:
Start small. It is highly unlikely, and we do not recommend, that you should virtualize your entire
environment immediately. To gain a better understanding of the process for implementing
virtualization, and to gain experience in managing a virtual environment, start with a small pilot
project. Ensure that you plan this project well and test it thoroughly to ensure that the initial user
experience with virtualization is as positive as possible.
Address a critical business need. To enhance the visibility and viability of virtualization in your
organization, ensure that your initial projects address a critical business need. For example, one of the
easiest virtualization solutions to deploy is RD Gateway. For organizations with a large number of
users who work outside of the corporate network but who require access to internal applications and
data, RD Gateway often can address one of the most critical business needs.
Implement virtualization incrementally. For many of the virtualization solutions, you can implement
the solutions incrementally. For example, if you are considering an App-V deployment for a small
group of users, you can begin by manually distributing the App-V clients and applications. Over time,
you can incorporate automatic streaming of the client and applications. If deploying desktop virtual
machines running in Windows Virtual PC, you can begin by deploying the virtual machines manually,
and then later adding MED-V to manage the virtual machine images. By deploying virtualization
incrementally, you can gain the benefits of the solutions without investing in the entire infrastructure
that may be required to automate the solution fully.
Consider the target user group. When considering a virtualization solution, ensure that you keep the
target user group in mind. For example, if you need to deploy a virtualization solution for only a small
group of users, you likely will use a different virtualization solution than if you need to deploy the
same virtualization solution for a large group of users. You also should consider the users locations. If
Overview of Desktop and Application Virtualization 1-51

all the users are in the office, and you assign them to the same desktop computer, you can use a
different virtualization solution than if the target audience consists of mobile or external users.
Consider addressing application compatibility options outside of virtualization. The desktop and
application virtualization solutions provide great tools for dealing with application compatibility
issues, but in some cases, it may be better to rewrite the application. For example, if all users in your
organization need to run an application that can run only in old Windows versions, rewriting the
application may enable you to improve the application without deploying and maintaining an entire
virtualization environment for that one application.

Question: What additional considerations will you need to include when planning virtualization projects
in your organization?
1-52 Implementing and Managing Microsoft Desktop Virtualization

Lab: Planning Desktop Virtualization Scenarios

Lab Scenario
Contoso, Ltd., is a large corporation with offices in New York, London, and Tokyo, and branch offices in
several other cities. Contoso is planning to implement application and desktop virtualization to address
several critical business requirements. As a member of project team, you are responsible for analyzing the
user and business requirements and identifying the best virtualization solutions for your organization.

Lab Setup
For this lab, you will plan the virtual environment assigned to you. Before you begin the lab, you must:
1. Start the 10324A-NYC-DC1 virtual machine. This virtual machine should remain running for the rest
of the course.
2. Start the 10324A-NYC-CL3 virtual machine.
3. Connect to 10324A-NYC-CL3, and log on as Contoso\Administrator with the password Pa$$w0rd.
Overview of Desktop and Application Virtualization 1-53

Exercise 1: Identifying Virtualization Solutions


Scenario
In preparation for starting the virtualization project, Contoso, Ltd has several analysts that are collecting
information on the organizations user population. The analysts have collected the following information:
Contoso, Ltd has 7,800 employees, with another 800 short-term and long-term contractors.
About 75 percent of employees are in the main offices in New York, London, and Tokyo. Another 15
percent are in smaller branch offices, while the last 10 percent are mobile users. The mobile users
travel between the main offices, branch offices, and to client sites.
Approximately 500 users at each main office work as sales support personnel. These users require
access to e-mail, Intranet Web sites, and a business application that requires that you install a client
on each computer. These users share 250 desktop computers, which have limited hardware resources.
Because of budget constraints, Contoso, Ltd cannot upgrade the hardware that these users are using.
The mobile users require access to most of their applications while disconnected from the network, as
well as when they are connected from outside the network. The laptops that the organization
provides to mobile users run Windows XP Professional Edition. The corporate security policy states
that users must encrypt all data that is stored on their mobile computers.
Contoso, Ltd has started migrating the user desktops for all users in the main offices and branch
offices from Windows XP to Windows 7. At the same time, they are replacing the laptops that mobile
workers use with laptops that run Windows 7. This project should be complete within six months.
One application used by a small number of users in the main offices and by all mobile users is
incompatible with Windows 7. Contoso, Ltd has started a project to update the application so that it
will be compatible with Windows 7, but this project will take more than a year. During this time, the
users need to be able to run the current application. During the transition, users also may need to run
both the old and new versions of the application.
The contractors perform a variety of tasks for Contoso, Ltd. Most contractors work as sales support
staff in the countries where Contoso, Ltd does not have an office. Some contractors work for software
vendors and require access to servers on the Contoso, Ltd corporate network to support their
software. Contractors cannot store corporate data on their computers. The contractors are currently
connecting to the internal network by using a VPN. However, a new corporate security policy dictates
that only laptop computers that are members of the internal AD DS domain can connect to the
corporate network through the VPN. Contoso, Ltd will enforce this policy within three months.
Contoso, Ltd is not planning to issue laptops to the contractors.
The main tasks for this exercise are:
1. Identify the user groups at Contoso, Ltd.
2. Identify the virtualization solutions.
3. Develop a prioritized list of projects to implement virtualization.

Task 1: Identify the user groups at Contoso, Ltd.


1. Review the scenario information.
2. List all unique user groups at Contoso. For each group, identify the user or business requirements that
make the groups unique.

Task 2: Identify the virtualization solutions


1. On NYC-CL3, open the Windows Optimized Desktop Scenario Selection Tool from the Documents
folder.
1-54 Implementing and Managing Microsoft Desktop Virtualization

2. Choose two of the user groups that you identified in the first task, and then enter the information
into the tool.

User group Selections

3. For the two user groups, identify the products and technologies that the selection tool suggests.

User group Products and technologies

Task 3: Develop a prioritized list of projects to implement virtualization


1. Based on the proposed virtualization solutions and the scenario, develop a list of projects that will
meet all of the user and business requirements.
2. Assign a priority to each project, assuming that you will implement the projects in the order that you
set.
3. Be prepared to discuss your answers.

Results: After this exercise, you will have identified the user groups that may require virtualization at
Contoso, identified virtualization solutions that could be implemented to address the organizations
business requirements, and developed a prioritized list of projects to implement application and
desktop virtualization.

To prepare for the next module


When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:

1. On the host computer, start Hyper-V Manager.


2. Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
Overview of Desktop and Application Virtualization 1-55

Module Review and Takeaways

Review Questions
1. Your organization has been monitoring the servers in your data center and has identified several
servers that are running at less than 5 percent utilization. How can you ensure that you utilize the
hardware in your data center appropriately?
2. You are considering deploying an application virtualization solution, but you are concerned about the
amount of effort that it will require to deploy virtual applications to a large number of users. What
tool can you use to simplify this process?

3. The users in your organization are using a variety of user desktops, including both physical and virtual
computers. The users would like to have the same desktop configuration and be able to access the
same mapped drives and data from each desktop. How can you enable this?

Real-World Issues and Scenarios


1. Your organization is testing a custom application. The testers report that when they install the
application on computers running an older version of the same application, they get errors. How
could you address this issue?

2. Your organization has several hundred part-time employees who work outside of the office. The
employees all need to run an application that has to access a database server located in the main
offices data center. How can you make this application available to users?
3. Your organization is planning to upgrade all client workstations to Windows 7 Enterprise Edition. Five
users need to run an application that only runs on Windows XP. How should you address this issue?

Best Practices Related to Planning a Virtualization Deployment


Supplement or modify the following best practices for your own work situations:
1-56 Implementing and Managing Microsoft Desktop Virtualization

When planning or implementing virtualization, it is important to start slowly. You can increase the
level of virtualization as you gain experience with the technology. By starting small, you have a better
chance of ensuring that the first experience with virtualization is positive.
Server virtualization has the potential to significantly decrease the costs of running your
organizations IT infrastructure significantly. As you implement Hyper-V, calculate the cost savings,
and then use that information to convince management to pay for more virtualization.
The cost benefits of implementing desktop and application virtualization may be more difficult to
quantify. If you are implementing a solution to address application compatibility issues, you can
compare the cost of implementing App-V to the cost of rewriting the application. If you are
considering implementing a solution such a Med-V or VDI, you will need to invest quite a bit of
money to develop the infrastructure before you see any benefit.
Consider virtualization as one option when addressing user, security, or business requirements. You
can use virtualization to address many requirements, but you may be able to address the same
requirements without virtualization.
Implementing Windows Virtual PC and Windows XP Mode 2-1

Module 2
Implementing Windows Virtual PC and Windows XP Mode
Contents:
Lesson 1: Installing Windows Virtual PC 2-3
Lesson 2: Configuring Windows Virtual PC 2-20
Lesson 3: Installing, Configuring, and Managing the
Windows XP Mode 2-35
Lesson 4: Creating and Deploying Custom Images of
Windows XP Mode 2-43
Lab: Implementing Windows Virtual PC and Windows XP Mode 2-53
2-2 Implementing and Managing Microsoft Desktop Virtualization

Module Overview

Windows 7 has introduced a new version of Microsoft Virtual PC software that supports the creation
of virtual machines with various operating systems within same virtual environment. Additionally,
Windows 7 includes Windows XP Mode, a precreated virtual machine that is running Windows XP
Professional Service Pack 3 (SP3), and which supports older applications and enables more convenient
migration to Windows 7. In this module, you will learn how to configure and use Windows Virtual PC
virtual machines and how to use Windows XP Mode.
Implementing Windows Virtual PC and Windows XP Mode 2-3

Lesson 1
Installing Windows Virtual PC

Virtual PC software was introduced several years ago as a virtualization platform on workstations and
desktop computers. It enables users to use the same physical host machine to install and run several
virtual machines simultaneously that have the same, or different, operating systems. To provide the same
capability in Windows 7, Microsoft released a new version of Virtual PC, known as Windows Virtual PC.
In this lesson, you will learn about Windows Virtual PC, and its features and requirements.
2-4 Implementing and Managing Microsoft Desktop Virtualization

What Is Windows Virtual PC?

Key Points
Windows Virtual PC is the latest Microsoft client virtualization technology designed for Windows 7,
and it enables you to run virtual machines on Windows 7 operating systems. This allows for testing,
development, and support of applications made for older operating systems.
Windows Virtual PC is a successor of Virtual PC, which Connectix developed originally for the
Macintosh and released in June 1997. Connectix then released the first version of Virtual PC for
Windows-based systems, version 4.0, in June 2001. In 2003, Microsoft acquired Connectix, and
continued to develop this product. Virtual PC 2004 was first version of this software that Microsoft
developed, and in 2006, Microsoft released it as a free virtualization product for client platforms.
Microsoft then built and released the next version, Virtual PC 2007, to support the Windows Vista
operating system. After the release of Windows 7, Microsoft developed Windows Virtual PC to
provide virtualization on this new platform.
Unlike other virtualization platforms such as Virtual Server or Hyper-V, Windows Virtual PC is not for
usage in server virtualization scenarios. Although you can install some server operating systems in the
Virtual PC environment, we do not support that scenario in a production environment. The primary
purpose of Windows Virtual PC is to provide a platform for learning, testing, development, and
support of older applications. Additionally, Virtual PC and Virtual Server, are not based on Hypervisor
technology, like Hyper-V. This means that communication with physical hardware is through
emulating hardware devices inside the virtual machine. That approach provides somewhat lower
performance than hardware-based virtualization, such as Hyper-V.

Note: In Windows Virtual PC terminology, we will be referring to the terms host and guest to
differentiate between operating systems that are running directly on the physical hardware (hosts)
from operating systems that are running inside virtual machines (guests). Basically, the physical
machine, or host, has hardware and software capabilities that are sufficient to support the running of
one or more virtual machines (guests). In Hyper-V terminology, hosts and guest are typically called
parent and child partitions.
Implementing Windows Virtual PC and Windows XP Mode 2-5

Question: Do you use any virtualization software for testing, learning, or development?

Question: Have you ever used any version of Virtual PC?

Question: If so, what operating systems did you run inside the Virtual PC environment?

Question: Do you use any other virtualization products, such as Hyper-V or other non-Microsoft
solutions?
2-6 Implementing and Managing Microsoft Desktop Virtualization

Features of Windows Virtual PC

Key Points
Windows Virtual PC provides several new features, such as providing seamless integration of the
virtualized and physical environments, and the ability to leverage the capabilities of the new hardware
(mostly processors).
The following sections describe the most important new features of Windows Virtual PC.

USB support

Windows Virtual PC now supports many USB devices, such as printers, scanners, flash memory sticks and
external hard disks, digital cameras, and smart card readers. After a user connects a USB device to a
physical computer, he can choose if that device will be available exclusively to one virtual machine or if it
is shared with other virtual machines. This enables much easier sharing of resources, and greater flexibility
and functionality for applications that are running in virtual machines. Later topics will provide more detail
on USB support in Windows Virtual PC.

Device redirection, and drive and folder sharing

Windows Virtual PC supports the redirection of some hardware devices and their functionalities to virtual
machines. For example, you can redirect printers and smart cards to virtual machines.

Beside this, Windows Virtual PC can share hard drives with the physical computer. From the virtual
machine, you can access all hard drives that connect to the physical computer. Users also can access their
Windows 7 known folders, such as Documents, Pictures, Desktop, Music, and Videos, from within a
virtualization Windows environment like Windows XP Mode.
Windows XP Mode

Windows XP Mode is a new benefit of Windows 7 Professional, Ultimate, and Enterprise, and provides
additional application compatibility. It allows you to install and run many of your productivity applications
for Windows XP directly from your Windows 7-based PC. It utilizes Windows Virtual PC and Remote
Implementing Windows Virtual PC and Windows XP Mode 2-7

Desktop Services (RDS) to provide a virtual Windows XP environment for Windows 7. Later lessons will
provide more detail on Windows XP.

Clipboard sharing
With Windows Virtual PC you can share the Clipboard between the physical machine and the virtual host.
For example, you can cut and paste between your Windows 7 host and any virtual machine.

Multithread support

In Windows Virtual PC, users can run multiple virtual machines concurrently, each running in its own
thread. This improves stability and performance.

Note: Windows Virtual PC does not include drag-and-drop functionality between the host and the
guest operating system.

Question: For you, what is the most important feature of Windows Virtual PC?
2-8 Implementing and Managing Microsoft Desktop Virtualization

Software Requirements for Windows Virtual PC

Key Points
To install and use Windows Virtual PC software, you must fulfill several requirements.
From the software perspective, the most important requirement is to run the Windows 7 operating
system. You can install Windows Virtual PC on the following host operating systems:
Windows 7 Home Basic
Windows 7 Home Premium
Windows 7 Enterprise
Windows 7 Professional
Windows 7 Ultimate
As guest operating systems, we support the following operating systems:
Windows XP Service Pack 3 (SP3) Professional
Windows Vista Enterprise Service Pack 1 (SP1) and newer versions
Windows Vista Ultimate Service Pack 1 (SP1) and newer versions
Windows Vista Business Service Pack 1 (SP1) and newer versions
Windows 7 Professional
Windows 7 Enterprise
Windows 7 Ultimate
Implementing Windows Virtual PC and Windows XP Mode 2-9

Note: Although you can install Windows Virtual PC software on both the 32-bit and 64-bit versions of
Windows 7, inside the virtual machine, you can run only the 32-bit version of any supported operating
system.

We support virtual applications only on Windows Vista Enterprise or Ultimate, Windows 7 Enterprise or
Ultimate, and Windows XP Professional SP3. Virtual applications are applications that you install inside
virtual machines but which you run on the desktop of the physical host computer. From the end users
perspective, a virtual application launches the same way as a local application. The end user clicks the
applications shortcut in the Start menu or on the desktop. Virtual applications are a key feature of
Windows Virtual PC. They enable you to run applications transparently in a guest operating system
when they are not fully compatible with the host operating system.

You also can run other guest operating systems. However, we do not support this, and in this scenario,
you may experience impaired functionality of the virtual machines.

Question: Which version of Windows 7 is not supported as a host operating system?


2-10 Implementing and Managing Microsoft Desktop Virtualization

Hardware Requirements for Windows Virtual PC

Key Points
Windows Virtual PC requires that you have hardware that can support virtualization. The following
sections detail the requirements that you must meet to be able to install and run this software.
CPU with hardware assisted virtualization support

Your computer must have a CPU with hardware-assisted virtualization capability. This feature typically is
available in the computers basic input/output system (BIOS). Although manufacturers have been shipping
hardware virtualization in PCs for three years, hardware virtualization is not available in all PCs. Therefore,
even if your PC is new, it may not have hardware virtualization. Additionally, some manufacturers of new
PCs turn off hardware, so you will have to turn it on before you can use it. For instructions on how to
enable this feature, consult your computers documentation.
Implementing Windows Virtual PC and Windows XP Mode 2-11

Note: AMD-V and Intel VT are names of CPU-specific hardware-virtualization features that you must
enable to use Windows Virtual PC. Since most computers come with a CPU from one of these two
manufacturers, you should look into your computers BIOS for these options. In some BIOS versions,
this feature is called Virtualization Technology or Virtualization support, but does not state the official
manufacturer name.

If you want to check whether your computer supports hardware-assisted virtualization, you should
download and run the Hardware Assisted Virtualization Detection Tool. Download this tool for free
from http://go.microsoft.com/fwlink
/?LinkId=163321.

Microsoft has released an update for Windows Virtual PC that is specific to Windows XP virtual
machines, such as Windows XP mode. This update removes the requirement to have hardware-assisted
virtualization support on a CPU. This means that if you are going to run only Windows XP virtual
machines in Windows Virtual PC, your computer does not need to have hardware-assisted
virtualization at the CPU level. You should install this update after you install Windows Virtual PC, and
you can find it at http://support.microsoft.com/kb/977206. Be aware that if you are running other
operating systems inside your virtual machine, they will require hardware virtualization support.

Memory

We recommend that you have at least 2 gigabytes (GB) of random access memory (RAM) in a host
machine if you want to run one or more virtual machines within Windows Virtual PC. When allocating
memory for virtual machines, you should leave at least 512 megabytes (MB) for the host machine. The
amount of memory that each virtual machine requires depends on the operating system that you install
on it.

Note: If you are using a 32-bit host operating system, you will not be able to allocate more than 4 GB
of RAM on the physical host. If you want to run several virtual machines simultaneously, we
recommend that you use 64-bit version of Windows 7 as a host operating system because it can
allocate more than 4 GBs of RAM.

Hard drive
We recommend that you have at least 15 GB of free space for each virtual machine that you plan to host.
Virtual machines can require significant storage, depending on the number of applications that you install
inside them. They sometimes require more storage than the host operating system. Also, we recommend
that you store virtual machines on separate volume. For best performance, you should use another hard
drive that you install in the host machine

Other hardware

If you want to run Windows Virtual PC, the host computer does not require any other hardware
components, such as graphic card, sound card, CD or DVD drive, network cards, USB, or parallel and serial
ports. However, if you have this hardware in place, you will experience better functionality when using the
virtual machines.

Question: What is the benefit of running the 64-bit version of Windows 7 as the host operating system?
2-12 Implementing and Managing Microsoft Desktop Virtualization

Architecture of Windows Virtual PC

Key Points
Windows Virtual PC architecture differs from other Microsoft virtualization platforms because it combines
technologies that are available in the Virtual Server and Hyper-V architectures to provide the best
experience and usability for end user.
Windows Virtual PC is not built on hypervisor technology like the Hyper-V server, but instead uses the
Virtual Machine Extensions (VMX) kernel to provide support similar to that which the hypervisor provides.
VMX Kernel is built upon the VMX of Intel Virtualization Technology (Intel VT) technology. It includes the
Virtual Machine Monitor (VMM) runtime layer, which provides support for virtual machine execution,
memory management, intercept and exception handling, and routing of interrupts that virtual machines
raise.

In Virtual PC, Virtual Server, and Windows Virtual PC, device support was primarily done through
hardware emulation. In Windows Virtual PC, the disk, network, and display subsystems present themselves
as physical devices that the guest operating system detects at startup, and are indistinguishable (to the
guest) from real hardware. However, guest operating systems cannot access physical hardware directly,
but rather, only by using device emulators to go through the host operating system.

The guest operating system loads the drivers for these corresponding devices, and they execute
input/output (I/O) commands as they would in a real environment. These I/O commands are intercepted
by the VMM runtime, which is the VMX/ SVM kernel that triggers callbacks of device emulators running
within the user mode process VPC.exe. Windows Virtual PC uses VPCBus-based devices coexisting with the
current device framework.

Windows Virtual PC, unlike products such as Virtual Server and Hyper-V Server, has additional
optimization for end users, but not necessarily for experienced IT professionals. It provides some features
that are not available on server virtualization products to enable integration between the host and the
guest operating system, and to provide greater flexibility and ease of use. Although Windows Virtual PC is
built on the Virtual Server engine, it provides much more integration between host and guest operating
Implementing Windows Virtual PC and Windows XP Mode 2-13

systems than Virtual Server. In Virtual Server and Hyper-V server, this type of integration can be a security
issue, while Windows Virtual PC provides integration as an additional convenience for the end user.

You connect to a virtual machine by using RDS technology. When users initiate a connection to a virtual
machine, they initiate a console Remote Desktop Protocol (RDP) session using port 3389. Using the same
technology, Windows Virtual PC can use device sharing and device redirection between the host and the
guest operating system.

Question: What are the most important differences between Windows Virtual PC and Hyper-V?
2-14 Implementing and Managing Microsoft Desktop Virtualization

Windows Virtual PC Modes

Key Points
Unlike virtual machines that are running inside the Hyper-V environment or inside Virtual Server, and
therefore are mostly independent from the host operating system, you can integrate virtual machines in
Windows Virtual PC with the host operating system with less or more integration details.
Integration between the guest and host operating systems in Windows Virtual PC depends mostly on the
integration components, which are software components installed inside the virtual machine that provide
communication and integration between the host and guest operating systems. In previous Virtual PC
versions, it was known as Virtual Machine Additions.
In Windows Virtual PC, you can achieve this integration at four levels:

No integration

If you do not install integration components in a virtual machine, or the guest operating system does not
support them, there is essentially no integration between the host and the guest operating system. The
only interaction in this scenario is by using an emulated console so that you can interact with the virtual
machine when the boot process begins. However, there is no device redirection, folder integration, or
mouse sharing between the host and the guest operating system.

Basic Integration Mode

The Basic Mode provides basic integration features between the virtual machine and the host, including
mouse and keyboard integration, USB support, time sync, and heartbeat parity. Integration features such
as clipboard sharing, drive sharing, and printer redirection are not available in this mode, which is useful
for power users in software development and test scenarios, where it is important to display the system-
level settings and BIOS messages explicitly as the virtual machine boots up.

Enhanced Integration Mode


Implementing Windows Virtual PC and Windows XP Mode 2-15

The majority of users will prefer this mode, because it is easy to use, and it provides the complete set of
integration features described above. For example, this mode provides the saved credentials feature so
that users do not have to login each time they launch the virtual machine. You implement Enhanced
Mode by using a connection channel based on the Microsoft RDP protocol.

Virtual Application Mode: Seamless Integration

Virtual Applications Mode is a seamless solution to application compatibility. You likely will find that this is
the most preferable way to launch and run your virtual applications, because they will integrate seamlessly
with the Windows 7 desktop and Start menu. When you install an application in the virtual machine, this
mode publishes a shortcut automatically to the Start menu of Windows 7.

Question: In which scenarios will you use the No Integration mode?


2-16 Implementing and Managing Microsoft Desktop Virtualization

Features of Virtual Machine Integration

Key Points
Integration features improve the experience of using a virtual machine by providing features that improve
interactions between the virtual machine and the physical computer, as well as between the operating
systems of both.
Integration features are available for all supported guest operating systems.

The Integration Components package, which Windows Virtual PC includes, contains the integration
features. For all other supported guest operating systems, you must install the Integration Components
package in the guest operating system to make the integration features available. Please be aware that an
updated version of the package may be released for a specific guest operating system. In that case,
upgrade the Integration Components package in the guest operating system.
After the integration features are available, you can turn most of them on or off by modifying the virtual
machines Integration Features settings. The two exceptions are mouse integration and time
synchronization, which are turned on when the package is installed. Mouse integration makes it possible
for you to move the mouse seamlessly between the desktops of the host operating system and the guest
operating system. Time synchronization keeps the time in the guest operating system synchronized with
the host operating system.

The integration features that you can turn on or off include:


Audio. This setting controls whether audio input and output for the virtual machine is redirected to
audio devices in the host, or is managed by an emulated audio device. To improve audio
performance, clear the check box for a virtual machine that is running Windows XP, and select the
check box for a virtual machine that is running Windows Vista or Windows 7.
Clipboard. You can copy and paste data between the host and guest operating systems. For example,
you can copy a URL from the browser in a guest operating system, and paste it to a browser in the
host operating system.
Implementing Windows Virtual PC and Windows XP Mode 2-17

Printer. You can use the printer that is available on the physical computer inside the virtual machine.
This allows you to print directly from a virtual application that you are using in the virtual machine
Smart cards. Virtual machine can access smart card readers that you install on the physical computer.
This means that you can use these cards (and certificates) for authentication, authorization, and
encryption inside the virtual machine.
Hard drives. This feature shares the drives that you select on the host with the virtual machine, so that
you can access host data easily from the virtual machine. This feature also makes it possible to access
the host desktop and Documents folder from virtual applications when you select those resources to
share.
2-18 Implementing and Managing Microsoft Desktop Virtualization

Features of Virtual PC 2007 SP1

Key Points
Along with Windows Virtual PC, which is designed for Windows 7, Virtual PC 2007 SP1 is desktop
virtualization software for earlier versions of Windows, such as Windows Vista. You also can run Virtual PC
2007 SP1 on Windows 7, but not in parallel with Windows Virtual PC.
Unlike Windows Virtual PC, Virtual PC 2007 SP1 does not require that hardware virtualization support is
present in the host computers hardware, although it can utilize it. Therefore, you can install Virtual PC
2007 SP1 on older hardware to provide virtualization platform, even if there is no hardware virtualization
support available.
Virtual PC 2007 SP1 does not provide some of the features that Windows Virtual PC provides. One of
these features is USB support, which means that you cannot provide access to USB devices to virtual
machines that you create with Virtual PC 2007 SP1. Also, Virtual PC 2007 SP1 does not provide virtual
application integration with host operating systems, and you cannot use drive sharing the way that you
can in Windows Virtual PC. The creation of new virtual machines in Windows Virtual PC integrates in an
interface that is like Windows Explorer, while Virtual PC 2007 SP1 uses a separate console for that.
Conversely, Windows Virtual PC does not support drag and drop support between the host and guest
operating systems which Virtual PC 2007 SP1 does.

When you deploy virtual machines, and you plan to switch from Virtual PC 2007 SP1 to Windows Virtual
PC, you should consider following:
The virtual machine additions components, also known as Integration Components Virtual PC 2007
SP1 are not compatible with Windows Virtual PC. This means that you must uninstall them before
migrating virtual machines from Virtual PC 2007 SP1 to Windows Virtual PC.
Save state files that you create in Virtual PC 2007 SP1 are not compatible with Windows Virtual PC.
You must delete save state files prior to migration.
You must recreate the virtual machines configuration when you migrate virtual machines from
Virtual PC 2007 SP1 to Windows Virtual PC.
Implementing Windows Virtual PC and Windows XP Mode 2-19

Question: What is a main reason to Virtual PC 2007 SP1 instead of Windows Virtual PC?
2-20 Implementing and Managing Microsoft Desktop Virtualization

Lesson 2
Configuring Windows Virtual PC

Before starting to use virtual machines, you must configure the software options for Windows Virtual PC
and create some components that the virtual machines need, such as virtual hard disks (VHDs). You also
must configure virtual hardware settings for each virtual machine, such as networking and USB devices.

If you want to use virtual machines efficiently, it is very important to understand VHDs, including what
types of VHDs exist and how to use them.

This lesson discusses the configuration of virtual machine settings, and the creation and usage of
components that virtual machines need.
Implementing Windows Virtual PC and Windows XP Mode 2-21

Virtual Machine Settings

Key Points
If you want to create and use virtual machine in the Windows Virtual PC environment, you have to create
the virtual machines configuration and configure the settings inside the configuration.

The virtual machine configuration is an XML-formatted file that describes the hardware configuration of a
virtual machine in essentially the same way that you describe a physical machines hardware components.
Since virtual machines in Windows Virtual PC do not directly access hardware, the configuration file is
used to configure the virtual machines hardware options and components, and defines resources, such as
RAM memory, that will be taken from the host machine when you start the virtual machine.
You can configure the following settings for virtual machines in Windows Virtual PC:
Name. The name setting defines the virtual machines name. This is not the name of the virtual
computer, or operating system, that the virtual machine represents, but rather just the name of the
configuration file.
Memory. This setting is where you enter the amount of RAM memory that the virtual machine will
allocate from the physical host when you start it. Note that the specified amount of RAM is used only
when the virtual machine is running. When calculating the amount of RAM memory that will be
available to one machine, take into account the number of virtual machines that will be running
simultaneously and the amount of RAM that should remain available for a host operating system.

Note: An example would be if you are going to run three virtual machines simultaneously, and you
have 4 GB of RAM memory, then you should not allocate more than 1GB of RAM per virtual machine.
Windows Virtual PC does not support memory over commitment.

Hard disk (1, 2, 3). These options allow you to move VHD files to the virtual machine. You can add
three VHDs to one virtual machine, and you must define at least one. On the hard disk, you also can
start the wizard to create new VHDs and modify existing ones.
2-22 Implementing and Managing Microsoft Desktop Virtualization

DVD drive. The DVD Drive setting option allows you to use a physical DVD drive from the host
computer or to map the ISO image file as a DVD to the virtual machine.
COM1, COM 2. These settings enable you to configure usage of physical Component Object Models
(COM) ports inside virtual machine or map virtual COM ports to a named pipe or text file.
Networking. The Networking option enables you to add four network adapters to a virtual machine,
and change the connection state of each network adapter. Each network adapter in virtual machine
can be mapped directly to any physical network adapter in host machine, use network address
translation (NAT) through physical network adapter, use Internal Network for communication
between virtual machines, or be in disconnected state. This will be discussed later in more detail.
Integration features. These features and their corresponding settings allow you to configure the level
of integration between the virtual machine and the physical host. You can allow audio, printer,
clipboard, and smart-card sharing, and also allow access to physical drives in the host computer. If
you want to use integration features, you must install integration components in the virtual machine.
Keyboard. The Keyboard setting determines how your computer or virtual machine will respond to
keyboard shortcuts such as ALT+TAB. The default behavior is to pass these shortcuts to the virtual
machine only when you are running in full screen mode. Otherwise, keyboard shortcuts execute on
the host operating system.
Logon Credentials. The Logon Credentials setting enables you to delete all saved credentials if you
previously chose to save credentials that users are entering when they log on to virtual machines.
Auto Publish. The Auto Publish setting enables you to configure whether the virtual machine will
publish virtual applications automatically to the Windows 7 host machine. If you are going to use
Windows Virtual PC to support older applications, we recommend that you to enable this option.
Close. The Close setting enables you to define the virtual machines behavior when the user clicks a
button to close the virtual machine window. You can choose to be prompted for action each time
you try to close the virtual machine window or choose a preconfigured action, such as Hibernate.
If you want to make changes to the virtual machine configuration, you can do it by opening the Settings
dialog box after right-clicking the virtual machine icon in the Virtual Machines folder window. For most
changes to occur, you must turn off the virtual machine. However, you can make some changes, such as
mapping a virtual DVD drive to an .ISO file or physical drive, or changing settings for the virtual network
adapter s connection, even while the virtual machine is running. Conversely, you must perform other
changes, such as changing the amount of allocated RAM memory or adding VHDs to the virtual machine,
when the machine is turned off.
Implementing Windows Virtual PC and Windows XP Mode 2-23

Features of VHDs

Key Points
VHDs are files on the physical machine that store the hard-disk contents of a virtual machine. Windows
Virtual PC treats each VHD file as a separate hard disk, and each virtual machine can have three VHD files
attached. You must have at least one VHD attached to the virtual machine if you want to run it.
The VHD file format is an open standard and does not depend on virtualization technology in use, and to
the host and guest operating systems. Because of that, Windows Virtual PC, Virtual Server, and Hyper-V all
use the same format of VHD files.

Note: You cannot directly use VHD files from one virtualization platform in another platform, since
Integration Components are not compatible between platforms. For example, if you want to use VHD
from a Virtual Server-based virtual machine in Windows Virtual PC, you first must uninstall Virtual
Machine Additions before attaching a VHD to the machine in Windows Virtual PC.

Types of VHDs

There are three types of VHDs: fixed-size disks, dynamically expanding disks, and differencing disks.

Fixed-size disks take up all of the space that the VHD is allowed to have. For instance, if you create a fixed
disk that is 64 GB, the VHD file will occupy 64 GB of hard-disk space from the time of creation, and its size
will never vary. However, this type of disk provides the best performance for virtual machines, and we
recommend that you use it if you have a disk-intensive application in the virtual machine.

Dynamically expanding disks increase in size to take up space as required. The size that you specify when
you create a dynamically expanding disk indicates the maximum size to which the disk can grow. For
instance, if you create a dynamically expanding disk of size 64 GB, the VHD file might initially occupy only
a few hundred kilobytes (KB). It then will grow upon usage to occupy the maximum size that you specify
(64 GB). Note, however, that the guest operating system believes it has the full 64 GB from the start.
Additionally, these disks do not shrink automatically when you delete some files inside the virtual
2-24 Implementing and Managing Microsoft Desktop Virtualization

machine. You must use the Compact option for this. Dynamically expanding disks have a little slower
performance than fixed-size disks, to which you can convert them, if necessary.

Differencing disks are a VHD that you use to isolate changes to a VHD or the guest operating system by
storing them in a separate file. A differencing disk is associated with another VHD that you select when
you create the differencing disk. This means that the disk to which you want to associate the differencing
disk must exist first. Later topics will provide more detail on these types of disks.
Native VHD Support in Windows 7

In addition to the ability to use VHD files as storage, Windows 7 provides native support for booting from
a VHD file rather than from the system boot files on the systems hard disk. Booting from VHD enables
you to mount a VHD as a bootable drive and, as the name implies, boot from it. This can be very useful
for creating multiple operating-system installations without having to create multiple operating-system
partitions on your hard drive. However, when you boot a physical machine from a VHD, you do not start a
virtual machine. Instead, you use a VHD instead of the physical drive. The operating system that is booted
from the VHD has the same level of access to hardware as an OS installed in the traditional way.
Implementing Windows Virtual PC and Windows XP Mode 2-25

What Are Differencing Disks?

Key Points
One specific type of disk that you can use inside a virtual machine is a differencing disk. A differencing
disk is a VHD that you use to isolate changes to a VHD or the guest operating system by storing them in a
separate file.
A differencing disk is always associated with another VHD that you select when you create the
differencing disk. This means that the disk to which you want to associate the differencing disk must exist
first. This VHD is the parent disk, and the differencing disk is typically called the child disk. The parent disk
is sometimes called the base disk.
The parent disk can be any type of VHD, even another differencing disk. The differencing disk stores all
changes that would otherwise be made to the parent disk if the differencing disk is not in use. The
differencing disk provides an ongoing way to save changes without altering the parent disk. You can use
the differencing disk to store changes indefinitely, as long as there is enough space on the physical disk
where you store the differencing disk. The differencing disk expands dynamically as data is written to it,
and it can grow as large as the maximum size that you allocate for the parent disk when you created it.
When you create the differencing disk and attach it to the virtual machine, the operating system reads
data from both the parent disk and the differencing (child) disk at once.

You typically do not use differencing disks in production environments.

Note: We recommend that you write-protect or lock the parent disk before using the differencing
disk. Otherwise, if some other process modifies the parent disk, all differencing disks related to it
become invalid, and all data written to the differencing disks is lost. You also need to modify the
virtual machine by replacing the parent disk with the differencing disk. Otherwise, you will receive an
error when you try to start the virtual machine because it cannot use a read-only disk.

Managing the contents of differencing disks


2-26 Implementing and Managing Microsoft Desktop Virtualization

You can distribute the contents that the differencing disk stores by merging the differencing disk with the
parent disk. This modifies the parent disk with all the changes that the differencing disk stores, and then
deletes the differencing disk. There also is an option to merge changes to a new disk. Merging to a new
VHD retains both the parent disk and the differencing disk in their current state, and creates a new VHD
that is a combination of the contents of the parent disk and the differencing disk. You can use this new
disk as a parent for a new virtual machine.

Using multiple differencing disks with one parent disk


You can associate more than one differencing disk to a parent, which means that virtual machines can
share one parent disk but have their own differencing disk. This can be useful in a variety of scenarios. For
example, a test engineer or call-center technician could have a dozen or more virtual machines with
different configurations, such as different software updates and installed applications. The virtual
machines could share a parent disk that contains the operating system, which is common to all virtual
machines, and each virtual machine could have its own differencing disk to store the configuration that
differs from the parent.

Note: If you use multiple differencing disks that share a parent disk containing an operating system,
you must apply any software updates to each differencing disk. If you apply the software update to the
parent disk, all differencing disks associated with that parent disk would be unusable.

Chaining differencing disks


You can chain differencing disks, which means that a differencing disk can have another differencing disk
as a parent disk. Depending on how you design the chain, you can save considerable disk space. For
example, if you want to test upgrade scenarios or version compatibility, you could use a parent disk as the
base and a chain of differencing disks for the consecutive versions. This approach would save disk space if
each differencing disk contained one update only.

Note: Chaining several differencing disks and connecting it to one virtual machine can impair
performance, as the operating system must read from several VHD files at the same time. Because of
that, we recommend that you keep the number of chained differencing disks under five.
When you create a chain of differencing disks, it is particularly important to lock all disks except the
most recent child disk. Any changes made to any older disks would invalidate all later disks in the
chain. However, the most recent child disk must be writable so that a virtual machine can use it.

Question: What can you achieve by associating multiple differencing disks to one parent disk?
Implementing Windows Virtual PC and Windows XP Mode 2-27

What Are Undo Disks?

Key Points
Undo Disks is a feature that saves changes to a virtual machines data and configuration in a separate
undo disk file in case you want to reverse the changes. The feature provides you with a way to decide
whether to modify a virtual machine and its disks permanently each time you end a virtual machine
session or revert the virtual machine to its initial state. When you enable Undo Disks, it applies to all VHDs
installed on the virtual machine.

When you run a virtual machine that is using Undo Disks, any changes to a VHD are temporarily stored in
an undo disk (.vud) file, rather than in the original VHD file. This is very similar to using differencing disks.
However, there are two notable differences. A differencing VHD is associated with one VHD rather than
with the virtual machine, and you are not prompted to decide what to do with the changes when you
shut down a virtual machine.
When you enable Undo Disks, you have the following options to manage them.

Apply changes. This option updates the original VHD with all changes that were stored in the undo disk
file. This is similar to merging a differencing disk with its parent disk. You can access this option through
Virtual Machine settings.

Discard changes. This option deletes the undo disk file and leaves the original hard disk file unchanged.
Windows Virtual PC creates a new, empty undo disk file the next time you turn on the virtual machine.
You can do this by choosing the Turn off and delete changes option when closing the virtual machine
or by choosing the Discard Changes option from the Virtual Machine settings.

When you discard or apply changes on an undo disk, that action applies to all changes that it stores. In
other words, you cannot selectively delete or apply changes on an undo disk.

The undo disk file is always created in the same folder as the virtual machine configuration file.
2-28 Implementing and Managing Microsoft Desktop Virtualization

Note: Undo disks do not contain virtual machine configuration changes.


Windows Virtual PC does not support snapshots like Hyper-V does. Undo disks provide similar
functionality.
Implementing Windows Virtual PC and Windows XP Mode 2-29

Demonstration: Creating VHDs

In this demonstration, your instructor will show you how to create various types of VHDs.

Demonstration steps:
Create a dynamically expanding VHD in Windows Virtual PC.
Create a differencing VHD in Windows Virtual PC.
Create a VHD in Windows 7 Disk Management.
Attach VHDs.
2-30 Implementing and Managing Microsoft Desktop Virtualization

USB Support in Windows Virtual PC

Key Points
Windows Virtual PC supports USB devices in virtual environments. This means that you can access various
USB devices, such as USB memory sticks, printers, or scanners, from applications that are installed in the
virtual machine. You can install up to eight USB devices inside the virtual environment.
USB architecture in Windows Virtual PC

Windows Virtual PC uses the Redirection Policy Manager (RPM) of the Windows to provide the USB
redirection in a virtual machine. It loads an alternate driver in the lieu of the original driver to redirect the
device to a virtual machine. WVPC creates a virtualized host controller in the virtual machine that is
offered by using a Virtual PC bus channel.

USB architecture consists of a server-side component running in the host operating system and a client-
side component that is running in the virtual machine. The server side involves a connector driver to
manage USB devices and a stub instance for every USB device. The client side implements a VPC bus-
enumerated virtual host controller that supports the subset of the USB driver interfaces that are necessary
for compatibility with the supported devices. The redirection process also triggers the connector driver to
send commands to the guest to create the physical device object (PDO) for the redirected device. Then
the stub driver, connector driver, and the virtual bus or hub driver work in unison to enable
communication of commands, responses, and data between the physical USB device and the redirected
USB device.

USB device usage in Windows Virtual PC

You can use USB devices in two ways: sharing and redirection. In the default mode, with all integration
features enabled, you can use storage devices, printers, and smart cards without having to redirect the
device manually, by simply sharing it with the physical host. This requires that the device driver is available
both in the virtual machine and on the host.
Implementing Windows Virtual PC and Windows XP Mode 2-31

If the driver is not available in Windows 7, but is available for the operating system inside the virtual
machine, you can redirect the device to the virtual machine. This means that access to the device will be
available only to the virtual machine.

Using Group Policy to manage device redirection


You can use Group Policy to prevent the redirection of selected USB devices to a virtual machine, such as
for security or compliance reasons. You can do this at the per device or device-class level. Additionally,
you can prevent the use of all USB devices inside a virtual machine. These settings are helpful in an
organization where users are not allowed to use these devices in the physical machine.

These Group Policy settings can be found by clicking Computer Configuration Administrative
Templates, clicking System, clicking Device Redirection, and then clicking Device Redirection
Restrictions.
2-32 Implementing and Managing Microsoft Desktop Virtualization

Networking Options for Virtual Machines

Key Points
Inside the Virtual Machine settings console, you can configure networking options if you want to connect
a virtual machine to different type of networks.
You can connect each virtual machine to four networks, which means that you can have up to four virtual
network adapters installed inside a virtual machine. The Virtual PC host application emulates Intel DEC
21140A network cards. Each emulated network adapter is assigned a unique media access control (MAC)
address in the range 00-03-ff-XX-XX-XX. The last three octets are calculated using the host network
adapter MAC address. For each network adapter, you can configure the different types of networks that it
connects to, including:
Not connected. If you configure the network adapter as not connected, that means that it has no
connection to any network. It appears in the device manager of the virtual machine, but it is in a
disconnected state. It is the same as a physical network adapter, with no connection.
Internal Network. When you connect the virtual network adapter to this network, it can connect only
to the other virtual machines on the same physical machine. Software switch, also known as virtual
switch, inside Windows Virtual PC forwards the packets directed for the destination virtual machine
without connecting to any external network on the host. This is useful for cases where you want to
connect to two or more machines completely isolated from the network.

Note: In Hyper-V terminology, Internal Network is used for communication between virtual machines,
and between virtual machines and the host operating system. In Windows Virtual PC, you cannot
communicate with the host via this network.

Host network adapter. This option provides you with the ability to connect the virtual machine
network adapter to any physical network adapter in the host machine, in bridge mode. This enables
you to connect to the external network by using the host network adapters. When you connect the
virtual machine by using this option, the virtual card has a unique presence on the network, just like
any other physical host machine. This option requires that you install the Virtual PC network filter
Implementing Windows Virtual PC and Windows XP Mode 2-33

driver in the hosts networking stack. This driver is installed during the Windows Virtual PC installation
process, and by default, it binds to all network adapters based on 802.3 802.11. To disable the Virtual
PC Network Filter, double-click on network adaptor in the Network and Sharing Center and click
Properties of the host machines physical network adapter, which prevents the virtual machine from
using it. If you connect the machine to a physical host adapter, it can communicate with all other
hosts on that network (physical and virtual) and with the host where the virtual machine resides.
Shared Networking (NAT). Shared networking, or NAT, is another way that the guest can connect to
the external network. The main difference between this and the bridge mode is that the virtual
machine is behind the NAT, and it does not have a unique identity in the external network. It supports
all connections that use TCP/IP. When you connect by using the bridge mode, you must use a
separate IP address for the guest, so if there is a shortage of IP addresses, this option may not work.
Conversely, NAT would be a good option in this scenario. You also can use this option when you do
not want to connect directly to an external network and remain behind this NAT. This acts as a strong
firewall that protects the guest from outside attacks.
There are certain limitations when you connect by using NAT. If the payload contains the source IP
address, then it may break when the IP address is replaced with the host because the payload still will
contain the guest IP address. We do not support connecting with a virtual private network (VPN) that is
inside the guest. Some VPN connections require the opening of raw sockets, which require administrative
privileges to open successfully. Conversely, the Windows Virtual PC application runs in the user context.
Applications that use TCP/IP, like browsing the Internet, Windows Live Messenger, and shared access, will
work when you connect by using NAT. We recommend that you connect by using the bridge mode when
the guest needs to use VPN.

Note: You can use shared networking only on the first network adapter in the virtual machine.

Question: If you use shared networking on a virtual network adapter, can the virtual machine
communicate with the host computer, such as when it needs to share files?
2-34 Implementing and Managing Microsoft Desktop Virtualization

Demonstration: Creating and Configuring Virtual Machines

In this demonstration, your instructor will show you how to create and configure virtual machines in
Windows Virtual PC.

Demonstration steps:
Create a virtual machine, and then configure it to use an existing disk.
Change the virtual machine configuration settings.
Start the virtual machine.
Demonstrate different networking types.
Implementing Windows Virtual PC and Windows XP Mode 2-35

Lesson 3
Installing, Configuring, and Managing the Windows
XP Mode

Windows XP Mode is a benefit of using Windows 7 and Windows Virtual PC. It provides users with a
virtual machine that is preconfigured with Windows XP Professional SP3 installed, primarily to support
usage of older applications and devices that cannot work with Windows 7. Windows XP Mode supports
seamless application integration, which means that you can run applications installed inside the virtual
machine in a same way as you run existing applications installed locally on the Windows 7 machine.
This lesson focuses on installing, configuring, and managing Windows XP Mode on Windows 7.
2-36 Implementing and Managing Microsoft Desktop Virtualization

What Is Windows XP Mode?

Key Points
Designed primarily with small businesses in mind, Windows XP Mode for Windows 7 enables a user to
install and run Windows XP applications directly from a Windows 7-based PC. With Windows Virtual PC,
Windows XP Mode works in Windows 7 Professional, Enterprise, and Ultimate, and provides a 32-bit
Windows XP Professional Service Pack 3 environment that is preloaded on a VHD. Since Windows XP
Mode is running inside the Windows Virtual PC environment, the same requirements apply as for other
virtual machines that are running inside Windows Virtual PC.

Windows XP Mode is not a part of Windows Virtual PC. You must download it separately from the
Microsoft Download Center, and then install it manually. We recommend that you download and install
Windows XP Mode first, and then install the Windows Virtual PC environment.

Note: Windows XP Mode is available only for Windows Virtual PC and Windows 7. You cannot use it
with Virtual PC 2007.

Using Windows XP Mode is faster and easier than creating your own virtual machine because Windows
Virtual PC creates the virtual machine for you, configures it to run Windows XP, and then installs the
following:
The Integration Components package. These components improve the experience of using a virtual
machine by providing features that improve interactions between the virtual machine and the
physical computer.
Support for virtual applications. This feature requires an update to the guest operating system. In
Windows XP Mode, this update is installed by default.

Additionally, since Windows XP Mode is free for Windows 7 users, you do not have to buy separate
licenses to run a virtual instance of Windows XP on your Windows 7 machine.
Implementing Windows Virtual PC and Windows XP Mode 2-37

Note: Although some of the features of Windows Virtual PC improve the integration between the host
operating system and a guest operating system, such as Windows XP, the operating systems are
separate, and you must manage them separately. For example, to receive the maintenance benefits
that features and tools such as Windows Update and antivirus programs provide, you must install and
run them in the guest operating system.

Windows XP Mode provides users with number of productivity features and benefits, including:
Folder integration to allow accessing the hosting Windows 7 disk drives within XP mode.
Seamless applications to access the XP mode application in the All Programs menu from the hosting
Windows 7 machine.
USB support for XP Mode.
Clipboard sharing between a hosting Windows 7 machine and XP Mode.
Printer redirection for XP Mode.
All of these features are ready to use immediately after you install Windows XP Mode.

Note: The Windows XP virtual machine that is running in Windows XP Mode is networked by default
with the hosting Windows 7 machine by using NAT. You can change this in the virtual machine
settings.

When you use Windows XP Mode, you should consider that XP mode is, in effect, a virtual machine like
the other virtual machines that you create. It means that you can configure most settings for a Windows
XP Mode virtual machine,just like you would configure settings on any other virtual machine.
Storage required for running Windows XP Mode

By default, Windows XP Mode uses space on the system drive to store the virtual machine and VHDs. The
virtual machine requires two VHDs:
A parent VHD. The default location is %systemdrive%\Program Files
\Windows XP Mode. This is the preconfigured default drive inside the Windows XP Mode package,
which you download from the Microsoft Download Center.
A differencing VHD. By default, Windows XP Mode Setup creates this disk at
%systemdrive%\Users\<username>\AppData\Local\Microsoft\Windows Virtual PC\Virtual Machines.
This disk is specific for each user on the Windows 7 machine that is using Windows XP Mode. For
each user, a new differencing disk is created. This enables each user to configure his own Windows XP
Mode environment and applications.

Question: What is an example of a typical usage scenario for Windows XP Mode?


2-38 Implementing and Managing Microsoft Desktop Virtualization

Demonstration: Setting Up Windows XP Mode

In this demonstration, your instructor will show you how to install and set up Windows XP Mode.

Demonstration steps:
Start Windows XP Mode setup.
Create a password.
Configure the Windows Update options.
Configure drive sharing.
Set up Windows XP Mode.
Configure Windows XP Mode in full screen mode.
Implementing Windows Virtual PC and Windows XP Mode 2-39

Publishing Virtual Applications

Key Points
If you are running a Windows XP Mode virtual machine as a guest operating system, you can run an
application installed in a virtual machine directly from the Start menu of the host operating system. This
makes it possible for you to run Windows 7 as the host operating system, and then use existing
applications, while avoiding problems that might occur if the applications are not compatible with
Windows 7. This method of running an application is called a virtual application.

You can publish and use virtual applications if the guest operating system is Windows XP Professional
Service Pack 3, Windows Vista Enterprise Service Pack 1, Windows Vista Ultimate Service Pack 1, Windows
7 Enterprise, or Windows 7 Ultimate. This scenario does not support other operating systems.

When you publish a virtual application to a Windows 7 host operating system, files on the host will be
associated with the virtual application if those files are not already associated with an application on the
host operating system. If the drive on which the file is stored is shared with the virtual machine, you can
double-click the file, and the virtual application will open the file.

Note: The system tray of the host operating system may include icons of programs that are running in
a virtual machine. For these programs, the tooltip includes (Remote) to help you identify which
programs are running in a virtual machine. If the same program is running in both the host and guest
operating systems, the system tray shows two instances of the same icon.

Automatic publishing of virtual applications

For each virtual machine inside Windows Virtual PC that is running a supported operating system, you can
configure Automatic Publishing of virtual applications inside the virtual machine to a physical host that is
running Windows 7. This means that each application installed inside the virtual machine will appear in
the Start Menu of the Windows 7 computer, and will work via seamless integration.
2-40 Implementing and Managing Microsoft Desktop Virtualization

For a Windows-based virtual machine (Windows XP SP3 and newer versions), you need to install the
Update for Windows XP SP3 or above to enable RemoteApp or Update for Windows Vista SP1
or above to enable RemoteApp feature inside the virtual machine. Windows XP Mode VHD has this
package preinstalled. Also, you need to ensure that autopublishing is enabled in the virtual machine
settings. You can verify this by opening the settings for the virtual machine, and then navigating to Auto
Publish Setting.

By default, applications installed under the All Users profile are autopublished to the Windows 7 host.
Therefore, if an application has created its shortcuts in the All Users profile, no action is required from the
user. However, there are applications that do not install for the All Users profile, and which are installed
for the current user only. In that case, you should copy the application shortcut from the current user
profile to the All Users profile so that the application can be published.

Controlling application publishing


Though autopublishing works automatically, with virtually no user intervention required, there are ways in
which you can control publishing.

Exclude List

You may want some applications that you install in the guest to remain unpublished to the hosts Start
menu. For this purpose, there is a list inside the guest registry called the Exclude List. This list contains full
paths of applications that you do not want to publish to the hosts Start menu. The Exclude List is present
in the guest registry at HLKM\Software\Microsoft\Windows NT\CurrentVersion\Virtual
Machine\VPCVAppExcludeList.

Manual publishing
Another way you can control the applications that are published to the host Start menu is through
manual publishing. In this scenario, the user disables autopublishing, and then takes total control of what
is published to the hosts Start menu. This is very useful for IT administrators who want to restrict
applications that are published, irrespective of the number of applications that the user installs inside the
guest.

Applications that publish to the host Start menu have an entry in the guest registry that the WMI class
Win32_TSPublishedApplication manages. You can use scripting to manipulate this WMI class to publish,
and rescind publication of, applications manually.
Implementing Windows Virtual PC and Windows XP Mode 2-41

Demonstration: Publishing and Working with Published Applications

In this demonstration, your instructor will show you how to publish applications and work with published
applications.

Demonstration steps:
Demonstrate that the virtual machine has enabled Auto Publish.
Install Microsoft Access version 2.0 inside Windows XP Mode.
Show that application shortcuts are added to the Start menu in Windows 7.
Show that the Start menus search functionality finds them.
Start the virtual application.
2-42 Implementing and Managing Microsoft Desktop Virtualization

Additional Considerations for Implementing Windows XP Mode

Key Points
After you deploy Windows XP Mode, you can perform additional configuration of the Windows XP virtual
machine. Some of most common management tasks and considerations for Windows XP mode are:
Joining Windows XP Mode virtual machine to workgroup or domain. Just like any other computer,
this machine can be domain or workgroup member. You do this by using the same procedures as
with a physical host. Before doing this, make sure that the virtual machine is connected to your
network so that it can access the workgroup or domain. In order for Windows XP Mode machine to
have access to the network, you should connect it to your physical adapter.
Managing saved credentials. When deploying Windows XP Mode, during its initial setup, you must
provide a password for a default user called XPMUser. This password is saved, so user is not prompted
to enter it when starting the Windows XP Mode virtual machine. This is very convenient, especially
when you are using virtual applications. However if you want to clear saved passwords for this or
other user accounts, you can do it by using the Settings menu for the virtual machine. You should be
aware that this account is a member of the Administrators group.
Using Undo Disks. When you are using a Windows XP Mode virtual machine, you can use the Undo
Disk option, which is disabled by default. You can enable it by using the Settings menu. This option is
useful if you want to revert a virtual machine to its pre-session state.
Using antivirus and antispyware protection. Windows XP Mode virtual machine does not have
antivirus or antispyware software installed. Since this machine behaves as any other computer on the
network, the host machine cannot protect it. Therefore, it is very important to update this machine
regularly through Windows Update service and to install antivirus and antispyware software,
especially if you are connecting this machine to the Internet.
Implementing Windows Virtual PC and Windows XP Mode 2-43

Lesson 4
Creating and Deploying Custom Images of Windows
XP Mode

Besides using precreated Windows XP Mode virtual machine, you also can make your own virtual
machines. You can make VHD templates that you can use to create new virtual machines, or you can
convert physical hard disks that have Windows XP installed to VHDs. This lesson focuses on these tasks,
and provides you information about deployment techniques.
2-44 Implementing and Managing Microsoft Desktop Virtualization

Creating a Custom Windows XP Image

Key Points
Some users may choose to use a custom Windows XP virtual machine instead of the precreated one in
Windows XP Mode. That means that to create a virtual machine manually, as well as the virtual hard drive,
and then install the supported operating system, which would be Windows XP. After that, you will need to
install the integration features to provide integration between the virtual machine and the Windows 7
host computer. Lastly, you have to install the available updates for the virtual machines operating system,
and the applications that you will use in the virtual environment. Additionally, we recommend that you
install antivirus software inside the virtual machine, because the host operating system does not protect it
from viruses.

Note: Building your own Windows XP Mode images requires Windows XP with Service Pack 3 and the
proper license.

If you want to use application integration features, you will need to install an update to the operating
system inside the virtual machine. If you have installed Windows XP SP3, you need update KB961742. If
you have Windows Vista installed, you need KB961741. These updates provide RemoteApp support inside
the virtual machine operating systems. RemoteApp is a technology from Windows Server 2008, and it
enables you to run remote or virtual applications, as well as local applications. A Windows XP Mode virtual
machine does not require this update, since it is preinstalled.

If you will be distributing a Windows XP virtual machine to several users, or you will be including it in a
Windows 7 image file, we recommend that you perform preparation with the Sysprep utility, especially if
the machine will have a network connection. The Sysprep utility will generalize the operating system
inside the virtual machine, and on the next boot, during it will create a new machine security identifier
(SID) that makes each machine setup unique.
Implementing Windows Virtual PC and Windows XP Mode 2-45

To automate the setup wizard, you can use the Sysprep.inf answer file. Sysprep.inf is a text file that
contains settings for automating installation. The easiest way to build Sysprep.inf for automating
installation is to use Setup Manager, which is included in the Windows XP deployment tools.

Question: Why would you build your own Windows XP virtual machine instead of using Windows XP
Mode?
2-46 Implementing and Managing Microsoft Desktop Virtualization

Capturing a Windows XP Image by Using the Disk2vhd Utility

Key Points
Disk2vhd is a utility that creates VHD versions of physical disks for use in Windows Virtual PC or Hyper-V
virtual machines, which makes the process of converting physical computers to virtual machine easier and
more convenient. It allows you to continue using the same volume with the same data from the physical
disk (and computer) in the virtual machine.
The difference between Disk2vhd and other physical-to-virtual tools is that you can run Disk2vhd on an
online system. Disk2vhd uses the Volume Snapshot capability, introduced in Windows XP, to create
consistent point-in-time snapshots of the volumes that you want to include in a conversion.
However, Disk2vhd cannot replicate computer hardware configuration to virtual machine hardware
configuration (like System Center Virtual Machine Manager 2008 does), so you will need to create a new
virtual machine with hardware characteristics similar to the physical computer, and then attach a disk to it.

Disk2vhd tool will create one VHD for each disk on which selected volumes reside. It preserves the
partitioning information of the disk, but only copies the data contents for volumes on the disk that you
select. This enables you to capture just system volumes and exclude data volumes, for example.

Note: Virtual PC supports a maximum virtual disk size of 127 GB. If you create a VHD from a larger
disk, it will not be accessible from a Virtual PC virtual machine.

To use VHDs that Disk2vhd produces, create a virtual machine with the desired characteristics, and add
the VHDs to the virtual machines configuration as integrated development environment (IDE) disks. On
first boot, a virtual machine that is booting a captured copy of Windows will detect the virtual machines
hardware and automatically install drivers, if they are present in the image. If the required drivers are not
present, you can install them via the Windows Virtual PC or Hyper-V integration components. You also
can attach them to VHDs using the Windows 7 or Windows Server 2008 R2 Disk Management or Diskpart
utilities.
Implementing Windows Virtual PC and Windows XP Mode 2-47

Disk2vhd runs Windows XP SP2, Windows Server 2003 SP1, and newer versions, including x64 systems.

Note: Do not attach to VHDs on the same system on which you create them, if you plan to boot from
them. If you do so, Windows will assign the VHD a new disk signature to avoid a collision with the
signature of the VHDs source disk. Windows references disks in the boot configuration database (BCD)
by disk signature, so when that happens, Windows booted in a virtual machine will fail to locate the
boot disk.
2-48 Implementing and Managing Microsoft Desktop Virtualization

Considerations for Deploying and Maintaining Windows XP Images

Key Points
Before you deploy the Windows XP virtual images that you created to client computers, you should
consider the following:
Files that should be included. Every virtual machine consists of two files. One is the configuration file,
with a .vmcx extension, and the other is the virtual hard drive with a .vhd extension. If you want to
have a virtual machine ready out-of-the-box, or manually import a virtual machine on another
computer, you need to have both files present.
Using differencing disks. The usage of differencing disks can affect performance. If you will be using
differencing disks, and if you are going to chain them, be sure to deploy all disks, together with the
parent disk, to clients that will be using Windows XP virtual machines.
Planning Antivirus and Security. When you run Windows XP Mode on a host computer, the antivirus
and security applications on the host computer do not provide coverage for the virtual machine that
is running Windows XP. Therefore, you must install any antivirus and other security applications in
your virtual Windows XP image.
Consult the license agreement for your antivirus and security applications to determine whether
installation on the host computer and in a virtual Windows XP image uses a single seat or two seats.
Most antivirus vendors are aware of the problem and working on licensing solutions to solve it.

Note: Microsoft Security Essentials is a free antimalware product that you can use to protect physical
and virtual environments. Consider using it to protect your virtual machines.

Management of updates. Before installing any applications on the virtual Windows XP image,
updating the image is important. Download and install the latest security updates from Microsoft
Update. Review any recommended and optional updates for installation, as well. For businesses that
do not have an update infrastructure, you can simply use Windows Update to update the virtual
Windows XP image. You also can manually download and install updates from the Microsoft
Implementing Windows Virtual PC and Windows XP Mode 2-49

Download Center, but this makes little sense considering the ease and convenience of using Windows
Update. Organizations that have an update infrastructure like Windows Server Update Services
(WSUS) will use it to update their virtual Windows XP image.
Activation issues. Depending on the license program that your company has, you may have to
activate the virtual machine. Be aware that Windows Vista brings new Volume Activation 2.0, which
requires that you activate every machine.
Image Maintenance. After you deploy Windows XP virtual machines to your clients, you will have to
provide support and maintenance for these machines. This includes installing new versions of
software, installing updates and fixes, and other upkeep.
2-50 Implementing and Managing Microsoft Desktop Virtualization

Process for Deploying Windows XP Mode Images

Key Points
It is much more convenient to deploy Windows XP virtual machines to client computers by using
Windows XP Mode virtual images instead of creating new Windows XP virtual machines.

You can customize a Windows XP Mode virtual machine prior to deployment to client machines. That
means that you can include your own applications, security updates, and settings inside this virtual
machine before deployment.

This process consists of several steps:

1. Determining readiness to run Windows XP Mode. Before deploying Windows XP Mode to client
computers, you must ensure that they are capable of running it. In some cases, you might need to
upgrade the hardware or free disk space. Although it is no longer necessary to have hardware
virtualization support on the CPU level in order to run Windows XP Mode, you must check if all
computers have enough memory and free space to run the Windows XP Mode virtual machine.
2. Customizing Windows XP Mode images. Before deployment to client computers, you will want to
perform additional customization of your Windows XP Mode virtual machine. The easiest way to do
this is to extract the VHD from the Windows XP Mode machine.

First, you should download Windows Virtual PC and Windows XP Mode from the Windows Virtual PC
Home Page, and then install them on a computer. Then copy the VHD from the Windows XP Mode
program files directory (%ProgramFiles%\Windows XP Mode\Windows XP Mode base.vhd) to an
alternate location. Do not create a differencing disk or use undo disks with this VHD. After copying
the VHD, remove the read-only attribute from the file, and create a virtual machine that uses it as a
primary VHD. By using this option, you are customizing the copy of the VHD that Windows XP Mode
provides. This VHD already has the required components installed.
After you boot your newly created virtual machine, you are ready to install applications in the
Windows XP Mode VHD file. You probably will want to install an antimalware application and some of
Implementing Windows Virtual PC and Windows XP Mode 2-51

your business-related applications that you will use as virtual applications from Windows XP Mode.
Do not forget to install all available security updates, fixes, and service packs.

3. Preparing a Windows XP Mode image for deployment. After customizing the Windows XP VHD with
applications and security updates, you can prepare it for deployment to multiple computers. Do this
by running Sysprep. This removes the computers SID, resets the activation grace period, and
configures the image to run the setup wizard the next time it starts. The wizard will customize the
image for each installation, creating a unique computer name and SID.
Three files are required before you can run Sysprep, and you must copy all of them to C:\Sysprep:
Sysprep.exe. This program prepares the image for deployment.
Setupcl.exe. This file is required for running Sysprep.exe.
Sysprep.inf. This answer file automates all or part of the setup wizard. You can create it by using
Setup Manager or create it manually.
Use the following steps to prepare the image by running Sysprep:
1. On the virtual machine that is running Window XP Mode, create the folder Sysprep on drive C.
2. Copy Sysprep.exe and Setupcl.exe from the deployment tools to C:\Sysprep.
3. Copy the Sysprep.inf file you created in the previous section to C:\Sysprep.
4. Run C:\Sysprep\Sysprep.exe.
5. In the System Preparation Tool 2.0, select the Do not reset grace period for activation and Use
Mini-Setup check boxes. Then, click Reseal.
4. Deploy virtual machines. At this point, you have a customized Windows XP VHD that you can deploy.
Now, you need to distribute this VHD to each destination computer, create the VM configuration
(.vmc) file, and register the VM in Windows Virtual PC.
The steps for deploying virtual machines are:

1. Install Windows Virtual PC on each computer. Before deploying the Windows XP VHD, you must
deploy the Windows Virtual PC update to each computer on which you intend to deploy the
Windows XP VHD. Download the update from the Windows Virtual PC Home Page. You can host
the update on a network share and instruct users on how to install it (simply double-click the
.msu file to install it). You also can install the update by using a logon script or any software
deployment infrastructure that your organization uses. You also can include Windows Virtual PC
in your Windows 7 images to ensure its availability. The Microsoft Deployment Toolkit 2010
makes it easy to add updates during Windows 7 deployment.
2. Remove the Windows XP Mode shortcut from the Start menu. After deploying Windows Virtual
PC, you must remove the Windows XP Mode shortcut that Windows Virtual PC creates when you
install it. Otherwise, if users click the Windows XP Mode shortcut, Windows Virtual PC will prompt
them to download and install the Windows XP Mode package from the Microsoft download site.
You can write a script to remove this shortcut (%programdata%\Microsoft\Windows\Start
Menu\Programs\Windows Virtual PC\Virtual Windows XP.lnk) or you can use Group Policy
Preferences to remove it.
5. Deploy the Windows XP VHD to each computer. To deploy your virtual Windows XP image to
multiple computers, copy the VHD to each computer for each user. By default, Windows 7 stores VHD
files in %LOCALAPPDATA%\Microsoft\Windows Virtual PC\Virtual Machines. To deploy your
customized Windows XP VHD, copy the VHD file to this location for each user on each computer.
6. Create a virtual machine configuration file. You must create this file for each user on each computer.
Run cscript CreateVirtualMachine.wsf -p:<vhd_path> -vn:<virtual machine name> at an elevated
command prompt to create the virtual machine configuration file and register the VM with Windows
2-52 Implementing and Managing Microsoft Desktop Virtualization

Virtual PC. You can download the script CreateVirtualMachine.wsf with Deploying Windows XP Mode
guide available in the section of this topic.
Implementing Windows Virtual PC and Windows XP Mode 2-53

Lab: Implementing Windows Virtual PC and Windows


XP Mode

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1. Ensure that the 10324A-NYC-DC1 and 10324A-NYC-CL2 virtual machines are running.
2. If required, connect to the virtual machines. Log on to the virtual machines as
Contoso\Administrator using the password Pa$$w0rd.
2-54 Implementing and Managing Microsoft Desktop Virtualization

Exercise 1: Installing Windows Virtual PC


Scenario
In this exercise, you will first add Windows Virtual PC to Windows 7, explore its configuration options, and
then create a virtual machine. You also will install the integration features.

The main tasks for this exercise are:


1. Install Windows Virtual PC and the KB977206 update.
2. Create and configure a virtual machine.

Task 1: Install Windows Virtual PC and the KB977206 update


1. On NYC-CL2, install the Windows Virtual PC feature. The installation files are located at \\NYC-
DC1\E$\Labfiles\Mod02. Browse to this location with Windows Explorer and then double-click
Windows6.1-KB958559-x86.msu.
2. Restart NYC-CL2, and then log on as Contoso\Administrator with the password of Pa$$w0rd.
3. Open Windows Explorer, and browse to \\NYC-DC1\E$\Labfiles\Mod02. Install update KB977206
to remove the hardware virtualization requirement.
4. Restart NYC-CL2, and then log on as Contoso\Administrator with the password of Pa$$w0rd.
5. From the All Programs menu, click Windows Virtual PC to open the Virtual Machines folder.

Task 2: Create and configure a virtual machine


1. On NYC-CL2, in the Virtual Machines folder, click Create Virtual Machine.
2. Configure a new virtual machine with the following settings:
Name of virtual machine: VMWorkstation1
Accept default path for storing virtual machine
768 MB RAM memory
Use host computer network connections
Dynamically expanding hard drive stored in C:\VHDs. You will need to create this new folder.
Enable Undo Disks
Configure machine to go in hibernation when closed.

Results: After this exercise, you should have installed Windows Virtual PC and created a new virtual
machine.
Implementing Windows Virtual PC and Windows XP Mode 2-55

Exercise 2: Using Windows XP Mode


Scenario
In this exercise, you will set up Windows XP Mode, install a legacy application, and explore how you can
publish Windows XP Mode applications to a Windows 7 host. You also will use a published application,
and find out how it seamlessly integrates with Windows 7.

The main tasks for this exercise are:


1. Set up Windows XP Mode.
2. Install a legacy application, and then publish it to the host.
3. Use a published application from the Windows 7 host.

Task 1: Set up Windows XP Mode


1. On NYC-CL2, run WindowsXPMode_en-us.exe from \\NYC-DC1
\E$\Labfiles\Mod02\.
2. Install Windows XP Mode with the default settings.
3. Launch Windows XP mode with the following settings:
Installation folder: default
Password: Pa$$w0rd
Remember credentials: enabled
Automatic updates: enabled
4. In the Virtual Machines window , open Settings for the Windows XP Mode virtual machine, and
review the Integration Features settings.

Task 2: Install a legacy application, and then publish it to the host


1. In the Windows XP Mode virtual machine, open Windows Explorer, and browse to the C drive on
NYC-CL2. Open the folder called Labfiles\Office, and then double-click Setup.exe to install
Microsoft Office 4.3.with the following options:
Name: Admin
Organization: Contoso
Directory locations: default
Installation Type: Complete/Custom
Options List: Remove all check marks except Microsoft Access
2. From the All Programs menu, start Microsoft Access.

Task 3: Use a published application from the Windows 7 host


1. From NYC-CL2, start Microsoft Access.
2. Create a new database called DB1, and save it to C:\MSOffice.
3. Start the Windows XP Mode virtual machine.
4. Copy DB1.MDB from C:\MSOffice to the VHDs folder on drive C on NYC-CL2.
5. Start DB1.MDB from the NYC-CL2 machine by double-clicking the file.
6. Verify that the virtual application starts.
2-56 Implementing and Managing Microsoft Desktop Virtualization

Results: After this exercise, you should have installed and configured Windows XP Mode.

To prepare for the next lab


When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:

1. On the host computer, start Hyper-V Manager.


2. Right-click the virtual machines used in this lab, and then click Revert.

3. In the Revert Virtual Machine dialog box, click Revert.


Implementing Windows Virtual PC and Windows XP Mode 2-57

Module Review and Takeaways

Review Questions
1. What is the main difference between Windows Virtual PC and Virtual PC 2007 SP1?
2. How does Windows XP Mode use differencing disks?
3. When preparing VHD images for distribution and usage on several computers, what must you do
before you start creating virtual machines with these disks?

Common Issues Related to Windows Virtual PC and Windows XP Mode


Issue Troubleshooting tip

The mouse moves slowly or inconsistently, and is


stuck in the virtual machine window.

When you try to install an application, you get the


error The Windows Installer does not permit
installation from a Remote Desktop Connection.

When you try to use Windows XP Mode, you


receive the following error: Cannot start Windows
XP Mode.

You cannot copy and paste files and folders


between the guest and host operating systems.

Real-World Issues and Scenarios


Contoso is discussing implementation of virtualization technologies in order to solve some problems and
optimize usage of resources. They want to convert some servers to virtual machines and limit the number
of workstations that developers are using for testing applications in various environments. They recently
upgraded most of their desktops to Windows 7. Desktop computers have 2 GB of RAM or more. The only
department that is not migrated to Windows 7 is the Accounting Department, and that is because of an
2-58 Implementing and Managing Microsoft Desktop Virtualization

accounting application that is not working on Windows 7. Contoso is reviewing available virtualization
technologies from Microsoft, specifically Hyper-V, Virtual Server, and Windows Virtual PC.

What would you recommend to them to address their needs and issues?

Best Practices related to Windows Virtual PC and Windows XP Mode


Supplement or modify the following best practices for your own work situations:
Use Windows XP Mode whenever you need to provide support for older applications.
Do not use virtual machines hosted in Windows Virtual PC in a production environment, except for
supporting older applications on the local machine.
Avoid using too many chained differential drives.
Always mark parent drives as read-only before creating differential drives.

Tools
Tool Use for Where to find it

Disk2Vhd Converting physical hard drives to http://technet.microsoft.com/en-us


virtual hard drives /sysinternals/ee656415.aspx

Microsoft Security Antivirus and antispyware http://www.microsoft.com


Essentials protection of virtual machines /security_essentials/
Implementing Microsoft Enterprise Desktop Virtualization 3-1

Module 3
Implementing Microsoft Enterprise Desktop Virtualization
Contents:
Lesson 1: Overview of MED-V 3-3
Lesson 2: Implementing MED-V Management Servers 3-16
Lesson 3: Implementing a MED-V Client 3-23
Lab: Implementing MED-V 3-31
3-2 Implementing and Managing Microsoft Desktop Virtualization

Module Overview

Microsoft Enterprise Desktop Virtualization (MED-V) is an enterprise solution that enables incompatible
or unsupported applications to be available in a virtual environment. End users then can use them as if
they were installed locally on their computers. However, the applications availability from the virtual
environment is seamless, or invisible, to the user. It provides a virtual environment for legacy applications,
and it enables central administration of applications. MED-V is built on Windows Virtual PC 2007 Service
Pack 1 (SP1), and it is available for Windows clients such as the Windows XP, Windows Vista, and
Windows 7 operating systems.
Implementing Microsoft Enterprise Desktop Virtualization 3-3

Lesson 1
Overview of MED-V

Microsoft provides different desktop virtualization solutions. While Virtual Desktop Infrastructure (VDI)
and Remote Desktop Services (RDS) provide remote virtual desktops and presentation virtualization, MED-
V provides a local virtual machine with a client operating system in which legacy applications can run.
MED-V enables users to access these legacy applications from the host computer, even when the
applications are not compatible with the host operating system.

MED-V provides a complete solution for centrally managing client virtual machines; storing, updating, and
distributing virtual images; and monitoring user activity. MED-V is part of Microsoft Desktop Optimization
Pack (MDOP) for Software Assurance, and the current version is MED-V 1.0 SP1.
3-4 Implementing and Managing Microsoft Desktop Virtualization

What Is MED-V?

Key Points
Each new version of an operating system provides additional features, but also can cause compatibility
issues with older applications. Microsoft offers a variety of methods and tools to address applications that
are not working properly on a target operating system. However, every organization has a subset of
applications that it does not support or that do not work at all on a new version of an operating system.
The process of testing and fixing an application, or upgrading to a new version of it or finding an
alternative application, is costly and time-consuming. Meanwhile, users cannot take advantage of the new
operating system features, which often delays an organizations upgrade plans.

Technologies such as Windows Virtual PC and Windows XP Mode provide a solution for mitigating
application-compatibility issues by enabling you to use a virtualized environment. However, they lack
support for virtual-machine image delivery and central management of the deployed images. You can use
these technologies in small and unmanaged environments, but they do not provide the features and
flexibility that larger enterprises require.
MED-V solves compatibility issues with applications that do not run on a target operating system. MED-V
uses Virtual PC to provide a virtual environment that runs a legacy version of the operating system, such
as Windows XP, which enables you to mitigate application-compatibility issues. By using MED-V, you can
have administrative control over the creation, distribution, and management of virtual images, and ensure
that the images are current and comply with regulations.
MED-V enables you to do this in a seamless and transparent fashion that does not affect the end user.
Applications appear and run as if they were installed on the desktop, they are available on the Start menu
and can access the Clipboard, and users can pin them to the task bar.

Released in 2008, MED-V is part of MDOP for Software Assurance, and it is the first version that Windows
XP and Windows Vista desktops support. MED-V 1.0 SP1, which was released in 2010, adds support for
Windows 7 desktops.
Implementing Microsoft Enterprise Desktop Virtualization 3-5

Question: How does MED-V solve compatibility problems between legacy applications and host
operating systems?
3-6 Implementing and Managing Microsoft Desktop Virtualization

MED-V Features

Key Points
MED-V allows you to deploy Virtual PC images to Windows desktops, and then manage them centrally,
while maintaining a seamless end-user experience. One of the main benefits of MED-V is the ability to
mitigate application compatibility when upgrading a desktop operating system. MED-V allows you to run
legacy applications in a virtual machine that is running an older Microsoft Windows, and it provides
seamless application integration of the applications with the host.
MED-V provides the following benefits:
Centralized deployment, management, and monitoring of deployed virtual images. MED-V provides
enterprise management and monitoring for the Virtual PC-based virtual environments. It enables you
to control access to virtual images, centrally administer configuration of virtual images, and publish
applications by using policies. It also provides a repository for virtual images, deployment of virtual
images to clients, and enables monitoring of user activity through reports.
Application provisioning based on Active Directory Domain Services (AD DS) users and groups. You
can assign a MED-V Policy to the AD DS users or groups. A MED-V Policy defines which virtual image
MED-V will use, which applications it will publish, and how it will integrate those applications with the
host. You can define a MED-V Workspace by using a policy, and you can use the same virtual image
for multiple Policies.
Using a MED-V Policy to configure usage policy. You can configure the MED-V virtual environment
by using MED-V Policies. Policies control various aspects of the virtual environment, such as
expiration of virtual machines, time limits for offline work, automatic redirection of predefined Web
sites to the virtual environment, and allocation of virtual machine memory.
Seamless and transparent integration of published applications. You can access published MED-V
applications from virtual images directly from the Windows 7 Start menu, as if they were installed on
the Windows 7 host itself. You can use the Search feature to find applications, and then pin them to
the taskbar.
Implementing Microsoft Enterprise Desktop Virtualization 3-7

Clipboard sharing and printer redirection. Based on the MED-V Policy settings, you can cut and paste
content between the host and a published application. You also can use printer redirection to print
directly from a MED-V published application to a printer attached to the host.

Question: What is the main benefit of using MED-V versus using Virtual PC or Windows XP Mode?
3-8 Implementing and Managing Microsoft Desktop Virtualization

MED-V Architecture

Key Points
The MED-V solution contains both servers and clients, and requires infrastructure support. The MED-V
solution consists of the following components:
Administrator-defined virtual machine. This contains a full desktop environment, including an
operating system, applications, and optional management and security tools. A virtual machine image
is part of the Workspace policy. You can deploy it to the end users computer to provide an
environment for running legacy applications.
Image repository. This component stores virtual images on a standard Internet Information Services
(IIS) server 7.0 or newer, and then enables version management for virtual images, client-
authenticated image retrieval, and efficient download by using the Trim Transfer technology.
Management Server. This component associates workspaces, which include virtual images from the
image repository, and workspace policies to AD DS users or groups. The Management Server also
collects client events and stores them on a computer that is running a Microsoft SQL Server
database for monitoring and reporting.
Management Console. This enables administrators to control the Management Server and the image
repository, create Workspace policies, and manage the virtual images.
MED-V Workspace. This is the desktop environment, in which end users interact with the virtual
environment.
MED-V policy. This group of configurable settings defines how the virtualized environment and
applications perform on the end-user computer.
End user client. This component builds on Virtual PC, and provides a virtual environment for running
legacy applications. It provides authentication, virtual image retrieval, and enforcement of usage
policies. It also provides a single desktop experience, where applications installed in the virtual
machine are available through the standard desktop Start menu, and they integrate with other
applications on the user desktop.
Implementing Microsoft Enterprise Desktop Virtualization 3-9

You use the HTTP or HTTPS protocol for communication between the client and the servers.

Question: Do you need a separate server for the image repository?


3-10 Implementing and Managing Microsoft Desktop Virtualization

Providing Scalability and High Availability with the MED-V Enterprise


Architecture

Key Points
The MED-V Management Server can support 5,000 users, depending on its hardware. However, the client-
server communication is rather lightweight: The default configuration has the clients polling the server for
policy every 15 minutes and for image updates every four hours. If you increase the policy polling time,
the server can support more clients.
The only client-server heavy-duty operation occurs when a new image is available, and multiple clients
retrieve several gigabytes (GBs) from the image repository. Since the images repository is a standard IIS
Web server, it is possible to add IIS servers as additional image delivery servers, and have them
synchronize images with the main images repository. You can place all the image delivery servers behind
a load balancer or use the Network Load Balancing (NLB) feature. To improve the download rate, to
optimize bandwidth efficiently, and further balance the load, you can place the image delivery servers in
multiple geographic locations. You can use Domain Name System (DNS) resolution to direct the MED-V
clients to the best available location. Alternatively, you can use a separate distribution mechanism, such as
Microsoft System Center Configuration Manager, to deliver the virtual images to the clients. The MED-V
client looks for the image in a location that you define. This eliminates the need for image download and
a Web infrastructure for MED-V image delivery.

The MED-V client operates independently of MED-V servers. If the Management Server malfunctions or
stops responding, all clients that are running a workspace can continue working. However, new attempts
to start a workspace run in offline mode, and online authentication, policy changes, and image updates
become unavailable. Additionally, the MED-V client aggregates events at the client side until the server
becomes available.

However, to ensure fast recovery from a server failure, MED-V supports a failover structure, in which you
can configure two MED-V servers in cluster mode, and then place all files that are mutual to both servers
on a file system. The server accesses the files from the file system rather than storing the files locally.
Implementing Microsoft Enterprise Desktop Virtualization 3-11

Question: Does a typical MED-V deployment utilize the Management Server heavily?
3-12 Implementing and Managing Microsoft Desktop Virtualization

Overview of the Virtual Image Life Cycle

Key Points
MED-V manages virtual images through its whole life cycle. A typical virtual image life cycle proceeds
through the following steps:
Creation of a virtual image: Install operating system, applications, management tools, and security,
such as antivirus software, in the virtual machine inside Virtual PC. Prepare and test the virtual image
through the MED-V Management Console, and upload it to the MED-V image repository.
Definition of a MED-V Workspace: A workspace consists of a policy and an assigned virtual image. A
MED-V Policy defines a list of applications in the virtual image, which will be available to the users
through the Start menu. It also defines the configuration settings for the virtual machine; the Web
sites that users can view inside the virtual machine browser; the permissions to work offline and for
data transfers between the virtual machine and the host, such as file transfer, copy and paste, and
printing. You can provision a workspace to AD DS users and groups.
Delivery of the virtual image: You can deliver a virtual image to the MED-V client in the following
different ways:
Over a network.
By using standard HTTP or HTTPS protocols.
By using enterprise distribution mechanisms, such as System Center Configuration Manager.
By including it in the base workstation image, or on removable media, such as DVD.
By using the MED-V Packaging Wizard to create a self-install package.
Working with virtual machine: After you deploy a virtual machine to the MED-V client, you can
customize it and join it to a domain. After users authenticate against the MED-V Management Server,
they can work within the virtual machine. After the first online authentication, MED-V also supports
offline work, if the administrator permits that. Based on the policy settings, virtual images can be
persistent, whereby the virtual machine preserves any changes, or they can be revertible.
Implementing Microsoft Enterprise Desktop Virtualization 3-13

Management and update of the workspace: The MED-V Management Console enables administrators
to update policies, assign workspaces to additional users, remove users from the workspace, and
update the virtual images. MED-V then distributes all updates automatically to relevant users when
they work online.
Troubleshooting of malfunctioning clients: The MED-V Management Console presents an updated
report of all users, and provides detailed information on all client events. This helps the administrator
understand the source of problems, and then instruct the user on how to solve it. The MED-V
diagnostic tool runs automatically when client installation fails, and you can execute it manually in
other cases. You can use the report to understand the problems cause and to recommend to users
how to fix it.

Question: What are typical steps in the life cycle of a virtual image?
3-14 Implementing and Managing Microsoft Desktop Virtualization

Using Trim Transfer to Deliver MED-V Images

Key Points
A MED-V virtual image is represented by a Virtual Hard Drive (VHD) file and this file contains the installed
operating system and applications. Images can be several GBs in size, and they are stored in the image
repository, which can be on an MED-V Management Server.
The MED-V advanced Trim Transfer deduplication technology accelerates the download of initial and
updated images over a local area network (LAN) or a wide area network (WAN), which reduces the
network bandwidth that you need to transport a MED-V image from the image repository to end users.
Trim Transfer is available only when you use an MED-V IIS-based image repository.

Trim Transfer technology uses existing local data to build the image, and leverages that, in many cases,
much of the virtual machine, such as system and application files, already exists on the end-user disk. For
example, if MED-V delivers an image containing Windows XP to a client that is running a local copy of
Windows XP, MED-V automatically removes from the transfer the redundant Windows XP elements that
the client makes available already. To ensure a valid and functional image, the MED-V client
cryptographically verifies the integrity of local data before it utilizes it, which ensures that the local blocks
of data are identical to those in the desired image. It does not use blocks that do not match.

If you use a different operating system on the MED-V client from the one in the virtual image, such as in a
Windows XP virtual image on the Windows 7 MED-V client, Trim Transfer does not provide an important
benefit, because most files on the host are different from the files in the virtual image.

This process is transparent and efficient with regard to bandwidth, and the transfers run in the
background, which utilizes unused network and CPU resources. When downloading a new version of a
virtual image that exists already on the MED-V client, it downloads only the changed elements, known as
deltas. This reduces the required network bandwidth and delivery time significantly.

The Trim Transfer process requires an initial host index process to run on the MED-V client. However,
indexing is time consuming, so MED-V enables administrators to control which folders the Trim Transfer
protocol indexes by modifying the ClientSettings.xml file. Images are configured to use Trim Transfer by
Implementing Microsoft Enterprise Desktop Virtualization 3-15

default when downloading from an image repository. However, several scenarios result in Trim Transfer
not providing the benefits that you might expect, including that:
The host operating system and the virtual machine operating system always are different.
You need to reduce the length of the first-time setup.
MED-V Workspace needs to be persistent instead of revertible.

Question: Would you benefit from using Trim Transfer if you deploy a Windows XP Service Pack 3 (SP3)
virtual image to a Windows 7 host?
3-16 Implementing and Managing Microsoft Desktop Virtualization

Lesson 2
Implementing MED-V Management Servers

You can install a MED-V Management Server on Windows Server 2008 or Windows Server 2008 R2. It
provides a virtual images repository, and you can use it as a management point for configuring MED-V
clients. A MED-V server should be a domain member, and should use IIS for virtual image delivery.
Implementing Microsoft Enterprise Desktop Virtualization 3-17

Requirements for the MED-V Management Server

Key Points
The MED-V implementation includes both the server and client components. The MED-V Management
Server is responsible for storing the MED-V Workspace configuration, which includes MED-V Policy and
virtual images. MED-V logs user activity to a computer that is running SQL Server, which you can deploy
on the MED-V Management Server or on a separate server. Before accessing the MED-V Workspace, AD
DS authenticates users.
The following table lists the operating systems that support the MED-V Management Server.

Operating system Edition Service pack System architecture

Windows Server 2008 Standard or Enterprise SP1 or SP2 x86 or x64

Windows Server 2008 R2 Standard or Enterprise None x64


MED-V 1.0 SP1adds support for Windows Server 2008 R2. For nonproduction use, you can install MED-V
Management Server can on a desktop operating system.

Requirements for the MED-V Server


You should ensure that the MED-V Management Server has a dual processor with at least 2.8
gigahertz (GHz) and 2 GB random access memory (RAM). This recommendation assumes that the
MED-V server runs on a dedicated machine and that SQL Server runs on a separate machine.
Ensure the MED-V Management Server is joined to AD DS. You can add the Web server (IIS) role to
the same server or to another domain server.
MED-V Management Server requires that you install one of the following NET Framework
versions:.NET Framework 2.0 or newer
If you want to gather user activity and generate MED-V reports, your deployment also must include a
computer that is running SQL Server. You can install SQL Server on the MED-V Management Server or on
3-18 Implementing and Managing Microsoft Desktop Virtualization

a separate server. If you use a separate SQL Server, you should install Microsoft SQL Server Management
Objects on the MED-V Management Server.

You can install MED-V servers on physical servers or in a Hyper-V virtualized environment.
You should have a relatively lighter load on the MED-V Management Server, because after you deploy the
MED-V Workspace, client computers check the server every 15 minutes for configuration changes. The
disk capacity must be sufficient to store the MED-V Workspace configuration files and virtual images if
image repository is on the same server. The MED-V Management Server also should have a fast network
connection to the clients to deploy virtual images.

The MED-V Management Server uses the SQL Server database to store client status and events. You can
install the SQL Server database on the same machine as the MED-V server, or you can place it on a
separate server that is running SQL Server.

After installation, you can configure the MED-V Management Server by using
MED-V Server Configuration Manager. You can administer the MED-V Management Server by using
MED-V Management Console, which you can install as part of the MED-V client. However, you cannot
install it on a server operating system.
Implementing Microsoft Enterprise Desktop Virtualization 3-19

Configuring IIS for a MED-V Management Server

Key Points
The image repository stores virtual images and enables virtual-image version management, client-
authenticated image retrieval, and the efficient upload and download of new virtual images or updates.
Each MED-V client needs a virtual image, and a workspace policy, to provide a virtualized environment for
running a legacy application. You can deploy virtual images to a client in several ways.

The image repository is based on an IIS Web server, and organizations can take advantage of the standard
Web scalability and high availability infrastructure. To improve download performance, organizations can
create image-repository replicas at branch offices or remote geographic locations.

The IIS server can coexist on the same server as the MED-V Management Server and the server that is
running SQL Server. In smaller implementations, you can have them all on the same server. However,
when the number of MED-V clients increases, you should install the IIS server, SQL server, and the
Management Server on separate servers. You also can also run the IIS server on a virtual machine. The IIS
server infrastructure must have sufficient throughput to deliver images to clients, and the disk subsystem
must meet the input/output (I/O) demands.

To add and configure Web server (IIS) for MED-V, you must perform the following steps:
Add the Web server (IIS) role. During the installation, when you are adding role services, select the
following supported authentication methods: Basic Authentication, Windows Authentication, and
Client Certificate Mapping Authentication.
Install Background Intelligent Transfer Service (BITS). Install this feature and the required role services.
MED-V virtual image upload requires BITS support.
Add the IIS virtual directory. This virtual directory points to the directory that will store virtual images.
By default, the C:\MED-V Server Images folder stores virtual images.
Configure BITS. Enable BITS in IIS. Additionally, you should allow clients to upload files to the IIS
server by using BITS, and they should upload them to the directory where you want to store virtual
images.
3-20 Implementing and Managing Microsoft Desktop Virtualization

Configure additional Multipurpose Internet Mail Extensions (MIME) types. Add the .ckm
(application/octet-stream) and .index (application/octet-stream) MIME types to the directory in which
you want to store virtual images.
Optionally, you can change a TCP port on which the IIS Web site accepts connections, and you can
configure Windows Firewall to allow connections through that port.

Question: Which feature must you install on the MED-V server? Can you upload virtual images to the
MED-V server without installing this feature?
Implementing Microsoft Enterprise Desktop Virtualization 3-21

Deploying and Configuring a MED-V Management Server

Key Points
Installing and configuring a MED-V server is a straightforward process. After running the MED-V server
installation package, you need to accept the Microsoft Software License Terms, select an installation
folder, and then wait for the installation to finish. After the installation, you should configure the MED-V
server by running MED-V Server Configuration Manager, which is the default option in the last step of the
setup. The installation also adds, to the Start menu, a shortcut to the configuration tool.
You can use MED-V Server Configuration Manager for configuring the following settings:
Connections: Configure MED-V client connections settings. Define which protocols and ports to use
for connecting to MED-V server. HTTPS is an optional configuration, which you can set to provide
encryption and secure transactions between the MED-V Management Server and MED-V clients. To
configure HTTPS, you also must add a digital certificate to the server store, and then associate it with
the port that the MED-V Management Server uses. If you are using nonstandard ports, you should
add a Windows Firewall exception.
Images: Configure the virtual machine directory, which is the directory in which you want to store the
virtual images. You can specify a local or Universal Naming Convention (UNC) path to the image
directory on the image repository server, which should be accessible from the MED-V Management
Server. You also should specify the URL location of the folder in which you want to store virtual
images.
Permissions: Configure a list of users and groups who can access the MED-V server, typically by using
the MED-V Management Console, so that they can administer MED-V. For each of them, you can
configure read-only or read/write permissions. Read-only access allows users to view the MED-V
configuration and policies, but not modify them. If they have the Changes Allowed permission, which
gives them read/write permissions, users can save changes to the MED-V configuration, effectively
administering MED-V.
Reports: Enable reports and configure database settings. You can define a connection string, test the
connection, and then create a MED-V database on the computer that is running SQL Server.
3-22 Implementing and Managing Microsoft Desktop Virtualization

Additionally, you can configure the database maintenance options, such as deleting old records,
clearing all data from the database, and dropping the database. If you do not install SQL Server
locally, the Reports tab provides instructions on how to install Microsoft SQL Server Management
Objects and connect to the remote SQL Server.
MED-V server configuration is saved to ServerSettings.xml file in the %PROGRAMFILES%\Microsoft
Enterprise Desktop Virtualization folder.

You can perform additional MED-V server configuration by using the MED-V Management Console. You
have the option of installing this console on the MED-V client, and you cannot install it on a server
operating system. You should install the MED-V Management Console on the administrative workstation,
from where you manage the MED-V environment. By using MED-V Management Console, you can
configure policy, images, and reports.

Question: Which tool can you use for configuring a MED-V Management Server? What can you configure
by using this tool?
Implementing Microsoft Enterprise Desktop Virtualization 3-23

Lesson 3
Implementing a MED-V Client

Only managed desktops support a MED-V client, which is a required component of a MED-V solution. The
MED-V client provides an environment for running legacy applications and a seamless integration with
the host. The MED-V client is available for Windows XP, Windows Vista, and Windows 7, and it depends
on a Virtual PC 2007 SP1, which is a prerequisite. You can deploy the MED-V client in several ways,
including manually or through a software distribution system.

You can use the MED-V client to perform centralized administration, apply the MED-V Workspace,
provide communication between virtual machines and hosts, and publish applications to a host.
3-24 Implementing and Managing Microsoft Desktop Virtualization

MED-V Client Requirements

Key Points
Before installing the MED-V client, you first must install the Microsoft Virtual PC 2007 SP1 on the desktop
along with hotfix 958162. The MED-V client does not work with Windows Virtual PC.

Requirements for a MED-V client


The following operating systems support a MED-V client.

Operating System
system Edition Service pack architecture

Windows XP Professional Edition SP2 or SP3 x86

Windows Vista Business, Enterprise, or Ultimate SP1 or SP2 x86

Windows 7 Professional, Enterprise, or Ultimate None x86 or x64


MED-V 1.0 SP1 includes support for Windows 7. MED-V client does not run in native x64 mode, but
does run on Windows 64-bit (WOW64) mode on 64-bit computers.
The required RAM on a client varies, but the following table lists the suggested minimum amount of
RAM that different operating systems require.

Operating system Minimum required RAM

Windows XP Professional 1 GB

Windows Vista, Windows 7 x86 2 GB

Windows 7 x64 3 GB
The MED-V client is not supported in a Hyper-V environment for production use.
The MED-V Workspace supports following operating systems in a virtual machine:
Implementing Microsoft Enterprise Desktop Virtualization 3-25

Operating system Edition Service pack System architecture

Windows 2000 Professional SP4 x86

Windows XP Professional Edition SP2 or SP3 x86


We recommend Windows XP SP3 to ensure that the MED-V Workspace is compatible with future
MED-V versions.

Question: You evaluate MED-V 1.0 in the test environment, and you find that you cannot install a MED-V
client to the Windows 7 host. What must you do to use MED-V with Windows 7 clients?
3-26 Implementing and Managing Microsoft Desktop Virtualization

Deployment Options for the MED-V Client

Key Points
You can deploy the MED-V client by:
Installing it manually. MED-V client is available as a Windows Installer package, and you can install it
manually. While you can use this method for setting up a test or pilot environment, this is not a good
approach if you want to deploy MED-V clients in a production environment.
Including it in the standard desktop image. You can include the MED-V client in the standard desktop
image. When you use this approach, the MED-V client deploys to all new clients.
Deploying it via software distribution system. If a company has an existing software distribution
system, such as Microsoft System Center Configuration Manager 2007 R2, you can use that for
deploying the MED-V client. When you install the MED-V client through a distribution system, you
may choose to retrieve the virtual image from the image repository or deliver it to a predefined
location by using the software distribution system. In this scenario, the MED-V Client would not
download the image from the repository.
Creating and installing the MED-V deployment package. By using MED-V Management Console, you
can create a deployment package. This provides a method of installing the MED-V client, its required
prerequisites, and any settings that the administrator predefines. The packaging wizard walks you
through the package creation by creating a folder on your local computer and transferring all
required installation files to it. You then can move the folders contents to multiple removable media
drives for distribution.
The MED-V client is available as a Windows Installer package, and it includes the MED-V client and the
MED-V Management Console. You must install the MED-V client on client computers for running MED-V
Workspaces. The MED-V Management Console is an administrative tool that you can use for creating and
maintaining images, MED-V Workspaces, and policies.
Implementing Microsoft Enterprise Desktop Virtualization 3-27

Note: You can install the MED-V client and MED-V Management Console only on Windows 7,
Windows Vista, and Windows XP-based computers. You cannot install them on server products.

During the MED-V client installation, you must accept the Microsoft Software License Terms, select a
destination folder for client installation, and then define the MED-V client settings. MED-V client settings
include the MED-V Management Servers address, the port and protocol it is using, the folder for the
virtual machines images, and the option to install the MED-V management application.

Question: What is the benefit of installing a MED-V client by using the MED-V deployment package?
3-28 Implementing and Managing Microsoft Desktop Virtualization

What Is the MED-V Management Console?

Key Points
The MED-V Management Console is the primary MED-V administration tool. You can install it only on a
client operating system, and it is available as part of the MED-V client installation. You can use it for
managing the MED-V image life cycle through managing policies, images, and reports.
The MED-V Management Console user interface (UI) has the following sections:
MED-V management buttons. They correspond to the following three modules that you can manage
through the console.
Policy. You can use the Policy module to define the MED-V Workspace, their related settings, and
permissions. This includes the virtual machine configuration, published applications, and their
integration settings.
Images. You can use the Images module to manage the MED-V Workspace images. This module
enables you to create test images, and then package and upload those images to the image
repository.
Reports. You can use the Reports module for generating and viewing MED-V reports. Three
report types are available: Status, Activity log, and Error log.
Toolbar. This displays shortcuts, relevant to the selected management module, and user permissions.
For example, you can save a policy, add a workspace, and refresh or create a new report here.
Display pane. This displays configuration options corresponding to the selected management module.
You can configure policy, images, or reports options in this section.
You must log on to the MED-V Management Console before you can use it. For security reasons, the first
user that logs on to the MED-V Management Console becomes the only user on that computer that can
access the Management Console. The domain user name and password is used for MED-V management
login.
Implementing Microsoft Enterprise Desktop Virtualization 3-29

Question: Is the MED-V Management Console available as a Microsoft Management Console (MMC)
snap-in?
3-30 Implementing and Managing Microsoft Desktop Virtualization

Demonstration: Creating a MED-V Installation Package by Using the


Packaging Wizard

Key Points
In this demonstration, you will see how to create a MED-V installation package by using the Packaging
Wizard, which is available as part of the MED-V Management Console.

Demonstration steps:
1. On NYC-CL1, start the MED-V Management Console, and then log on as contoso\medv-admin with
a password of Pa$$w0rd.
2. Run the Packaging Wizard, and then on the Deployment Package page, click Next.
3. On the Workspace Image page, click Next without selecting Include image in the package.
4. On the MED-V Installation Settings page, point the MED-V installation files to where the installation
files are stored, and then click Next.
5. On the Additional Installation page, clear the Virtual PC and .NET Framework check boxes, and
then click Next.
6. On the Finalize page, enter the package destination, and then click Finish.
7. Open Windows Explorer, and then verify that the package has been created.

Question: In which tool can you find the Packaging Wizard?


Implementing Microsoft Enterprise Desktop Virtualization 3-31

Lab: Implementing MED-V

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1. Ensure that the 10324A-NYC-DC1, 10324A-NYC-CL1, and 10324A-NYC-CL2 virtual machines are
running.
2. If required, connect to the virtual machines. Log on to the virtual machines as
Contoso\Administrator using the password Pa$$w0rd.
3-32 Implementing and Managing Microsoft Desktop Virtualization

Exercise 1: Configuring the Existing Infrastructure


Scenario
Contoso, Ltd., has a software assurance agreement with Microsoft, so you want to implement MED-V.
After reviewing the product documentation and several case studies, you decide that you first will
implement the MED-V infrastructure. In this lab, you will review the existing server infrastructure, and then
prepare it for MED-V deployment.

The main tasks for this exercise are:


1. Verify that a MED-V database does not exist on Microsoft SQL Server.
2. Add Windows Server 2008 R2 role and features.

Task 1: Verify that a MED-V database does not exist on Microsoft SQL Server
1. On the NYC-DC1 server, open Windows Explorer and browse to E:\Labfiles\Mod03\SQL_Update.
Install SQLSysClrTypes.msi and SharedManagementObjects.msi.
2. On the NYC-DC1 server, run the Import and Export Data (32-bit) tool.
3. Verify in the Server name field that you are connected to NYC-DC1
\SQLEXPRESS.
4. Expand the Database drop-down box, and then verify that MED-V related database, medv, is not
available. Click Cancel.

Task 2: Add the Windows Server 2008 R2 role and features


1. On the NYC-DC1 server, add the Web Server (IIS) role and the following role services: Basic
Authentication, Windows Authentication, and Client Certificate Mapping Authentication. Leave
all other default selections.
2. On the NYC-DC1 server, add the Background Intelligent Transfer Service (BITS) feature and the
required role services.

Results: After this exercise, you should be logged on to all three computers, and you should have
added the required server roles and features to support a MED-V deployment.
Implementing Microsoft Enterprise Desktop Virtualization 3-33

Exercise 2: Deploying the MED-V Server


Scenario
After you verify that the infrastructure is ready, you can begin the MED-V deployment. Before deploying
the MED-V clients, you first must install and configure the MED-V Management Server. Additionally, you
have decided to store the image repository on the Web server (IIS) and to use SQL Server on the same
server as the MED-V Management Server. In this exercise, you will deploy the MED-V Management Server
infrastructure, and then ensure that the MED-V database is added on Microsoft SQL Server.

The main tasks for this exercise are:


1. Install the MED-V Management Server on NYC-DC1.
2. Configure an IIS Web server for the MED-V Image Repository.
3. Use the MED-V Server Configuration Manager.
4. Verify that the MED-V database exists on SQL Server.

Task 1: Install the MED-V Management Server on NYC-DC1


Run E:\Labfiles\Mod03\MED-V_Server_x64_1.0.105.msi, accept the default values, and then install
the MED-V Management Server.

Task 2: Configure an IIS Web server for the MED-V image repository
1. On the IIS server on NYC-DC1, add the vimages virtual directory, and then point it to the C:\MED-V
Server Images folder.
2. Configure BITS Upload for the vimages IIS virtual directory, and then set it to Allow clients to
upload files.
3. Add two MIME Types for the vimages IIS virtual directory: .ckm file extension with
application/octet-stream MIME type, and .index file extension with application/octet-stream
MIME type.

Task 3: Use the MED-V Server Configuration Manager


1. On the NYC-DC1 server, run MED-V Server Configuration Manager, and then review the
Connections tab.
2. Verify that VMs Directory is set to C:\MED-V Server Images\, and then set VMs URL to http://nyc-
dc1/vimages.
3. Remove permissions for the Everyone group, add group Contoso\MED-V Administrators, and then
grant them Changes Allowed. Add group Contoso\MED-V Users, but do not grant them changes.
4. Click Create Database, and then click Test Connection. Start the MED-V Server when prompted.
5. Review file C:\Program Files\Microsoft Enterprise Desktop
Virtualization\Servers\ServerSettings.xml in Notepad.

Task 4: Verify that the MED-V database exists on SQL Server


1. On the NYC-DC1 server, run the Import and Export Data (32-bit) tool.
2. Verify in the Server name field that you are connected to
NYC-DC1\SQLEXPRESS SQL Server.
3. Expand the Database box, and then confirm that the MED-V related database, medv, is available.
Click Cancel.

Results: After this exercise, you should have installed and configured the MED-V Server, and
confirmed the creation of the MED-V database.
3-34 Implementing and Managing Microsoft Desktop Virtualization

Exercise 3: Deploying the MED-V Client


Scenario
After you deploy the MED-V Management Server, you also must install the MED-V client. You want to test
different options for client deployment, such as manual installation and using the MED-V deployment
package. In this exercise, you will test both scenarios, as well as verify that the MED-V client can connect
to the server.

The main tasks for this exercise are:

1. Install the MED-V client on NYC-CL1.


2. Verify connectivity to the MED-V Management Server, and create a MED-V deployment package.
3. Install a MED-V client by using the deployment package.

Task 1: Install the MED-V client on NYC-CL1


1. On NYC-CL1, run E:\Labfiles\Mod03\MED-V_1.0.105.msi.
2. Select Install the MED-V management application, and then in the Server address field, enter
nyc-dc1.

Task 2: Verify connectivity to the MED-V Management Server, and create a MED-V
deployment package
1. On NYC-CL1, run MED-V Management, and then authenticate as Contoso\medv-admin with the
password Pa$$w0rd.
2. Run the Packaging Wizard.
3. For MED-V installation file, point to E:\Labfiles\Mod03
\MED-V_1.0.105.msi, and then verify that nyc-dc1 is entered as the Server address.
4. For virtualization software, point to D:\Labfiles\Mod03\VPC 2007 SP1 x86.msi, and for installation
of Virtual PC QFE, point to E:\Labfiles\Mod03\KB974918 x86.msp. Uncheck Include installation
of Microsoft .NET Framework 2.0.
5. Enter E:\Labfiles\MED-V Client as the Package destination.
6. After you create the deployment package, explore the content of the E:\Labfiles\MED-V client folder
in Windows Explorer.

Task 3: Install a MED-V client by using a deployment package


1. On NYC-CL2, run \\nyc-cl1\med-v client\MedvAutorun.exe.
2. Accept the default value of C:\MED-V Images, and then click OK.
3. Verify that the MED-V shortcut is added to the desktop.

Results: After this exercise, you should have installed and configured MED-V clients on NYC-CL1 and
NYC-CL2, and created a MED-V client deployment package.

To prepare for the next lab


Do not shut down the virtual machines. You will use these virtual machines for the next lab.
Implementing Microsoft Enterprise Desktop Virtualization 3-35

Module Review and Takeaways

Review Questions
1. Can you use MED-V to administer Windows XP Mode on Windows 7 computers?
2. Can you administer MED-V implementation from a MED-V server?
3. Is the complete virtual image always transferred to the MED-V client?

Common Issues Related to MED-V


Identify the causes for the following common issues related to Microsoft Enterprise Desktop Virtualization,
and fill in the troubleshooting tips. For answers, refer to relevant lessons in the module.

Issue Troubleshooting tip

You install a MED-V client successfully, but you are


not able to run MED-V Workspace.

When you try to install a MED-V client on


Windows Server 2008, you get an error.

You implemented MED-V in a test environment,


and cannot upload the virtual images to image
repository.

You would like to configure a


MED-V Management Server, but there is no
configuration option available on the Reports tab.
3-36 Implementing and Managing Microsoft Desktop Virtualization
Configuring and Deploying MED-V Images 4-1

Module 4
Configuring and Deploying MED-V Images
Contents:
Lesson 1: Configuring MED-V Images 4-3
Lesson 2: Deploying MED-V Images 4-16
Lab: Configuring and Deploying MED-V Images 4-25
4-2 Implementing and Managing Microsoft Desktop Virtualization

Module Overview

Microsoft Enterprise Desktop Virtualization (MED-V) uses virtualization to provide an isolated


environment, in which you can run legacy applications and publish applications to the host. A virtual
image contains the virtual machine and MED-V enables central management of the images. There are
certain prerequisites that you must meet when you create a MED-V image. This module describes the
purpose and functionality of MED-V images, and the procedures for configuring and testing of the
images. The module also explains how to pack and upload MED-V images to the image repository on a
MED-V server.
Configuring and Deploying MED-V Images 4-3

Lesson 1
Configuring MED-V Images

MED-V provides a virtualized environment that users can use to run legacy applications. MED-V virtual
machine images offer several benefits. Before creating MED-V images, you must be aware of their
requirements, such as supported operating systems. You can use the VM Prerequisite tool to further
prepare and optimize the operating system in the image for virtual environment. After you create an
image, you should test it. To test a MED-V image, you need to create a basic policy for testing.
4-4 Implementing and Managing Microsoft Desktop Virtualization

Benefits of Using a MED-V Virtual Machine Image

Key Points
MED-V enables you to extend the user environment with published MED-V applications, while hiding the
complexity of the virtual machine environment from the end-user. You can use a virtual machine to
provide a separate environment to run legacy applications, even when the applications are not
compatible with the host operating system. End-users do not have to deal with the deployment or
management of the virtual machine or the integration of the virtual machine with the host operating
system. MED-V enables you to keep the updating and monitoring of MED-V images transparent from the
user.

There are many benefits of using MED-V virtual machine images:


A virtual machine is contained in the virtual image. A virtual image contains an operating system, as
well as legacy applications and other data. A virtual image is portable and by deploying the single
image, you can ensure that the same environment is available at multiple MED-V clients.
A virtual machine is isolated and independent from the host. Changes on the host do not affect the
virtual environment and changes in the virtual image do not affect the host. Applications from the
virtual machine are seamlessly integrated with the host and the end-user experience is similar to what
a user gets with locally installed applications.
A virtual machine is configured by a policy. You can manage a policy centrally, and store it on a MED-
V server. A policy can affect multiple clients. A policy configures a virtual machine and other settings,
including to which users or groups it applies. Policies enable central administration and you do not
have to configure each client individually.
Virtual machines can be configured differently. You can configure the same virtual machine image
differently for different users. You can publish different legacy applications and apply different
configuration settings to the same virtual image by using different MED-V policies.
A virtual machine can be a workgroup or domain member. Based on the requirements, you can
isolate a virtual machine from the network, connect it to the network, or configure it to be a domain
member.
Configuring and Deploying MED-V Images 4-5

A virtual image can be revertible or persistent. Changes in a virtual image can be persistent, like on a
desktop computer, or can be temporary and each time the virtual environment starts from the same
state. The concept of revertible and persistent virtual images is similar to Undo disks in Windows
Virtual PC. You would typically use a persistent virtual image when you want to preserve changes in
the virtual image, such as when a MED-V virtual machine is a domain member. You would use
revertible virtual image when you do not want to preserve changes in virtual image and you want to
start from the same state always.
4-6 Implementing and Managing Microsoft Desktop Virtualization

MED-V Image Requirements

Key Points
A virtual image is represented by a Virtual Hard Disk (VHD) file and it is used by Virtual PC 2007 SP1,
which runs on the MED-V client. A virtual image contains an installed Windows operating system and
legacy applications that are available inside the virtual environment.
To create a virtual image, you must first install the supported operating system on a Virtual PC virtual
machine. MED-V supports the 32-bit editions of the Microsoft Windows 2000 Professional SP4
operating system and Windows XP Professional SP2 or SP3 operating systems in a virtual image. Newer
operating systems, such as the Windows Vista operating system and the Windows 7 operating system,
are supported as MED-V clients, but are not supported as an operating system inside the virtual image.
Because you use the same image for multiple MED-V clients, you must follow the Windows licensing
agreement and install a volume licensing copy of the operating system in the image. You must also install
the latest version of the Virtual Machine Additions in the image.

Note: You should be aware of the support timelines for the operating system and products that are
included in the virtual image. If antivirus is installed in the virtual image, you should ensure it is
updated.

To use a virtual image with MED-V, the image must include Microsoft .NET Framework 2.0 SP1 or newer,
which also requires the installation of Windows Installer 4.5. The virtual image should include all Windows
updates.

To prepare an operating system in the image for the virtualized environment, you must perform
additional configuration. These configuration tasks include:
Disable all unnecessary services inside the virtual machine or set them to manual.
Set power scheme to always on.
Configuring and Deploying MED-V Images 4-7

Disable hibernation.
Disable the automatic restart after a system failure.
Disable Undo Virtual PC disks, floppy disk and Shared Folders, because they are not supported by
MED-V.
After you install and configure the operating system, you need to install additional applications, which will
be published from the MED-V environment. You must follow the licensing requirements of the
applications and you should include their latest updates.

Before using a virtual image with MED-V, you should install and run the MED-V VM Prerequisite Wizard in
the virtual machine. This wizard helps to improve the virtual machine performance and streamline its
integration.

Note: If virtual image will be deployed to MED-V clients as persistent workspace, it should be
generalized. The only supported tool for that is Sysprep, a system preparation utility for the Windows
operating system.

Question: Can you have a MED-V image that has a 64-bit operating system installed?
4-8 Implementing and Managing Microsoft Desktop Virtualization

Installing and Running the Virtual Machine Prerequisites Tool

Key Points
One of the steps in preparing a MED-V virtual image is to install and run the
MED-V VM Prerequisite Wizard. You can use this wizard to automate several of the prerequisite tasks and
configure the virtual machine for running optimally in the MED-V environment. For example, you can use
it to clear unnecessary temporary data, disable sounds, configure Internet Explorer settings, and enable
Windows Auto Logon.
The VM Prerequisites Wizard is part of the MED-V deployment and you can install it in the virtual machine
by running the MED-V_Workspace_1.0.105.msi Windows Installer package.

Note: The user running the virtual machine prerequisites tool must have local administrator rights and
must be the only user logged on.

The VM Prerequisites Tool has several configuration pages, which include:


Windows Settings: This page has options to clear personal history, local temporary directory, and
disable sounds.
Internet Explorer Settings: This page has options to disable auto complete, disable reuse of
windows, clear browsing history, and enable tabbed browsing in Internet Explorer 7.
Windows Services: This page has options to select the services that will be set to manual startup
mode.
Windows Auto Logon: This page has options to enable Windows Auto Logon and define username
and password, which will be used for auto logon.
The VM Prerequisites Tool automatically configures some of the settings that are required in the virtual
image for MED-V to properly function. These settings include disabling the screen saver or displaying
windows content while dragging. You cannot modify these settings in the VM Prerequisites Tool.
Configuring and Deploying MED-V Images 4-9

Note: Make sure that Group Policy objects do not overwrite the mandatory settings set in the
Prerequisites Tool.

Question: Is it mandatory to run the VM Prerequisite Tool before you deploy a MED-V image?
4-10 Implementing and Managing Microsoft Desktop Virtualization

Preparing a MED-V Image for Domain Environment

Key Points
A MED-V virtual machine can be either in the workgroup or can be a domain member. As a domain
member, it has the same access as any other domain computer. Published MED-V applications can access
domain resources such as database servers or Windows SharePoint sites. To join a MED-V virtual
machine to the domain, you must use a persistent workspace.

If you want to join MED-V virtual machines to a domain, you need to perform additional tasks for
preparing the virtual images. These preparation steps are similar to the steps you need to perform when
you prepare the desktop computers deployment. All deployment tools and documentation are available
on the Windows XP CD ROM, (or Windows 2000) in the Deploy.cab cabinet file, which can be found in the
Support\Tools folder. You can use Sysprep to generalize the image and reset machine security ID (SID).
After you run Sysprep, the virtual machine shuts down, and you can then upload the virtual image to
image repository. After the MED-V client downloads the image from the repository, the initial mini setup
of the virtual image is performed without user interaction; and all the answers must be provided in an
unattended answer file, sysprep.inf. You can create this answer file by using the Setup Manager tool,
which is also included in Deploy.cab cabinet. After the initial mini setup, the folder containing sysprep.exe
and the answer file are automatically deleted.
You can control the initial virtual machine setup by using a MED-V Policy. In the policy, you can add setup
actions such as Check Connectivity, Join Domain, Rename Computer, or Restart Windows. You can also
define a virtual machine computer name pattern and use variables such as username, host name, domain
name, and random characters. You can configure some of the settings such as computer name or if a
virtual machine is joined to a domain in unattended answer file (sysprep.inf), as well as in MED-V Policy. If
you plan to use the virtual machine in a MED-V environment, you should use a MED-V policy to configure
these settings.
Configuring and Deploying MED-V Images 4-11

Important: Be aware that the initial MED-V VM setup process when you join the computer to the
domain can be a lengthy process. The MED-V Diagnostic mode can provide additional information
about its progress.

Question: What is the main difference between preparing a MED-V image for the domain environment
and having the MED-V image in the workgroup?
4-12 Implementing and Managing Microsoft Desktop Virtualization

Creating a Basic MED-V Policy for Testing

Key Points
After you create and prepare a virtual image for the MED-V environment, you should test the image to
verify how it behaves in the end-user environment. Testing is not mandatory, but we strongly recommend
testing because it is easier to remove possible issues before you deploy the image to the users.
To configure testing of the MED-V image, you need to use the MED-V Management console. In this tool,
you can import a prepared MED-V image into the test environment by creating a local test image. Next,
you need to apply policy settings to the test image and verify that the image behaves as expected.
There are many different policy settings that you can configure, but when testing the MED-V image, you
would typically configure the following settings:
Assigned Image. Use this option to specify the image that will be used for testing. The image must
be first created as a local test image and you can identify this image because it has (test) at the end
of its name.
Seamless Integration. Use this option to specify how published applications are integrated with the
host and if there is a frame around each window of the published application.
Deployment. Use this option to specify who can test the image.
Data Transfer. Use this option to specify whether the Clipboard can be shared and if file transfer
should be supported between the host and the virtual environment.
Device Control. Use this option to enable printing to the printers connected to the host and to
specify if the virtual environment can access the host CD/DVD drive.
Published Applications and Published Menus. Use this option to specify which applications and
menus from the virtual machine will be published to the host.
Web Browsing. Use this option to specify which URLs use the browser from the host and which
applications use the browser from the virtual environment.
Configuring and Deploying MED-V Images 4-13

After you configure the policy, you must save it to the MED-V server.

Note: The following characters cannot be included in the image name: space " < > | \ / : * ?

Question: What do you configure in a MED-V policy for testing and what is the main difference between
testing policy and the policy that is used in production?
4-14 Implementing and Managing Microsoft Desktop Virtualization

Demonstration: Testing the MED-V Image

Key Points
You perform the actual testing of the MED-V image on the MED-V client. When you log on to the MED-V
client, you can choose to use the local (test) or the deployed image. If you opt to use the local image, the
MED-V workspace starts faster and you can perform the testing. Based on the policy settings, you should
verify if the image behaves as expected. For example, you can test if all published programs are available
on the Start menu and you can successfully run them.
When the testing is finished, you can stop the MED-V workspace by right-clicking the MED-V client icon
on the notification bar.

Demonstration steps:
1. Open MED-V Management on the NYC-CL1 and go to the Images module.
2. Add a new Local Test Image by selecting XP.vmc in E:\LabFiles\VPC folder. Enter XP in the Image
name field, and then click OK.
3. In the Policy module, create a new workspace, and assign the XP (test) image to the workspace.
Enable the workspace for Everyone, publish Notepad application, and then save the Policy.
4. Run the MED-V client on NYC-CL1, log on as contoso\medv-user, and then select the created
workspace.
5. Verify that the published programs from the MED-V virtual image are listed. Start XP Notepad. Verify
that there is a red line around the Untitled Notepad window.
6. Open Help in Notepad, verify that Notepad is running in Windows XP and that the virtual machine
has 256 megabytes (Mb) physical memory available.
7. Copy some text and paste it to the Notepad window that is running on
NYC-CL1
Configuring and Deploying MED-V Images 4-15

Note: When testing an image, no changes are saved to the image between sessions; instead, they are
saved in a separate, temporary file. This is to ensure that when the image is packed and run on the
production environment, it is the original,
clean image.

Question: What happens to the changes that are performed in the virtual environment when you test the
MED-V image?
4-16 Implementing and Managing Microsoft Desktop Virtualization

Lesson 2
Deploying MED-V Images

After you create and test the MED-V image, you should deploy it to the clients. Before clients can
download the virtual image from the image repository, you must first pack the image and then upload it
to the repository. Packing compresses the image and you can use the Hypertext Transfer Protocol (HTTP)
or HTTP Secure (HTTPS) protocol with Background Intelligent Transfer Service (BITS) to use the remaining
bandwidth for the upload. This lesson describes the procedures for updating and deploying the virtual
image to the clients.
Configuring and Deploying MED-V Images 4-17

Packing the MED-V Image

Key Points
If you want to upload the image to the image repository and deploy it to MED-V clients, you must pack
the image. You must pack the image on the administrative workstation and then upload the packed
image to the image repository on the MED-V server. Only after the image is uploaded to the server, can
you assign it by using a MED-V Policy.

Packing the image is the process of compressing the MED-V image to reduce its size. Image packing can
take a considerable amount of time, however, a compressed image takes less space and transfers faster.
The content of the packed image is the same as it was before packing. The MED-V image packing process
can often reduce the image size down to 50% of its initial size. For example, you can compress an 8
gigabytes (GB) image to 4 GB by simply packing the image.
Although you should first test a MED-V image before packing, you can still pack an image without prior
testing. If image testing was performed, changes made during testing are not included in the packed
image. You can use the MED-V Management console for image packing and by default packed images
are stored in the local MED-V Images\PackedImages folder. A packed image consists of two files: .index,
which has the list of files in the image, and .ckm (Kidaro Compressed Machine), which stores the actual
compressed image.
When you pack an image, you can either create a new packed image or create a new version of the
existing packed image. If you create a new packed image,
MED-V clients can download the whole image. If you create a new version of the existing image and the
MED-V clients have a previous version of the image, the clients download just the changes in the image.
This makes the download much smaller and faster when you modify the existing image such as when you
install an application update.

You can further reduce the image size by implementing pre-packing and pre-compaction steps in the
image build procedure. Typical steps to reduce the image size during a build procedure include:
Removing unnecessary files and folders, including unneeded drivers.
4-18 Implementing and Managing Microsoft Desktop Virtualization

Uninstalling unnecessary applications.


Defragmenting the volume.
Running the precompaction utility on the VHD.
Removing offline file.
Editing or compacting the virtual disk.

Question: Why is it important to pack the image before uploading it to the MED-V server?
Configuring and Deploying MED-V Images 4-19

Uploading MED-V Images

Key Points
Local test images and local packed images are available only locally on the MED-V administrative
workstation, where the MED-V Management console is installed. But before you can deploy virtual images
to MED-V clients, you must first upload them to the image repository on the MED-V server. Depending on
the configuration, you can use either the HTTP or the HTTPS protocol for image uploading. You also need
BITS on the image repository Web server. If BITS is not configured on the server, you cannot upload the
MED-V image.

Note: Before uploading an image, verify that a Web proxy is not defined in your browser settings and
that Windows Update is not currently running.

After you pack a MED-V image, you can upload it to image repository by using the MED-V Management
console. If multiple versions of the same packed image are available, only the latest version is uploaded.
Upload can take a considerable amount of time because an image can be several GBs in size and BITS
uses only the unused bandwidth to transfer the image. After you upload the image, you can assign it to
the MED-V workspace and distribute it to the MED-V clients. Local test images can be deleted after the
upload.

During an image upload, the .index and .ckm files are transferred to the MED-V server and by default,
they are stored in the MED-V Server Images folder.

Question: How can you specify the users who can upload images to MED-V server?
4-20 Implementing and Managing Microsoft Desktop Virtualization

Updating MED-V Images

Key Points
As part of the management tasks, you should update MED-V virtual images from time to time just like
you update normal computers. There are various reasons for updating the image, which include installing
the update to the operating system or applications in the image (update management), installing new
applications in the image, or changing the configuration and modifying the content inside a virtual
image.
There are two different ways of updating a MED-V image. If a virtual machine in the image is joined to the
domain, you can use the same updating mechanism that is in place for updating other domain
computers. In such a case, you can manage the MED-V virtual machines in the same way as any other
computer on the network.
You can use the second option when a virtual machine is not joined to the domain. In this case, you can
open the image inside Virtual PC, update the image, for example by installing the Windows update, and
then rerun the VM Prerequisite tool. After the update is complete, shut down the virtual machine, pack
the updated image as a new MED-V image version, and then upload it to the image repository. For some
updates, such as installing new applications in the virtual image, you need to also modify or create new
MED-V policy to benefit from the update.
When MED-V clients download a new version of an existing image, the clients download only the parts
that have changed, and not the entire virtual machine image. This significantly reduces the download size
and delivery time.

Note: When a new version is deployed on the client, it overwrites the existing image. When updating
an image, ensure that no data on the client needs to be saved.
Configuring and Deploying MED-V Images 4-21

Note: If you name the image a different name than the existing version, a new image will be created
rather than a new version of the existing image.

Question: Why would you want to update the image?


4-22 Implementing and Managing Microsoft Desktop Virtualization

Options for Deploying MED-V Images

Key Points
A MED-V image must be available locally before it can be used. After creating and testing a virtual image,
you can deliver it to MED-V clients by using different delivery options.

Using Web Download Over a Network


This is the preferred option for deploying a MED-V image. When a virtual image is stored on the image
repository, you can deliver it over the network by using the standard HTTP or HTTPS protocols. MED-V
uses BITS for bandwidth throttling and Trim Transfer technology to accelerate the download speed and to
reduce required bandwidth. Over the network delivery from an IIS Web server is the only supported way
of delivering image updates and it is the only delivery mechanism that can benefit from Trim Transfer.

Using a Deployment Package


The MED-V Management console provides Packaging Wizard. Packaging Wizard provides functionality
that is different from packing the image. Packing the image compresses the image and reduces its size,
while Packaging Wizard creates a
MED-V deployment package for deploying the MED-V client. The deployment package can include MED-
V prerequisites, MED-V client, and also a virtual image. If you include a virtual image in the MED-V
deployment package, the virtual image is copied to the client workstation local drive as part of the
installation. This delivery method is only suitable for initial virtual image delivery and does not support
image updates. You can deploy future image updates over the network.

Using a Corporate Deployment System


If a company has an existing corporate deployment system such as System Center Configuration Manager
2007 R2, you can choose to deliver the packed virtual images by using the existing software distribution
solution, rather than downloading it from the MED-V server. The MED-V client looks for the package in a
predefined path, and then imports the image from there.
Configuring and Deploying MED-V Images 4-23

Note: Image pre-staging is useful only for the initial image download. It is not supported for image
update.

To configure image pre-staging, you must perform the following tasks:


1. On the client computer, under the image store directory, create a folder for the pre-staging image.
2. The registry key, PrestagedImagesPath, located in the HKLM\SOFTWARE\Kidaro directory, points to
the default image location. If the image is in a different location, change the path.

When the MED-V client starts, it looks in the specified directory for an image (ckm file and index file). If it
finds an image, it imports it. If the image is not located in this path, it downloads it from the server.

Question: What is the main benefit of using the Web download method for deploying virtual images?
4-24 Implementing and Managing Microsoft Desktop Virtualization

Demonstration: Packing and Uploading an Image

Key Points
In this demonstration, you will see how to pack and upload the image to a MED-V server. You use the
MED-V Management console for both operations and you should first test and then pack the image.
Packing compresses the image and decreases the time, needed for transferring the image. Image is
packed on the administrative workstation and stored in the MED-V Images\PackedImages folder.

Demonstration steps:
1. Open MED-V Management on NYC-CL1 and go to Images module.
2. Add a new Packed Image by selecting XP.vmc in E:\LabFiles\VPC folder. Enter XP in the Image name
and click OK.
3. While image is packing, click Browse Local Images and show content of PackedImages folder.
4. On NYC-DC1, view the content of C:\MED-V Server Images folder and confirm that no .ckm or
.index files are available.
5. After Image Packing is complete on the NYC-CL1 computer, verify the image size in Local Packed
Images section, verify that compressed file size.
6. Select the XP packed image and click Upload.
7. Switch to NYC-DC1 and verify that .ckm and .index files are available in C:\MED-V Server Images
folder.

Question: What tool can you use for packing and uploading the image to MED-V server?
Configuring and Deploying MED-V Images 4-25

Lab: Configuring and Deploying MED-V Images

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1. Ensure that the 10324A-NYC-DC1 and 10324A-NYC-CL1 virtual machines are running.
2. If required, connect to the virtual machines. Log on to the virtual machines as
Contoso\Administrator using the password Pa$$w0rd.
4-26 Implementing and Managing Microsoft Desktop Virtualization

Exercise 1: Creating MED-V Images


Scenario
As part of implementing a MED-V virtualization solution, you need to first create a virtual image. To do
this, you need to install and run the VM Prerequisites Wizard. Then, verify the changes performed by the
VM Prerequisites Wizard.

The main tasks for this exercise are as follows:

1. Start the virtual machine on NYC-CL1 and review its initial configuration.
2. Install and run VM Prerequisites Wizard.
3. Verify the changes performed by VM Prerequisites Wizard.

Task 1: Start the virtual machine on NYC-CL1 and review its initial configuration
1. On NYC-CL1, start Microsoft Virtual PC and then start the XP virtual machine. Log on as User1 with
the password of Pa$$w0rd.
2. Create a new text file with your name in the C:\Documents and Settings\User1\Local
Settings\Temp folder.
3. From the Services console, verify service startup type for Security Center, Task Scheduler and
System Restore Service.
4. From the Sounds and Audio devices applet in the Control Panel, verify that Windows Logon and
Windows Logoff have sounds assigned. You have now reviewed some of the initial configuration
settings of the Windows XP virtual machine.

Task 2: Install and run the VM Prerequisites Wizard


1. From NYC-CL1, copy the E:\LabFiles\Mod04
\MED-V_Workspace_1.0.105.msi file to the XP virtual machine and run it in the virtual machine.
During the installation, when prompted for Files Needed, browse to C:\WinXP and then click Open.
Click OK. Also when prompted to Insert Disk, click OK and then browse to C:\WinXP.
2. On the NYC-CL1 computer, in the XP virtual machine, launch the VM Prerequisites Tool.
3. On the Windows Auto Logon page, select Enable Windows Auto Logon, enter User1 as User
name, Pa$$w0rd as Password, and then click Apply.
4. In the MED-V dialog box, click Yes. On the second MED-V dialog box, click OK. For this lab, a
Volume License Key is not required. By running VM Prerequisites Wizard, you prepared the image for
the MED-V environment.

Task 3: Verify the changes performed by VM Prerequisites Wizard


1. In the XP virtual machine, verify the content of the C:\Documents and Settings\User1\Local
Settings\Temp folder.
2. Verify that Windows Logon and Windows Logoff have no sounds assigned.
3. Verify that Security Center, Task Scheduler, and System Restore Service services startup type is set
to Manual.
4. Open the registry editor and navigate to HKLM\SOFTWARE\Microsoft
\Windows NT\CurrentVersion\Winlogon and verify values of the DefaultUserName and
DefaultPassword keys. By performing these steps, you verified some of the changes that were
performed by the VM Prerequisites Wizard.
5. Shut down the XP virtual machine, and then close the Virtual PC Console. All of your changes are
saved into the XP virtual machine.
Configuring and Deploying MED-V Images 4-27

Results: After this exercise, you installed and ran the VM Prerequisites Tool in the XP virtual machine.
You also verified some of the modifications, performed by the tool.
4-28 Implementing and Managing Microsoft Desktop Virtualization

Exercise 2: Testing MED-V Images


Scenario
After the MED-V image is created, you need to test it. You can use the MED-V Management console and
the MED-V client for configuring and testing the image. To test the image, import a basic testing MED-V
policy and verify the MED-V image works as expected.

The main tasks for this exercise are as follows:

1. Add a local test image.


2. Import and assign a basic MED-V testing policy.
3. Test local MED-V image.

Task 1: Add a local test image


1. On NYC-CL1, log on to MED-V Management as contoso\medv-admin, with Pa$$w0rd password.
2. Create a Test Image called XP from E:\Labfiles\VPC\XP.vmc.

Task 2: Import and assign a basic MED-V testing policy


1. On the NYC-CL1 computer, import the MED-V policy from the file
E:\LabFiles\Mod04\TestPolicy.xml.
2. On the Virtual Machine tab, select XP (test) as the Assigned Image and save the policy.

Task 3: Test the local MED-V image


1. On the NYC-CL1 computer, log on to MED-V as contoso\medv-user with Pa$$w0rd as password
and select to use the test image. In the Windows Security Alert window, click Allow Access for all of
the networks to allow Virtual PC 2007 SP1 to communicate.
2. On the NYC-CL1 computer, verify that published programs are listed. Run XP Notepad.
3. Run XP Remote Desktop and copy text from XP Remote Desktop Help to Notepad that is running
locally on NYC-CL1 computer.
4. On the NYC-CL1 computer, start XP Command Prompt and compare content of C:\ with local C:\
drive.
5. On the NYC-CL1 computer, in the notification area, right-click the MED-V icon and then select Stop
Workspace.

Results: After this exercise, you have created a local test image, imported and assigned a basic MED-V
testing policy, and tested the local MED-V image.
Configuring and Deploying MED-V Images 4-29

Exercise 3: Updating, Packing, and Uploading the Image


Scenario
During testing you discover that a security update was not applied to the virtual machine and one of the
applications is not available. You need to update the image by installing the missing application and a
security update. After you test the virtual machine and update the virtual machine with the security
update and missing application, you need to pack the image and upload it to a MED-V server.

The main tasks for this exercise are as follows:


1. Update the image.
2. Pack the MED-V image.
3. Upload the image to image repository.
4. Start the MED-V image download.

Task 1: Update the image


1. On the NYC-CL1 computer, open the Virtual PC Console and start the XP virtual machine.
2. On the NYC-CL1 computer, from the E:\LabFiles\Mod04 folder, copy files XmlNotepad.msi and
WindowsXP-KB956802-x86-ENU.exe to C:\ on the XP virtual machine.
3. On the NYC-CL1 computer, in XP virtual machine, double-click XmlNotepad.msi, install it with
default options, and then verify that the shortcut has been added to the Start menu.
4. On the NYC-CL1 computer, in XP virtual machine, run WindowsXP-KB956802-x86-ENU.exe. Select
Do not restart now at the end of the installation.
5. Open Add or Remove Programs and verify that Security Update for Windows XP (KB956802) is listed
under Windows XP Software Updates. Shut Down the XP virtual machine and close Virtual PC
Console.

Task 2: Pack the MED-V image


1. On NYC-CL1 computer, create a packed image named XP-Updated from E:\Labfiles\VPC\XP.vmc.
2. Review content of the folder C:\MED-V Images\PackedImages.
3. Switch to NYC-DC1, open Windows Explorer and verify that .ckm and .index files for the XP-updated
virtual machine are not available in the
C:\MED-V Server Images folder.

Task 3: Upload the image to image repository


On the NYC-CL1 computer, in MED-V Management console, select XP-Updated and click Upload.

Results: After this exercise, you have updated the XP image with a Windows update and custom
application. You have also packed the local image and uploaded it to the MED-V server.
4-30 Implementing and Managing Microsoft Desktop Virtualization

Exercise 4 (Optional): Preparing the MED-V Image for Domain


Environment
Scenario
Some of the legacy applications in the virtual image require access to domain resources. You decide to
join the MED-V virtual machine to the domain and in this exercise you will prepare the image for domain
environment by creating an answer file and running Sysprep to generalize the image.

Note: Because it takes a long time to pack, upload, and deploy the image, you will not perform these
steps in this lab exercise, but will only perform the tasks related to generalizing the image.

The main tasks for this exercise are as follows:

1. Create the Sysprep answer file.


2. Run Sysprep.exe to generalize the image.

Task 1: Create the Sysprep answer file


1. On NYC-CL1, open Microsoft Virtual PC and then start the XP virtual machine.
2. Copy the E:\LabFiles\Mod04\Sysprep folder from NYC-CL1 to C:\ on the XP virtual machine.
3. In the XP virtual machine, in the Sysprep folder, run Setup Manager. Create a new Sysprep answer
file for Windows XP Professional.
4. Save the answer file as C:\Sysprep\sysprep.inf and review it.

Task 2: Run Sysprep.exe to generalize the image


1. In the XP virtual computer, in C:\Sysprep folder, double-click sysprep.exe.
2. Select the Dont reset grace period for the activation and Use Mini-Setup options, and then click
Reseal. Wait until the XP virtual machine shuts down. Close the Virtual PC Console.

Results: After this exercise, you have created Sysprep answer file and run Sysprep.exe to prepare
virtual machine for domain environment.

To prepare for the next lab


Do not shut down the virtual machines. You will use these virtual machines for the next lab.
Configuring and Deploying MED-V Images 4-31

Module Review and Takeaways

Review Questions
1. Why would you use the VM Prerequisite Tool? Is this tool mandatory?
2. Do you need to upload a MED-V image to the image repository if you want to test it?
3. What are the typical steps in virtual image life cycle?
4. Which protocol is used for MED-V virtual image download?
5. How can MED-V virtual image be deployed? What is the benefit of using the Web download option?

Common Issues Related to Microsoft Enterprise Desktop Virtualization


Identify the causes for the following common issues related to Microsoft Enterprise Desktop Virtualization
and fill in the troubleshooting tips. For answers, refer to relevant lessons in the module.

Issue Troubleshooting tip

You created Windows XP virtual


image, but when you deploy it to
MED-V clients, it requires activation
at each client.

You are not able to install VM


Prerequisite Tool (MED-V
Workspace) on Windows Server
2008 R2 virtual machine.

You are preparing Windows XP


virtual image for domain
environment, but you are not able
to find Sysprep.exe to generalize
the image.

You generalized the Windows XP


4-32 Implementing and Managing Microsoft Desktop Virtualization

Issue Troubleshooting tip

image, but when you deploy it to


MED-V clients, initial setup does
not perform and virtual machine is
not joined to the domain.

You created the MED-V image, but


you are not able to test it.

You want to deploy MED-V image


to the new workstation, but you
have slow network connectivity to
the client.
Managing a MED-V Deployment 5-1

Module 5
Managing a MED-V Deployment
Contents:
Lesson 1: Implementing the MED-V Workspace Policy 5-3
Lesson 2: Working with a MED-V Workspace 5-17
Lesson 3: Reporting and Troubleshooting MED-V 5-26
Lab: Managing a MED-V Deployment 5-34
5-2 Implementing and Managing Microsoft Desktop Virtualization

Module Overview

Managing the Microsoft Enterprise Desktop Virtualization (MED-V) environment typically is one of the
most time-consuming activities for MED-V administrators. After you deploy the MED-V infrastructure, you
must define MED-V Workspaces by configuring MED-V policies, and then enable the workspaces for users
and set options to configure the workspaces that will be available to users.

MED-V users work in two separate environments: the host operating system and the MED-V Workspace. If
you integrate published applications seamlessly with the host, users typically cannot tell that they are
different from applications that are installed locally on their computers.

Besides a configurable virtual environment and a seamless integration with the host, MED-V also provides
reporting and diagnostics capability. The reporting feature requires Microsoft SQL Server, and it logs
MED-V events, and provides three basic report types. The MED-V client provides a diagnostics mode,
policy updates, and diagnostic log gathering that you can use to troubleshoot MED-V issues.
Managing a MED-V Deployment 5-3

Lesson 1
Implementing the MED-V Workspace Policy

A MED-V Workspace policy is an essential part of a MED-V implementation. It defines how to configure
the virtual environment of MED-V clients, which virtual image to use, and which applications to publish to
the host, among other things. You create and manage a MED-V Workspace policy in the MED-V
Management Console, and users must have the Changes Allowed permission on the MED-V server to save
a policy that they create or modify.

A MED-V policy has many settings, which are saved in an XML file on the server. MED-V applies the policy
to the MED-V client when it starts, and then reapplies it every 15 minutes. You also can update it
manually.
5-4 Implementing and Managing Microsoft Desktop Virtualization

What Is a MED-V Workspace?

Key Points
A MED-V Workspace is the desktop environment that MED-V provides for you to interact with the virtual
machine. As a MED-V administrator, you create and customize the MED-V Workspace, which consists of
an image and a policy that defines its rules and functionality. You can create multiple MED-V Workspaces,
and you can customize each with its own configuration, settings, and rules. You then can apply the
workspace to the same image or to multiple images. You can associate a MED-V Workspace with a user or
group, or multiple users or groups, making the MED-V Workspace available only to the associated users
or group members. You can configure a MED-V Workspace centrally, and then apply it to clients that you
assign to this workspace. You can define a MED-V Workspace in the MED-V Management Console by
using the policy module, and then store it on the MED-V server. The MED-V policy applies to users when
they log on and during periodic refreshes, which is every 15 minutes by default. You also can update the
policy manually, by using the Diagnostics option in the MED-V client.

The MED-V Workspace is separated from the users local desktop, and is a virtual image that runs inside
Virtual PC and which you can configure by using MED-V. For example, if you launch a locally installed
copy of Microsoft Office Word, create a document, and then save the document, MED-V saves it, by
default, in your Documents folder on the local host. But if you launch a copy of Office Word from within
the MED-V Workspace, create a second document, and save the document, then by default, MED-V saves
this document in the My Documents folder in your workspace, meaning in the virtual machine that is
running on the local host. This means that you will have two Documents folders on the same MED-V
client computer: one on the local host, and then one in your MED-V Workspace in the virtual machine.
There are different options to work around this, such as using the MED-V file transfer tool or configuring
folder redirection.

Note: Each MED-V Workspace image can be used only by one Windows user.
Managing a MED-V Deployment 5-5

Note: You can control the MED-V Workspace from a command prompt by using
KidaroCommands.exe, which is located in Management subfolder of the MED-V installation folder.

Question: Can you create a MED-V Workspace without assigning it a virtual image?
5-6 Implementing and Managing Microsoft Desktop Virtualization

What Is a MED-V Workspace Policy?

Key Points
A MED-V Workspace policy is a group of configurable settings that define how the virtualized
environment and applications that you install in that environment perform on the host. By using a MED-V
Workspace policy, you can specify how a MED-V virtualized environment is configured on the client and
how it interacts with the host. You can define several workspace settings, which include:
The image that is assigned to the workspace.
Settings for integration and data transfer between the workspace and the host.
The user for whom the MED-V Workspace policy is enabled.
Settings for device control.
The published applications and the virtual machine configuration.
You can create and manage MED-V Workspace policies by using the MED-V Management Console, which
stores them in a single file, ClientPolicy.xml, on the MED-V server. You also can import or export a
workspace policy as an XML file on the MED-V client, by using the Import or Export options in the Policy
menu in the MED-V Management Console.

Note: When you configure a policy, a warning symbol appears next to the mandatory fields for which
you did not enter values. If a mandatory field is empty, the warning symbol also appears on the
settings tab.

It is important to decide the MED-V Workspace type that you want to use before you deploy the MED-V
Workspace policy. We do not recommend that you change the MED-V Workspace type after you deploy a
policy to users.

There are two types of MED-V Workspaces available:


Managing a MED-V Deployment 5-7

Persistent. In a persistent MED-V Workspace, all changes and additions that you make to the MED-V
Workspace are saved in the MED-V Workspace between sessions. You typically use a persistent MED-
V Workspace in a domain environment.
Revertible. In a revertible MED-V Workspace, at the completion of each session, when the MED-V
Workspace stops, the MED-V Workspace reverts to its original state during deployment. Changes or
additions that you made are not saved on the MED-V Workspace between sessions. You cannot use a
revertible MED-V Workspace in a domain environment.

Question: What is the difference between a MED-V Workspace and a MED-V Workspace policy?
5-8 Implementing and Managing Microsoft Desktop Virtualization

General, Virtual Machine, and Deployment Settings

Key Points
You can use the General tab in the MED-V policy to configure the workspace name, description, support
contact information, and basic user-experience settings when working with a MED-V Workspace. You can
define whether the MED-V Workspace appears in seamless integration or full desktop mode. Seamless
integration publishes legacy applications on the host Start menu, and they appear as if they were installed
locally on the host. You also can configure the frame color for the legacy applications, which distinguishes
them from the local applications on the host. The full desktop presents the desktop of the MED-V
Workspace operating system in a separate window. You also can define the command that must be run
successfully on the host before the workspace will start.
You must assign a Microsoft Virtual PC image to every MED-V Workspace, and you can configure this
from the Virtual Machine tab in the MED-V policy. An assigned image can be one of three types:
Local test images. These are unpacked images on the local computer. The word test follows these
image names in parentheses, and you can use these images for testing purposes only.
Local packed images. These are packed images on the local computer, and the word local follows the
image name in parentheses. Clients cannot download these images until the administrator uploads
them to the server. Clients can select a local image if you create a package that is distributed to the
client via removable media, such as a USB drive or DVD.
Packed images on a server. These are images that are on the server and that are available for
download by clients. The word server follows the image name in parentheses.
On the Virtual Machine tab, you also can configure the workspace type to be persistent or revertible. If
you choose a persistent workspace, you can specify if a user should use a Windows logon for the virtual
machine. You also can configure workspace lock settings and image update settings, such as the number
of previous image versions to retain and if you want to use Trim Transfer when downloading images.
Managing a MED-V Deployment 5-9

Note: You should use Trim Transfer when it would take you less time to index the hard drive than to
download the new image version. For example, it would be more efficient to use Trim Transfer when
you download a new image version that is similar to an existing image on the client.

On the Deployment tab in the MED-V policy, you can assign a MED-V Workspace to domain users and
groups. You can specify the time until which the workspace is available, and whether the user can use it in
the offline mode without first connecting to the MED-V server. You also can define the conditions under
which the workspace is deleted automatically and the data-transfer options between the host and
workspace. Additionally, you can configure device-control options, such as whether printers from the host
are available for printing in the workspace or if the workspace can access the hosts CD or DVD drive.

Note: To support file transfer in Windows XP Service Pack 3 (SP3), you must disable offline file
synchronization in the virtual image.

Question: How can you control to whom the MED-V policy applies?
5-10 Implementing and Managing Microsoft Desktop Virtualization

Published Applications Settings

Key Points
You can run applications within the MED-V Workspace that are incompatible with the host operating
system, and start them from within the workspace as you would with a locally installed application on
thefrom either the Start menu or from a shortcut on the host. Workspace applications, which are
available from the host, are called published applications. The MED-V policy defines them.

You can publish an application in two ways:


As an application. You can publish a specific application by defining the command-line command
that runs the application in the virtual machine. Only the applications that you specify and enable in
the MED-V policy are published and listed on the hosts Start menu. It is possible to run additional
applications from the published application, even if this additional workspace application remains
unpublished. For example, you can run any workspace applications from the published workspace
command prompt.
As a menu. You can publish a menu folder that contains multiple applications and subfolders. The
host Start menu publishes and displays all of the folders applications and subfolders.
If you publish individual applications, you can define the display name that appears on the host Start
menu. You also can define the description of the published application, which appears as a tooltip when
the mouse hovers over the shortcut. In the Command line field of the MED-V Management Console, you
specify the command that you can use to run the application from the MED-V Workspace. In this
command, you need to specify the full path, and you can pass the parameters to the application as you
would to any other Windows command.

Note: If the application command line includes spaces, enclose the entire path in quotation marks.

If you publish the whole menu, you can define the menus display name, under which MED-V lists all of
the workspace menus content on the host Start menu. The published menu location is a relative path
Managing a MED-V Deployment 5-11

from the Programs folder in the workspace, and if you leave it blank, all programs from the workspace
Start menu will publish to the host.

Note: If you want to rename the published application, you can right-click on it, and then select
Rename. When you reapply the MED-V policy, the application name will not revert. But when you
restart the workspace, the individually published applications will be listed multiple times, with their
published and modified names, while applications on published menus will revert to their original
workspace names.

All published applications and menus appear as shortcuts on the hosts Start menu under All Programs in
MED-V Applications. You can change this folders name in the Start-menu shortcuts folder field on the
Applications tab in MED-V policy.
5-12 Implementing and Managing Microsoft Desktop Virtualization

Web, Network, and Performance Settings

Key Points
Some Web sites and Web applications are not compatible with the hosts Microsoft Internet Explorer
version, and do not work correctly even when you use the compatibility view in Internet Explorer. If you
need to access such Web sites, you can use older Internet Explorer versions. You do not need to open a
browser manually in the MED-V Workspace to view specific Web sites. MED-V automatically redirects you
to the browser in MED-V Workspace from the browser in the host, and vice-versa.
On the Web tab in the MED-V policy, you can define a list of Web browsing rules for a MED-V
Workspace. Users can browse all sites that the rules include, either in the MED-V Workspace browser or in
the hosts browser. Users can browse all sites that the rules do not define, from the environment in which
the sites were requested. However, you also can configure these sites as a group, which users can browse
in the MED-V Workspace or in the host.

Note: MED-V applies Web settings only to Internet Explorer. It does not apply Web settings to other
browsers.

You can configure network settings for MED-V Workspace on the Network tab in the MED-V policy. On
this tab, you can define if a workspace uses Network Address Translation (NAT) to share the hosts IP
address for outgoing traffic, or if it has its own network address, which it typically obtains from the
Dynamic Host Configuration Protocol (DHCP) server. You also can configure Domain Name System (DNS)
options, such as whether the workspace uses the hosts DNS server or if you want to use a specific DNS
server, and you can define DNS suffixes that MED-V uses for name resolution. You should configure these
settings appropriately if you plan to have network connectivity for your MED-V Workspace in scenarios
where the workspace is joined to the domain or it includes software that the organization will update over
the network.
Managing a MED-V Deployment 5-13

On the Performance tab in the MED-V policy, you can adjust the virtual machine memory, based on how
much physical memory the host has. By using this configuration, you can allocate more memory to the
virtual machine when the host has more memory available. For example, if a host has 1 gigabyte (GB) of
random access memory (RAM), you can allocate the virtual machine 128 megabytes (MB) of memory, and
if a host has 2 GB RAM, you can allocate 512 MB of memory to the same virtual machine.

Question: Do you need to publish Internet Explorer from the virtual image to use it for browsing certain
Web sites that are incompatible with the hosts version of Internet Explorer?
5-14 Implementing and Managing Microsoft Desktop Virtualization

VM Setup Settings

Key Points
You can configure the virtual machines setup settings on the VM Setup tab in the MED-V policy. By
using this tab, you can configure setup options, which MED-V performs when you deploy the virtual
machine and run it for the first time on the MED-V client. For example, you use these settings for joining
the MED-V virtual machine to the domain environment. You need to configure the virtual machine setup
differently for persistent and revertible MED-V Workspaces.

Note: You must use a persistent workspace for domain-joined virtual machines.

For the persistent workspace, you can configure options to run VM Setup, and then use a script editor to
configure actions such as checking connectivity, renaming a computer, joining a domain, or running
custom commands from the command line. For most of the actions, you can specify additional
parameters, such as the IP address for which you want to test connectivity or user credentials, and the
domain name to which you want to join the MED-V virtual machine. If you enable VM setup, you also can
define the message that displays on the MED-V client while the script is running.

Note: VM Setup only runs the first time that you start a workspace, after the Windows log on is
complete. After you complete the VM Setup steps, the Windows operating system inside the virtual
machine shuts down.

For a revertible workspace, you can configure options only to rename the virtual machine.

For both persistent and revertible workspaces, you can define a virtual computer-name pattern. In this
pattern, you can include the user name of the logged-on user, the domain name, host name, workspace
name, virtual machine name, and the selectable number of random characters.
Managing a MED-V Deployment 5-15

Note: When you join a virtual machine to the domain, only root-level organizational units (OUs) are
supported for creating a computer account.

Question: What are the scenarios in which you would configure and use MED-V VM Setup?
5-16 Implementing and Managing Microsoft Desktop Virtualization

Demonstration: Configuring a MED-V Workspace Policy

Key Points
In this demonstration, you will see how to use the MED-V Management Console to configure a MED-V
policy on an administrative workstation.

Demonstration Steps
1. Run MED-V Management. Log on to the MED-V server by using the administrator credentials.
2. Add a new workspace, which will create a new MED-V policy.
3. Switch through configuration tabs, and set various options.
4. Save the policy to the server.
5. Switch to the MED-V server, and notice that all changes are saved in c:\program files\microsoft
enterprise desktop virtualization
\servers\ClientSettings.xml file.
Managing a MED-V Deployment 5-17

Lesson 2
Working with a MED-V Workspace

After you create and enable the MED-V Workspace for the users or groups, you can deploy the MED-V
Workspace. The first time that you deploy a workspace to the MED-V client, the process can be lengthy
because you need to download the virtual image first, and then configure it according to the MED-V
policy.
You can integrate the MED-V Workspace seamlessly with the host, or you can run it in a separate window.
Most customers use seamless integration. But you should be aware that MED-V users work in two
separate environments: the host operating system and the workspace. Users can share the Clipboard
between the two environments, and MED-V provides a transfer tool so that users can transfer files and
folders between both environments. If you join a workspace to a domain, you can provide better
integration by using additional options, such as sharing the folders between the host and the workspace,
or using a Group Policy object (GPO) to configure folder redirection.
5-18 Implementing and Managing Microsoft Desktop Virtualization

Deploying a MED-V Workspace

Key Points
You can deploy a MED-V Workspace only to the workstations on which you install the MED-V client. The
MED-V client runs on top of Virtual PC, applies MED-V policy to the virtualized environment, and
integrates the MED-V Workspace with the host. Before you can access the MED-V Workspace and run
published applications, you first must log on to MED-V. You can log on to MED-V by using the account of
the currently logged-on Windows user or by providing an alternate user account. You can enter the user
name in two different ways: domain\username or username@domain. The AD DS domain controller
performs user authentication, and the MED-V server performs authorization. If you want to use MED-V,
you must have an AD DS user account, and you must enable the
MED-V Workspace for your account or the group to which your account belongs. You can log on to the
MED-V Workspace automatically by using your Windows user account, or manually by starting the MED-V
client, and then providing user credentials. You can configure how the MED-V client starts at logon by
right-clicking on the MED-V icon in the notification area, and selecting the Settings option. By using the
Settings option, you also can configure MED-V server settings.

If user authentication is successful and you have enabled multiple workspaces, MED-V prompts you for
the workspace that you want to use. You can select one of the workspaces from the list, and make it the
default choice. The MED-V server then provides an encryption key to the client, which you can use to
decrypt the virtual machine image on the client. If the image is not available on the client, MED-V
transfers it from the image repository on the MED-V server. After you decrypt the virtual machine, the
MED-V client uses Virtual PC to launch the virtual machine, which initializes the MED-V Workspace. After
the MED-V Workspace starts, you can interact with it.

Note: You can deploy multiple virtual images to the client, but you can run only one Virtual PC image
at a time. If you enable more than one workspace for a user, then when the user starts the MED-V
client, MED-V prompts the user to select the workspace to run.
Managing a MED-V Deployment 5-19

You can control the MED-V Workspace by right-clicking the MED-V icon on the notification area. If the
workspace is running, the MED-V icon has a green check mark. By using the MED-V options in the
notification area, you can perform the following tasks:
Start, stop, or restart the workspace.
Lock the running workspace to prevent access to published applications while the workspace is
locked.
Modify the workspace settings.
Access tools or help, including workspace support information, which the MED-V policy defines.

Question: How can users log on to MED-V? What happens if they have enabled multiple MED-V policies?

Question: What is the difference between the first logon and successive logons to a workspace?
5-20 Implementing and Managing Microsoft Desktop Virtualization

Running Published Applications from the Host

Key Points
You can access published applications from the MED-V Workspace by using the hosts Start menu in the
same way as you access locally installed applications. In the MED-V policy, you can control which
applications you want to publish and at what spot on the Start menu that they publish. Because published
applications integrate with the Start menu on the host, you can use the Search function to find them, and
then you can run them in the same way as you would run locally installed applications.

Note: If you want to publish applications in the submenu, you can use the \ character when defining
the shortcut folder for the Start menu in the MED-V policy.

In the MED-V policy, you can specify how applications are published. You can configure applications to
have a frame around the application window, which helps distinguish them from locally installed
applications. You can start another application from a published application, and then you can run
multiple published applications at any time. Be aware that only a single workspace is used at any time,
and that all published applications must be from the same virtual image.
If you want to protect access to published applications, you can lock the workspace. A MED-V policy can
define the idle time after which a workspace locks automatically. Alternatively, you can lock a workspace
manually, by right-clicking the MED-V icon, and then selecting the Lock Workspace option. This hides all
opened published applications, and you can run a new published application or access running published
applications only after you unlock the workspace by providing the MED-V user password.

Apart from the Start menu, you also can run published applications from the command prompt on the
host. The MED-V Workspace in which you define the published application must be running, and you can
run the published application by using the following syntax:
Managing a MED-V Deployment 5-21

"<Install path>\Manager\KidaroCommands.exe" /run "<published application name>" "<MED-V


Workspace name>"

Note: Be aware that the published application name and the MED-V Workspace name are both case-
sensitive.

Question: What methods can you use to run published applications from the MED-V Workspace?

Question: How can you distinguish between local and published applications?
5-22 Implementing and Managing Microsoft Desktop Virtualization

Integration of Published Programs with the Host

Key Points
Published applications integrate with the host, and provide a look and feel that is similar to locally
installed applications. For example, if an application has an icon in the notification area, this icon is
available from the notification area on the host and its context menu. You can press ALT+TAB to switch
between running applications on the host, and the list of running applications includes the published
applications. However, these applications run in the virtual environment, so in an older operating system,
Flip3D, live thumbnail preview, and transparency do not work for published applications. Based on the
MED-V policy configuration, you can use Copy and Paste to transfer content between published
applications and applications running on the host.
Published applications run in the virtual environment, and they access the folder structure on the virtual
hard disk. If you want to save data from the published application to the host, you can save it first to the
virtual environment, and then use the MED-V File Transfer tool to transfer it from the virtual environment
to the host. In the MED-V File Transfer tool, you can choose to transfer an individual file or a folder.
In the MED-V policy, you can define the following:
The direction in which files can be transferred: host to workspace, workspace to host, or both.
The file extensions that can be transferred.
Whether you want to enable the running of commands on the received files once you transfer them
to the host.
Because transferring files from the workspace to the host can be time consuming, you can use different
options, such as sharing folders between the host and the workspace, or using Group Policy to configure
folder redirection, if the workspace is joined to a domain.

Note: The File Transfer Tool is enabled only when the MED-V Workspace is running.
Managing a MED-V Deployment 5-23

Published applications are displayed on the host in the same way as RemoteApp programs are displayed
when you use Remote Desktop Services (RDS).

Question: How can you access a data file that you saved in the MED-V Workspace?

Question: What are the alternatives to using the File Transfer tool to access data files that are saved from
published applications?
5-24 Implementing and Managing Microsoft Desktop Virtualization

Browsing the Web and Printing from Published Programs

Key Points
One of the workspace settings that you can control through MED-V policy is the URL addresses that users
can browse by using Internet Explorer. You can use this option if Web sites or Web applications are
incompatible with Internet Explorer on the host, but they work correctly with the workspaces older
version of the Internet Explorer browser. You do not need to publish Internet Explorer from the host to
use this feature. You can specify the list of URLs by adding domain suffixes and IP prefixes. You also can
select all local addresses, and then define whether a browser from the workspace or from the host will be
used for browsing them. Then you can specify how you will browse all other URLs, either by using the
browser in the workspace or in the host. When you browse URLs, transitions between the hosts Internet
Explorer and Internet Explorer in the workspace is automatic. If you define a URL in the MED-V Policy as a
workspace URL, and then type it in the host Internet Explorer window, an Internet Explorer window from
the workspace opens and accesses the URL. This browser transition works in reverse, as well, from the
workspace browser to a browser on the host.

Note: Web settings are applied only to Internet Explorer. Web settings are not applied to other
browsers.

Another option that you control through a MED-V policy is the ability to print from published
applications. You can print either to locally installed printers in the workspace or to printers that are
connected to the host. The Enable printing to printers connected to the host option in the MED-V
policy controls access to printers that are connected to the host. When you prepare a virtual image, and
then install the VM Prerequisites Tool, it adds a printer driver that is represented as the Local Printer. This
printer enables you to use any printer that is connected to the host, without installing any additional
device drivers inside the virtual image. When you run a published application, you can select to print to
the Local Printer, which is the workspaces default printer. You get an additional dialog box, where you
select which host printer to use and what print job is sent to that printer.
Managing a MED-V Deployment 5-25

Question: Do you need to install additional printer drivers in the workspace to print to host printers?

Question: You are not able to find the Windows XP driver for a printer that is connected to your
Windows 7 host. Can you still print from the published application that is running in Windows XP SP3
workspace on this printer, if you configure the printer in the Windows 7 host?
5-26 Implementing and Managing Microsoft Desktop Virtualization

Lesson 3
Reporting and Troubleshooting MED-V

Reporting and troubleshooting are an integral part of MED-V. You use Microsoft SQL Server for storing
the MED-V log events, and then you can view them in the MED-V Management Console. MED-V provides
three report types, and enables you to use features such as filtering, grouping, sorting, and exporting
MED-V events to a Microsoft Office Excel file.
A MED-V client provides troubleshooting capabilities, which includes gathering the diagnostics logs,
updating the MED-V policy on the client, enabling the diagnostic mode, and browsing the image store.
Features such as the diagnostic mode can be beneficial when you run the workspace for the first time, as
it displays a Virtual PC window that shows what is occurring in the virtual environment.
Managing a MED-V Deployment 5-27

Features of MED-V Reporting

Key Points
The reporting feature in MED-V gathers, stores, and presents information about client status, user activity,
and errors to MED-V administrators in the form of reports. If you want to use MED-V reporting, you must
have SQL Server 2005 Service Pack 2 (SP2) or SQL Server 2008 installed locally on the MED-V server or
available on a remote server. You can use any SQL Server edition--Express, Standard, or Enterprise--and if
you want to use SQL Server on the remote server, you must install Microsoft SQL Server Management
Objects on the MED-V server. By default, MED-V adds an additional database, medv, to the SQL Server.
This database has six tables, and SQL Server uses it only for logging events, errors, and status messages.

You can create and configure a MED-V database through the MED-V Server Configuration Manager on
MED-V server. From this tools Reports tab, you can perform the following tasks:
Configure a connection string for connecting to the SQL database.
Create a MED-V database.
Test connectivity.
Configure database maintenance, such as how long data will be stored in the medv database before
MED-V deletes it automatically.
You can select the report type, provide additional parameters, and view reports in the MED-V
Management Console, which is available on the MED-V administrative workstation. Before you can view a
report, you first must select the report type, and then provide additional parameters, which can include:
Number of days. This is the number of days for which MED-V should include events in the report.
User name contains. This is the portion of the user name that MED-V should include in the report. If
you specify this, MED-V displays only events that any user performs who meets these criteria. If you
do not specify this parameter, the report includes events by all users.
5-28 Implementing and Managing Microsoft Desktop Virtualization

Host name contains. This is the part of the host name that you are looking for and that you want the
reports to include. If you specify this parameter, MED-V displays only events that comply with this
parameter. If you do not specify this parameter, the report includes events that happen on any host.
After you specify the parameters, MED-V generates a report, and adds a new tab to the detailed view. You
can:
Sort the reports entries by clicking on the column heading.
Filter events by clicking the filter icon in the column heading.
Group events by dragging the column heading to the top of the report or right-clicking on the
column heading.
You also can export reports to Office Excel.

Question: Where is the MED-V log data stored?

Question: Can you always use MED-V reporting?


Managing a MED-V Deployment 5-29

Types of MED-V Reports

Key Points
The MED-V client generates the MED-V events, and then stores them in SQL Server when the client is
online. The medv database, which contains six tables, stores events. You can use tools such as Excel or
Microsoft Office Access to access the log data in the database and create your own reports. Alternately,
you can use the MED-V reporting capability that MED-V provides by default. You can use the MED-V
Management Console for generating and viewing MED-V reports. The MED-V Management Console
provides three report types:
Status. You can view the current status of all active users and all MED-V Workspaces for each user,
based on the period of time that this report defines. You can view information such as:
Computers that are connected to the server currently, and the date and time that they were last
connected to the server.
The status of each computer.
Relevant information, such as the workspace used, policy version that was applied, and the MED-
V client version on the host.
Activity Log. You can view events that originated from a specific host or user in a defined date range.
In this report, you can find events such as:
When a virtual image download has started or completed.
When a MED-V Workspace has started.
Whether a user was authenticated before using the workspace.
This report has the most detailed information on user activity. In larger MED-V implementations, it
contains many events.
5-30 Implementing and Managing Microsoft Desktop Virtualization

Note: When you work with reports, you can use a filter or the group by command to categorize your
results.

Error Log. You can view errors that originated from a specific host or user in a defined date range. In
this report, you can view:
At which host the error originated.
When the error occurred.
The identity of the user.
In which workspace the error occurred.
The errors description.

Note: If the client is working offline, the server receives the reports when the client reconnects to the
network.
Managing a MED-V Deployment 5-31

Demonstration: Generating and Working with MED-V Reports

Key Points
In the MED-V Management Console, you can monitor clients by generating a report that contains
detailed information about client events. In this demonstration, you will see how to generate and work
with MED-V reports.

Demonstration steps:
1. Log on to MED-V Management Console as medv-user, and go to the Reports module.
2. Select Generate Report with default parameters.
3. Review the data on the Status tab.
4. Generate the Activity Log by accepting the default parameters.
5. Review data on the Activity Log tab.
6. Sort data by the Event Id heading. Use Filtering to display a specific Event Id.
7. Group rows by Event Id. Reorder columns of the Export data report on the Status tab to Excel.

Question: How can you drill down into MED-V reports and view specific information in the log data?
5-32 Implementing and Managing Microsoft Desktop Virtualization

Using MED-V Diagnostics to Troubleshoot

Key Points
If you experience problems with starting, downloading, or running a MED-V Workspace, there are several
troubleshooting options available. One of them is MED-V reporting. By using MED-V reporting, you can
find errors that the MED-V clients report. But you can get more help to troubleshoot specific MED-V client
issues by using MED-V Diagnostics, which you can access by right-clicking the MED-V icon in the
notification area, and then selecting Help/MED-V Diagnostics.
When you start MED-V Diagnostics, the following four sections are available:
System. This section provides information about the amount of RAM on the host, as well as the host
name, operating system, and Windows user that currently is logged on. You can select the Gather
diagnostic logs option, which creates a compressed file with many diagnostic files that are necessary
for troubleshooting the MED-V client. The compressed file is saved on the desktop, and includes
information such as client configuration files, the virtual machine that the workspace is using, the
local host configuration, and its events. You also can gather the diagnostic log from the MED-V
Diagnostics Tool that is installed with MED-V client.
Policy. This section provides information on the MED-V policy version and the time at which it was
updated last. The MED-V client updates the policy automatically every 15 minutes, by default, but
you also can update it manually by clicking Update policy. You get a notification when the policy is
refreshed, and MED-V applies the policy changes immediately.

Note: You can update a policy from a command prompt by running, on the host, the
KidaroCommands.exe with the /Refresh parameter.

Workspace. This section provides information on the active workspace, such as its status, expiration
date, and the image used, as well as its location, version, and size. In this section, you also will find
information regarding whether the MED-V client is connected to the MED-V server or if it works
offline. You can use the Enable diagnostics mode option, which shows the Virtual PC desktop, and
Managing a MED-V Deployment 5-33

which is useful in troubleshooting issues in the initial setup of the virtual environment. If you enable
the Diagnostics mode, published applications open in the Virtual PC window, not on your host. After
you disable the Diagnostics mode, the Virtual PC window hides, and published applications again are
visible on the host.

Note: You can enable MED-V diagnostic mode from the command prompt by running, on the host,
KidaroCommands.exe with the /TroubleShootingMode parameter.

Image Store. This section provides information on where the image store is located, its size, and the
available free disk space on the host. You can click Browse image store, and the local image store
opens in Windows Explorer. You also can start browsing local images from the MED-V Management
Console.
5-34 Implementing and Managing Microsoft Desktop Virtualization

Lab: Managing a MED-V Deployment

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. Ensure that the 10324A-NYC-DC1 and 10324A-NYC-CL1 virtual machines are running.
3. If required, connect to the virtual machines. Log on to the virtual machines as
Contoso\Administrator using the password Pa$$w0rd.
Managing a MED-V Deployment 5-35

Exercise 1: Creating and Configuring a Workspace Policy


Scenario
You want to create a MED-V policy to use an existing image on the MED-V server. Users must be able to
distinguish applications that run on the host from those that run in the workspace. They must be able to
use Clipboard to copy data between the applications and to transfer files from the host to the workspace.

The main tasks for this exercise are:

1. Create MED-V Workspace policy, and configure it to use an existing image.


2. Configure additional MED-V Workspace policy options.

Task 1: Create a MED-V Workspace policy, and configure it to use an existing image
1. On NYC-CL1, start MED-V Management, and log on as contoso\medv-admin with Pa$$w0rd as
the password.
2. Create a new workspace with the name Legacy Workspace. Provide a workspace description and
support information.
3. Verify that the policy defines Seamless Integration for published applications, and then select the
pink (255,0,255) frame color.
4. Select XP-Updated (server) as the assigned image. If the image is not available, click Refresh.
5. Select Synchronize Workspace time zone with host.

Task 2: Configure additional MED-V Workspace policy options


1. Configure the Legacy Workspace to allow only the Contoso\MED-V Users group.
2. In Workspace deletion options, select The Workspace has been disabled.
3. Select the following three options: Support clipboard between host and Workspace, Support file
transfer between host and the Workspace, and Enable printing to printers connected to the
host.
4. In the Data Transfer section, select Host to Workspace.
5. In the Published Applications section, add the following four applications:

Display name Command line

XP Comp Mgmt c:\windows\system32\compmgmt.msc

XP Cmd prompt c:\windows\system32\cmd.exe


XP Notepad c:\windows\system32\notepad.exe

XP XML Notepad c:\program files\XML notepad 2007\XMLnotepad.exe


6. In the Published Menus section, click Add, enter Published as the Display Name, and Games as
Folder in Workspace.
7. In the Start menu shortcut folder field, type MED-V Published Apps.
8. On the Web tab, select Browse the list of URLs defined in the following table and Browse all
other URLs. Enter contoso.com as the URL that is browsed in the workspace.
9. On the Performance tab, assign 160 MB memory to the virtual machine if the host has above 550
MB memory; 200 MB if host has above 1,100 MB; and 256 MB virtual-machine memory if the host
has above 1,400 MB.
10. Save the policy, and minimize the MED-V Management Console.
5-36 Implementing and Managing Microsoft Desktop Virtualization

Results: After this exercise, you should have created a new policy, defined a new MED-V Workspace,
and configured various policy options, including which applications the workspace will publish.
Managing a MED-V Deployment 5-37

Exercise 2: Using the MED-V Client


Scenario
After you create and save the MED-V policy, you must test the workspace, and then verify some of the
settings that are in the policy. Some users in your organization might not use the workspace for extended
periods of time. You need to test how you can lock workspace applications when the workspace is not in
use. Additionally, you need to enable users to print from the workspace to the hosts printers.

The main tasks for this exercise are:

1. Deploy a MED-V Workspace.


2. Explore the published programs, and manually update the MED-V policy.
3. Lock the MED-V Workspace.
4. Test printing from the published applications.
5. Review the MED-V virtual machine configuration.

Task 1: Deploy a MED-V Workspace


1. On NYC-CL1, run the MED-V client, and log on as contoso\medv-user, with Pa$$w0rd as password.
2. Select Legacy Workspace, and wait until the workspace is deployed and started. At the Windows
Firewall prompt, select all of the networks, and then click Allow access.

Task 2: Explore the published programs, and manually update the MED-V policy
1. On NYC-CL1, verify that published applications are listed in the Start menu and that there is a
Published subfolder.
2. Use search on the Start menu to start the XP XML Notepad application. Verify that the application has
a pink frame around the window. Drag the XML Notepad window around, like the window of the
locally installed application. Close the XML Notepad application.
3. In the MED-V Management Console, remove the Published menu, and save the policy.
4. On NYC-CL1, update the policy, and then verify that four published applications are still listed on the
Start menu, even though the Published subfolder is no longer present.

Task 3: Lock the MED-V Workspace


1. On NYC-CL1, run the XP Notepad published application.
2. From the notification area, right-click the MED-V icon, and select Lock Workspace. Attempt to
access XP Notepad or run other published applications.
3. Unlock the workspace, and then verify that you can access XP Notepad and other published
applications.

Task 4: Test printing from the published applications


1. Add a local printer on the NYC-CL1 computer.
2. On NYC-CL1, open XP Notepad, enter some text, and from the File menu, select Print.
3. After you select Local Printer, verify that the printer is available for printing. Select the printer, and
confirm that the print job was sent to the host.
4. Restore the MED-V Management Console, and disable the ability to print to printers connected to the
host, save the policy, and then update the policy on the NYC-CL1 client.
5. Verify that you cannot print to the host printers from published applications.
5-38 Implementing and Managing Microsoft Desktop Virtualization

Task 5: Review the MED-V virtual machine configuration


1. On the NYC-CL1 computer, run the XP Comp Mgmt published application.
2. In the published Device Manager, verify that Virtual HD, VM Additions S3 Trio32/64 video adapter,
and generic Intel 21140 network adapter are available in the workspace.
3. Verify that workspace has 256 MB (261,616 KB) memory available, as policy defines.
4. Try to transfer a file from the host to the workspace, and from the workspace to the host. Confirm
that this behavior is consistent with the setting that you defined in the MED-V policy.

Results: After this exercise, you should have deployed a MED-V Workspace, worked with published
applications, learned how to lock and unlock the workspace, and verified that the workspace is
configured as defined in the MED-V policy.
Managing a MED-V Deployment 5-39

Exercise 3: Implementing MED-V Reporting and Troubleshooting


Scenario
After the users in your company start using MED-V, you need to explore the information available in
MED-V reports. You are interested in monitoring the workspaces that users started, and you also want to
test MED-V diagnostics options.

The main tasks for this exercise are:


1. Create and explore MED-V reports.
2. Open MED-V Diagnostics, and explore diagnostic options.

Task 1: Create and explore MED-V reports


1. On NYC-CL1, generate all three Report Types with default parameters.
2. Explore information that each report type provides.
3. In Activity Log, sort the report entries, and use filtering and the Group By feature. Use Group By to
see all events for the workspace under one entry. Reorder columns in the report and select the
Severity on the start of each row in the report.
4. Export entries in the Status report to an Excel .xls format.

Task 2: Open MED-V Diagnostics, and explore diagnostic options


1. On NYC-CL1, in the notification area, right-click the MED-V icon, and then review the MED-V contact
support information.
2. Use the MED-V Diagnostics tool to gather diagnostic logs, and then view the content included in the
compressed file that contains the MED-V diagnostics logs.
3. Start the XML Notepad application. Enable MED-V Diagnostics mode, and then confirm that the
published application was moved to the diagnostics window and cannot move out.
4. Disable the MED-V Diagnostics mode.

Results: After this exercise, you should have reviewed information provided in MED-V reports, worked
with MED-V report formatting, gathered MED-V diagnostics logs, and viewed how to use the MED-V
diagnostics mode.

To prepare for the next lab


When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. Right-click the virtual machines used in this lab, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
5-40 Implementing and Managing Microsoft Desktop Virtualization

Module Review and Takeaways

Review Questions
1. What is the MED-V Workspace?
2. How can you configure a MED-V virtual environment?
3. What defines a MED-V Workspace?
4. What must you do to configure a MED-V policy?
5. What is the difference between a persistent and revertible workspace?
6. How can you specify the virtual image to which the MED-V policy should apply? What image types
can you assign in MED-V?
7. Can you print to the host printers from the published application in the workspace?
8. What is the easiest way to gather MED-V diagnostic logs on the MED-V client?
9. How can you find out what is going on inside the MED-V virtual environment during initial setup,
when you join a virtual machine to the domain?

Common Issues Related to Microsoft Enterprise Desktop Virtualization


Identify the causes for the following common issues related to Microsoft Enterprise Desktop Virtualization,
and fill in the troubleshooting tips. For answers, refer to relevant lessons in the module.

Issue Troubleshooting tip

The options for save changes or commit MED-V policy are


grayed out in the MED-V Management Console.

You modified the MED-V policy, but the changes are not
reflected in the client workspace.
Managing a MED-V Deployment 5-41

Issue Troubleshooting tip

After you modified the MED-V policy and waited for 15


minutes, the changes still are not reflected in the client
workspace.

You do not see any MED-V published applications on the host.

You have multiple printers available on the host, but none of


them is listed when you want to print from the published
application.

The MED-V virtual machine is using too much memory.


5-42 Implementing and Managing Microsoft Desktop Virtualization
Implementing Microsoft Application Virtualization 6-1

Module 6
Implementing Microsoft Application Virtualization
Contents:
Lesson 1: Introduction to Application Virtualization 6-3
Lesson 2: Planning for Application Virtualization 6-15
Lesson 3: Deploying Application Virtualization Servers 6-27
Lab: Implementing Application Virtualization 6-36
6-2 Implementing and Managing Microsoft Desktop Virtualization

Module Overview

The Microsoft Application Virtualization 4.5 Service Pack 1 (App-V 4.5 SP1) and the App-V 4.6 client and
sequencer software provide the latest updates to application virtualization technology. This release
includes new capabilities that make it easy for enterprise information technology (IT) organizations to
support large-scale, global application virtualization implementations. This module provides an overview
of application virtualization and App-V components. The module also covers the App-V infrastructure, the
deployment scenarios, and the procedures for installing and configuring App-V servers and App-V clients.
Implementing Microsoft Application Virtualization 6-3

Lesson 1
Introduction to Application Virtualization

Application virtualization is a sophisticated technology that allows organizations to reduce costs and
simplify software deployment. Application virtualization allows you to run applications on client
computers without having to install them locally.
Other virtualization technologies such as Windows XP Mode or Microsoft Enterprise Desktop
Virtualization (MED-V) deliver an entire virtual machine to the client computer, whereas App-V delivers a
virtual application hosted in a virtual environment based on the host operating system. App-V does not
provide a virtual machine. App-V is not an application compatibility product, but instead it is an
application management product.

This lesson provides an introduction to the concepts behind application virtualization, and the tasks that
you can use to manage it.
6-4 Implementing and Managing Microsoft Desktop Virtualization

What Is Application Virtualization?

Key Points
Application virtualization allows you to run applications on client computers as if they were installed
locally. You never install a virtualized application, in the traditional sense, locally on an end users
computer. However, a virtualized application behaves as a locally installed application, from the end users
perspective. The virtualization client software that you install on the client computer provides an
environment that simulates the local operating system. Blocks of the applications code are loaded into
this virtual environment on demand. The virtual server initially downloads only the code necessary to start
the program, which typically is 20 to 40 percent of the total code. No further code is sent to the client
until the user requests it by using features of the application. These blocks of code may be streamed from
a network location or reside in a cache on the local hard disk.

Streaming is the process of obtaining content from an application package. The application runs as if it is
interacting with the physical operating system, when in fact it is interacting with virtualized operating-
system components, such as registry, .ini files, and dynamic-link library (DLL) files. However, the
application never interacts directly with the actual operating system.

When the session terminates, the virtual server saves application settings and profiles in a nonvolatile
cache, which provides instant access for subsequent use. The cached code enables applications to run
locally with full functionality, even without a network connection.

Benefits of Application Virtualization


Management of applications is one of the most time-consuming and costly aspects of an enterprise IT
infrastructure. Virtualizing applications provides many benefits when compared to traditional installations,
which can reduce management and support costs. Those benefits include:
Centralized management. A single management console can connect to all virtual application
deployment servers. You can install the management console on multiple hosts for situations where
you require distributed administration.
Implementing Microsoft Application Virtualization 6-5

Running multiple versions of the same application without conflicts. Users sometimes need to run
older versions of an application to support their customers, but they might also need access to the
latest version. App-V enables users to run multiple versions of the same application by providing
virtual environment isolation.
Reduced application conflicts. Sometimes applications are unable to coexist on the same operating
system due to DLL or API conflicts. Virtual environment isolation means that applications are unaware
of each other and therefore, do not have these types of conflicts.
Scalable infrastructure. You can deploy multiple virtualization servers to stream virtual applications to
clients across the enterprise, and you can manage these servers from a single console, and load
balance them for redundancy. Stand-alone client installers can extend virtual applications to users
who do not connect to the local area network (LAN).
Accessible applications. Because you can target applications at particular users or groups, they are
available at any workstation to which a user logs on, as long as that workstation has the App-V client
installed. If users have roaming profiles, any personal configuration application settings will be
available.
Remote Desktop server support. App-V allows an application to run simultaneously with any other
application on a Remote Desktop server, eliminating the need for application silos and increasing
utilization. This results in the need for fewer servers, and it enables applications that were not
designed to run in multiuser mode to run on a single terminal server. There is separate virtual client
software for Remote Desktop servers.

Note: For the Windows Server 2008 R2, operating system, Terminal Services has been renamed to
Remote Desktop Services.

Reduced license compliance risks. App-V helps to manage license compliance by controlling the
number of users permitted to access an application. You can associate applications with license
groups to enforce compliance.
Usage reporting. You can generate several different reports to track application usage, audit software,
and track system utilization and errors.
6-6 Implementing and Managing Microsoft Desktop Virtualization

Components of an Application Virtualization Solution

Key Points
A virtualization solution consists of a number of components that work together to provide virtualization.
Depending on the deployment model that you implement, you might require some or all of the following
components:
Microsoft Application Virtualization Management Web Service. This service acts as an intermediary
between the Application Virtualization Management Console and the Application Virtualization Data
Store. The Web service accepts data from the management console and sends it to the database. For
example, when a new application is imported, the Web service makes the data store aware of the new
application and its configuration. You must install Microsoft Internet Information Server (IIS) 6.0 or
newer on the server.
Microsoft Application Virtualization Management Console. This component interacts with the Web
service to provide policies. Virtual application deployments, updates, and terminations are managed
by using policies, and administered through the App-V management console. You can install this
console on the Windows XP operating system or newer versions, the Windows Server 2003
operating system or newer versions that have the Microsoft Management Console (MMC) 3.0 and the
.Net Framework 2.0 or newer versions installed.
Microsoft Application Virtualization Management Server. This component stores the application
packages in a shared folder for distribution to the clients. During startup, it requests policy
information from the data store on a Microsoft SQL Server. The App-V Management Server
authorizes and authenticates requests against Active Directory Domain Services (AD DS), and then
provides the application streaming, security, metering, monitoring, and data gathering services.
Microsoft Application Virtualization Streaming Server. This component provides a lightweight solution
for application virtualization. This server only provides streaming services using Real-Time Streaming
Protocols (RTSP) and RTSP Secure (RTSPS). It does not provide the full set of management capabilities
that the management server delivers. Therefore, it does not require the same infrastructure as the full
management server.
Implementing Microsoft Application Virtualization 6-7

Microsoft Application Virtualization Client. This component is a small software program that resides
on the computers running the virtual applications. These clients communicate and authenticate with
the application virtualization server to receive application code, and then locally execute the
application.
Microsoft Application Virtualization Sequencer. This is a wizard-based tool, which sequencing
engineers use to create virtual application packages. Sequenced applications perform as if they are
installed on the local machine when users launch them. You perform sequencing on a computer that
represents the operating system on which the virtual application will be run.
SQL Server. This is required to act as the data store for a full installation of an App-V environment.
SQL Server 2005 Express Edition SP2 or newer is required. This data store stores all application
records, licensing, logging information, permissions, virtualization server configurations, and
reporting.
6-8 Implementing and Managing Microsoft Desktop Virtualization

Communications Between Management Servers and Clients

Key Points
App-V streaming servers natively use RTSP or Transport Layer Security (TLS) and RTSPS to stream
applications to clients. A new feature in App-V 4.5 is the ability to stream over HTTP protocol.

Streaming Over RTSP


RTP is a suite of protocols that an App-V Server uses for the streaming delivery of virtual applications. By
default, RTSP listens on port 554 for Microsoft Application Virtualization Client requests, and then
dynamically connects to the client on two high ports. One is for Real- Time Control Protocol (RTCP) and
one is for RTP. These ports are in the range between 49,152 and 65,535. The App-V Server then uses the
port for RTCP for control messages and the RTP port for the actual data transfer of Icon (ICO), Open
Software Description (OSD), and file type association FTA files.

You can use RTSPS if you need only a single port and an encrypted application stream. The default port is
322 in RTSPS. This is a change from previous Microsoft SoftGrid versions that used port 332 to comply
with industry standards. However, you can redirect the port to 443.

RTSPS uses a single port for both RTCP and RTP traffic, and for all connections to the Application
Virtualization Management Server. This can have an effect on performance. RTSPS requires a valid
certificate installed on the management server. The streaming server can be set up to support RTSP,
RTSPS, or both.

Streaming Over HTTP


The ability to stream over HTTP alleviates the need to have a dedicated App-V streaming server and
allows you to just use an IIS computer. The benefits of this include:
Administration is easier because IIS is well known and commonly implemented.
Streaming over TCP port 80 typically is easier to implement when there is a firewall between the
server and the client.
Implementing Microsoft Application Virtualization 6-9

Streaming over HTTP is accomplished by creating a virtual directory that maps to the content folder that
holds the sequenced applications. Also, you must add the following Multipurpose Internet Mail Extensions
(MIME) types:
OSD with the type of App-V Application
Virtualized-enabled application file (SFT) with the type of App-V Application
Then, the hypertext reference (HREF) value in the OSD file must reflect that you are using the HTTP
protocol and port 80. For secure HTTP, the HREF value must reflect HTTPS protocol and port 443.

HTTP streaming is optimized for Internet or intranet delivery over wide area networks (WANs). Therefore,
we recommend it for Internet-facing scenarios and businesses that require streaming capabilities across
large, disperse networks. Active Upgrade is not available when you are using HTTP streaming.
6-10 Implementing and Managing Microsoft Desktop Virtualization

Packaging of Virtual Applications

Key Points
Application packaging is the process of preparing virtual applications for deployment on client computers.
You can create an application package, also called a sequenced application, by using the App-V
Sequencer. Sequencing is typically the first step of implementing a virtualized application. You can use the
App-V Sequencer to monitor and record the application installation and capture the files that the
application uses to run. The App-V Sequencer then packages all required files into a virtualized, self-
contained environment for deployment to
App-V clients. Each package created by the sequencer defines its own virtual environment.

Packaging is a separate operation from deployment, and you perform it on a separate computer from the
deployment or management servers. After you sequence the application, you copy the resulting package
to the deployment server for distribution.

Each virtual application package has several files:


ICO. The .ico file specifies the icon that appears on the Microsoft App-V client desktop.
OSD. The .osd file provides the information necessary to locate the applications virtualization-
enabled application (.sft) file, and then set up and launch the application.
SFT. The virtualized-enabled application file (.sft) file contains the asset files that include one or more
applications that are based on Windows.
SPRJ. The App-V Sequencer project (.sprj) file is generated when a project is saved. The .sprj file
contains a list of files, directories, and registry entries that the sequencer excludes. You can load this
file in the sequencer to add, change, delete, or upgrade any of the applications in the suite. A
common example of when you might use the .sprj file is when you add service packs to an
application.
Manifest.xml file. Electronic software distribution (ESD) can use the manifest.xml file to deploy
applications.
Implementing Microsoft Application Virtualization 6-11

Deploying Virtual Applications

Key Points
After packaging the application, you can deploy it. Deployment typically involves streaming the package
to the App-V client, which you must install on the client computer prior to application deployment. You
can place the virtual application package on App-V streaming servers so that you can stream the package
to the clients on demand and also have it cached locally. You also can use file servers and Web servers as
streaming servers.

You can deploy multiple streaming servers to support large distributed environments. There is no built-in
method in App-V to replicate application packages between multiple streaming servers delivering the
same applications. Package replication must be achieved through other means such as Distributed File
System (DFS), scripting, or manually.
Application streaming is the exchange of data between the desktop virtualization client and an
application streaming component on the server. Its purpose is to move the entire application package or
parts of the applications code, known as feature blocks, from the virtualization server to a users hard
disk, and then import it into the desktop virtualization framework. Most software packages are cached on
the user's hard disk after the initial download. This reduces the network impact for subsequent launches of
the application.

By default, an App-V client goes through the process of desktop configuration refresh (DC Refresh) at
logon to get the list of applications that it is allowed to run. The client also populates the host operating
system with those applications icons so that the user can access them.

Application licensing and user validation also is performed against the virtualization management server.
As an example, when a user launches an application package that previously was downloaded, the
virtualization client software first calls the management server to verify that the current user remains
authorized to run the application. You also can create policies that enable mobile workers to run the
application in an offline mode, during which the policy determines how long an application can run
without contacting the servers streaming component. For example, the streaming server administrator
6-12 Implementing and Managing Microsoft Desktop Virtualization

may set the policy to allow offline applications to continue to run for seven days without contact. The
desktop virtualization client enforces the policy, and then can disable or remove the application after the
specified period of stand-alone use.
Implementing Microsoft Application Virtualization 6-13

Features of Virtual Applications

Key Points
When you virtualize an application, it runs inside its own virtual environment. This provides the following
advantages:
No installs. You can stream Microsoft App-V packages to client systems without having to install the
applications on each client. Stand-alone scenarios are possible. In this situation, the application is not
streamed to the client computer. Rather, you package the virtual environment and install it for use by
the virtual client software component on the client computer.
No client footprint. Because you do not install the application, you can remove the package easily
without leaving a footprint. This means that there are no orphaned files or registry settings, which
typically are left behind in a traditional application uninstall.
No wasted resources. Virtualized applications can use local and network drives, CPU, random access
memory (RAM), printers, and other local resources on the App-V client.
Pre-configuration of applications. Virtual applications are self-contained, and include all .ini files and
registry settings. During the sequencing operation, the sequencing engineer can configure the
application settings, which enables you to deploy the application in the way you want to present it to
end users. However, users can make personal configuration changes to the application just as if the
application was installed normally, and those settings are stored permanently in a user-specific file
named UsrVol_sftfs_v1.pkg in the users profile in the %AppData% directory.
6-14 Implementing and Managing Microsoft Desktop Virtualization

Maintaining Virtual Applications

Key Points
Updating applications with updates and new revisions can be time consuming and costly for an
organization. App-V enables an organization to centralize these tasks, which simplifies how you can
update and support applications.

Application Updates
An applications life cycle typically involves updates, which typically are in the form of service packs or hot
fixes. When you use virtual applications, however, you need to apply updates only to the package source
files. The updated package then replaces the original package on the App-V server, and the App-V client
seamlessly receives the updated files the next time it launches the application. There is no interruption in
service, and the end user is unaware that an update has been applied.

Application Support
The Microsoft App-V platform can solve other support-related issues, by reducing conflicts between
applications because each virtual application runs in its own virtual environment.

Virtual applications are almost immune to users inadvertently or intentionally deleting critical files that are
needed to run that application. This effectively reduces the number of help-desk calls that an organization
receives.

App-V enables organizations to control the number of users who can gain access concurrently to App-V-
enabled applications through enforcement of license compliance.
Implementing Microsoft Application Virtualization 6-15

Lesson 2
Planning for Application Virtualization

Before deploying a virtual solution, you must have an understanding of the supporting infrastructure
components and the considerations for planning the deployment. The process for implementing
application virtualization is very flexible and scalable. Large deployments require more planning and
different components. This lesson will discuss the different considerations and models for application
virtualization deployment.
6-16 Implementing and Managing Microsoft Desktop Virtualization

Considerations for Deploying Application Virtualization

Key Points
All deployment models require the presence of the App-V client software on the client computer. You can
achieve the delivery of virtual applications to the App-V client through four main delivery models:
App-V full infrastructure (Enterprise) model
App-V lightweight infrastructure model
Stand-alone deployment model
System Center Configuration Manager 2007 R2 integrated model

App-V Full Infrastructure (Enterprise) Model


This model provides all of the management servers capabilities, including application streaming,
authentication, security, licensing, and metering. This model requires AD DS and SQL Server, and is the
typical deployment model. In this configuration, you should place the management server close to the
SQL Server, on the same LAN segment. Adding streaming servers can push a deployment to a distributed
environments remote locations by providing streaming capabilities close to the clients that are using the
applications. This model is this courses main focus.

App-V Lightweight Infrastructure Model


The lightweight infrastructure model addresses the needs of organizations that want to use App-V with
streaming capabilities, but which might not have or want the infrastructure to support management
servers. The lightweight infrastructure consists of the Application Virtualization Streaming Server and the
App-V client only. This server provides streaming capabilities, including active package upgrades without
the AD DS or SQL Server requirements. However, it does not have the configuration, licensing, or
metering capabilities of a full management server. This configuration has no management console or
graphical user interface (GUI) method to point the App-V client to the streaming server. You must
configure the client manually through a registry hack or command line during installation. This service
relies on the manual or scripted addition of a manifest file for virtual application configuration.
Implementing Microsoft Application Virtualization 6-17

Stand-alone Deployment Model


The App-V Stand-alone Model consists of the App-V Sequencer and the App-V Client, and requires no
additional App-V infrastructure. The sequencer now has an option to create a Windows Installer file (MSI)
during the sequencing process. The MSI file installs the metadata to the machines, and then runs two
custom actions using the SFTMIME command-line utility to add and load the application to the App-V
client cache.

The App-V Sequencer packages the publication information, shortcuts, and the install routines into the
MSI, and the virtualized application into an SFT file. When executed, the installer adds the virtual
application package to the App-V client, and configures the publication information to load applications
from a local location rather than stream them across a WAN.
Stand-alone deployments require the client to go into stand-alone mode, which only allows MSI-based
updates of the virtual applications. You do not configure the App-V client to connect to any App-V server,
and applications are delivered to the client through an MSI package. The MSI holds all metadata of the
sequenced application, except for the binary SFT file that holds the actual application.

Streaming is not allowed in the stand-alone model, which is for those users who connect to the corporate
network rarely and do not have access to a server, but who require the power of virtualized applications.

The stand-alone delivery scenario enables an organization to deploy virtual applications in situations
where no servers are available to support other deployment methods for virtual applications. Use stand-
alone deployment when:
Remote users cannot connect to the App-V infrastructure.
Software management systems, such as System Center Configuration Manager or a third-party ESD
system, are in place already.
Network bandwidth limitations prevent ESD. In this case, you can use virtual application delivery on
physical media.
Because the stand-alone model employs an MSI file, you can distribute it by using an existing software
distribution infrastructure, such as Group Policy objects, shared folders, CD or universal serial bus (USB)
flash drives, and others.

By default, stand-alone applications are available to all users that log on to the computer. This may not be
desirable in some environments. To change this behavior, you can use the SFTMIME command-line utility
with the /NOGLOBAL option during the MSI install.

System Center Configuration Manager 2007 R2 Integrated Model


You can use Microsoft System Center Configuration Manager 2007 SP1 R2 to distribute virtual
applications in the same way as it distributes traditional application packages. You can add virtual
applications to the Configuration Manager environment by using a wizard that is very similar to that
which you use for traditional applications. Many of the advanced capabilities available for managing
traditional packages also are available for virtual application packages, such as using task sequences and
building queries in collections to define which devices are targeted. Unlike the App-V full infrastructure,
which can target users only, you can target both users and machines.

This model requires both the App-V client and the Configuration Manager client on each managed
system. It does not use any of the server components of application virtualization, but instead uses the
existing Configuration Manager distribution points to deliver the virtual application to the client.

Application delivery to the client works differently from the App-V Full Infrastructure scenario. In the Full
Infrastructure scenario, the App-V client manages its own content, and it can refresh instantly against the
6-18 Implementing and Managing Microsoft Desktop Virtualization

Management Server. In the Configuration Manager integrated scenario, it is the Configuration


Management client that manages the App-V client.

Configuration Manager supports two types of delivery methods for virtual applications:
You can enable streaming delivery on Configuration Manager distribution points. This option streams
the virtual application to the client through HTTP or HTTPS.
Local delivery uses the Configuration Manager 2007 client to first download all the files needed for
the application through Background Intelligent Transfer Service (BITS). After downloading the files,
the package is loaded (fully) into the App-V client cache.
This model requires in-depth knowledge of System Center Configuration Manager, and is not the focus of
this course.
Implementing Microsoft Application Virtualization 6-19

Considerations for Planning the Supporting Infrastructure for Application


Virtualization

Key Points
Before deploying App-V to your enterprise, you must ensure the supporting infrastructure is in place and
configured to support the App-V environment.

Active Directory Considerations


App-V uses Active Directory groups to control access to applications and administrative functions. You will
use these groups during the server installation process and when publishing applications. Before you
install the App-V management server, you must create the following objects in AD DS:
App-V administrative group. During the installation of the App-V management server, you must
select an Active Directory group to use as the App-V Administrators group that will control
administrative access to the management console. You should add to this group all users who require
administrative access to the management console. This group must preexist before you install the
management server.
App-V users group. App-V requires that every user who accesses App-V functions must be a member
of a provider policy associated with a group. You can use an existing group, such as Domain Users, if
all users must have access to App-V, or you can create a new group with selected users.

Microsoft SQL Server Requirements


The App-V Server requires a SQL Server to host the data store, and supports the following versions of SQL
Server:
SQL Server 2005 (SP1, SP2 or SP3)
SQL Server 2008 (no SP or SP1) 32-bit or 64-bit

Requirements for the App-V Management Console


The App-V management console has the following requirements and interactions:
6-20 Implementing and Managing Microsoft Desktop Virtualization

Windows XP SP2 or newer and Windows Server 2003 or newer


.NET Framework 2.0 or newer
MMC 3.0
Connects to the Web Service through HTTP or HTTPS

Requirements for the App-V Management Web Service


The App-V management Web service has the following requirements and interactions:
Windows Server 2003 or newer
IIS Server
IIS 6.0 with ASP.net or IIS 7.0 with ASP.net, Windows Authentication, IIS Management Scripts and
Tools, IIS 6 Metabase Compatibility, and IIS 6 WMI Compatibility
.NET Framework 2.0 or newer
Requires that the data store was previously installed
Connects to the data store on port 1433
Communicates with AD DS through Active Directory Service Interfaces (ADSI)

Firewall Considerations
After you install the App-V management server or streaming server, and configure it to use the RTSP or
secure RTSPS protocols, you must create firewall exceptions for the App-V programs. Create a firewall
exception for sghwdsptr.exe and sghwsvr.exe. These programs are in the C:\Program Files\Microsoft
System Center App Virt Management Server\App Virt Management Server\bin folder on a 32-bit
operating system. If you are using a 64-bit operating system version, the folder is located in the
corresponding location under C:\Program Files (x86).

Load-Balancing Considerations
You can use load balancing to allow a farm of App-V Servers to continually grow to meet company
requirements and provide a level of fault tolerance. After you configure load balancing, you need to
change the HREF tag in the OSD file to point to the load-balanced IP address or DNS name. For example:
HREF="rtsp://{virtual IP or virtual host name}:554/DefaultApp.sft"

Note: App-V does not support clustering solutions.


Implementing Microsoft Application Virtualization 6-21

Considerations for Implementing an Application Virtualization


Management Server

Key Points
The App-V Management Server performs the publishing and streaming functions for virtual applications.
App-V Management Servers have direct connectivity to the client workstations, and they deliver virtual
applications on-demand to App-V Clients, using RTSP or RTSPS protocols. App-V Management Servers
also provide the following services:
Authorize and authenticate requests for applications through AD DS.
Secure connections to the client through certificates.
License enforcement for applications.
Application monitoring and gathering of data about application usage.
You can control the management server through the App-V Management Console.

The management server stores all application packages in its Content share. The Content folder is a
standard shared folder. During installation, the user is prompted to provide a location for the content
shared folder. You can use any local directory, existing network share, or network accessed storage (NAS),
but the default location is in the installation directory.

During installation, you will provide the location of a SQL Server and database. The management server
must be deployed in the same location and, if possible, on the same LAN as the SQL Server. This ensures
good connectivity between the management server and the App-V configuration information that is
stored in the SQL Server database. One or more App-V management servers can share a single
Application Virtualization SQL data store.

The App-V management server has the following requirements and interactions:
Windows Server 2003 or newer.
6-22 Implementing and Managing Microsoft Desktop Virtualization

A shared folder in which to store the application packages content. This could be a physical file share
on the server itself, or it could be a network-accessible location, such as a DFS or storage area
network (SAN) device.
Requires that the data store is previously installed.
Uses open database connectivity (ODBC) to communicate with the data store.

Important: When you install SQL Server and the App-V Management server on the same computer,
the Application Virtualization Management Server service fails to start after a server restart if the SQL
Server service is not started fully. Because both services try to start at the same time, the Application
Virtualization Management Server service detects that the SQL Server service is not running, and
therefore, will not start. Setting the Application Virtualization Management Server service to
Automatic (Delayed Start) will remedy this. Otherwise, you must start the service manually.

Note: You can install App-V management components on a single server or spread them across
multiple computers. For example, a common scenario would be to install the Management Console
on a Windows 7 computer and the App-V server and Management Web service on a Windows server,
while you place your SQL Server on a separate Windows server or cluster.
Implementing Microsoft Application Virtualization 6-23

Considerations for Implementing an Application Virtualization Streaming


Server

Key Points
You can use the Application Virtualization Streaming Server for those organizations that want to take
advantage of the virtualization and the streaming capability of Microsoft Application Virtualization, yet do
not want a full App-V management server. There are no AD DS or SQL Server requirements, and there is
no user interface for the streaming server. You manage it through registry keys. You must configure
clients through the App-V client software during client installation or configure the local registry to point
to the streaming server if the client software is installed already.
The Application Virtualization Streaming Server is a streaming server only. It does not perform any
application publishing or management functions. It does not have any application licensing or metering
capabilities. It streams the virtual application files (.sft files) from its shared Content directory to the App-V
Clients that request them, using the RTSP suite. The Application Virtualization Streaming Server
automatically polls its Content directory for applications and packages, and then places this information in
RAM to service application requests. It does not authenticate requests to AD DS, but uses NTFS file system
permissions on the Content folder for authorization.

Because the streaming server does not support desktop configuration refresh, the client is not aware
automatically of the applications that are available for streaming. You must add applications to the client
in an alternative way, such as using the SFTMIME.exe command-line utility or by using a desktop
configuration policy on an App-V management server in a remote location.
6-24 Implementing and Managing Microsoft Desktop Virtualization

Scenarios for Deploying an App-V Streaming Server

Key Points
Although you can use the streaming server by itself as a lightweight deployment solution, you typically
use a streaming server in conjunction with a full infrastructure scenario, or use it with System Center
Configuration Manager to deploy to branch offices or areas with poor WAN connectivity to the SQL
Server. In this way, you can use a streaming server to increase scalability.

Full Infrastructure Scenario


You should place App-V management servers close to the database for efficient SQL transaction traffic,
but the management servers also must be close to their streaming clients. This requires that you replicate
multiple instances of SQL to an enterprises remote locations. The streaming server allows you to place a
streaming device close to streaming clients in remote locations while maintaining a single management
server in a central location. The App-V clients can receive configuration information from the
management server and stream the application from the local streaming server. If you load balance
multiple streaming servers in a large deployment, all servers in a server group should stream the same
applications.
Consider a typical deployment scenario that utilizes the full infrastructure. In this scenario, you place
sequenced applications in the Content shared folder on the App-V management server in the head office
for streaming to local App-V clients. You place the same sequenced applications in the Content shared
folder on the streaming server in the branch office for streaming to those local App-V clients. The App-V
clients perform DC refreshes from the management server in the head office to identify the virtual
applications that are available, but the clients stream those applications locally from the streaming server
rather than across the WAN. This alleviates the need for management and SQL servers in multiple
locations.

Integration of System Center Configuration Manager


Applications that you publish with System Center Configuration Manager 2007 are sequenced in the
traditional manner using the App-V Virtualization Sequencer. An organization can deliver applications by
Implementing Microsoft Application Virtualization 6-25

leveraging their existing System Center Configuration Manager 2007 solution in conjunction with the
App-V client, while removing the need for the entire backend infrastructure of the management server,
SQL data store, management Web service, and management console. Taking advantage of a System
Center Configuration Manager 2007 solution means that organizations can provision application
virtualization packages to hardware devices, rather than just basing them on user accounts. Additionally,
organizations can deploy Application Virtualization packages and precache them to devices based on the
System Center Configuration Manager 2007 policies.

One of this scenarios key prerequisites is that you must install the new App-V streaming server on an
existing distribution point for the System Center Configuration Manager 2007 solution.
You can use the SFTMIME command to set up and maintain the applications, file type associations, and
Desktop Configuration Servers that the App-V client manages.
6-26 Implementing and Managing Microsoft Desktop Virtualization

Benefits of Deploying the App-V Client for Remote Desktop Services

Key Points
In Remote Desktop Services deployments, application conflicts can lead to silos of Remote Desktop (RD)
Session Host servers. To avoid application conflicts, you typically must test applications extensively to
determine which have conflicts. You must separate these, and run them on different session host silos.
Separating multiple RD Session Host servers to accommodate specific applications typically results in the
underutilization of servers, because each one is locked into a specific configuration, and is capable of
serving only a limited set of nonconflicting applications.

The Microsoft Application Virtualization for Remote Desktop Services client allows administrators to
deliver any application to any Remote Desktop Services server. Installing the App-V client for Remote
Desktop Services on the remote desktop server has the following advantages:
Enables applications that cannot run in multiuser mode to be run on remote desktop servers.
Consolidates remote desktop servers and increases hardware efficiency while decreasing both
hardware and administrative costs.
Enables you to prevent users from modifying operating system settings, yet allow applications that
require full rights to run properly.
Enhances Remote Desktop Server license compliance and usage tracking.
Supports roaming profiles and policies.
Implementing Microsoft Application Virtualization 6-27

Lesson 3
Deploying Application Virtualization Servers

It is important to understand the hardware and software requirements of an App-V solution before you
implement it. If you are running a previous version of SoftGrid, you will need to know the implications of
upgrading to the latest release. This lesson covers the installation of the server components and what you
should consider before you upgrade.
6-28 Implementing and Managing Microsoft Desktop Virtualization

Process for Installing the App-V Management Server

Key Points
Before installing the App-V management server, ensure that the App-V server computer meets all
prerequisites for infrastructure, and hardware and software. You can use the App-V Management Server
Installation Wizard to install the management server and to configure the basic settings of the
components.

Hardware and Software Requirements


The minimum hardware requirements include:
Processor: Intel Pentium III, 1 gigahertz (GHz)
RAM: 512 megabytes (MB)
Free disk space: 200 MB, not including the content directory
The minimum software requirements include:
Any edition of Windows Server 2003 SP1 or newer

Pre-installation and Post-installation Tasks


You must perform certain pre-installation and post-installation tasks.
The pre-installation tasks are:

1. Configure appropriate user and administrative groups in AD DS.


2. If the server will run the Management Web service, you must install and configure IIS.
3. If you use a distributed architecture, and install the Management Web service, the management
console and the data store on separate servers then the IIS Server must be trusted for delegation. This
is necessary because the Management Web Service will attempt to connect to the App-V data store
by using the credentials of the App-V administrator who is using the console. The data store will not
accept the administrators credentials from the IIS server unless you configure it to be trusted for
Implementing Microsoft Application Virtualization 6-29

delegation. Therefore, the Management Web Service will not be able to connect to the App-V data
store.
4. If you choose to use the Secure Connection Mode for communications between the Management
Console and the Management Web service, then the server has to have a server certificate
provisioned to it from a public key infrastructure (PKI). If a server certificate is not installed on the
server, this option is unavailable, and the user cannot select it. You must grant the Network Service
account Read permission to the certificate being used.

The post-installation tasks are:

1. Sharing the Content folder. Ensure the App-V users group have Read permission and the users who
will be uploading sequenced applications to the share has Full Control. Ensure that the corresponding
NTFS permissions have been granted.

Note: You may perform this task before installation, but you must create a folder that will act as the
content folder.

2. If SQL Server is running on the same computer, set the Application Virtualization Management Server
service to Automatic (Delayed Start) as the Startup Type, and ensure the service is started.
3. Create firewall exceptions.
4. After you deploy the App-V client software, use the App-V Default Application to test whether App-V
is functioning correctly.

Installing the App-V Management Server


Access the App-V installation source files and run Setup.exe to start the App-V Management Server
Installation Wizard. Selecting a custom installation allows the administrator to install each server role
individually; and choose a typical installation of all components on the same server. You are prompted for
the SQL Servers location, and after you enter it, the data store is created. During creation of the data
store, you need to designate the Administrative Group, the default User Group, and the location of the
Content shared folder.
6-30 Implementing and Managing Microsoft Desktop Virtualization

Demonstration: Installing the App-V Management Server

Key Points
In this demonstration, you will see how to install all of the App-V management components on a single
computer that is a domain member server and on which SQL Server is preinstalled.

Demonstration steps:
Create and populate Active Directory groups.
a. Start Active Directory Users and Computers.
b. Create global security groups named ContosoAppVAdmins and ContosoAppVUsers.
c. Add the Domain Admins group to the ContosoAppVAdmins group.
d. Add the Domain Users group to the ContosoAppVUsers group.
Prepare the App-V Management Server.
Add the Web Server (IIS) role with the default settings and the following role services:
ASP.NET
Windows Authentication
IIS Management Scripts and Tools
IIS 6 Management Compatibility, with all subcomponents
Install App-V Management Components.
a. Run the installation wizard as a custom setup, and accept all the defaults to install the
management server.
b. Restart the server.
Configure the Startup type for the Application Virtualization Management Server service to be
Automatic (Delayed Start) and start the service.
Create a firewall exception for sghwdsptr.exe and sghwsvr.exe.
Implementing Microsoft Application Virtualization 6-31

Share the Content Folder to Everyone for Read permission, and grant Domain Administrators full
control.
6-32 Implementing and Managing Microsoft Desktop Virtualization

Demonstration: Installing and Configuring an App-V Streaming Server

Key Points
Before installing the App-V Streaming Server, ensure that the App-V server computer meets all hardware
and software prerequisites. The server hardware requirements are the same as the App-V Management
server, except that the supporting infrastructure is much smaller. There is no requirement for a data store
or AD DS. The App-V client is directed to stream applications from the local streaming server by how you
configure its registry or from a desktop configuration policy on a remote App-V management server.

Note: Make sure that the App-V Management Server is not installed on this computer. You cannot
install the App-V Management Server and the App-V Streaming Server on the same computer.

Demonstration steps:
1. Run the installation wizard, and accept all defaults to install the streaming server. Restart the server.
2. Open the Start menu, point to Administrative Tools and verify that there is no App-V management
console for this server.
3. Share the Content Folder to Everyone for Read access and grant Domain Admins Full Control.
4. Copy an application package to the Content folder.
5. Configure firewall exceptions.
6. Restart the Application Virtualization Streaming Server service.
7. On the client computer, edit the HKEY_LOCAL_MACHINE\SOFTWARE
\Microsoft\SoftGrid\4.5\Client\Configuration\ApplicationSourceRoot key with the following
value: RTSP://<servername>:554.
8. Use the SFTMIME command line utility to add the package to the client cache.
9. Test the application.
Implementing Microsoft Application Virtualization 6-33

Question: Is a Microsoft Application Virtualization Management Server and management infrastructure


required to install the Microsoft Application Virtualization Streaming Server?

Question: During installation, several options are available for configuration. How can you change them
after installation?
6-34 Implementing and Managing Microsoft Desktop Virtualization

Considerations for Upgrading from Previous Versions of SoftGrid

Key Points
To realize the benefits of the App-V 4.5 SP1 and App-V 4.6 client release, you need to upgrade your
existing App-V infrastructure. Before upgrading to App-V 4.6 or newer versions, you must upgrade
versions earlier than App-V 4.1to App-V 4.1. You must upgrade the App-V clients first, and then upgrade
the server components.

Upgrading the Client


App-V clients that you do not upgrade to App-V 4.6 will continue to work with App-V servers that you
have not upgraded. Earlier versions of the client are not supported on servers that you upgrade to App-V
4.6. You can upgrade the SoftGrid 4.1 and newer client software directly to the App-V 4.6 client. You can
upgrade clients by installing the new version over the old version, which maintains the client cache and
configuration settings during the upgrade. After the client upgrade completes, you must reboot the client
operating system.

Upgrading App-V Servers


Similar to the client, you can upgrade to App-V 4.6 only from App-V 4.1 or newer by running the installer.
The installation wizard recognizes the currently installed version, and performs the upgrade automatically.
You should conduct server upgrades during nonpeak times, because you must stop the App-V service
during the upgrade. You can upgrade servers by installing the new version over the old version. If you
have multiple App-V servers, you should upgrade all servers simultaneously. However, clients should not
exchange data with different versions of App-V servers simultaneously.

Upgrading the App-V Management Web Service


In cases where the Web service is running on the same server as the App-V server service, the upgrade will
happen automatically. If the Web service runs on a separate server, you must run the installer again on
that server to perform the upgrade.
Implementing Microsoft Application Virtualization 6-35

Upgrading the Sequencer


Upgrading from previous versions of the Sequencer is not supported. You must uninstall any previous
versions of the Sequencer, and then install the App-V Sequencer 4.6. Virtual applications that you
sequence by using an earlier version of the Sequencer can be opened and edited using Sequencer 4.6.

Note: For more information, see the TechNet article App-V Upgrade Checklist at
http://technet.microsoft.com/en-us/library/ff361462.aspx.
6-36 Implementing and Managing Microsoft Desktop Virtualization

Lab: Implementing Application Virtualization

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. Ensure that the 10324A-NYC-DC1 and the 10324A-NYC-SVR3 virtual machines are running.
3. If required, connect to the virtual machines. Log on to the computers as Contoso/Administrator
using the password Pa$$w0rd.
Implementing Microsoft Application Virtualization 6-37

Exercise 1: Planning the App-V Implementation


Scenario
Contoso, Ltd. has a distributed computing environment. There is a head office with 150 desktops, and a
branch office with 50 desktops. System Center Configuration Manager has not been deployed. There also
are several field engineers who use laptops and who rarely connect to the LAN. The head office and
branch office are connected via a fast WAN link. All users need access to virtual applications. The head
office has multiple file and print servers, application servers, and a domain controller. The branch office
has a local file server. You need to develop a high-level plan that ensures that virtual applications are
available to all users. Your plan must allow for application metering and license checking, where possible.

The main task for this exercise is:


1. Answer questions related to the App-V implementation.

Task 1: Answer questions related to the App-V implementation

Question: How would you recommend deploying virtual applications?

Question: How would you deploy the App-V client?

Question: How would you implement App-V in the head office?

Question: How would you distribute virtual applications to the branch office?

Question: How would you distribute virtual applications to the field engineers?

Results: After this exercise, you should have an understanding of how to plan for an App-V
deployment.
6-38 Implementing and Managing Microsoft Desktop Virtualization

Exercise 2: Installing an App-V Management Server


As the first step in implementing an application virtualization solution, you need to perform a default
installation of the App-V management server for the head office. SQL Server is installed already on the
member server. Next, you will perform the preinstallation tasks of installing IIS 7.0 and creating groups in
AD DS for App-V. Then, you will install the App-V management server, and configure the services startup
parameters to account for SQL Server on the same computer.

Scenario
The main tasks for this exercise are:

1. Install IIS 7.0.


2. Create groups for App-V users and administrators.
3. Install the App-V management server.
4. Configure Windows Firewall exceptions
5. Configure the App-V management server service.

Task 1: Install IIS 7.0


On NYC-SVR3, open Server Manager and add the Web Server (IIS) role with the following role
services:
ASP.NET
Windows Authentication
IIS Management Scripts and Tools
IIS 6 Management Compatibility, with all subcomponents

Task 2: Create groups for App-V users and administrators


1. On NYC-DC1, launch Active Directory Users and Computers.
2. Create two global security groups: one named ContosoAppVAdmins, and one named
ContosoAppVUsers.

Task 3: Install the App-V management server


1. On NYC-SVR3, open Windows Explorer and navigate to
\\NYC-DC1\E$\Labfiles\Mod06\Server\Management, and launch Setup.exe.
2. Complete the wizard using the following values and then click Install.
Microsoft Update: I dont want to use Microsoft Update
User Name: Student; Organization: Contoso
Setup Type: Custom
Configuration Database: NYC-SVR3\SQLEXPRESS
Create a new database: APPVIRT
Connection Security Mode: Use enhanced security: disabled
TCP Port Configuration: 554
Administrator Group: ContosoAppVAdmins
Default Provider Group: ContosoAppVUsers
Content folder: default location
3. Restart the system after the wizard completes.
Implementing Microsoft Application Virtualization 6-39

4. Log on to NYC-SVR3 as Contoso\Administrator with the password of Pa$$w0rd.

Task 4: Configure Windows Firewall exceptions


Create an exception for sghwdsptr.exe and sghwsvr.exe in Windows Firewall. These files are located in
the C:\Program Files (x86)\Microsoft System Center App Virt Management Server\Bin folder

Task 5: Configure the App-V Management Server Service


1. On NYC-SVR3, launch the Services console, and locate the Application Virtualization Management
Server service. Start the service if it is not running.
2. Set the service Startup type to be Automatic (Delayed Start).
3. In Hyper-V Manager revert the 10324A-NYC-SVR3 virtual machine. Leave 10324A-NYC-DC1
running for the next exercise.

Results: After this exercise, you should have installed the prerequisites for the App-V management
server, and installed the default installation of the management server.
6-40 Implementing and Managing Microsoft Desktop Virtualization

Exercise 3: Installing an App-V Streaming Server


Scenario
After installing the App-V Management server, you next need to install a streaming-only server for use in
a branch-office scenario. The client will refresh application information from the management server at
the head office, but will stream the application from the local streaming server. You need to ensure that
you have shared the content folder for the necessary users. The sequencing team has given you a
sequenced application, which you will place in the content folder, and then you will configure the App-V
client at the branch office to stream from this server.

The main tasks for this exercise are:

1. Install a streaming server.


2. Share the Content folder.
3. Copy a package to the Content folder.
4. Configure Windows Firewall exceptions.
5. Restart the Application Virtualization Streaming Server service.

Task 1: Install a streaming server


1. Start and connect to 10324A-NYC-SVR3. Log on to NYC-SVR3 as Contoso\Administrator with the
password of Pa$$w0rd.
2. Open Windows Explorer and navigate to \\NYC-DC1\E$\Labfiles
\Mod06\Server\Streaming, and double-click Setup.exe.
3. Complete the wizard by providing the following values, and then click Install:
Microsoft Update: I dont want to use Microsoft Update
User Name: Student; Organization: Contoso
Installation Path: default
Connection Security Mode: Use enhanced security: disabled
TCP Port Configuration: 554
Content Root: default location
Advanced Settings: default
4. Restart the server when prompted.

Task 2: Share the Content folder


1. Log on to NYC-SVR3 as Administrator with a password of Pa$$w0rd.
2. Open Windows Explorer and navigate to C:\Program Files (x86)
\Microsoft System Center App Virt Streaming Server, and share the content folder.
3. Ensure that the Everyone group has Read permission to this folder.
4. Grant Full Control to the Domain Admins group

Task 3: Copy a package to the Content folder


In Windows Explorer, navigate to \\NYC-DC1\E$\Labfiles\Mod06\, and copy the Word03 folder to
C:\Program Files (x86)
\Microsoft System Center App Virt Streaming Server\content.
Implementing Microsoft Application Virtualization 6-41

Task 4: Configure Windows Firewall exceptions


Create an exception for sglwdsptr.exe and sglwsvr.exe in the Windows Firewall. These files are located
in the C:\Program Files (x86)\Microsoft System Center App Virt Streaming Server\Bin folder.

Task 5: Restart the Application Virtualization Streaming Server service


Restart the Application Virtualization Streaming Server service.

Results: After this exercise, you should have installed an App-V streaming server, shared the Content
folder, and copied a package to the Content folder.
6-42 Implementing and Managing Microsoft Desktop Virtualization

Exercise 4: Configuring a Client to Use the Streaming Server


Scenario
To stream from an alternate server, you need to configure a client manually. In this exercise, you will
configure the client to stream from the streaming-only server.

The main task for this exercise is:


1. Edit the client registry key.
2. Use the Sftmime utility to load the package into the client cache.
3. Test the application.

Task 1: Edit the client registry key


1. Start 10324A-NYC-CL1 and log on as Contoso\Administrator with the password of Pa$$w0rd.
2. Open the Registry Editor and edit the App-V client registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SoftGrid\4.5\Client
\Configuration key value for Application Source Root to use the RTSP protocol for NYC-SVR3 at port
554.

Task 2: Use the Sftmime utility to load the package into the client cache
Execute the following command on NYC-CL1:
sftmime add package:Word03 /manifest \\\NYC-
SVR3\Content\Word03\Wordviewer03_manifest.xml

Note: The UNC path in the command requires three backslashes at the beginning of the path

Task 3: Test the application


Launch the Word Viewer application.

Results: After this exercise, you should have edited the client registry key to configure the client to use
the streaming server.

To prepare for the next module


When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. Right-click the virtual machines used in this lab, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
Implementing Microsoft Application Virtualization 6-43

Module Review and Takeaways

Review Questions
1. What is the primary function of the OSD file?
2. How can you replicate application packages between multiple streaming servers?
3. How are App-V administrators determined?

Common Issues Related to Implementing Application Virtualization


Identify the causes for the following common issues related to implementing application virtualization,
and fill in the troubleshooting tips. For answers, refer to relevant lessons in the module.

Issue Troubleshooting tip

Client is unable to connect to the


streaming server.

Client is able to connect, but


cannot stream the application.

Real-World Issues and Scenarios


1. Your organization is geographically distributed. How can you ensure that your application
virtualization solution does not affect the network bandwidth and increase costs?
2. Application licensing can be difficult to track and enforce. Using App-V can simplify license
compliance and even reduce ownership costs. Your renewal time is coming up for a particular
application that you run in the App-V environment. You want to track the actual number of users
who run the application concurrently, so that you can purchase the appropriate number of licenses.
What solution could you implement?

Best Practices Related to Implementing Application Virtualization


Supplement or modify the following best practices for your own work situations:
6-44 Implementing and Managing Microsoft Desktop Virtualization

Secure communications between server components with Internet Protocol Security (IPsec) in high
security environments.
Use HTTP streaming for Internet facing clients.
Use Network Load Balancing (NLB) to provide redundancy.
Planning and Deploying App-V Clients 7-1

Module 7
Planning and Deploying App-V Clients
Contents:
Lesson 1: Overview of the App-V Client 7-3
Lesson 2: Installing and Configuring the App-V Client 7-14
Lab A: Deploying the App-V Client in Stand-Alone Mode 7-24
Lesson 3: Managing Client Configuration Features 7-28
Lab B: Managing Client Configuration Features 7-41
7-2 Implementing and Managing Microsoft Desktop Virtualization

Module Overview

The Microsoft Application Virtualization (App-V) Client software is the one component that you always
require to implement App-V solutions. Therefore, before you deploy the App-V Client, you must consider
various factors very carefully. You should consider the best client to deploy, the deployment method that
you will use, and the configurations that your intended deployment will require. You also should be aware
of the prerequisites for installing the client.
This module provides an overview of the desktop and remote desktop client, including the several
installation methods. The module also describes the recommendations for deploying and managing the
App-V Client.
Planning and Deploying App-V Clients 7-3

Lesson 1
Overview of the App-V Client

There are two different types of App-V Client software: the App-V Client for Remote Desktop Services
(RDS), which you use on Remote Desktop Session Host (RD Session Host) server systems, and the App-V
Desktop Client, which you use for all other computers. RDS formerly was known as Terminal Services. As
the network administrator, you must deploy the client software to all host computers on which you want
to run virtualized applications.

This lesson describes the characteristics of the App-V Clients and the features of the desktop and remote
desktop clients. The lesson also describes the configuration options that are available to the client
software and the considerations for configuring these options.
7-4 Implementing and Managing Microsoft Desktop Virtualization

What Is the App-V Desktop Client?

Key Points
The Microsoft App-V Desktop Client is a small program that runs on startup on desktops and laptops.
Users might never know that the App-V Client is installed because it runs in the background. Although it
is possible for users to access the client software, in most cases users do not interact directly with the App-
V Client. The App-V Management Console is stored in the Administrative Tools folder, and most users do
not have access to that folder. Applications that run in the App-V Client look and feel like normally
installed applications. In a typical deployment, the App-V desktop clients communicate and authenticate
with the App-V Management Server so that it can stream the application to the client. The client sets up
the runtime environment, and then executes the application code locally.
The App-V Client software controls all aspects of the virtual application, including communicating with
the streaming server and verifying the .osd file. The Client executes any scripts that the .osd file specifies.
The App-V Client also is responsible for setting up the client cache, publishing program shortcuts and
icons, dealing with file-type associations, and saving any client-side configurations to the users profile.
Finally, the App-V Client is responsible for disconnecting from the management server.

The App-V Desktop Client makes virtual applications available over networks such as local area networks
(LANs); wide area networks (WANs); virtual private networks (VPNs); wireless networks; and the Internet.
You can use this accessibility feature without rewriting any application source code.

The App-V Desktop Client provides the following features:


Eliminates significant deployment issues, such as application and system conflicts.
Enables different versions of the same application to run on the same desktop.
Enables the same application, with different configurations, to run on the same desktop.
Enables you to prevent any modifications to the operating system, yet still allow applications that
require full rights to run properly.
Centralizes application provisioning, licensing, and updates.
Planning and Deploying App-V Clients 7-5

Scales to thousands of users from a single server.


Includes fail-over protection: In the event of a network outage, users that connect via a LAN can
continue working, since code resides on the local computer.
7-6 Implementing and Managing Microsoft Desktop Virtualization

How the App-V Client Accesses an Application

Key Points
A number of steps occur in the background when the App-V Client starts and attempts to stream an
application to the users computer. The events are transparent to the user, but it is useful to know how
this process works in case you have to troubleshoot it.
In a typical scenario, the following sequence of steps occurs when a user launches a virtual application:
1. When users log on to their workstations, the App-V Client service starts, captures the users token,
and then passes it to the App-V Management Server that you configure the App-V Client to use.
2. The App-V Management Server gets each applications group information from the application
records in the data store.
3. The App-V Management Server compares the information in the users access token to the groups to
which you assign permissions in the application records.
4. For any applications that App-V determines need to be provisioned to the user, the App-V
Management Server sends the location of the icon (.ico) and Open Software Description (OSD) files.
5. The App-V Client retrieves the designated ICO and OSD files from the configured location, and then
copies them to the local system.
6. When a user launches an application, the App-V Management Server uses an Open Database
Connectivity (ODBC) connection to return to the data store and verify if that user still has permissions
to the application record.
7. If you implement licensing on that application, the App-V Management Server also queries the data
store to see if there is an available license for that user. If the location is an App-V streaming-only
server, the streaming server checks the NTFS permissions of the content folder that contains the
package. If users have the correct permissions, they will see the application shortcuts to which they
have access, and they then can launch an application by double-clicking the shortcut. When the user
launches an application, the streaming server will access the \Content share, and then mount the
virtualized-enabled application file (SFT) file into the servers random access memory (RAM) to stream
Planning and Deploying App-V Clients 7-7

it to the client. Note that the streaming server does not mount the entire SFT file into its RAM at one
time.
8. The App-V Management Server caches application code on the client computer so that the streaming
server does not have to stream subsequent launches. After the initial launch, the App-V Management
Server caches the code, which is known as Feature Block 1, at the client workstation, and then the
application launches, and the user can use it as if it were installed locally.
9. On subsequent launches, the client checks with the management server to ensure that access to the
application is still valid, but uses the code in the local cache to launch and run the application when
possible. If the user attempts to use new application features, the App-V streaming server streams the
requisite code, known as Feature Block 2.
7-8 Implementing and Managing Microsoft Desktop Virtualization

What Is the App-V Client for Remote Desktops?

Key Points
The App-V Client for Remote Desktop Services is installed only on the Remote Desktop Session Host
(RDSession Host) servers. The Client for Remote Desktop Services performs the same function and
behaves in the same way as the App-V Desktop Client, only on a RD Session Host server. When users
connect to the RD Session Host server and launch an application, the application runs in a virtual
environment on the RD Session Host server. Application code executes on the RD Session Host server, and
users access their Remote Desktop applications in the normal fashion. Users are unaware that they are
using a virtual application.

This can alleviate situations where you have application conflicts and have to deploy multiple RD Session
Host servers because of these conflicts. Virtualization allows multiple instances of an application to run
concurrently on RDS servers, you can deploy applications that typically are designed for a single user in a
Remote Desktop environment on a single server. This eliminates the need for application silos, where
multiple RD Session Host servers are required to support multiple applications because those applications
cannot coexist on the same computer.

You can use Windows Server 2008 or Windows Server 2003 Remote Desktop Services to take advantage
of App-V virtual applications. After you load an application on a RD Session Host server in the App-V
cache, any user who has permissions for that application can use it on the RD Session Host server.

The App-V Client for Remote Desktops is a separate installation executable. Installing the App-V Remote
Desktop Services Client is no different than installing other applications on a RD Session Host server.
Installing applications on a RD Session Host server requires using the install mode for the RD Session Host
server.
Planning and Deploying App-V Clients 7-9

Storage Locations for App-V Client Data

Key Points
The App-V Client component stores data in multiple locations on the local computer. This data includes
the client cache, the OSD and Icon cache directories, and the Shortcut_ex.dat file. The App-V Client
assembles that data at application runtime, and presents it to the user as a locally running application.

Client Cache
One of the functions of the App-V Client is to create the App-V cache on the client hard disk. The cache is
instantiated as a single file, known as sftfs.fsd. When a user launches the application, the contents of the
file are mounted to the virtual drive that the App-V Client creates. Normally, this is drive Q. Users see
drive Q in Windows Explorer as a normal volume in the graphical user interface (GUI), but users cannot
access it. This virtual drive provides access to the file system and the files in the application package. After
the initial streaming of Feature Block 1, the App-V Client stores packages in the cache file persistently for
subsequent launches.

The sftfs.fsd file is in the Public profile on Windows Vista and newer operating systems, and in the All
Users profile on Windows XP. Both operating systems share the same path in their respective profile,
which is Documents
\SoftGrid Client, though you can choose a location as the caches path during installation. If you change
the path post-installation, you must restart the client computer.

Note: The size of the cache is set during client installation, and you cannot change it without
destroying the contents of the cache.

Note: Microsoft has released the Application Virtualization Cache Configuration Tool. The App-V
Client cache resizing tool (AppVCacheSize) allows administrators to increase the App-V Client cache
size through a scriptable command-line interface. AppVCacheSize uses the parameters you specify to
configure the desired cache size, and to toggle between using a threshold for free disk space or the
maximum cache size. This is a free download from the Microsoft Download Center. However, Microsoft
does not support this application.
7-10 Implementing and Managing Microsoft Desktop Virtualization

OSD Cache and Icon Cache Directories


Icons that you use in shortcuts and file type associations are part of the application package that streams
to the client, and they are cached in a location that is available to all users of the computer. The OSD
cache stores information, such as the location of the streaming server, in the osd file. This information is
required to launch the virtual application. The OSD cache directories are located in the
Documents\SoftGrid Client path in the Public profile on Windows Vista and newer operating systems, and
in the same path in All Users Profile on Windows XP.

An icon cache directory also is created for each individual user, which stores per user icons. By default, this
icon cache directory is stored under the users profile at \AppData\Roaming\SoftGrid Client\ on Windows
Vista and newer operating systems, and it is stored under the users profile at \Application Data\SoftGrid
Client on Windows XP.

The Shortcut_ex.dat File


The shortcut_ex.dat file contains the list of application shortcuts. During a publishing refresh, any
discovered application shortcuts that are available to the client are listed in this file. Both the user and the
machine have their own shortcut files. When the user logs off the machine, this updates the per-user file
with data from publishing refresh operations. Additionally, the machine-based file is updated when you
add a package by using SFTMIME ADD PACKAGE with the /Global switch or when you add a package that
you base on Microsoft Windows Installer (MSI). These files are located in the following profiles:
Per User: \UserProfile\AppData\Roaming\SoftGrid Client on Windows Vista and
\UserProfile\Application Data\SoftGrid Client on Windows XP.
Per Computer: \Public\Documents\SoftGrid Client on Windows Vista and \All
Users\Documents\SoftGrid Client on Windows XP
Planning and Deploying App-V Clients 7-11

Considerations for Configuring Client Options

Key Points
Before installing the desktop or remote desktop App-V Clients, you need to plan the client configuration.
The considerations for either client are similar, but some of the settings require additional consideration
for deployment on a RD Session Host server.

App-V Client Considerations


You should consider the following settings carefully when planning an App-V Client installation:
Global data location. This location is the default store of the sftfs.fsd file or client cache, along with
other App-V files. You can move the App-V file system cache independently of the global data
location. Because the cache file can be quite large, consider placing it in an alternate location from
the default, which is in the All Users profile. For RD Session Host servers, you should preload the
entire contents of the SFT file into the cache. You can do this by using the SFTMIME command-line
utility.
Preferred drive letter. This setting determines the drive letter that the App-V Client will use to mount
the virtual file system. If you change the drive letter from the default drive Q, you should set it
consistently on all App-V Clients, and then match the drive letter that is assigned to the second disk
partition on a sequencing workstation.
User-specific data locations. This setting determines where the App-V Client stores user-specific
changes to virtual application packages, such as usrvol_sftfs_v1.pkg. By default, the App-V Client for
Remote Desktop Services places the user-specific data in the AppData folder of the users profile. If
you have roaming users or you use mandatory Remote Desktop profiles, you should redirect the
AppData folder of user profiles to a network location, such as a subdirectory within the users Remote
Desktop home directory or any network location to which the user always has access.
Cache size settings. The App-V Client (desktop or Remote Desktop Services) allows you to configure
the cache (sftfs.fsd file) by using one of the following two methods:
Use maximum cache size: This method sets the cache to an absolute maximum size, with an
upper limit of 1 terabyte. For most client systems, this means that you can use all the available
7-12 Implementing and Managing Microsoft Desktop Virtualization

free disk space for the cache. The default value is 6 gigabytes (GB). For most users who run a few
virtual applications, this space is sufficient. If you know that you will be running large virtual
applications, you should set the cache accordingly. Consider what future applications you might
deploy virtually and leave room for expansion.
Use free disk space threshold: This method sets the cache to increase as long as there is a
predetermined amount of available disk space on the server. When you use this option, the cache
uses all the free disk space available except for a predetermined amount. The default size is 5 GB.
You can use this method when you want to ensure that you leave enough free disk space for
other purposes, but you also want as much disk space as possible available for the cache.

Note: You should give special consideration to the cache size for RD Session Host servers that host
multiple applications to ensure the cache is large enough.
Planning and Deploying App-V Clients 7-13

Methods for Deploying the App-V Client

Key Points
The App-V Client supports four standard deployment methods. Because the App-V Client is an application
itself, you can use any method of installation that your organization uses to deploy the client software.
There are several standard installation methods, including:
Manual: Use a portable media, such as a CD or a USB flash drive, a network share, or the Setup file.
This requires that the user log on as a local administrator.
Group Policy object (GPO) Deployment: Deploy the Setup.msi file to the machine or user. This
method does not require that the user is logged on as a local administrator, but it does require that
you install the prerequisite software. Because this method uses the MSI installer file, the prerequisite
software is not installed automatically. You must ensure that the prerequisites software is installed on
the client computer in order for this method to succeed.
Systems Center Configuration Manager 2007 or Systems Management Server (SMS) 2003: Deploy the
Setup.msi file to the user or a machine. This method does not require the user to be an administrator,
but does require the prerequisite software to be installed.
Imaging: Install the App-V Client to the reference computer, and then image it using your
organizations standard imaging methods. You must have local administrative rights.
If you use Active Directory Domain Services (AD DS), Group Policy software deployment is a good
choice. You can use a GPO to deploy the client software to selected computers or users. Large
organizations may prefer to use System Center Configuration Manager. You can schedule the installation
of the software to occur at a particular time using this method. If you have a current imaging solution,
and want all users to have the App-V Client you can choose to embed the client in the standard desktop
image. This also allows you to embed the prerequisite software. Many organizations have a role based
approach to imaging. For example, you might deploy images with the client installed and configured
differently based on location or type, such as desktop or laptop.
7-14 Implementing and Managing Microsoft Desktop Virtualization

Lesson 2
Installing and Configuring the App-V Client

You can use several ways to deploy virtual applications that require using different back-end components.
However, no matter what virtualization scenario you use, you would require the App-V Client. This lesson
describes the ways to install and configure the App-V Client for different scenarios.
Planning and Deploying App-V Clients 7-15

Prerequisites for Installing the App-V Desktop Client

Key Points
Before installing the App-V Client, you should be aware of the recommended hardware and software
prerequisites for the App-V Desktop Client and the App-V Client for RDS.
In general, the requirements are similar for each. Both clients have two installer files. To install the App-V
Desktop Client, you need an executable named Setup.exe, and to install the App-V Client for Remote
Desktop Services, you need an MSI file named Setup.msi. The behavior of these installers differs in certain
aspects.
Setup.exe checks for the following prerequisite software:
Microsoft Visual C++ 2008 Service Pack 1 (SP1) Redistributable Package [x86] (4.6 client only)
Microsoft Visual C++ 2005 SP1 Redistributable Package [x86]
Microsoft Application Error Reporting
Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)
If these components are not present, the Setup.exe client installer installs them.

The MSI.exe also checks for the prerequisite software, but does not install it. You must install the
prerequisite software using some other method. If the Setup.msi does not detect the prerequisite
software, the installation returns an error and fails.

Requirements for the App-V Desktop Client


The following operating systems support the App-V 4.5 SP1 or 4.6 client:
Windows XP Professional with SP2 or SP3
Windows Vista Business, Enterprise, or Ultimate editions with no service pack, SP1, or SP2
Windows 7 Professional, Enterprise, or Ultimate
7-16 Implementing and Managing Microsoft Desktop Virtualization

The App-V Client does not require processor or random access memory (RAM) capacity beyond what is
needed for the operating system being used.

The App-V Client requires a minimum disk space of 30 megabytes (MB) for installation and 6 GB for
cache.

Note: App-V 4.5 SP1 supports only 32-bit architecture. The App-V Client 4.6 release is the first version
of App-V to support both x64 and x86 Windows platforms. The primary focus of this release is to
enable App-V to take advantage of 64-bit Windows platforms, including Windows 7 and Windows
Server 2008 R2.

Requirements for the App-V Client for Remote Desktop Services


The following operating systems support the App-V 4.5 SP1 or 4.6 client:
Windows Server 2003 Standard, Enterprise, or Datacenter editions with SP1 or SP2
Windows Server 2003 R2 Standard, Enterprise, or Datacenter editions with no service pack or SP2
Windows Server 2008 Standard, Enterprise, or Datacenter with SP1 or SP2
Windows Server R2 2008 Standard, Enterprise, or Datacenter
Planning and Deploying App-V Clients 7-17

Demonstration: Installing the App-V Desktop Client

Key Points
In this demonstration, you will see how to install the App-V Desktop Client by using the Setup.exe file

Demonstration steps:
1. Launch Setup.exe.
2. Perform a custom installation. Notice the software requirements and install them.
3. Accept the defaults, except using Microsoft Updates, to complete the installation wizard.
7-18 Implementing and Managing Microsoft Desktop Virtualization

What Is the Application Source Root Value?

Key Points
The Application Source Root (ASR) value configures the App-V Client to stream Application Virtualization
package files from an alternate location other than the application's specified OSD file.
In a typical scenario, the OSD file has a line of XML code known as a hypertext reference (HREF) tag, which
indicates a protocol, server name, and path from where you can find and stream the SFT file. If you wish
to have the client stream the SFT file from a location other than the Management Server, such as a branch
streaming server, or use a different protocol, such as HTTP, you can set the ASR on the client. Setting this
value on the client overrides the HREF tag value.

You can set the ASR value during the client installation process. After installation, you must configure the
ASR value for the application virtualization client by using a Group Policy object or by manually modifying
the registry in the HKLM\software\Microsoft\SoftGrid\4.5\Configuration key. The two available options
are:
A URL: <protocol>://<server>:<port>
A UNC: \\computername\sharefolder\subfolder1
Configuring the ASR value replaces sections of the OSD file on the App-V Client with the values from the
ASR.

For example:
If the OSD file has the following HREF tag:

Rtsp://sgserver:554/Microsoft_Office_2007/Microsoft_Office_2007.sft

And you configure the ASR as:


\\BOS-1\AppV
Planning and Deploying App-V Clients 7-19

The App-V Client will use the ASR value to override the OSD file and look for the
Microsoft_Office_2007.sft in the following Universal Naming Convention (UNC):

\\BOS-1\SoftGrid\Microsoft_Office_2007
7-20 Implementing and Managing Microsoft Desktop Virtualization

Managing the App-V Client by Using the Desktop Notification Area

Key Points
The Microsoft App-V Client uses sfttray.exe for displaying pop-up status messages in the notification area.
These messages report the applications current load percentage and successful launch.
In the event of an error, the sfttray.exe reports in the notification area, Launch Failed. If the user clicks on
that message once, an error code displays. This error code, along with any message, is written to the
clients log file, sftlog.txt, for future reference.
Sfttray.exe places an icon in the notification area that enables users to perform a limited set of actions for
virtual applications. From the Notification tray icon or sfttray.exe, you can:
Refresh the list of available applications, shortcuts, and file-type associations from a defined
publishing server.
Fully load applications in the cache for use while in disconnected mode. If you are not connected to
the streaming server, an error generates. Applications load one at a time, and you can skip individual
applications during the load process.
Cancel loading of applications into the cache.
Toggle between working online and offline.
Exit from the client.
By default, the Notification tray is shown in the notification area only when the client is in use. You can
configure this behavior in the properties of the App-V Client on the Interface tab. You also can run
sfttray.exe from the command prompt to force the icon to display in the notification area.
Planning and Deploying App-V Clients 7-21

Configuring the Disconnected Operation Mode

Key Points
The disconnected operation mode lets the App-V Client run applications that are in the local file system
cache if the client cannot connect to the App-V Management Server.
Clients automatically go into the disconnected mode when the user chooses to work offline or when there
is a server failure, network outage, or network disconnection.

To work in the disconnected mode, right-click the App-V notification area icon, and then click Work
Offline. You also can configure the disconnected mode by setting the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SoftGrid\4.5\Client
\Network\AllowDisconnectedOperation registry key value to 1.
Mobile users may want to load the applications fully into the cache to use them during the disconnected
operation. If an application is not 100 percent cached, and the user tries to perform an operation that
requires additional code from the server, the system warns the user, and then shuts down the application
in two minutes. By default, the disconnected operation mode is enabled, and the time-out is 90 days. The
maximum time-out optional setting is 999 days.

You also can configure time limits on the disconnected mode by setting the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SoftGrid\4.5\Client
\Network\LimitDisconnectedOperation registry key value to 1 and setting the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SoftGrid\4.5\Client
\Network\DOTimeoutMinutes registry key to a value, in minutes, between 1 and 999999. To allow
unlimited use of disconnected operation mode, set this value to zero.

To load the application(s) fully, right-click the App-V Client notification area icon, and then click Load
Applications.

Note: For Remote Desktop Clients, you should allow unlimited use of disconnected operation mode.
7-22 Implementing and Managing Microsoft Desktop Virtualization

Configuring a Client for Stand-Alone Operation

Key Points
The Stand-Alone mode is meant for those users who connect rarely, and who need virtualized
applications, but who do not have access to a streaming server. For the Stand-Alone mode, you require an
MSI file that the App-V sequencer and the App-V Client software create. This MSI file contains the ICO,
OSD, and Manifest.xml files that are necessary for publishing the application on the machine from which it
is run from and information on how to import the SFT file into the App-V Client cache. You do not need
any additional App-V infrastructure. The SFT file is not part of the MSI that generates during sequencing,
and it needs to be in the same directory as the MSI to complete successfully by default. If the SFT file is in
an alternate location, such as a network share, then you can use the SFTPATH parameter to specify the
location. For example:
Msiexec.exe /i \\PathToMsi\packagename.msi SFTPATH=\\server\share
\package.sft /q

Note: Applications installed in Stand-Alone mode are available to all users who log onto the
computer.

You can configure the Stand-Alone mode during installation, through the registry after installation, or by
using GPOs with the App-V ADM Template. To configure the Stand-Alone mode during installation,
configure settings on the Runtime Policy Package Configuration page by performing the following
steps:
1. Clear the Require User authorization even when cached check box.
2. Select the Allow streaming from file check box.
3. Clear the On Launch check box.
4. Clear the On Logon check box.
Planning and Deploying App-V Clients 7-23

You also can use GPOs to configure these settings, though by definition, the client computers may not be
able to receive the policy because they are disconnected from the network. These settings are in the
Group Policy App-V ADM Template in the Communications folder.

Note: You cannot set up the client to be in Stand-Alone mode and streaming mode simultaneously.
7-24 Implementing and Managing Microsoft Desktop Virtualization

Lab A: Deploying the App-V Client in


Stand-Alone Mode

Lab Setup
On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
Ensure that the 10324A- NYC-DC1 and 10324A- NYC-CL2 virtual machines are running.
If required, connect to the virtual machines. Log on to the virtual machines as
Contoso\Administrator using the password Pa$$w0rd.

Important: Start the NYC-DC1 virtual machine first, and ensure that it starts fully before you start the
other virtual machines.
Planning and Deploying App-V Clients 7-25

Exercise 1: Installing and Configuring the App-V Client


Some users in Contoso, Ltd. do not connect to the LAN. You want to provide access to virtual applications
for those users, and you want to install the App-V Client software, and then configure it for Stand-Alone
mode. This enables those users to run their line-of-business (LOB) applications without having to install
them on their laptops.

The main task for this exercise is:

1. Install the App-V Client in Stand-Alone mode.

Task 1: Install the App-V Client in Stand-Alone mode


1. On NYC-CL2, open Windows Explorer, browse to \\NYC-DC1
\E$\Labfiles\Mod07\Client\x86, and then launch Setup.exe.
2. Perform a custom installation of the App-V Client, accepting the defaults, with the following
exceptions:
Select I dont want to use Microsoft Update to using Microsoft Updates.
On the Runtime Package Policy Configuration page, clear the Require User authorization
even when cached check box.
In the Application Authorization section, select the Allow streaming from file check box.
In the Automatically Load Application section, under When to Auto Load, clear the On
Launch and On Login check boxes.
7-26 Implementing and Managing Microsoft Desktop Virtualization

Exercise 2: Installing a Stand-Alone Package


The sequencing team has created a stand-alone MSI file. You need to deploy and test the functionality of
the stand-alone package that you will distribute to the field engineers who do not connect to the LAN.

The main tasks for this exercise are:


1. Install a stand-alone package.
2. Examine the properties of the package file and the data locations.
3. Test the application.

Task 1: Install a stand-alone package


1. On NYC-CL2, open Windows Explorer, and then browse to
\\NYC-DC1\E$\Labfiles\Mod07\.
2. Copy the Word03 folder to C:\.
3. In C:\Word03, double-click Wordviewer03.msi.

Task 2: Examine the properties of the package file and the data locations
1. Launch the Application Virtualization Client from the Administrative Tools in Control Panel.
2. In the Applications node, access the properties of the Microsoft Office Word Viewer 2003
application.
3. Click the Package tab, and then observe the Current Statistics:
Question: What is the Package Size?
Question: What is the Size in Cache?
Question: What is the Launch Data Size?
4. Click Cancel, and then close the Application Virtualization Client and Control Panel.
5. Show hidden files and folders.
6. Open Windows Explorer, browse to the global data location at
C:\ProgramData\Microsoft\Application Virtualization Client
\SoftGrid Client, and then examine the contents.
Question: What is the size of the sftfs.fsd file?
7. Navigate to the user-specific data location at
C:\Users\Administrator.CONTOSO\AppData\Roaming\SoftGrid Client, and notice the
shortcut_ex.dat and the userinfo.dat files. These files maintain per-user shortcut and identity
information.
8. Close all open windows on NYC-CL2.

Task 3: Test the application


1. On NYC-CL2, launch Microsoft Office Word Viewer 2003 from the All Programs menu. A message
will appear above the notification area indicating that Word Viewer is launching.
2. Click the Microsoft Application Virtualization Desktop Client Notification icon in the notification
area, and then click Exit. Click OK to close the application.

To prepare for the next lab


When you finish the lab, revert the virtual machines to their initial state by completing the following steps:
1. On the host computer, start Hyper-V Manager.
Planning and Deploying App-V Clients 7-27

2. Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
7-28 Implementing and Managing Microsoft Desktop Virtualization

Lesson 3
Managing Client Configuration Features

The App-V Client Management Console enables you to configure some aspects of the client, such as
logging and permissions, and some settings of the virtual applications, such as file type associations and
publishing servers. Though you can configure most of these settings from the server or through GPOs, the
client settings allow you to have configurations for individual clients that might need special settings.
This lesson describes how to configure App-V Client nodes.
Planning and Deploying App-V Clients 7-29

Managing App-V Client Properties

Key Points
Although configuration of the client is done during the installation process, there may be times when you
need to modify those settings. The property pages of the client software allow you to modify many of the
client settings. You can access the properties from the root nodes shortcut menu in the App-V Client
Management Console.

Six tabs in the Properties dialog box control the following settings:
The General tab contains the following options:
Logging. This option controls logging levels and location of log files.
Global Data Directory. This option controls the location of the App-V data that all users share.
User Data Directory. This option controls the location user-specific App-V data.
The Interface tab:
Run Settings. This option controls when to show the App-V Client icon in the notification area.
Popup Messages. This option controls how or if to display error and information messages.
The File System tab:
Client Cache Configuration Settings. This option controls the size of the client cache.
Drive Letter. This option controls the virtual drive letter used (Q by default).
The Import Search Path tab. This option controls the SFT search path when you are importing
applications.
The Connectivity tab. This option controls disconnected operation values to limit the number of days
allowed and if the user can work offline. If you allow offline mode, the App-V Client does not attempt
to connect to streaming or publishing servers.
7-30 Implementing and Managing Microsoft Desktop Virtualization

The Permissions tab. This option controls the permissions that users have over virtual applications on
this computer. These permissions are for all users, and you cannot assign them on a per-user basis.
Administrators always can perform all tasks.
Planning and Deploying App-V Clients 7-31

Managing Virtual Applications

Key Points
You can use the App-V Client Management Console to manage virtual applications in the client cache.
The Applications node allows an administrator to view and manipulate the applications on the App-V
Client. By right-clicking the Applications node, a context-sensitive menu displays, which enables you to
add a new application and export a list of applications to a text file.

By right-clicking an application in the details pane, you can display a menu from which you can:
Create new shortcuts to be associated with the application.
Create a new file type association.
Unload an application, which removes it from the client cache.
Clear an application. Clearing an application removes the settings, shortcuts, and file type associations
that correspond to the application and removes the application from the users list of applications.
Repair an application. Repairing an application will remove any custom user settings and restore
default settings.
Lock the application from being removed from the client cache.
7-32 Implementing and Managing Microsoft Desktop Virtualization

Managing File Type Associations

Key Points
The File Type Association node allows you to view, add, and manipulate the file types on the App-V Client.
When you select the File Types Association node, a list of available file types is displayed in the App-V
Client Management Console Results pane. By right-clicking the node, you display a menu that allows you
to add new file type associations and link them to applications.

By right-clicking an existing file extension, you can delete an extension or modify the properties
associated with that extension, including:
Changing the icon
Changing the associated application
Creating or modifying launch parameters
Modifying the Content Type
Planning and Deploying App-V Clients 7-33

Managing Server Connections

Key Points
You can use the Desktop Configuration Servers node to create, delete, edit, and manually refresh the
clients designated management server, known as a publishing server. By right-clicking the Desktop
Configuration Servers node, you display a menu that allows you to add a new publishing server. A client
can receive applications from multiple publishing servers simultaneously.

The New Publishing Server Wizard allows the administrator to provide a display name and type of
publishing server. You can select the following types of publishing servers:
Application Virtual Server. This selection uses port 554, by default.
Enhanced Security Application Virtual Server. This is the default selection, and uses port 322.
Standard HTTP Server. Uses port 80, by default.
Enhanced Security HTTP Server. Uses port 443, by default.

Note: When selecting HTTP or HTTPS protocol, you must provide a folder path.

After you configure a server, you can modify the properties. You can modify all the properties that were
configured during installation, and you can configure the server refresh setting. The desktop client queries
the Management Server at intervals to receive information from the server about new applications or
changes to existing applications, such as package upgrades. This process is known as DC Refresh. The
client also uses this time to populate the host operating systems with the icons for those applications so
that users can access them. You can configure the client to:
Refresh at logon (default setting).
Refresh every number of days.
Manually refresh immediately.
7-34 Implementing and Managing Microsoft Desktop Virtualization

Demonstration: Configuring a Publishing Server

Key Points
In this demonstration, you will see how to configure the App-V Client with a publishing server.

Demonstration steps:
1. Launch the App-V Client.
2. Add a new publishing server of the Application Virtualization Server type with the host name NYC-
SVR2.contoso.com.
Planning and Deploying App-V Clients 7-35

Configuring the App-V Client by Using a Command Line

Key Points
Sftmime.exe is a command-line interface that you can use to manage many client configuration settings.
Sftmime operations are either commands or queries. Commands are actions that have some effect on the
computers state, such as a command that loads an application into the cache. Queries are requests for
information that generate output. These commands are most useful in scenarios where you need to
configure App-V Clients by using scripts.

Sftmime Commands
All commands have a similar structure. The sftmime command is followed by a verb, an object, and
additional parameters.
The following examples illustrate the more common uses for SFTMIME:
Remove all applications from cache, their file type associations, and shortcuts for all users:
sftmime remove obj:app /global /complete

Add applications:
sftmime add app:"MSProject" /osd http://server/Microsoft SoftGrid Application
Virtualization/MSProject.osd

Load applications:
sftmime load app: MSProject

Sftmime Queries
All queries start by using the /query verb and are followed by an object type that identifies whether the
query applies to applications, servers, or file type associations. You can use the available queries to list all
applications, all Multipurpose Internet Mail Extensions (MIME) servers, and all file type associations. For
example:
To find the package that you want to configure, run the following command:
7-36 Implementing and Managing Microsoft Desktop Virtualization

sftmime query obj:package

This command returns each discovered package name as a globally unique identifier (GUID) in the first
column of output. For example, the return might be {AF78ABE1-57D4-4297-89DE-C308684AEDD6}.
To list all the publishing servers the client is configured to use, run the following command:
sftmime query obj:server

To have the output of the command redirected to a file, use the /log parameter. For example, to have
the query output of the previous command redirected to a text file in the C:\logs directory, run the
following command:
sftmime query obj:server /log:C:\logs\serverquery.txt

Note: The command does not create the destination directory. You must create it prior to running the
command.
Planning and Deploying App-V Clients 7-37

What Is the App-V ADM Template for Group Policy?

Key Points
You can use the Microsoft App-V ADM template to configure client settings for the App-V Desktop Client
and for the App-V Client for Remote Desktop Services. The ADM template manages common client
configurations centrally by using the existing Group Policy infrastructure.
The template allows you to configure 37 different registry settings that affect the App-V Client. These
settings fall into three categories, and common settings are grouped together under the following
categories in the templates Group Policy Editor:
Communication
Permissions
Client Interface
Although the settings appear in the Policies container in the Group Policy Management Editor, you
implement the ADM template for App-V as Group Policy preference settings. Preferences behave
differently than policies in Group Policy objects. Preferences do not make permanent registry changes,
which means that users can change the settings either by editing the registry or by using the application.
Also, even if you remove the GPO, the settings are not removed.

Setup Considerations
After you apply the ADM template, it updates the preference settings of client computers that already
have the App-V Client installed. However, if you install the App-V Client after you apply the ADM
template settings to a computer, the installer overwrites the preference settings from the ADM template
with the installers default settings. This causes inconsistencies between clients.

You can implement an optional switch during the client setup to ensure that the template preferences do
not overwrite the registry settings:
setup.exe KEEPCURRENTSETTINGS=1
7-38 Implementing and Managing Microsoft Desktop Virtualization

msiexec.exe /i setup.msi "KEEPCURRENTSETTINGS=1"

Note: Parameters are case-sensitive and must be entered all in uppercase letters, as the above
example shows. Additionally, you must enclose all parameter values in double quotes.

Implementing the App-V ADM Template


You must install the App-V ADM template from the Microsoft download site, and then install it separately.
To deploy settings using the App-V Client ADM template, you need to complete the following steps:
1. Download the ADM Template MSI file from http://go.microsoft.com/fwlink/?LinkId=121835.
2. Install the ADM Template by choosing a location to extract the ADM files.
3. Add the extracted ADM Template into a GPO by right-clicking on Administrative Templates,
clicking Add/Remove Templates, and specifying the location of the ADM files.
Planning and Deploying App-V Clients 7-39

What Is Autoload?

Key Points
Autoload governs how the primary (Feature Block 1) and secondary (Feature
Block 2) sections of an application are delivered to the client. Normally, the primary feature block streams
and provides the code to launch an application initially. This usually represents only 10 to 30 percent of
the applications code. Feature Block 2, which is the rest of the applications code, downloads only in parts
on demand. You can configure the client to ensure that after Feature Block 1 downloads, the client
continues to stream Feature Block 2 in the background until the application is 100 percent in cache. The
autoload feature is especially useful for mobile clients and other clients that might not have constant
communications with the management or streaming server.
Use of autoload triggers can increase the initial network traffic of SFT streaming following an installation.
Autoloading occurs over Real-Time Streaming Protocol (RTSP), and is set as a lower priority process so
that it does not affect or degrade performance for the user. Feature Block 1 is loaded as quickly as
possible. Feature Block 2 is loaded in the background to enable foreground operations to take priority
and to provide optimal performance.

You can implement autoload for the App-V Client in any of the following ways:
By using the client installation wizard during the installation.
By using parameters while you run the installer manually.
By editing the registry after you install the client.
By using the Sftmime command-line utility.
By using a Group Policy object that utilizes the App-V template.

Autoload Options
You can configure autoload to load the application on the following triggers:
7-40 Implementing and Managing Microsoft Desktop Virtualization

On Launch. Background streaming begins when the application launches for anything outside of the
primary feature block.
On Login. User-authorized applications start background streaming when the user logs on.
On Publishing Refresh. A new application that is granted to the user begins streaming in the
background following the periodic publishing refresh.
You can control the applications that will be affected by autoload by using the following options:
Do not automatically load applications. No applications will be loaded.
Automatically load previously used applications. Applications previously assigned to the user, and
which a user launched previously, will autoload into the cache via background streaming.
Automatically Load all applications. All applications assigned to the user will be loaded into the cache
via background streaming.
Planning and Deploying App-V Clients 7-41

Lab B: Managing Client Configuration Features

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. Ensure that the 10324A-NYC-DC1, 10324A-NYC-SVR2, and 10324A-NYC-CL1 virtual machines are
running.
3. If required, connect to the virtual machines. Log on to the virtual machines as
Contoso\Administrator using the password Pa$$w0rd.
7-42 Implementing and Managing Microsoft Desktop Virtualization

Exercise 1: Configuring the App-V Client Properties


You have installed the App-V Client software as a default installation. You are now required to use the
App-V Client Management Console to configure the properties of the client to meet your organizations
needs. You need to configure the log files to record errors and store them in the Windows\Logs directory.
You also want to configure the App-V Client icon to displays continuously in the notification area, and
then limit the disconnected mode to 120 days. Additionally, you need to configure the client cache to use
all but 5 GB of the available hard disk space and set permissions so that any user can manage the
publishing server.

The main tasks for this exercise are:

1. Access the App-V Client properties.


2. Configure logging levels and locations.
3. Configure the App-V Client properties.

Task 1: Access the App-V Client properties


On NYC-CL1, open the Application Virtualization Client, and then access the Properties dialog box of
the root node.

Task 2: Configure logging levels and locations


1. On the General tab click the drop-down arrow under Log Level, and select Error.
2. Beside the Location field, click Browse, and then browse to C:\Windows\Logs. Click Save, and then
click Apply.

Task 3: Configure the App-V Client properties


1. On the Interface tab, configure the App-V Client icon to show continuously in the notification area.
2. On the File System tab, set the minimum free space to be 5,000 MB.
3. On the Connectivity tab, set the disconnected limit to be 120 days.
4. On the Permissions tab, allow all users to manage publishing servers.
Planning and Deploying App-V Clients 7-43

Exercise 2: Configuring a Publishing Server for the App-V Client


After configuring client properties, you need to configure the App-V Client to connect to the App-V
Management Server over RTSP. You want to make sure that the client is refreshing from the management
server correctly. During your testing period, you want the DC Refresh policy to take effect on login and
refresh every two hours. You also must refresh the client manually. This enables the client to remain
current on the policy changes that you want to test.

The main tasks for this exercise are:


1. Add a new publishing server for the App-V Client.
2. Configure the DC Refresh settings, and then refresh the client manually.

Task 1: Add a new publishing server for the App-V Client


Right-click the Publishing Server node, and then add a new server with the following parameters:
Display Name: Contoso App-V Management
Type: Application Virtualization Server
Host Name: NYC-SVR2

Task 2: Configure the DC Refresh settings, and then refresh the client manually
1. On NYC-CL1, in the Publishing Servers node, access the Contoso App-V Management properties,
and then click the Refresh tab.
2. Set the refresh interval to be every 2 Hours.
3. Click Refresh to perform an immediate refresh.
7-44 Implementing and Managing Microsoft Desktop Virtualization

Exercise 3: Configuring Applications by Using the Desktop Client


You are required to observe how the application behaves in the client cache. You also need to configure a
custom file extension for a LOB application. In this exercise, you will inspect the properties of the
application package, load the application into the client cache, and then see the effect on the cache. You
also will create a new file type association, and then test it by creating a test file with an extension.

The main tasks for this exercise are:


1. Inspect the properties, and then load the application into the cache.
2. Create a custom file extension.
3. Test the file extension.

Task 1: Inspect the properties, and then load the application into the cache
1. On NYC-CL1, in the Application Virtualization Client, click the Applications node. Notice the current
Package Status is Idle.

Note: You may have to refresh the view to see the application listed.

2. Open the Properties of the Microsoft Word Viewer application, and answer the following questions
Question: What is the Package Size?
Question: What is the Launch Data in Cache?
Question: What is the Launch Data Size?
3. Load the package into the client cache
4. Access the Properties of the application again.
Question: What is the Launch Data in Cache?
Question: What is the Launch Data Size?

Task 2: Create a custom file extension


1. Create a new file type association named ABC.
2. Associate the extension with the Microsoft Word Viewer application.
3. Click the File Type Associations node, and notice that the ABC file extension is now listed and
associated with the Microsoft Office Word Viewer application.

Task 3: Test the file extension


1. On NYC-CL1, start a command prompt.
2. Type fsutil file createnew test.abc 1000 to create a new file.
3. Start Windows Explorer, and then navigate to C:\Users\Administrator.Contoso. Notice that the file
has been created and shows the icon of Microsoft Office Word Viewer.
4. Open the Test.abc file. The file opens in Microsoft Word Viewer application.
5. Close all open windows on NYC-CL1.
Planning and Deploying App-V Clients 7-45

Exercise 4: Installing and Configuring Settings by Using the Group Policy


App-V Template
You want to be able to control all App-V Client configuration in a centralized fashion. To do this, you have
downloaded the App-V Group Policy template from the Microsoft download site. You now plan to install
it, and then add it to the GPO to test the configuration of App-V Clients. As a test, you will grant users
permission to add applications.

The main tasks for this exercise are:


1. Install the App-V Group Policy template.
2. Add the template to the Group Policy Object Editor of the Default Domain Policy.
3. Grant permission to add applications to all users.

Task 1: Install the App-V Group Policy template


On NYC-DC1, open Windows Explorer, browse to E:\Labfiles\Mod07, and install
AppVADMTemplate.msi.

Task 2: Add the template to the Group Policy Object Editor of the Default Domain Policy
1. On NYC-DC1, start the Group Policy Management Console.
2. Edit the Default Domain Policy.
3. Add C:\AppVADMTemplate\AppVirt.adm to the Administrative Templates.

Task 3: Grant permission to add applications to all users


1. In the Group Policy Management Editor navigate to Administrative Templates> Classic Administrative
Templates (ADM)> Microsoft Application Virtualization Client> Permissions.
2. Enable the Add Application permission.
3. Switch back to NYC-CL1.
4. On NYC-CL1, use GPupdate to refresh Group Policy.
5. Start the Application Virtualization Client.
6. In the Application Virtualization Client, access the root node properties.
7. Click the Permissions tab, and then note that the Add applications check box is now checked,
which grants users this permission.

To prepare for the next lab


When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:

1. On the host computer, start Hyper-V Manager.


2. Right-click the virtual machines used in this lab, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
7-46 Implementing and Managing Microsoft Desktop Virtualization

Module Review and Takeaways

Review Questions
1. Where should the user-specific data location be for roaming users?
2. What is the major difference between the two client installer files: Setup.exe and Setup.msi?
3. What command-line utility allows you to query the client?
4. What is the ASR value used for?
Planning and Deploying App-V Clients 7-47

Common Issues Related to Implementing Application Virtualization


Issue Troubleshooting tip

Mobile users are unable to run


virtual applications when they are
not connected to the LAN.

The App-V Client cannot stream


the application.

The App-V Client receives a


Failure on Desktop Configuration
Server request to URL error. Event
ID 3131.

Real-World Issues and Scenarios


Your organization has multiple applications that typically are incompatible on the same computer. Your
field engineers need to run these applications, but they seldom connect to the corporate LAN. Your
company deploys App-V applications to users on the LAN. What possible solutions are available for the
field engineers?

Best Practices Related to Implementing Application Virtualization


Use the App-V Client for Remote Desktop Services to alleviate application compatibility issues on RD
Session Host servers.
Use the App-V Client for Remote Desktop Services to ensure that all packages preload into the cache
to improve performance.
The App-V Client for Remote Desktop Services should allow unlimited use of disconnected operation
mode.
Ensure that the client cache is large enough to handle the applications being assigned to the user. If
you do not scale the cache properly, then the users can experience application failures when they
disconnect.
If you do not use the default virtual drive letter, ensure the drive letter you choose is consistent across
clients.
Deploy the App-V ADM Template settings after installing the App-V Clients.
7-48 Implementing and Managing Microsoft Desktop Virtualization
Managing and Administering Application Virtualization 8-1

Module 8
Managing and Administering Application Virtualization
Contents:
Lesson 1: Using the Application Virtualization Management Console 8-3
Lesson 2: Publishing Applications into the App-V Environment 8-12
Lab A: Publishing Applications in the App-V Environment 8-27
Lesson 3: Performing Advanced Administration Tasks for
Application Virtualization 8-32
Lab B: Implementing License Enforcement 8-43
8-2 Implementing and Managing Microsoft Desktop Virtualization

Module Overview

After you deploy the Microsoft Application Virtualization (App-V) infrastructure, you should be able to
manage and administer the App-V solution by using the Application Virtualization Management Console.
This console enables you to control the entire App-V environment from a single workstation. You deploy
the Application Virtualization Management Console on the administrative workstation, and then use it to
perform administrative tasks, such as modifying and publishing virtualized applications, and configuring
version upgrades.

This module provides an overview of the Application Virtualization Management Console and the
permissions that users must have to administer the App-V Management Server. The module also covers
the steps you must take to perform these administrative tasks, and how to enforce license compliance and
manage server groups and server objects.
Managing and Administering Application Virtualization 8-3

Lesson 1
Using the Application Virtualization Management
Console

You can perform all tasks related to Application Virtualization management and administration in the
Microsoft Management Console (MMC) snap-in called the Application Virtualization Management
Console. As an administrator, you would need to manage applications, packages, servers, users, and
administrators, and you may have to create policies to configure connection settings and application
access for users. The Application Virtualization Management Console provides several features and
functionalities that you can use for performing these administrative tasks.

This lesson provides an overview of the console and explains how to control administrative access, and
describes the functionality and administrative functions that the console provides.
8-4 Implementing and Managing Microsoft Desktop Virtualization

Connecting the Management Console to the App-V Web Service

Key Points
The Application Virtualization Management Console is the main configuration tool for the App-V
environment. The Management Console does not connect directly to the App-V Management Server.
Rather, it connects to the Web service, which in turn connects to the computer that is running the
Microsoft SQL Server database and the Management Server. To perform any administrative tasks, you
first must connect to the Web service with the proper credentials. You can configure how users must
connect to the local App-V Web service in several ways:
On initial startup of the App-V Management Console.
By configuring the connection in the root node of the Management Console.
By using the Configure Connection link on the Management Server object.
When you first start the Application Virtualization Management Console, it prompts you to connect to a
specific App-V Web service. You can host this Web service on a specific server, or configure it on multiple
servers for load balancing and redundancy. The Web service in turn connects to the configuration
database.

Users can connect to the Web service by using a standard HTTP port such as 80, or by using Secure HTTP
(HTTPS) on 443 for a secure connection. We recommend that you use secure connections between these
components. To connect to the Web service using HTTPS, you need to obtain a Secure Sockets Layer (SSL)
certificate, and bind it to the Web service.

Users making this connection must be members of the App-V Administrators Group, or provide the login
credentials of one of the groups users.

The following table summarizes the connection options:


Managing and Administering Application Virtualization 8-5

Option Value

Web Service Host Specifies the IP address or host name of the App-V Web service to which the
Name snap-in connects.

Use Secure Connection Specifies that the Management Consoles connection to the Web service be
over a secure connection. Port 443 is the default port.

Port This field specifies the port number to which the Web service listens for
requests from the Management Console. Port 80 is the default port.

Use Current Microsoft Specifies that the credentials of the currently logged-on user will be used to
Windows Account connect to the Web service.

Specify Windows Specifies that account credentials entered in the Name and Password fields
Account will be used when opening the Management Console session.

Name Specifies the account name that is authorized to access the Web service. The
format is Domain\username.

Password Specifies the password that authorizes the account identified in the Name
field, which provides access to the Web service.
8-6 Implementing and Managing Microsoft Desktop Virtualization

Exploring the Application Virtualization Management Console

Key Points
The Console pane in the Application Virtualization Management Console consists of several default
containers that display existing objects, and that provide access to object properties and wizards that
assist in creating additional objects.
The Application Virtualization Management Console contains the following nodes:
Applications. This node displays a list of applications that are available within the Application
Virtualization system. You can use this node to create application groups; create or import new
applications; and move, copy, or duplicate applications to other virtualization management systems.
File Type Associations. This node displays a list of file type associations. You can use this node to add
new file type associations that applications require.
Packages. This node displays a list of packages configured on the App-V system. You primarily will use
this node when you need to introduce a new version (.sft file) for a specific package or application.
Application Licenses. You can use this node to configure application access based either on a specific
number of concurrent users or by specific user names.
Server Groups. You can use this node to create a logical container and grouping of any App-V servers
that should share a common provider policy Logging configuration, and a set of virtualized
applications.
Provider Policies. You can use this node to configure general rules for any user connecting to the
Application Virtualization system. The Application Virtualization system initially configures a default
provider to provide default connection settings for clients.
Administrators. You can use this node to add or remove security groups responsible for App-V system
administration.
Reports. You can use this node to create and view various types of reports related to system
utilization and application activity.
Managing and Administering Application Virtualization 8-7

Managing App-V Administrators

Key Points
You can use the App-V Administrators container to view the group that is responsible for App-V system
administration. You specify this group during installation. You also can add or remove security groups
from this container.
If the Active Directory Domain Services (AD DS) domain functional level is Windows Server 2003 or
newer, you can use any security group. If the domain functional level is earlier than Windows Server 2003,
you can use Global Groups only.
You might have situations where you need to reset the security groups that you want to allow to manage
the App-V system. For example, if you delete the security group that the App-V Administrators container
specifies from within AD DS, no one would be able to log onto the Management Console. In this situation,
you must reset the App-V Administrators group.

To reset the App-V Administrators group, you can launch the Management Console, right-click
Application Virtualization Systems, and then click Reset Administrators to launch the Reset
Administrators Wizard. You must provide database connection information to the configuration database.
You then can add or remove security groups to provide the necessary administration permissions for the
App-V system.

Question: Can you assign an individual to be an App-V administrator through the App-V Management
Console?
8-8 Implementing and Managing Microsoft Desktop Virtualization

Configuring System Options

Key Points
You can control certain system-wide options by right-clicking the Server container in the Application
Virtualization Management Console. These options include the Default Content Path, Database sizing
controls, and Usage History.
Default Content Path: This option allows you to set the default Universal Naming Convention (UNC)
share or URL location for .sod and .icon files, which specify application records and file-type
associations. For example, a default content path can be \\SERVERNAME\ContentSharePath or
HTTP://SERVERNAME/content.
App-V uses the Default Content Path when you import or copy applications from another system.

Note: If you use the actual physical path to the content share, such as C:\Content, or if you specify
nothing at all, your published applications will not work.

Database Size: The App-V system has the ability to limit the size to which the database can grow. The
default maximum size is 1024 megabytes (MB), but you can set this value to be between 1 MB and
2,147,483,647 MB.
The database contains configuration information and stores usage information for the App-V
infrastructure. The following is a list of App-V Infrastructure operations that use the database:
Publishing refreshes
Application load
Application launch authorization
Server management console
Application usage data collection and metering
Most of these operations place a small load on the SQL server. The growth rate of the database is
dependent on the number of application launches and the amount of reporting information that
Managing and Administering Application Virtualization 8-9

you are collecting. You will have to monitor the database over time to determine the correct
values when limiting database size.
The system automatically cleans up obsolete data and orphaned transactions to ensure that your
database does not reach this size limit. The default high watermark is 95 percent of the defined size,
and the default low watermark is 85 percent. When your database reaches the 95-percent mark, the
system deletes 10 percent of the usage data, and leaves 85 percent of the data. The system deletes
both package and application usage data.
Usage History: You can specify how many months worth of data you wish to keep. On a monthly
basis, the database ensures that the database retains data only from the number of months that you
specify. It deletes the rest. The default specification is set to six months, but you can configure it to be
anywhere between one to 120 months.

Note: You must set the SQL Server Agent to start automatically if you want to enable management of
the databases size. By default, App-V begins the database sizing action on the first of every month at
02:00.
8-10 Implementing and Managing Microsoft Desktop Virtualization

Planning an App-V Management Strategy

Key Points
When planning your App-V management strategy, there are several factors regarding credentials and
connections that you should consider, including:
Credentials. Determine the credentials that a user must provide to connect to the Web service. You
must use an account that has App-V management rights, but you should avoid using a domain
administrator account.
Connection. Determine whether you need to use a secure connection to the Management Console. If
so, you must consider the strategy for deploying SSL certificates. Typically, you should use secure
connections.
Security groups. Determine the security groups that require App-V administrative rights. Ensure that
the proper users are in the security groups that have the administrative rights. Only use accounts that
have enough rights to perform the required tasks.
Content path and protocol. Ensure that the content path is correct and uses the proper protocol.
Ensure you use a UNC or URL, and not a local path. Consider using a storage area network (SAN) that
has room for expansion to hold the content folder, which can become very large as you deploy
hundreds or thousands of applications.
Managing and Administering Application Virtualization 8-11

Demonstration: Connecting and Configuring the App-V Console

In this demonstration, you will see how to connect the Application Virtualization Management Console to
the App-V Web service. You then will see how to use the Management Console to configure system
options and to add Domain Admins as App-V administrators.

Demonstration steps:
1. Launch the Application Virtualization Management Console.
2. Configure the Connection Login Credentials.
3. Configure the System Options settings.
4. Add the Domain Admins group as an App-V Administrator group.
8-12 Implementing and Managing Microsoft Desktop Virtualization

Lesson 2
Publishing Applications into the App-V Environment

One of the primary App-V administrative tasks is to publish virtualized applications so that you can make
them available to authorized clients. When you publish virtualized applications, the client software can
discover the virtual application, and then download it to the client computer. To publish an application,
you first need to import it into the App-V system, and then you must configure various options, including
general properties, shortcut options, file type associations, and access permissions.

This lesson explains how to manage application groups, and how to publish applications into the
virtualized environment.
Managing and Administering Application Virtualization 8-13

What Is the Applications Container?

Key Points
The first container in the Application Virtualization Management Console is the Applications container.
For an administrator, this is one of the most important and most utilized containers. You use the
Applications container to either manually add or import applications into the virtualization system, so that
authorized users can access them.

To add a new application manually, you need to provide detailed publishing information about the
application to the New Application wizard. The import function uses the Sequencer Project (SPRJ) file or
the Open Software Descriptor (OSD) file to provide that information about the application.

You also can use the Applications container to view, add, remove, or change properties for any
application within the system.

By default, an application record for the default application populates the Applications container. You use
this free application only to test connectivity between the App-V Client and the App-V Server.

As organizations begin to use the Application Virtualization system, the number of applications easily can
number in the triple digits. When organizations approach these numbers, you would require a way to
organize those applications logically within the Application Virtualization Management Console. You can
use the New Application Group Wizard to create containers that can store common application types.
These containers act similar to folders in the file system and simply allow you to organize applications into
a more manageable format.

When you import or move applications into a specific application group, you can modify the following
entire groups properties, which affects all of the groups applications:
Description
Enabled
Application License Group
8-14 Implementing and Managing Microsoft Desktop Virtualization

Server Group
Shortcuts
Access Permissions
If you delete an application group, this deletes all applications within that group. If you do not want to
delete a specific application, you can right-click the application, and then move or copy it to another
application group or to a different Application Virtualization system.
When you delete an application, App-V does not remove the package that references the application.
Therefore, you have to delete the package specifically to remove all traces of the previous application.

Note: Even when you use application groups, you must provide unique names to all applications
imported into the Application Virtualization system. For example, if you have one application group
called Office 2003, and another application group called Office 2007, only one of these groups can
contain an application called Microsoft Word. However, each group could have its own Microsoft
Word application if the applications were each given a unique name, such as Microsoft Word 2003 and
Microsoft Word 2007.
Managing and Administering Application Virtualization 8-15

Considerations for Importing Applications

Key Points
When you import an application, you must verify that the .osd path matches the server\content directory.
If the path in the .osd file is incorrect, the App-V client software cannot locate the applications sft file.
If you specify a system variable for the server name, you need to configure each client to resolve the
variable. A system variable is useful for configuring the placement of a single package on multiple servers.
In this case, you do not have to modify the .osd file to specify a specific server name. By using the system
variable, you easily can change the name of the streaming server on the client computers if that becomes
necessary.

Note: You can set the %SFT_SOFTGRIDSERVER% variable in the system properties of the client or
through Group Policy preferences.

You can publish shortcuts on the users desktop, Quick Launch toolbar, Start menu, Send To menu, or a
specific location. Users typically are familiar with these shortcuts. The location for shortcuts is something
that you should discuss and determine with your stakeholders.

During the Application Sequencing task, App-V detects file associations automatically. You can, however,
add or remove specific file associations when you are importing the application. You first need to
determine the file type associations that you want to use with the application, including any custom
associations for extensions that you do not specify in the sequenced application.

Access permissions are applied based upon the Active Directory security group membership. You should
determine who needs access to the application, and then create a specific application-based security
group. For example, if you import Microsoft Word 2007 as an application, you may want to create a
global security group called Microsoft Word 2007 Users. You may need to create new groups in AD DS to
accommodate this. Consider using role-based groups to define who should have access to specific
applications. Remember that there are no levels of permission. Either users have the ability to use the
8-16 Implementing and Managing Microsoft Desktop Virtualization

application, and all of its features, or they do not. You cannot place restrictions on application usage
through App-V permissions.
Managing and Administering Application Virtualization 8-17

Process for Importing Applications

Key Points
When you publish applications, you first must import them from the Content shared folder into the
Application Virtualization Management Console. This populates the database with the applications
configuration information. The New Application Wizard walks you through the steps to provide the
information required for publishing the application.

After you sequence an application, you must complete the following tasks to import the application into
the App-V system:
Copy the package to the content location: You must copy the entire sequenced package to the
shared content location, which you configured in the System Options of the Application Virtualization
Management Console. Make sure that all of the packages files are in the same location as the .sprj
file
Import the .sprj or .osd file using the New Application Wizard: When you import an application, you
can select the .sprj file or the .osd file. The .sprj file contains the information required to import a
single sequenced application or a suite of sequenced applications. The .osd file, which you can import
directly, contains only information about a single application.

Note: When you import a suite of applications by importing the .sprj file, the suite is not enabled by
default. However, when you import a single application (by .sprj or .osd), it is enabled by default.
8-18 Implementing and Managing Microsoft Desktop Virtualization

Options for Configuring Published Applications

Key Points
During the import process, App-V imports a number of configurations settings automatically, such as the
Open Software Description (OSD) path and file associations. You can modify these options during or after
the import process. You also can configure other options, such as the server or license group. You can
modify the configuration settings of individual applications after you import them. Do this by accessing
their properties through the Management Console.
The Properties dialog box has four tabs with the following options:
The General tab allows you to specify the following:
Version identifier
Enabled checkbox
Description field
OSD Path
Icon Path
Application License Group (no group is specified by default)
Server Group (no group is specified by default)
The Shortcuts tab allows you to publish shortcuts to any or all of the following:
Publish to Users Desktop
Publish to Users Quick Launch Toolbar
Publish to Users Send To Menu
Publish to Users Start Menu (Default selection)
Advanced: other specific locations
Managing and Administering Application Virtualization 8-19

The File Associations tab allows you to add, edit, or remove file associations. This tab is not available
for application groups properties.
The Access Permissions tab allows you to add or remove user groups that have access to the
application. You cannot grant permissions directly to individual users. You must assign them to AD DS
security groups. There are no different levels of permissions to an application. Either you allow users
to use the application or you do not.
8-20 Implementing and Managing Microsoft Desktop Virtualization

Demonstration: Importing and Configuring an Application

Key Points
In this demonstration, you will see how to import a sequenced application into the App-V system. You
then will see how to create an application group, and move the application into the new group. Finally,
you will examine the properties of the published application.

Demonstration steps:
Import a sequenced application
1. Copy the sequenced application to the content folder.
2. Launch the Application Virtualization Management Console. Notice that the Default Application is
preinstalled. You can use it for testing connections between client and server. Additionally, the
Microsoft Word Viewer 2007 application currently is published.
3. Import the Word03 sequenced application from the C:\Content directory. Review the settings in the
General Information tab.
4. Publish a shortcut to the users desktop.
5. Keep the default file associations.
6. Grant permission to Domain Users.
Create an application group and move the viewer applications into the new group
1. Create an application group named Office Viewers.
2. Move both of the Microsoft Office Word Viewer applications into the Office Viewers group.
Examine the properties
1. Open the properties of the Office Viewers group, and review the configurable properties.
2. Modify permissions so that only the AppVUsers group has access.
Managing and Administering Application Virtualization 8-21

Question: Which property page is unavailable for the Application Group properties?
8-22 Implementing and Managing Microsoft Desktop Virtualization

What Is a Package?

Key Points
A package is the output of the sequencing process. A package in the Packages node is a representation of
the virtual application, and it contains information about the relative path in the content folder and the
version of the .sft file. You can use packages to control virtualized application versions, which you use for
client computer Active Upgrades.

When you import an application into the Applications container by referencing a .sprj or .osd file, App-V
creates a new package automatically in the Packages node of the Management Console, with a version
number of 1. The packages name follows the name of the .sft file. However, App-V replaces the .sft
extension with the word Package. For example, if an applications .sft file is named Excel.sft, than the
package that App-V generates is named Excel_Package.
If you create a new application record without using the Import Applications feature, you need to create a
package manually for the application by referencing the .sft file in the New Package Wizard.
Managing and Administering Application Virtualization 8-23

Upgrading and Retiring Virtual Applications

Key Points
Over time, you might need to upgrade most applications. Distributing the upgrades to multiple users
typically is a time-consuming and expensive process. App-V simplifies that process by allowing the
sequencing engineer to upgrade the application, and then seamlessly distribute an updated .sft file to the
users as a new version of the package.

Active Upgrade
Active Upgrade refers to the functionality that allows you to upgrade a package seamlessly without
requiring users to disconnect or Virtual Application servers to restart.

When you upgrade a package by using the Add Version process, App-V adds a version identifier
automatically to the resulting .sft file. For example, if the packages .sft file were named
Microsoft_Office_2003.sft before the upgrade, the packages .sft file would be called
Microsoft_Office_2003 _2.sft after you complete the package upgrade.

You must perform the following steps to add a new package version and make it available for Active
Upgrade:
1. Apply the upgrade, and then resequence the application.
2. Copy the new .sft file to the same Content share as the existing packages .sft file
3. In the Application Virtualization Management Console, right-click the package name, and then select
Add Version.
4. Enter the full path to the .sft file.
5. Enter the relative path from the Content share to the .sft file.
6. Verify that the information is correct to finish the upgrade.
8-24 Implementing and Managing Microsoft Desktop Virtualization

Any user who has an active connection to the previous .sft file continues to receive data from that file
until the user disconnects. Any user who makes a new connection to the application in the package
receives the updated data from the new .sft file version.

Note: Users do not lose any specific applications when an upgrade occurs.

Retiring Virtual Applications


You can use the Application Virtualization Management Console to retire packages that you are not
using. After you are certain that a package version no longer is being used, you can remove the package
by going into the Application Virtualization Management Console, deleting the package version record,
and then removing the .sft file from the content folder on each system.

Question: How would standalone App-V clients receive upgraded applications?


Managing and Administering Application Virtualization 8-25

Publishing Applications by Using HTTP

Key Points
Publishing virtual applications does not always require an App-V full infrastructure. You can use an
Internet Information Server (IIS) to publish applications over HTTP. This solution only provides publishing
features, such as DC Refresh. Because there is no SQL database collecting the information, it does not
provide the full set of features that the App-V management server provides, such as usage history,
reporting, licensing and metering.

Note: It is possible to create customized HTTP solutions that collect and use information stored in
corporate databases or AD DS to deploy applications to users intelligently.

Preparing the IIS Server


You must install IIS with the following role services:
Common HTTP Features: Select all except HTTP redirection
Application Development
Health and Diagnostics: HTTP logging and Request Monitor only
IIS 6 Management Compatibility
Security: All authentication options
Management Tools
You must create a virtual directory under the Default Web site that points to the Content shared folder,
and then enable Directory Browsing and Read permissions.

You also must configure the following MIME types:


.OSD: application/softricity-osd
.SFT: application/softricity-sft
8-26 Implementing and Managing Microsoft Desktop Virtualization

.SPRJ: application/softricity-sprj

Note: If you are using SSL, than the appropriate certificates must be generated and installed on the
server.

What Is the Publishing Document?


The Publishing Document is an .aspx page that the App-V client connects to in order to send its request
for applications. This document is a single XML file that contains the publishing information associated
with each application, including its shortcuts, file type associations, and Dynamic Data Exchange (DDE)
entries.

The document consists of a single parent section that contains two child sections--the Policy section and
the Applist section.

The Policy section allows you to specify the Publishing Refresh frequency, in minutes and a boolean that
determines if publishing refresh occurs when the user first logs in. All of the application-specific
publishing information is placed in the Applist section. App-V takes this information directly from the
manifest files that were generated by the Sequencer. The Applist section should contain all the
information from all of the applications that you wish to publish using this method. When complete, App-
V places the publishing document in the root of the Content shared folder and serves it to requesting
App-V clients.

Configuring the App-V Client


You can configure the App-V client in the same way as an App-V management or streaming server. The
publishing server in the client software is configured as a Standard (or Secure) HTTP Server where the
hostname is the name of the Web server and the path is /name-of-publishing-document.aspx. For
example /Publishing.aspx.
Managing and Administering Application Virtualization 8-27

Lab A: Publishing Applications in the App-V


Environment

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. Ensure that the 10324A-NYC-DC1, 10324A-NYC-SVR2, and 10324A-NYC-CL1 virtual machines are
running.
3. If required, connect to the virtual machines. Log on to the 10324A-NYC-DC1 and 10324A-NYC-
SVR2 virtual machines as Contoso\Administrator using the password Pa$$w0rd
4. Do not log on to 10324A-NYC-CL1 until directed to do so.
8-28 Implementing and Managing Microsoft Desktop Virtualization

Exercise 1: Configuring System Options


Scenario
As the first step in publishing applications by using the Application Virtualization Management Console,
you need to connect to the App-V Web Service, and then configure the system options. To do this, you
are required to use the domain administrator credentials. You then can configure the default content path
and the options for database usage.

The main tasks for this exercise are:

1. Connect to the App-V Web service.


2. Configure the default content path and the duration for database usage.

Task 1: Connect to the App-V Web service


1. On NYC-SVR2, start the Application Virtualization Management Console.
2. Configure the Web service connection to use Contoso\Administrator with a password of Pa$$w0rd
for the Login Credentials.

Task 2: Configure the default content path and the duration for database usage
1. Open System Options, and ensure that the UNC path \\NYC-SVR2\Content is specified.
2. Set the duration for database usage for 12 months.

Results: After this exercise, you should have changed the login credentials for the App-V Web service,
and then confirmed the default content path and set the database to retain its history for 12 months.
Managing and Administering Application Virtualization 8-29

Exercise 2: Managing App-V Administrators


Scenario
You need to grant administrative access to the Domain Admins group so that they can publish and test
applications in the App-V environment. To grant administrative rights to the security group, you need to
use the Application Virtualization Management Console.

The main task for this exercise is:


1. Grant administrative access to the Domain Admins group.

Task 1: Grant administrative access to the Domain Admins group


Use the Application Virtualization Management Console to add the Domain Admins group as App-V
administrators.

Results: After this exercise, you should have granted administrative access to the Domain Admins
security group.
8-30 Implementing and Managing Microsoft Desktop Virtualization

Exercise 3: Publishing and Configuring an Application


Scenario
You have users who need to support certain clients by running the old Word Viewer version from the
Microsoft Office 2003 suite. The sequencing group has sequenced the application. To publish this legacy
application, you need to copy the sequenced application to the Content shared folder, and then import
the application into the management console. You should configure the application to be available to all
domain users. You then must create and populate an application group, and then modify and test the
permissions for the applications.

The main tasks for this exercise are:


1. Copy the sequenced application to the Content Shared folder.
2. Import the sequenced application to the Management Console.
3. Create an Application Group.
4. Move the Microsoft Office Viewer applications into the group.
5. Modify permissions for the Application Group.

Task 1: Copy the sequenced application to the Content Shared folder


On NYC-SVR2, open Windows Explorer, navigate to \\NYC-DC1\E$
\Labfiles\Mod08, and then copy the Word03 folder to the C:\Content folder.

Task 2: Import the sequenced application to the Management Console


Import the C:\Content\Word03 application into the Application Virtualization Management
Console, and accept the default settings, except for the following:
Publish the shortcut to the users desktop.
Grant access to the Domain Users and the AppVUsers groups.

Task 3: Create an Application Group


Create a new application group named Microsoft Office Viewers.

Task 4: Move the Microsoft Office Viewer applications into the Application Group
Move the Microsoft Office Word Viewer 2003 and the Microsoft Word Viewer from the
Applications node into the Microsoft Office Viewers group.

Task 5: Modify permissions for the Application Group


1. Open the properties of the Microsoft Office Viewers group, and then remove permission from the
Domain Users group.
2. Verify that the AppVUsers group has permission.

Results: After this exercise, you should have added a sequenced application to the content folder and
imported the application. You also should have created an application group, and populated it. Lastly,
you should have modified the permissions of the application group.
Managing and Administering Application Virtualization 8-31

Exercise 4: Verifying Application Permissions


Scenario
After publishing the virtualized application, you need to test its functionality in the App-V system. You
have installed the App-V client software on a Windows 7 computer and you will use to test the App-V
environment and permissions on the applications. You will log on to NYC-CL1 as a user in the AppVUsers
group, and then ensure that the published applications are present. You then will log on as a test user that
does not have permission to the viewer applications, and ensure they are not available.

The main task for this exercise is:


1. Test permissions for users.

Task 1: Test permissions for users


1. Log on to NYC-CL1 as Contoso\AppVUser1 with a password of Pa$$w0rd. Ensure the icons for
both Microsoft Office Viewers appear on the desktop.
2. Log off NYC-CL1.
3. Log on as Contoso\ruser with a password of Pa$$w0rd. Ensure the icons for the Microsoft Office
Viewers do not appear on the desktop.
4. Log off NYC-CL1.

Results: After this exercise, you should have verified the functionality of the virtual applications by
testing user permissions.

Important: Keep the virtual machines running for the next lab.
8-32 Implementing and Managing Microsoft Desktop Virtualization

Lesson 3
Performing Advanced Administration Tasks for Application
Virtualization

In some organizations, you may need to track application usage or enforce licensing. This helps the
organization to comply with license regulations for applications, and can reduce costs if an organization
does not have to license applications that users are not using. You can use provider policies to configure
user connection settings and to apply license enforcement. The App-V Server provides a number of
advanced administration settings that you can configure to manage server connections and application
licenses.

This lesson describes how you can manage server connections by using Provider Policies and Server
Groups. This lesson also explains what an Application License is, and how you can use it to monitor or
control the use of applications that are streamed within the virtualized environment.
Managing and Administering Application Virtualization 8-33

What Are Provider Policies?

Key Points
Provider policies specify a set of rules that you apply to users that are connecting to virtualized
applications. As connections come into the Server Group (Provider), the server appends several rules
(Provider Policy) to the connection. If the users connection does not specify a custom provider policy, the
system applies the rules of the default provider policy.

To create a new provider policy, use the New Provider Policy Wizard. The following table describes the
wizards options, which also are available when you modify an existing provider policy.

Note: After creating a new provider policy, you must restart the Application Virtualization
Management Server service.

Provider Policy Properties


Field Description

Policy Name A descriptive name for the policy.

Manage Client Specifies that App-V will apply the Application Virtualization Management
Desktop Using the Console settings defined for application shortcuts and file-type associations to
Management Console all clients. If there are conflicting settings at the client, then the servers
settings will take precedence. This is selected by default.

Refresh Desktop Specifies that an App-V Client will contact the App-V Server for updated
Configuration when a desktop-configuration information whenever the user logs on.
user logs on

Refresh Configuration Specifies that an Application Virtualization Client will refresh desktop
every n days configuration information at the defined interval. Intervals can be set for a
specified number of days, hours, or minutes.
8-34 Implementing and Managing Microsoft Desktop Virtualization

Field Description

Group Assignment Designates the AD DS groups that will be assigned to the policy.

Authentication Allows you to configure an authentication method. Windows Authentication is


the only available method by default. The current use that is logged on will
pass his credentials to the App-V server. If the credentials fail, the Alternate
Credentials dialog box will display.

Enforce Access Specifies, when selected (the default), that access to all applications will be
Permission Settings resolved against Access Permissions configured under the application record.

Log Usage Specifies, when selected, that a metering module is enabled in the Provider
Information Policy to measure user sessions from start to normal end (application ended
by client), or abnormal end (application ended by server). The logged
information also contains which server and applications were used.

Licensing Specifies, when selected, that a licensing module is enabled in the Provider
Policy to track or grant licenses (default is not selected). The following license
types are available:
Audit License Usage Only: Will not prevent a user from launching an
application if the specified maximum license quantity is reached.
Enforce License Policies: Will require every user who makes a connection
by using the Provider Policy to have an available and valid license for the
application in order to launch it.

Important: You must configure applications to use custom provider policies by modifying the
hypertext reference (HREF) tag in the applications osd files. For example, if your custom provider
policy is named Sales, you would modify the HREF tag in the osd file of the application as illustrated
here:
HREF="rtsp://sgserver:554/Excel.sft?Customer=Sales"

Question: You have created a new provider policy and associated it with an application. Now certain
users cannot access the application. What area might you troubleshoot to resolve this issue?
Managing and Administering Application Virtualization 8-35

Demonstration: Creating a New Provider Policy

Key Points
In this demonstration, you will see how to create a new provider policy.

Demonstration steps:
1. In the Application Virtualization Management Console, use the New Provider Policy Wizard to create
a new policy named Office_Viewers.
2. Add the AppVUsers group as the Group Assignment.
3. Set licensing to be Enforce License Policies.
4. Restart the Application Virtualization Management Server service.

Question: Can you describe scenarios where you would want to use a custom Provider Policy with which
users can connect?
8-36 Implementing and Managing Microsoft Desktop Virtualization

What Are Server Groups?

Key Points
A Server Group is a logical collection of App-V servers. You can use Server Groups to provide a common
Provider policy, and configure logging properties of all servers that are members of the group.
Most organizations only have one server group--the Default Server Group. However, an organization that
consists of multiple physical sites can create a server group that represents each site.

For example, your organization may have multiple physical locations that contain App-V servers. To
ensure that each server does not log information over the wide area network (WAN) connection, you can
create a Server Group for each location, and then configure each Server Group to log only information to
a local computer that is running SQL Server.
You can manipulate the characteristics of all servers in a Server Group by using three property pages. The
configuration settings are available in the following tabs:
General. Use to set the default Provider policy for the Server Group, and to enable or disable the
Server Group.
Logging. Use to control how App-V Servers record their information within the virtualization system.
There are two ways to store usage information: logging to a file or logging to a SQL Server database.
The recommended method is to allow the default behavior, which is to log to the data stores SQL
Server database.
Applications. Use to view which applications belong to this Server Group. You also use it to verify the
Enabled or Disabled status of applications. This tab is for informational purposes only.
Managing and Administering Application Virtualization 8-37

What Are Server Objects?

Key Points
For every App-V Server that you install, App-V creates a matching server object in the Server Group that
you specified during installation. This is the Default Server Group. The App-V Server object provides
several property pages to configure the characteristics of the specified App-V Server, including:
General. Use to provide the Domain Name System (DNS) host name of the App-V Server
Ports. If you need to change any of the default port values for application virtualization, you need to
make this change on the Ports tab. Changing any of the values on this page requires a restart of the
App-V service. If you also require that any .sft files streamed over a network connection must be
encrypted with a Transport Layer Security (TLS) header, you need to add the Real-Time Streaming
Protocol Secure (RTSPS) protocol, and associate an available SSL/TLS certificate to the Server object.
The default RTSPS port is 322.
Advanced. From the Advanced tab, you can change how the selected Virtual Application Server
utilizes system resources, including random access memory (RAM) and CPU. You would use this tab
only for advanced configuration of the App-V system.
8-38 Implementing and Managing Microsoft Desktop Virtualization

What Is License Enforcement?

Key Points
License enforcement provides you the ability to create an application license that is stored in the
Application Virtualization data store. Every time a user attempts to launch an application, the system
queries the data store for an available license. If a license is available, the user can launch the application.
However, if there is no available license, the application reports Launch Failed, and an error message
displays that indicates that there is no available license.
The Application Licenses node in the Application Virtualization Management Console provides the ability
to create Application License Groups. Application License Groups contain generic application licenses, and
are not application-specific. Therefore, you might apply one Application License Group to multiple
applications, although typically, you create most with specific application requirements in mind.
Licensing control in App-V refers to licenses that you create within the App-V system. These license
options have no impact on license agreements, such as Microsoft Software License Terms, but typically are
tied logically to the number of end user licenses that the company has purchased.

You can create and assign the following types of licenses to virtualized applications:
Unlimited License. This enables any number of users to have simultaneous access to the applications
that have been associated with the license. Unlimited License Groups can be effective in evaluating
the number of licenses that the organization would need for an application. When used in
conjunction with reporting, Unlimited Licensing can assist in purchasing decisions.
Concurrent License. This permits a limited number of users to have simultaneous access to
applications that have been associated with the concurrent license. Concurrent License Groups are the
most common type of licensing implemented on virtualized applications. For example, even in an
enterprise-size organization, only a select number of users need to run a specialized drafting
program. Between the different shifts that the employees work, a maximum of 10 employees will run
that application at any one time. For this situation, you could create a Concurrent License Group to
limit the maximum number of simultaneous launches of that application to 10. The system refuses
Managing and Administering Application Virtualization 8-39

any additional people who attempt to launch the application, and an error appears indicating that
there are no more licenses available.
Named License. This permits only explicitly named users to have access to an application associated
with the license. For example, an organization has a sales group within AD DS that assigns
permissions to several general-use applications, including a management database program.
However, only certain individuals within that sales group should actually be able to run this
management application. You could create a Named License Group, and specify only those
individuals who should run it. If a user is not in the license, and then attempts to launch the
application, the system refuses the user.

Question: What type of license would be appropriate when distributing an application to all employees
with a volume license agreement in place?
8-40 Implementing and Managing Microsoft Desktop Virtualization

Demonstration: Creating and Enforcing Licenses

In this demonstration, you will see how to create a concurrent license, and then associate it with an
application. You also will see how to enforce it through the default provider policy.

Demonstration steps:
1. Open the Application Virtualization Management Console, and then use the New Concurrent License
Wizard to create a new Application License Group named Word_Viewer_2003.
Provide the following description: Allows 25 concurrent users.
Set the Concurrent License Quantity to 25.
2. In the Applications node, access the properties of Microsoft Office Word Viewer 2003, and set the
Application License Group to be the Word_Viewer_2003 group.
3. Modify the .osd file to use the Office_Viewers provider policy.
Managing and Administering Application Virtualization 8-41

Features of App-V Reporting

Key Points
The Reports node in the App-V management console allows you to generate a variety of different reports
about usage and system error tracking. You can generate report information by querying the App-V SQL
database. Reports do not run automatically. You must run each report explicitly.
You can create the following types of reports by running the New Report wizard:
System Utilization Report. Graphs the total daily usage, to help you determine the load on your
application virtualization system. Usage is reported by day of the week and hour of the day.
Software Audit Report.Lists the usage information during the reporting period for all applications
defined in the database to help you determine which applications are the most heavily used. The
report provides information about the number of sessions and the number of times an application
was used.
Application Utilization Report. Tracks usage information for a specified application to help you
determine how heavily a specific application is used.
System Error Report.Tracks the number of errors and warnings logged over time during the specified
reporting period for the specified server or server group.

Note: The amount of usage reporting data available is dependant on how long you elect to retain
usage history in the database. You can configure that in the App-V System Options. For example, if
you want to track one year of usage data then the database must keep at least one year of usage
history.

After you create a report, the management console displays the output. You can export the report to
either PDF format or to a Microsoft Office Excel spreadsheet.
8-42 Implementing and Managing Microsoft Desktop Virtualization

Creating a Report
Run the New Reports wizard from the Reports node of the management console. You must provide the
following information to the wizard:
Report Name
Report Type (The remaining information required by the wizard will depend on the selection.)
Report period

Server nameApplication
Managing and Administering Application Virtualization 8-43

Lab B: Implementing License Enforcement

Lab Setup
For this lab, you will use the available virtual machine environment that should be running from Lab A.
Before you begin the lab, you must:
1. Ensure that the 10324A-NYC-DC1, 10324A-NYC-SVR2, and 10324A-NYC-CL1 virtual machines are
running.
2. If required, connect to the virtual machines. Log on to the 10324A-NYC-DC1 and 10324A-NYC-
SVR2 virtual machines as Contoso\Administrator using the password Pa$$w0rd.
3. Do not log on to 10324A-NYC-CL1 until directed to do so.
8-44 Implementing and Managing Microsoft Desktop Virtualization

Exercise 1: Publishing an Application


Scenario
Contoso, Ltd., wants you to use license enforcement to control the number of users who can access virtual
applications. Before you can implement license enforcement, you need to import and publish an
application for testing purposes. You decide to publish the Microsoft Excel viewer application.

The main tasks in this exercise are:


1. Copy a sequenced application to the Content folder.
2. Publish Microsoft Excel Viewer.

Task1: Copy a sequenced application to the Content folder


On NYC-SVR2, open Windows Explorer, and then copy the \\NYC-DC1
\E$\Labfiles\Mod08\Excel folder to C:\Content.

Task 2: Publish Microsoft Excel Viewer


1. Open the Application Virtualization Management Console, and then import the Excel project file into
the applications node.
2. Publish a shortcut to the users desktop and to a Start menu folder called Excel.
3. Grant permission to AppVUsers.
Managing and Administering Application Virtualization 8-45

Exercise 2: Creating a License Group


Scenario
The first step in license enforcement is to create a license group. To test license enforcement, you decide
to create a new named license for a specific test user, and then assign that license to the Excel Viewer
application.

The main tasks in this exercise are:


1. Create a new named license.
2. Assign the license group to an application.

Task 1: Create a new named license


On NYC-SVR2, create a new named license with the following parameters:
Name: Excel Users
License Description: Excel Named License
Enable: Selected
Named License User: Contoso\AppVUser1

Task 2: Assign the license group to an application


In the Properties dialog box for the Microsoft Office Excel Viewer, assign Excel Users as the
Application License Group.
8-46 Implementing and Managing Microsoft Desktop Virtualization

Exercise 3: Creating a New Provider Policy


Scenario
The management team at Contoso, Ltd., wants you to associate license policies with certain applications.
You must create a new provider policy that will enforce the license restrictions. Additionally, you must
restart the App-V Management Server whenever you create a new provider policy, and you must modify
the .osd file of the application to indicate to the application that it is subject to the new policy.

The main tasks in this exercise are:


1. Create a new provider policy.
2. Restart the service.
3. Modify the Excel osd file to use the new provider policy.

Task1: Create a new provider policy


Create a new provider policy with the following parameters:
Policy Name: Licensed
Manage client desktop using the Management Console: Enabled
Refresh desktop configuration when a user logs in: Enabled
Group Assignment: AppVUsers
Authentication: Windows Authentication
Enforce Access Permission Settings: Enabled
Log Usage Information: Enabled
Licensing: Enforce License Policies

Task2: Restart the service


Restart the Application Virtualization Management Server service.

Task 3: Modify the Excel .osd file to use the new provider policy
1. On NYC-SVR2, open Windows Explorer, and then browse to C:\Content\Excel.
2. Use Notepad to modify the Microsoft Office Excel Viewer 12.0.6219.1000.osd file as follows:
HREF= RTSP://NYC-SVR2:554/Excel/Excel.sft?Customer=Licensed"

3. Save and close the file.


Managing and Administering Application Virtualization 8-47

Exercise 4: Testing License Enforcement


Scenario
As part of the proof-of-concept testing, you will test the application against two test users in the
AppVUsers group to ensure that App-V is enforcing your license restriction properly.

The main task in this exercise is:


1. Test license enforcement.

Task 1: Test license enforcement


1. Log on to NYC-CL1 as AppVUser2 using the password Pa$$w0rd, and then attempt to start the
published copy of Microsoft Office Excel Viewer. Notice that you are not able to start the application.
Click OK, and then log off.
2. Log on to NYC-CL1 as AppVUser1 using the password Pa$$w0rd, and attempt to start the
published copy of Microsoft Office Excel Viewer. Notice that the application starts as expected.

To prepare for the next lab


When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.

2. Right-click the virtual machines used in this lab, and then click Revert.

3. In the Revert Virtual Machine dialog box, click Revert.


8-48 Implementing and Managing Microsoft Desktop Virtualization

Module Review and Takeaways

Review Questions
1. An administrator has accidentally deleted the AD DS security group that is managing the Application
Virtualization servers. What can you do to address this issue?
2. You would like to import an application that your Sequencing Engineer has provided. What are the
standard configuration settings that you need to consider?
3. Describe scenarios where you would want to use a custom Provider Policy with which users can
connect.

Common Issues Related to Managing Virtual Applications


Identify the causes for the following common issues related to managing virtual applications, and then fill
in the troubleshooting tips. For answers, refer to relevant lessons in the module.

Issue Troubleshooting tip

Management console on the App-V server is


unable to connect to itself by computer name, but
succeeds by 'localhost' or IP Address

Best Practices Related to Publishing Applications


Supplement or modify the following best practices for your own work situations:
Consider setting the %SFT_SOFTGRIDSERVER% system variable on clients. Even if you only have a
single streaming server today, in the future, you may scale out the implementation to include other
streaming servers.
Use application groups to simplify administration. Application groups allow the configuration of
settings to easily be applied to all the applications in a group.
Use license groups to track application usage or enforce policies.
Sequencing Applications for Virtualization 9-1

Module 9
Sequencing Applications for Virtualization
Contents:
Lesson 1: Overview of Application Sequencing 9-3
Lesson 2: Planning and Configuring the Sequencer Environment 9-11
Lesson 3: Performing Application Sequencing 9-19
Lesson 4: Advanced Sequencing Scenarios 9-27
Lab: Sequencing Applications for Virtualization 9-37
9-2 Implementing and Managing Microsoft Desktop Virtualization

Module Overview

To use applications in a Microsoft Application Virtualization (App-V) solution, you must first package
them into a form that can run in a virtualized environment. You can create these application packages by
using the App-V Sequencer.
You can sequence applications that you plan to deploy by using the App-V infrastructure or stand-alone
installation. By using App-V sequencing, you create a set of files that contain all the information that the
application requires to run in a virtual environment. The App-V Sequencer provides several packaging
options that you can choose based on your specific requirements.

This module describes how to install and configure the App-V Sequencer to create application packages.
The module also describes how to upgrade existing packages and create stand-alone packages.
Sequencing Applications for Virtualization 9-3

Lesson 1
Overview of Application Sequencing

The App-V Sequencer collects information from the Microsoft Windows installation procedures, and
converts the files, registry information, and .ini files into a cohesive package. In many environments,
application developers who are familiar with the applications carry out the sequencing process. As an
App-V administrator, you likely will have to troubleshoot App-V deployments, so you need to understand
the sequencing process. It can help you determine if the problem is with the configuration of the
implantation or if the problem occurred during the sequencing process.
This lesson describes the functionality of App-V Sequencer, the features of a virtual environment, and it
explains how virtual environments communicate.
9-4 Implementing and Managing Microsoft Desktop Virtualization

What Is the App-V Sequencer?

Key Points
The App-V Sequencer is a wizard-based software application that you can use to create Microsoft App-V
application packages. You can then deploy these packages to App-V-enabled desktops and Remote
Desktop servers. The Sequencer captures an applications installation, and then organizes the applications
unique data so that it can operate in the App-V environment. This process also determines the files and
data that are applicable to all users and the information that users can customize. The software allows the
sequencing engineer to determine what makes up Feature Block 1 and provides the ability to add files,
registry settings, associate file types, and many other tasks to the application package.

The sequencer also creates logical divisions in the applications program data, so that an App-V Streaming
Server can stream the application in chunks to an App-V Client. Optionally, the sequencer can package
applications as a self-contained Microsoft Installer package, a .msi file, which you can then deploy via an
electronic software distribution (ESD) system such as Systems Management Server (SMS) or System Center
Configuration Manager. To use the App-V Sequencer effectively, you must understand how to configure
and deploy your applications

Note: App-V Sequencer Release 4.6 is now available. This release supports 64-bit platforms, and it can
sequence both 32-bit and 64-bit applications. You can sequence applications on 32-bit systems, and
then run the applications on 64-bit systems, and vice versa.
Sequencing Applications for Virtualization 9-5

Overview of the Sequencing Process

Key Points
Sequencing is the process of creating a version of an application that can run in a virtual environment on
a client computer. You can use special sequencing software to record the installation steps and the files
that the application uses. You can use that information to create a package that you can stream down to
software on the client computer.

You run sequenced applications (packages) in virtual environments that software creates on the client
computer. The virtual environment controls all the communication between the application and the
operating system. You can run multiple virtual environments with each environment hosting its own
virtual application.
The sequencing process is broken down into five steps:
1. The Sequencer monitors an applications standard installation process. The standard setup routine
installs files and registry settings, configures environment variables, register dynamic-link libraries
(DLLs), as well as other steps. Additionally, it records any changes to the system.
2. The Sequencer then creates a virtual environment, and loads the application into it, along with all
information that was recorded during the installation phase.
3. If the application is large, you can stream it in multiple chunks of code that the App-V Streaming
Server delivers to the client on demand. To do this, you must start the application and perform the
most common tasks to determine what the minimal startup requirements are for the application.
After the Sequencer determines which bits are required to start the application, it packages these
application bits into a Feature Block 1, which is the minimum amount of data necessary to start an
application and perform the most common tasks. Therefore, you only need to transfer Feature Block
1 from the App-V Server to the App-V Client when you initially run the application. As users access
additional application features, App-V streams the bits required to execute those features in the
background as additional Feature Blocks.
9-6 Implementing and Managing Microsoft Desktop Virtualization

Note: If you do not launch application at all during this phase, the entire application becomes Feature
Block 1. This means App-V streams the entire application down to the client and caches it. This usually
is not desirable for large applications.

4. You can now package the virtual application, and create the supporting files. These include the .sft file
that holds the application data, and the .ico file that is a capture of the applications default icon.
Additionally, the .sprj, .osd, and .xml files provide information about the application.
5. You then move all of these files to the App-V server, which imports the application for distribution.

Question: What does Feature Block 1 include?


Sequencing Applications for Virtualization 9-7

Components of a Sequenced Application

Key Points
A sequenced application is a collection of files that the sequencing process generates, which includes five
major files:
The .sft file contains the sequenced Windows application. The file must be located on each server that
will stream applications. The .sft files can contain multiple applications, for example, a suite of
applications such as Microsoft Office.
The .sprj file is an .xml-based text file that contains parse items and exclusions for application suites,
and which manages multiple .osd files. For example, Office 2007 contains multiple applications, each
with its own .osd file, and each with possible additional requirements. You can specify these
requirements as exclusions and parse items in the .sprj file. If this file does not import with the
application, it may cause issues such as file conflicts or missing information.

Note: A parse item is the Virtual File System equivalent of an actual directory. For example, an
application may install a DLL file to the System32 directory. During sequencing, the Sequencer
intercepts the DLL file and places it in the packages virtual drive folder. When the application later
makes a call for that DLL file to the System32 directory, it parses the call, and then redirects it to the
Virtual File System.

The .ico files are icon files that are used for application shortcuts to provide a consistent end-user
experience. When a user double-clicks an icon as they normally would, the .ico file initiates the .osd
file, which in turn causes the application to load on the App-V Client.
The .osd file provides information necessary to launch the application, such as the protocol to use and
the streaming server that holds the sft file. Each application requires an .osd file.
The Manifest.xml file stores information required for the App-V Streaming Server to stream
applications. You would use Streaming Servers in branch-office deployment scenarios where it is not
feasible to deploy a complete App-V infrastructure. The Manifest.xml file informs the App-V Client
where to find the sequenced application.
9-8 Implementing and Managing Microsoft Desktop Virtualization

Question: Which file provides information about the .sft files location?
Sequencing Applications for Virtualization 9-9

Overview of the Dynamic Suite Composition

Key Points
Dynamic Suite Composition (DSC) allows virtual environments to communicate with each other. This
eliminates the need to sequence dependent applications with every primary application that requires
them. For example, in previous versions of App-V, (formerly known as Microsoft SoftGrid Application
Virtualization,) if an application has a dependency such as the Java Runtime Environment, you would have
to sequence that dependent application with every primary application that required it.
DSC is an App-V feature that enables you to sequence applications separately from the plug-ins and the
middleware applications they rely on, while you can still utilize the virtual resources such as file system
and registry settings, in the virtual environment. The packages run and interact with one another as if they
were all installed locally on a computer. The primary package also assumes the entire virtual environment
of the secondary package, including the virtual file system.

The following steps provide an overview of the DSC process:


Sequence the primary application on a clean sequencer, which is a sequencer on which unnecessary
applications are not installed. After you package the primary application, you reset the sequencer to a
clean state.
Install the primary application on the sequencer in the normal fashion. This is important because the
secondary application might use APIs or registry entries from the primary application.
Sequence the secondary application.
Modify the primary applications osd file to define the dependency. Create the DEPENDENCIES tag
under the VirtualEnv\Policies tag of the osd file, copy and insert the CODEBASE tag from each
secondary package you need to define for the primary package. You will need the HREF, globally
unique identifier (GUID), and SYSGUARDFILE elements. The MANDATORY element determines
whether the primary application requires the secondary application.
The DSC process forms a CODEBASE tag for each secondary package at sequencing time with the
information required to define the dependency. You will have to remove the unnecessary properties
9-10 Implementing and Managing Microsoft Desktop Virtualization

in the tag. The following sample code shows an example of the resulting section of primary
applications osd file with a dependency on a secondary application named Midware.
<VIRTUALENV TERMINATECHILDREN=FALSE>
<POLICIES>
</POLICIES>
<DEPENDENCIES>
<CODEBASE HREF=RTSP://%SFT_SOFTGRIDSERVER%:554/midware/midware.sft
GUID=06DCD3EF-1D70-4282-A117-2241BE970C27
SYSGUARDFILE=midware\osguard.CP MANDATORY=TRUE/>
</DEPENDENCIES>
<ENVLIST/>
</VIRTUALENV>

Publish both applications


Sequencing Applications for Virtualization 9-11

Lesson 2
Planning and Configuring the Sequencer Environment

The Application Sequencer is capable of detecting the smallest change in the Windows environment.
Therefore, it is very important that you follow proper steps when planning the Sequencers environment. If
extraneous elements such as anti-virus scans, which do not belong in the sequenced environment, get
included in the sequencing process, the application might not function correctly when you deploy it.
This lesson provides details about the Sequencer hardware and software requirements, and describes the
best practices for configuring the sequencer environment. The lesson also describes the most common
ways of configuring the Sequencer.
9-12 Implementing and Managing Microsoft Desktop Virtualization

Requirements for Installing the Sequencer

Key Points
The sequencer should reflect the computing environment of the computers to which you plan to deploy
the applications. If the majority of computers run the Windows XP Service Pack 3 (SP3) operating system,
you should configure the sequencer to run the same operating system.

Hardware Requirements
The hardware requirements for the App-V sequencer are very basic and generally reflect the hardware on
the computers to which you will deploy the virtual applications.
The minimum requirements are:
A Pentium III 1 gigahertz (GHz) or higher CPU, and either a 32-bit or a 64-bit processor. The
sequencing process is a single-threaded process, and it does not take advantage of dual processors.
1 gigabyte (GB) or more of random access memory (RAM).
A physical drive designated to represent the virtual drive. This can also be a partition on a single
drive. The drive letter assigned on the workstations where you install the Application Virtualization
Sequencer should match the drive letter assigned to the Application Virtualization Client. This is
usually drive Q.
You also have the option of hosting the sequencer on a virtual machine. This can affect the sequencer
performance, but you can revert the virtual machine to a base state very quickly.

Software Requirements
Windows XP SP2 or newer
Windows Vista Business, Enterprise, or Ultimate
Windows 7 Professional, Enterprise, or Ultimate
Sequencing Applications for Virtualization 9-13

Best Practices for Installing the Sequencer

Key Points
When you configure the sequencing computer, there are a number of considerations:
Always use a clean operating system install. The sequencer should match the computers to which you
will deploy the application. For example, if the typical client in the enterprise is running Windows XP
with SP3 and Office 2007, the sequencer should match that configuration.
Sequence to the lowest operating system version used in the target environment. If your client
computers run multiple operating systems at various service pack levels, and it is not practical to
sequence the applications multiple times, sequence to the lowest common denominator. However,
there is no guarantee that an application sequenced on one operating system functions as expected
on a different operating system. For example, if you know that an application does not function on
Windows 7, then it will not work to sequence it on Windows XP and deploy it to Windows 7.
Do not install monitoring agents, antivirus software, or any other software that runs background
tasks. These types of program interact with the operating system core components and can alter the
results of the sequencing operation thus affecting the package.
Reset the environment after you create each package. Create the sequencer image again, or if you
use a virtual machine, reset the virtual machine.
9-14 Implementing and Managing Microsoft Desktop Virtualization

Typical Configuration for the Sequencer

Key Points
You should sequence applications on the lowest operating system version in the environment. For
example, if the environment is currently running Windows XP and Windows Vista, you should base the
sequencers configuration on Windows XP. There is no guarantee that an application that you sequence
on an older operating system will function correctly on a newer one. However, applications that function
correctly on both operating systems should function correctly when you virtualize them on the older
system.

You can mount the application package on a drive other than drive Q, when the client is using it.
However, you should maintain consistency throughout the environment. If an application hard-codes a
path into its configuration during setup, this can cause problems if you have defined a letter other than
the one used during sequencing for the client.

To avoid problems with long file name references in applications, you must use the 8.3 naming
convention for the package root directory. For example, when you install Microsoft Office, this creates a
short-path shortcut called Micros~1. Some applications still refer to these short paths. This can cause
problems because the sequencer sequences each application in an isolated, clean environment. In this
example, every application that starts with Microsoft is abbreviated to Micros~1. By using the 8.3 format,
you can be sure that applications will always refer to the correct folder. The 8.3 format consists of a
maximum of eight characters with a three-character extension. For example, a folder named
Word2003Vwr could be renamed to Word2003.Vwr to comply with the 8.3 format.

Question: If you have a computing environment consisting of the Windows XP, Windows Vista, and
Windows 7 operating systems, on which operating system should you perform sequencing?
Sequencing Applications for Virtualization 9-15

Demonstration: Installing the App-V Sequencer

Key Points
The installation of the App-V Sequencer software is a very simple process. First, you should perform a
fresh install of a supported operating system. Ensure you create at least two partitions. Ideally, you would
have two separate hard disks: one to hold the operating system and one that would become drive Q. As a
best practice, if you choose to use a virtual machine, you should create a second virtual hard disk (VHD).

Note: Do not install the App-V sequencer on a computer that hosts the App-V Server or the App-V
Client.

Locate and launch one of the installer files for the App-V Sequencer. Similar to the App-V Client, there is a
Setup.msi and a Setup.exe. Also just like the client, you first need to install prerequisite software such as
Microsoft Visual C++ 2005 SP1. The Setup.exe file installs the software, while the Setup.msi file only
detects the presence or absence of the software. The Setup.msi installation fails if it cannot detect the
prerequisite software.

The InstallShield Wizard performs the installation. After you launch the wizard, you must allow it to install
the prerequisite software. Then you simply accept the license and allow the wizard to install the sequencer
software. Other than declaring the installation folder, you do not need to perform any configuration
during setup.
In this demonstration, you will see how to install the App-V Sequencer on a Windows 7 computer, and
then create drive Q.

Demonstration steps:
1. Run Setup.exe.
2. Perform a default installation of the App-V sequencer.
3. Use Computer Management to create a new simple volume using the unallocated space.
9-16 Implementing and Managing Microsoft Desktop Virtualization

4. Assign the drive letter Q, and then format the volume.

Question: What is the benefit of installing the sequencer by using the Setup.exe file versus the Setup.msi
file?
Sequencing Applications for Virtualization 9-17

Configuring the App-V Sequencer Options

Key Points
After you install the sequencer, you can configure a number of settings by using the Options menu item
in the Tools menu. This opens the Options dialog box, which has three tabs that provide access to several
configuration settings. The following sections detail these tabs.

The Paths tab


The Paths tab allows you to define the settings that the following table describes:

Setting Description

Scratch directory Specifies the path to the location where the sequencer will temporarily save files
that it generates during sequencing. Scratch, the default folder, resides in the
installation folder.

Log directory Specifies the path to where the log files will be saved. Logs, the default folder,
resides in the installation folder.

Allow use of MSI Allows interaction between the sequencer and the application installer.
installer

Allow virtualization Allows you to virtualize low-level, operating-system activities of the application
of events when you run a sequenced application package on App-V desktop clients.

Allow virtualization Allows virtualization of services that the application requires when the application
of services runs on App-V desktop clients.

Append package Automatically appends the sequenced version number for the application package
version to filename to the file name.

We recommend that you do not make any changes to these options, and instead accept the default
settings.
9-18 Implementing and Managing Microsoft Desktop Virtualization

The Parse Items Tab


This tab displays the mapping rules that the sequencer uses to accommodate differences that exist
between configurations on the sequencing computer and the App-V desktop client. The columns display
the variable that the sequencer reads and the variable that the sequencer substitutes during the
sequencing process. For example, the value of C:\ProgramData is parsed to
%CSIDL_COMMON_APPDATA%

The Exclusion Items Tab


The Exclusions Items tab allows you to designate data that you do not want the App-V Sequencer to
monitor while it is running.

An example of data that you should not capture is Internet cookies. If you configure the Sequencer to
capture the cookies in the virtual environment, it links the application installation permanently to the user
who initially set up the virtual environment.
Typically, you should exclude any data that is unique to a specific user or a specific session from the
Sequencer.
Sequencing Applications for Virtualization 9-19

Lesson 3
Performing Application Sequencing

Sequencing applications is often the most labor-intensive aspect of deploying virtualized applications. It
requires a thorough knowledge of the application that you are sequencing, and you need to pay close
attention to the details that the sequencer captures.
This lesson describes the sequencing process, and explains the functionality of the Sequencing Wizard.
The lesson also provides details about the best practices that you should implement when you sequence
applications.
9-20 Implementing and Managing Microsoft Desktop Virtualization

Best Practices for Sequencing

Key Points
Sequencing applications correctly is the most important part in deploying virtual applications. There are
several things that you should keep in mind and follow some best practices to help ensure a successful
deployment.
Perform a local install. Familiarize yourself with the application installation procedure before
sequencing it. This is very important. You should understand all of the application dependencies, as
well as all of the steps required to make the application usable for the end-user.
Document the install process. This is also a very important step. Knowing how you installed an
application prepares you better for creating the sequenced package, or upgrading the application
should it become necessary. Following a step-by- step procedure while you are sequencing
applications leads to more successful sequencing sessions.
Set compression to Off, and use the optimal 64-kilobyte (KB) block size. This allows your client
workstations to have the best performance during usage, because they will not have to decompress
the sequenced software.
Use an 8.3 naming convention for the Install path. As previously mentioned, this helps avoid
application short name path conflicts. Make sure each path is unique to all sequenced applications.
Sequence all dependent applications under the same paths.
Always choose the Run from My Computer or Not Available options when you select the method
of installing application components in the Application Setup Wizards. Do not select the Install on
First Use option because this causes the application to search for its install source files. This will not
work because even if the application can find the install source files, the application cannot update
the install on the client.
Disable the applications Automatic Updates option while sequencing occurs. The virtual
environment does not allow you to update the application once it is running on a client. If an update
is unnecessary, you should update it on the Application Virtualization Sequencer by upgrading the
package.
Sequencing Applications for Virtualization 9-21

The post installation process completes the application configuration while the Sequencer is still
monitoring the installation process. This provides you the opportunity to open the application and set
the initial startup environment. You can configure default options that you always want end users to
see when they start the application. This may cause the application to access DLLs and other system
items that it did not previously use during the Setup Wizard. This may include application activation.
You also can capture and virtualize this information.
Always reply Yes to reboot requests. The Sequencer detects the reboot task and notifies the
sequencing specialist that it has processed a reboot request. It then continues the installation as if the
reboot had occurred.
9-22 Implementing and Managing Microsoft Desktop Virtualization

Creating a Package by Using the Sequencing Wizard

Key Points
The 4.6 version of the App-V Sequencer displays a splash screen at launch that allows the sequencing
engineer to perform three tasks:
Create a package
Edit a package
Upgrade a package
When you click Create a Package, the Sequencing Wizard launches, and then simplifies the sequencing
process into six major steps, which the following sections detail.

Package Information
As the first step, fill in the package name with any display name that you wish. You also can input
comments, such as the platform on which the application was sequenced and the name of the sequencing
engineer. You also can select to see the Advanced Options page.

Advanced Options
On the Advanced Options page, you can select to allow Microsoft Update to run during monitoring or to
rebase DLLs. Allowing Microsoft Update simply allows the application to update from the Internet if
required. Rebasing DLLs remaps DLL libraries to a contiguous space in RAM, and may save memory and
improve performance. These selections are unselected by default.

Monitor Installation
This page allows you to start the monitoring process. Before you can start the actual application
installation, you need to specify where the application is installed. This is a folder on drive Q. The name of
this folder must adhere to the 8.3 naming convention, but subfolders under it do not. Each application
you sequence must have a separate directory.
Sequencing Applications for Virtualization 9-23

After selecting the install folder, you must wait while the virtual environment loads and monitoring can
commence. Then install the application as you would normally install it on the client, and select the folder
that you specified on drive Q as the install destination. During monitoring, the App-V Sequencer adds all
new and changed application components to the application package.

When you finalize the applications installation, you need to return to the App-V wizard, and use the Stop
Monitoring button.

Configure Applications
This page displays the available shortcuts and file type associations for an application. You can edit, add,
or remove the shortcut and file types. For example, if the application is a video player, you may want to
associate many different video file types with the application.

Launch Applications
This phase serves two purposes. For some applications, you might need to perform some configuration at
first launch, such as accepting license agreements. Additionally, the sequencer adds any steps that you
perform during this launch to Feature Block 1. Therefore, the sequencing engineer should perform the
most common actions, such as opening files, creating files, and whatever other actions a normal end user
would most often perform.

Sequence Package
This step completes the sequencing of the application and finishes the wizard. There is no configuration
during this step.
9-24 Implementing and Managing Microsoft Desktop Virtualization

Manually Modifying the Sequencer Package

Key Points
After you create the sequencer package, you can adjust the settings that the wizard creates. You would
typically do this when a package needs special modifications to make it operational in the virtual
environment.
You can view the properties, such as the applications GUID, and edit the package name.

The Deployment tab is one of the most important post-configuration considerations. You must configure
deployment properties such as the protocol, the hostname of the streaming server, the port number, and
the relative path inside the content folder. You can also determine which operating systems are allowed
to receive this virtual application and generate a Windows installer file for the virtual application.
You can view the history of any changes to the package in addition to many other pieces of information
about the package such as Windows version. This information is read-only.

You can edit the Virtual Registry to remove registry data that may not pertain to the application. The
Installation Wizard is preconfigured to ignore changes to certain registry keys. Sometimes, you might
need to configure those changed registry keys, and sometimes other registry keys for the sequencers
other software might change during sequencing.
You can add or remove files from the Virtual File System. This is useful to correct any errors made when
files that are erroneously detected by the installation wizard, are removed to keep the sequenced
application as small as possible.

During sequencing, App-V identifies and sequences a list of embedded services. These embedded services
assist the operation system. You can edit the properties of individual services, such as the startup type,
required by the application.
You can edit the .osd file before App-V incorporate it into the sequenced package. This can be useful if
you need to customize an element of the .osd file, such as defining a dependency for DSC. Refer to
Sequencing Applications for Virtualization 9-25

product documentation for details about the different elements with which you can configure the .osd
file.

Post Sequencing Steps


After you finish configuring the package, you must save it to a folder. The folder name you save it to must
have the same name as what you specified in the Path text box in the Package Configuration Wizard. The
.osd file specifies this location in the content folders relative path.

After you save the application, transfer the folder to the content folder on the App-V Server. If you create
an MSI package, you can provide the MSI package to enterprise deployment systems as needed.

Question: What name must you use for the folder into which you save the package?
9-26 Implementing and Managing Microsoft Desktop Virtualization

Demonstration: Sequencing an Application

Key Points
In this demonstration, you will see how to use the sequencing wizard to sequence an application and
configure the applications protocol, port, and path.

Demonstration steps:
1. Launch the App-V sequencer, and create a package.
2. Create a folder on drive Q as the installation folder, and begin monitoring.
3. Install the application drive Q.
4. Stop monitoring, and then click Next.
5. Launch and close the application, and then complete the wizard.
6. In the dialog box, click the Deployment tab, and then configure the protocol as RTSP.
7. Configure the Hostname to match the server name that will host the application.
8. Configure the relative path.
9. Save the package.
10. Open the folder, and then examine the contents.
11. Use Notepad to open the osd file, and then examine the HREF tag.
Sequencing Applications for Virtualization 9-27

Lesson 4
Advanced Sequencing Scenarios

When you perform sequencing tasks, some application types require special considerations. For example,
you may have applications that are hard-coded to install on drive C. Additionally, you may need to
upgrade existing sequencer packages, or create a package branch that allows you to upgrade an existing
package, and then run it side-by-side with the original package. You can use several advanced sequencing
techniques in such scenarios, and this lesson describes how to perform them.
9-28 Implementing and Managing Microsoft Desktop Virtualization

Upgrading Existing Packages by Using Active Upgrade

Key Points
Over time, you would need to upgrade applications to newer versions. This is a costly process for most
organizations. Active upgrade provides a method that allows you to apply updates on an existing package
and to redistribute it seamlessly to the client computer. This method does not require a server restart or a
client disconnect from the server. Users continue to use the currently streamed application until they
disconnect. When they reconnect, the updated version streams automatically.
You can accomplish this functionality within the sequencing process by tagging the changed blocks of
code with the new version number. When the client launches the application, App-V compares the version
information within the .sft file to the version on the streaming server, and then downloads only the
required blocks of code to the client.

Important: Active upgrade is not supported for Hypertext Transfer Protocol (HTTP) or Server Message
Block (SMB) streaming. You must change the HREF tag explicitly in the .osd file to point to the location
of the applications new version.

The following steps provide an overview of the active upgrade process:


1. If required, copy the package folder of the application that you are upgrading from the streaming
servers content folder to the sequencer.
2. Launch the sequencer, and the Upgrade a Package Wizard appears.
3. Open the project file of the package that you want to upgrade.
4. Specify the package name for the updated package.
5. If you want to download and install Microsoft Updates for the application, use the Advanced
Monitoring Options page to allow Microsoft Update to update the application as it sequences.
6. Begin monitoring.
Sequencing Applications for Virtualization 9-29

7. Install and apply the updates to the application.


8. Stop monitoring.
9. Complete the wizard by configuring shortcuts, adding or removing file type associations as required,
and launching the application.
10. To save the updated package, use the File menu, and save the package. If you need to create an
installer file (.msi), use the Create MSI option in the Tools menu. .
11. Copy the updated package back to the content folder on the streaming server. This overwrites the
original.
12. In the App-V Management Console, right-click the original package, and add a version. Browse to the
new .sft file, which will have the numeral 2 in its file name.
After the Sequencing administrator performs the steps necessary for the package upgrade, App-V saves a
new .sft file, and automatically appends a version identifier to it. You can use this automatic version
controller to ensure that the active upgrade process works seamlessly with users connecting to the
application, and they receive the updated package. This method of upgrade preserves any user
customizations.

Question: How would you upgrade packages that are streaming over HTTP?
9-30 Implementing and Managing Microsoft Desktop Virtualization

Demonstration: Upgrading an Application

Key Points
In this demonstration, you will see how to upgrade an existing application

Demonstration steps:
1. Launch the sequencer, and click Upgrade a Package.
2. Open the sprj file that you want to upgrade.
3. Begin monitoring.
4. Run the upgrade installation file.
5. After installation completes, stop monitoring.
6. Save the package.
7. Open the package folder, and examine the contents. Note that the .sft file now has a 2 at the end of
its name. The entire folder now is copied into the content folder, and has replaced the original folder
on the App-V Server. You have upgraded the original package to a new version, which users will
receive the next time they launch the application.
Sequencing Applications for Virtualization 9-31

Editing Existing Packages

Key Points
Occasionally you may wish to make changes to an application package without having to resequence the
entire application. For example, you may need to generate an .msi file for stand-alone clients, or create a
new file type association for an application. The Edit a Package feature allows you to open a package and
make certain types of changes, including:
Editing registry settings.
Adding or removing allowed operating systems.
Generating a .msi file.
Modifying the .osd file.
Adding file type associations.
Viewing package properties.
Renaming shortcuts.
Editing mappings for virtual file systems.

Limitations of Editing
You can perform only limited actions by using this method. Most importantly, you cannot apply updates
to an application, and additionally, you cannot:
Review all associated operating system file properties for a package.
Add additional services.
Add additional files.
Collect and configure associated security descriptors.
Apply security updates or upgrade to a new version.
9-32 Implementing and Managing Microsoft Desktop Virtualization

Add an additional application.


Apply updates that require the application to open.
Apply updates that require the computer to restart.
Sequencing Applications for Virtualization 9-33

What Is Package Branching?

Key Points
Package branching allows you to modify an existing package in some way, and then save it as a new
package. The primary advantage of this method is that you can run the upgrade process simultaneously
with the existing version. This allows users to run both versions. Users can test the updated application,
while still having access to the old version. Package branching is useful in the following circumstances:
You can stream upgraded applications versions while still providing access to the previous versions.
You can use complex packages as a baseline for creating new or updated packages.
You can create specialized packages for specific users.
The process for branching is very similar to active upgrade. The difference is at the end of the process.
In active upgrade, you save the new package to overwrite the old one. In package branching, you
perform a Save As at the end of the process. The result of the Save As is essentially a completely new
SFT file. This is a new version of the application and you can import it to the App-V Management
Console.
When you want to branch an existing package, perform the following steps:
Copy the original application package that you want to modify, to a clean Sequencer workstation.
In the Sequencer application, select the File menu, and then click Open. You can then select the
name of the .sprj file to be branched.
Use the Package Configuration Wizard to provide new values for the package name, and path.
Update the HREF tag information on the Deployment tab. You will need to modify the Path
parameter to reflect the name of the new folder you will save the package to). Modify any other
required wizard options.
In the Sequencer application, select the File menu, and then click Save As. Choose a new file name
and Save In location. Be sure to select the check box next to Save As New Package. Provide a
unique Package root directory name and a new Package name.
9-34 Implementing and Managing Microsoft Desktop Virtualization

You will then be prompted with two options:


Open Package. This option opens the package for minor edits, but does not decode the files to
the new Package root directory.
Open for Package Upgrade. This option decodes the files to a new application folder, allowing
you to add updates as needed.
Rename all the .osd files to a new, unique name.
Move the new files to the App-V Management Server, and then import the new package.
Sequencing Applications for Virtualization 9-35

Sequencing Hard-Coded Applications

Key Points
You may be able to install certain applications only on the local drive C, while other applications may
provide you with a choice of destination paths during installation. The latter are hard-coded applications.
You can still sequence hard-coded applications, and then stream them to run from the clients virtual
drive (typically drive Q). You can accomplish this by performing a Virtual File System of the install. Note
that during the sequencing of a hard-coded application, the entire application runs from the Virtual File
System.
A high-level view of sequencing a hard-coded application includes the following steps:
1. During the Sequencer installation phase, you create a directory on drive Q for the application to use.
2. During the Monitoring task, you will receive a prompt in which you can select the primary directory
to which you want to install the application. Select both drive Q and the directory that you created
for the application. This causes the App-V Streaming Server to copy the entire applications assets to
the Virtual File System located on drive Q.
3. Let the application install, as required, to drive C.
4. The next sequencing task is the execution phase. During this phase, execute the application from the
virtual drive and root directory that you created during the installation phase. This will order the
blocks of code into units that the App-V Streaming Server will stream to the client in Feature Block 1
or Feature Block 2.
9-36 Implementing and Managing Microsoft Desktop Virtualization

Creating an MSI Package for Stand-Alone Clients

Key Points
For clients that are unable to connect to the streaming server, you can use the stand-alone deployment
model. In this model, you do not configure the App-V Client to connect to any App-V Management
Server delivery system. To deliver the virtual application to the client, you can create an .msi file that you
can deliver by using ESD technologies such as Microsoft System Center Configuration Manager.

The .msi file holds all .osd files, icons, and other information of the packaged application except for the .sft
file that makes up the actual application. The .sft file is not inside the .msi file because of size limitations of
Windows Installer.

The .msi file loads the metadata to the client, and it then uses the SFTMIME.exe utility to add and load the
application from the installation directory to the App-V Client cache. Additionally, you configure the .msi
file to load, by default, the .sft file from the same directory as the .msi file.

Note: For more information on deploying the .msi file, see Configuring a Client for Stand-Alone
Operation in Module 7 of this course.

To create the .msi file, you simply select the Generate Microsoft Windows Installer (MSI) Package
check box on the Deployment tab after the sequencing wizard completes. Then, when you save the
application, the App-V Management Server creates and saves the msi file in the same directory as the rest
of the package files.
You can also generate an .msi file for applications for which sequencing occurred when you opened the
package for editing.

Question: From what location will the msi file attempt to load the application code by default.
Sequencing Applications for Virtualization 9-37

Lab: Sequencing Applications for Virtualization

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. Ensure that the 10324A-NYC-DC1, 10324A-NYC-CL1, 10324A-NYC-SRV2, and 10324A-NYC-CL2
virtual machines are running.
3. If required, connect to the virtual machines. Log on to 10324A-NYC-DC1, 10324A-NYC-CL2, and
10324A-NYC-SRV2 as Contoso\Administrator using the password Pa$$w0rd.
4. Do not log on to 10324A-NYC-CL1 until directed to do so.
9-38 Implementing and Managing Microsoft Desktop Virtualization

Exercise 1: Installing the App-V Sequencer


Scenario
Your organization deploys Windows 7 as a standard desktop operation system. You need to sequence
applications on the same operating system. You have created a clean installation of Windows 7 on a test
computer. Now you will install the sequencing software, and then prepare the second disk to be drive Q.

The main tasks for this exercise are:


1. Install the App-V Sequencer.
2. Create drive Q.

Task 1: Install the App-V Sequencer


1. On NYC-CL2, open Windows Explorer, browse to \\NYC-DC1
\E$\Labfiles\Mod09\Sequencer\x86, and then double-click Setup.exe.
2. Perform a default installation of the Microsoft Application Virtualization Sequencer.

Task 2: Create drive Q


1. Open Computer Management.
2. Use Disk Management to create drive Q with the unallocated space.

Results: After this exercise, you should have installed the App-V sequencer and created drive Q.
Sequencing Applications for Virtualization 9-39

Exercise 2: Sequencing an Application


Scenario
All your users need to view Microsoft Office Word documents, but you do not want to install a full version
of Office on all computers. You will sequence and deploy a virtual version of Word Viewer 2003.

The main task for this exercise is:


1. Sequence Microsoft Office Word Viewer 2003.

Task 1: Sequence Microsoft Office Word Viewer 2003


1. On NYC-CL2, open Windows Explorer, and then browse to \\NYC-DC1\E$
\Labfiles\Mod09. Copy the Word Viewer 2003 folder to C:\. Close Windows Explorer.
2. Launch Microsoft Application Virtualization Sequencer. Use the New Package Wizard to create a
package for Wordviewer03 with the following information:
Package Name: WordViewer03
Comments: Sequenced on Windows 7
Click Begin Monitoring
Primary directory: Q:\Word03
3. Navigate to C:\Word Viewer 2003, and then install Wdviewer.exe to Q:\Word03.
4. Click Stop Monitoring.
5. On the Configure Applications page, remove the Microsoft Office 2003 component.
6. Launch the application, and then complete the wizard
7. On the Deployment tab, configure the Protocol to be RTSP.
8. Configure the Hostname to be NYC-SVR2.
9. Configure the Path to be Word03.
10. Save the package to a new folder named Word03 in the Documents folder.

Results: After this exercise, you should have sequenced the Microsoft Office Word Viewer 2003.
9-40 Implementing and Managing Microsoft Desktop Virtualization

Exercise 3: Deploying and Testing the Application


Scenario
To ensure that the application functions correctly, you plan to deploy the Word Viewer application to a
test client and view the results.

The main tasks for this exercise are:


1. Copy the application to the Content folder.
2. Import the application.
3. Test the application.

Task 1: Copy the application to the Content folder


On NYC-CL2, copy the Word03 folder from the Documents folder to
\\NYC-SVR2\Content.

Task 2: Import the application


On NYC-SVR2, launch the Application Virtualization Management Console.
Import the Wordviewer03.sprj file from C:\Content\Word03.
Publish a shortcut to the users desktop.
Grant permission to the AppVUsers group.

Task 3: Test the application


Log on to NYC-CL1 as AppVUser1 with a password of Pa$$w0rd.
Launch the Microsoft Office Word Viewer 2003 application.
Use the Help menu to verify the applications version number.
Log off NYC-CL1.

Results: After this exercise, you should have copied the application to the content folder, and then
imported and tested the application.
Sequencing Applications for Virtualization 9-41

Exercise 4: Upgrading and Redeploying the Application


Scenario
You know that a security update is available for the Microsoft Office Word Viewer 2003. You already have
deployed the viewer. You must upgrade the package to the new version and deploy the upgrade without
interrupting the current users of the existing version

The main tasks for this exercise are:

1. Upgrade the application.


2. Copy the application to the Content folder.
3. Upgrade the package version.
4. Test the deployment.

Task 1: Upgrade the application


On NYC-CL2, launch the Microsoft Application Virtualization Sequencer:
Upgrade a package.
Navigate to the Documents\Word03 folder, open the Wordviewer03.sprj file, and overwrite
the existing destination.
Begin monitoring.
Navigate to C:\Word Viewer 2003, and run the office2003-KB923276-FullFile-ENU.exe
update.
Stop monitoring.
Launch the application, and finish the wizard.
Save the package.
Close the sequencer.

Task 2: Copy the application to the Content folder


On NYC-CL2, copy the Word03 folder from the Documents folder to
\\NYC-SVR2\Content, thereby overwriting the original folder.

Task 3: Upgrade the package version


Return to NYC-SVR2.
Launch the Application Virtualization Management Console.
Click the Packages node, Use the Add Package Version Wizard to add a version and update the
relative path to the new Wordviewer03_Package.
In the Packages node, click the Wordviewer03 package. Notice that there now are two versions

Task 4: Test the deployment


Log on to NYC-CL1 as AppVUser1.
Launch Microsoft Office Word Viewer 2003.
Use the Help menu to verify the applications version number.
Log off NYC-CL1.
9-42 Implementing and Managing Microsoft Desktop Virtualization

Results: After this exercise, you should have upgraded a sequenced application, copied the application
to the Content folder, upgraded the package version, and tested the deployment.
Sequencing Applications for Virtualization 9-43

Exercise 5: Sequencing a Hard-Coded Application


Scenario
You want to deploy the Microsoft Office PowerPoint viewer for those users that need to view or host
presentations, and you know that the PowerPoint viewer is hard coded to install on drive C. You need to
test whether you can sequence this application successfully.

The main task for this exercise is:

1. Sequence the PowerPoint Viewer.

Task 1: Sequence the Microsoft Office PowerPoint Viewer


On NYC-CL2, launch the Microsoft Application Virtualization Sequencer.
Create a package named PPT with the comment Sequenced on Windows 7.
Click Begin Monitoring.
Create a folder named PPT on drive Q.
Open Windows Explorer, navigate to \\NYC-DC1\E$
\LabFiles\Mod09, and then install PowerPointViewer.exe.
Stop monitoring.
Launch the application, and then complete the wizard.
On the Deployment tab, configure the Protocol to use RTSP and the Hostname to be NYC-
SVR2.
Configure the Port to be 554 and the Path to be PPT.
Save the package to a folder named PPT in the Documents folder.

Results: After this exercise, you should have sequenced a hard-coded application.

To prepare for the next lab


When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. Right-click the virtual machines used in this lab, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
9-44 Implementing and Managing Microsoft Desktop Virtualization

Module Review and Takeaways

Review Questions
1. After you upgrade an application by using active upgrade, what task must users perform to receive
the updated application?
2. When performing package branching, what must you do at the end of the sequencing wizard to
create a new package.
3. What prerequisite software do you need to install the App-V sequencer?

Common Issues Related to Sequencing an Application


Identify the causes for the following common issues related to a particular technology area in the module
and fill in the troubleshooting tips. For answers, refer to relevant lessons in the module.

Issue Troubleshooting tip

You used package branching to


create an upgraded version of an
application. Users are unable to see
any shortcuts for the upgraded
version the application.

Real-World Issues and Scenarios


1. Your environment is a mixture of Windows XP and Windows 7 clients. You want to sequence an
application that will run on both operating systems. Which operating system should you sequence
the application on so that it will have the best chance of functioning correctly?
2. You sequence an application on Windows XP. You deploy that application to users running Windows
7 and Windows XP. The users on Windows XP receive the application, but none of the Windows 7
computers has received it. What might be the issue?
Sequencing Applications for Virtualization 9-45

3. You have deployed version 1 of an application, but version 2 now is available. You want to deploy it
to your users, and you must ensure that their personal settings from the applications current version
carry over to the new version. How do you accomplish this?

Best Practices Related to Sequencing Applications


Supplement or modify the following best practices for your own work situations:
When sequencing, if the client machine to which you are deploying an application has user account
control (UAC) enabled, then you must ensure that you enable it on the sequencing machine.
Use the Comments field in the sequencer (Abstract Tag) to add any details about the package you
may want to include. This will allow you to revisit the sequence later and have a record of this
information.
Use the Application Wizard to launch each executable in a suite of applications. This will ensure that
each application will have the required initial launch data on the App-V Client.
Ensure that you perform all the common tasks that will be part of Feature Block 1 during the launch
phase of sequencing the application.
Processes and scheduled tasks that normally run on your computer, such as antivirus software, can
slow down the sequencing process and cause the gathering of unnecessary data during sequencing.
You should shut down these programs before you begin sequencing.
9-46 Implementing and Managing Microsoft Desktop Virtualization
Configuring Remote Desktop Services and RemoteApp 10-1

Module 10
Configuring Remote Desktop Services and RemoteApp
Contents:
Lesson 1: Overview of RDS 10-3
Lesson 2: Publishing RemoteApp Programs by Using RDS 10-13
Lesson 3: Accessing RemoteApp Programs from Clients 10-27
Lab: Configuring RDS and RemoteApp Programs 10-42
10-2 Implementing and Managing Microsoft Desktop Virtualization

Module Overview

Remote Desktop Services (RDS) provide a form of virtualization known as presentation virtualization.
Although you connect to a remote desktop or to individual remote applications, your experience is similar
to running local applications on your computer. RDS features such as device redirection, single sign-on
(SSO), and Remote Desktop (RD) Easy Print mean that it is not easy to distinguish between whether you
are using remote or local applications.
This module provides an overview of RDS and related role services, and the procedures for connecting to
an RD Session host. The module also describes RemoteApp programs and the methods for accessing
them. The module also explains how to use RD Gateway to access RDS infrastructure securely from an
external network.
Configuring Remote Desktop Services and RemoteApp 10-3

Lesson 1
Overview of RDS

RDS is the new version of Terminal Services and it is a Windows Server 2008 R2 server role. Users can
access session-based desktops, virtual machine based desktops and remote applications from anywhere.
Clients connect to an RDS server by using Remote Desktop Protocol (RDP). RDP 7.0 provides improved
and new features, such as Windows Media redirection, Windows Aero Glass support, and true
multimonitor support. To benefit from the new and improved RDP features, you must use the Remote
Desktop Connection (RDC) 7.0 client, which is in Windows 7 and Windows Server 2008 R2. You also can
download the RDC 7.0 client for Windows XP Service Pack 3 (SP3), Windows Vista Service Pack 1 (SP1),
and newer operating systems.
10-4 Implementing and Managing Microsoft Desktop Virtualization

What Is RDS?

Key Points
RDS, formerly known as Terminal Services, provides technologies that enable you to access session-based
desktops, virtual machine-based desktops, and remote applications that are running on centralized
servers. You can establish secure connections from a local network or from Internet. RDS provides a rich
desktop and application experience and you can connect securely from managed or unmanaged devices.

RDS provides the following capabilities:


You can run an application or a full desktop in one location, and you can control the applications or
desktops from another remote location.
You can maintain the installation and management on centralized servers in the data center. An RDS
server delivers screen images to users, and then users client machines send keystrokes and mouse
movements back to the RDS server.
You can present users with a full desktop environment or with the individual applications window and
data that they require for their job.
Remote RDS applications integrate seamlessly with the user local desktop. They look, feel, and behave
as if they are local applications.
RDS enables secure remote access to an entire desktop, remote application, or virtual machine
without establishing a virtual private network (VPN) connection.
You can centrally control which users can access RDS servers, as well as which RDS servers that users
can access, and additional configuration, such as device redirection settings.
There are many benefits of using RDS instead of running an application on local computer. These benefits
include:
Application deployment. You can quickly deploy Windows-based programs to various devices across
an enterprise. RDS is especially useful when you have programs that are frequently updated,
infrequently used, or difficult to manage.
Configuring Remote Desktop Services and RemoteApp 10-5

Application consolidation. You can run and install programs from an RD Session Host server, and
eliminate the need for updating programs on each client computer.
Remote access. Users can access remote programs from devices such as home computers, kiosks, low-
powered hardware, and operating systems other than Windows.
Branch office access. RDS provides better program performance for branch office users who need
access to centralized data stores. Data-intensive programs often are not optimized for low-speed
connections, and such programs often perform better over an RDS connection than a typical wide
area network (WAN).

Question: How is RDS different from Remote Desktop?


10-6 Implementing and Managing Microsoft Desktop Virtualization

RDS Role Services

Key Points
The RDS role provides six role services, which have new names in Windows Server 2008 R2, and which
provide additional and improved features. RDS in Windows Server 2008 R2 introduces a new role service,
known as RD Virtualization Host. You use it in VDI scenarios to provide users with access to virtual
desktops.

The RDS role includes the role services that the following sections detail.

RD Session Host
You require the RD Session Host server role to enable RDS. The RD Session Host server runs Windows-
based programs and provides users with remote access to these programs or the full Windows desktop.
Users can connect to an RD Session Host server by using RDP, and then can run programs, save files, and
use network resources on that server.

RD Licensing
To use RDS, you must deploy an RD licensing server in your environment. When a client, either a user or a
device, connects to an RD Session Host server, the RD Session Host server determines if an RDS Client
Access License (CAL) is necessary. You can use RD Licensing to install, issue, and track the availability of
RDS CALs. For small deployments, you can install the RD Licensing and RD Session Host role service on the
same server.

Note: You must configure RD licensing mode within 120 days of adding the RD Session Host role
service, or RDS stops working.

RD Connection Broker
The RD Connection Broker role service provides load balancing and session reconnection services for RDS
sessions. When users connect to an RDS environment, and you deploy RD Connection Broker in the
Configuring Remote Desktop Services and RemoteApp 10-7

environment, RD Connection Broker can balance the client connections across the available RD Session
hosts, and can reconnect clients to the same session host if the client is disconnected. RD Connection
Broker also connects users to the appropriate virtual machine in a VDI deployment.

RD Gateway
RD Gateway is an optional role service in an RDS deployment. RD Gateway enables remote users to access
applications running on session hosts by tunneling RDP traffic through Hypertext Transfer Protocol Secure
(HTTPS). This means users outside the company network can securely access the RDS environment without
first establishing a VPN.

RD Web Access
RD Web Access provides a user with an aggregated view of remote applications and desktop connections
via a Web browser or through the Start menu on Windows 7 computers. Using RD Web Access, a user can
view all remote applications and virtual desktops (personal virtual desktops and virtual desktop pools)
published to that user.

RD Virtualization Host
RD Virtualization Host integrates with the Microsoft Hyper-V role to host virtual machines and provide
them to users as virtual desktops. You can assign a unique virtual desktop to each user in your
organization or provide them shared access to a pool of virtual desktops.

Question: What is the new RDS role service that is included in RDS?
10-8 Implementing and Managing Microsoft Desktop Virtualization

Client Experience Features with RDS

Key Points
Windows Server 2008 R2 enhances the Remote Desktop client experience for computers that are running
Windows 7, Windows Server 2008 R2 or RDC 7.0 clients. These enhancements improve the experience of
remote users by providing a look and feel similar to what users experience when they access resources
locally.

The following enhancements are available to Remote Desktop users when they connect to an RD Session
Host server:
Windows media redirection. This feature provides high-quality multimedia by redirecting Windows
media files and streams so that servers can send audio and video content in its original format to the
client, and render the content by using the clients local media playback capabilities.
True multimonitor support. This feature enables support for up to 16 monitors in any size, resolution,
or layout. The applications function just as they do when they run locally in multimonitor
configurations.
Audio input and recording. This feature supports any microphone connected to a users local
computer. It enables audio recording support and speech recognition for RemoteApp and Remote
Desktop. This may be useful for organizations that use voice chat or Windows Speech Recognition.
Aero Glass support. This feature provides users with the ability to use the Aero Glass for client
desktops, ensuring that the Remote Desktop sessions look and feel like local desktop sessions. You
must connect from Windows 7 or Windows Server 2008 R2 client to take advantage of the Aero Glass
support.
Enhanced bitmap redirection. This feature improves the remote display of three-dimensional (3D) and
other media-rich applications, such as Adobe Flash and Microsoft Silverlight on the server.
Improved audio and video synchronization. RDP improvements provide closer synchronization of
audio and video.
Configuring Remote Desktop Services and RemoteApp 10-9

Language bar redirection. This feature provides users with the ability to control the language settings
easily and seamlessly in RemoteApp programs by using the language bar.
Task scheduler. This feature ensures that scheduled applications never appear to users connecting
with RemoteApp and reduces user confusion.
Windows Server 2008 R2 and Windows 7 include RDC 7.0, and it is available for Windows XP SP3,
Windows Vista SP1, Windows Embedded Standard 2009, Windows Embedded POSReady 2009, and
newer operating systems.

Question: Are enhanced features that RDP 7.0 provides available just on Windows 7 and Windows Server
2008 R2 clients?
10-10 Implementing and Managing Microsoft Desktop Virtualization

Overview of the RDC Client

Key Points
Windows clients connect to RD Session Host by using RDC client. RDC is included with the Windows
operating system and uses RDP to transfer user actions, mouse movements, keyboard inputs, and
redirected devices to the RD Session Host and graphical display from RD Session Host to the RDC client.
The RDC client can display the entire remote desktop or just the window of the running remote
application (RemoteApp program).
RDC is available in the Accessories folder in the Start menu, and it has the following configuration tabs:
General. On this tab, you can specify the RD Session Host server to which a user can connect and
user credentials. You also can save RDC connection settings in a text file with an .rdp extension.
Display. On this tab, you can choose the size of the remote desktop window, including the option to
run the remote desktop in full screen mode. You can select to use all local monitors for the remote
session, select color depth, and enable connection bar when the remote desktop is running in full
screen mode.
Local Resources. On this tab, you can set remote audio settings, such as whether you want to enable
remote audio playback and recording. You also can specify the location where Windows shortcuts are
applied, and whether local devices and resources in remote session are available. For example, you
can enable the option to make clipboard, local drives and printers, and devices that you plug in later
available in the remote session.
Programs. On this tab, you can specify the program that will start when you connect to the remote
computer. When you close the program, your session will log off.
Experience. On this tab, you can select the connection speed to optimize performance. You can
enable different features such as:
Desktop background
Font smoothing or visual styles in RDC
Configuring Remote Desktop Services and RemoteApp 10-11

Automatic reconnect if the connection is dropped


Advanced. On this tab, you can configure server authentication and connect from anywhere settings.
For example, you can specify if you want to use RD Gateway and then configure its settings.

Note: We do not support Aero Glass for connections for which you enable multiple monitor support.
In this scenario, Aero Glass support is turned off.
10-12 Implementing and Managing Microsoft Desktop Virtualization

Demonstration: Establishing a Remote Desktop Connection

Key Points
To establish a remote desktop connection, you must add the RDS role to the remote server and you must
have RDC, which is already included in the Windows operating system. Your user account must also be a
member of Remote Desktop Users group on the remote server or has appropriate user rights. You can
establish a remote desktop connection by running the RDC client, and then configuring the desired
options or loading them from the saved .rdp file.
In this demonstration, you will see how to establish a remote desktop connection.

Demonstration steps:
1. On the NYC-DC1 server, verify that Remote Desktop is enabled.
2. On the NYC-CL1 computer, start the RDC client and review its options.
3. On NYC-CL1, in the RDC client, configure the display resolution to 800 x 600 and NYC-DC1 as the
computer to which you want to connect, and then save the settings to a file.
4. Open the RDC configuration file, and then review the settings.
Configuring Remote Desktop Services and RemoteApp 10-13

Lesson 2
Publishing RemoteApp Programs by Using RDS

When you install an RD Session Host server, users can access the entire remote desktop, including the
Start menu and all installed applications. However, on an RD Session Host server, you can publish
individual applications and make them available to remote users, without providing the user access to the
full remote desktop. Those published remote applications are called RemoteApp programs, and they
integrate seamlessly with local applications that run on the client. You can list remote applications on the
RD Web Access Web page and by using RemoteApp User Assignment, and you can make remote
applications visible only for selected users.
10-14 Implementing and Managing Microsoft Desktop Virtualization

What Are RemoteApp Programs?

Key Points
In previous versions of Windows Server, when you connect to Terminal Server, you always access the full
remote desktop. Full remote desktop looks similar to the local desktop and you could easily be confused
between the local and remote environments. In Windows Server 2008 and newer versions, users have the
option to choose between a full remote desktop and an individual remote application window. The
individual application window integrates with the client desktop, runs in its own resizable window, and
has its own entry in the taskbar. If the remote application uses a notification area icon, this icon appears in
the client's notification area. RDS redirects the dialog boxes and other windows to the local desktop. You
also can redirect local drives and printers can be redirected and make them available in the remote
applications. The applications that run on the RD Session Host server and appear as if they were running
on the local computer are called RemoteApp programs. Users might not be aware that RemoteApp
programs are running remotely and such programs run side by side with locally installed applications. If
you run more than one remote application on the same RD Session Host server, RemoteApp programs
share the same RD session.

There are several scenarios where RemoteApp programs are especially useful:
Remote users: Users often need to access applications from remote locations, such as while working
from home or while traveling. RemoteApp programs allow these users to access these applications
over an Internet connection. Using RemoteApp programs with RD Gateway helps ensure secure
remote access to the applications. Additionally, you can choose to allow users to access remote
applications through a Web page or integrate the applications on the Start menu of Windows 7 users
with RD Web Access.
Line of Business applications deployment: Companies often need to run consistent Line of Business
(LOB) applications on computers that are running different Microsoft Windows versions and
configurations. Instead of deploying the LOB applications to all the computers in the company, you
can install applications on a RD Session Host server and make them available as RemoteApp
programs.
Configuring Remote Desktop Services and RemoteApp 10-15

Roaming users: In some companies, a user may work on several different computers. If users are
working on a computer where the application is not installed, they can access the application
remotely through RDS.
Branch offices: In a branch office environment, there may be limited local IT support and limited
network bandwidth. By using RemoteApp programs, you can centralize management of applications
and improve the performance of remote applications in limited bandwidth scenarios.
To access RemoteApp programs, you must be using at least RDC 6.0 and to access RemoteApp programs
through RD Web Access, you must be using RDC 6.1 or newer.
10-16 Implementing and Managing Microsoft Desktop Virtualization

Process for Publishing RemoteApp Programs

Key Points
Before you can access and run RemoteApp programs, you must first configure the server to host them,
make them available, and then allow RDP user connections to the server. Because you run RemoteApp
programs on the RD Session Host server, you must first add the RDS role to the server, and then add the
RD Session Host role service. After that, you need to install the applications that will be available as
RemoteApp programs, such as Microsoft Office suite.

Note: If you have programs that have dependencies on each other, you should install the programs on
the same RD Session Host server. For example, you should install Microsoft Office as a suite on the
same server instead of installing individual Office programs on separate RD Session Host servers.

When you add the RD Session Host role service, you enable remote desktop connections by default, even
if they were not enabled before. If users or groups need to connect to the RD Session Host server to
access Remote Desktop or run RemoteApp programs, then you must add them to the Remote Desktop
Users group or grant them privileges to Allow log on through Remote Desktop Services.

After you prepare the RD Session Host server, you can use RemoteApp Manager to manage RemoteApp
programs. To make a RemoteApp program available, you must add the program to the RemoteApp
Programs list.

Note: The Choose programs to add to the RemoteApp Programs list page displays the same
programs that the All Users Start menu on the RD Session Host server contains. If the program that
you want to add to the RemoteApp Programs list is not visible in Choose programs to add to the
RemoteApp Programs list, click Browse, and then specify the location of the program's .exe file.
Configuring Remote Desktop Services and RemoteApp 10-17

Note: In Windows Server 2008 R2, you can install Windows Installer packages normally on the RD
Session Host server, and then propagate the per-user install settings correctly. This removes the need
to put the server in install mode.

You can configure global deployment settings that apply to all RemoteApp programs in the RemoteApp
Programs list. Windows uses these settings by default if you create .rdp files or Windows Installer
packages from any of the listed RemoteApp programs. These global deployment settings include:
RD Session Host server settings
RD Gateway settings
Common RDP settings
Custom RDP settings
Digital signature settings

Question: Which RDS role service do you require to publish a RemoteApp program?
10-18 Implementing and Managing Microsoft Desktop Virtualization

Distribution Options for RemoteApp Program Links

Key Points
You can distribute links to RemoteApp programs in different ways. One of the options is to use RD Web
Access, where you can control visibility of the RemoteApp programs by using RemoteApp User
Assignment. You can also specify if a RemoteApp program is available through RD Web Access or not.
Other distribution options include creating and copying a .rdp file that connects and starts a remote
application or creating and deploying a Windows Installer package that installs a link to the RemoteApp
program. By using one of these two methods, you can specify additional settings, such as the RD Session
Host server or the RD farm to which a user should connect to run a RemoteApp program, as well as the
RD Gateway that is used when users run the RemoteApp program over a public network. When you create
a Windows Installer package, you also can specify if you want to associate file extensions with a
RemoteApp program.

You can use RemoteApp Manager on the RD Session Host server to create and configure an .rdp file or a
Windows Installer package for a RemoteApp program. This creates an .rdp or .msi file in the local
Packaged Programs folder, and you can deploy them to the clients by using one of the following
methods:
Copying the .rdp file or installing the .msi file
Using Group Policy
Configuring Group Policy preferences
Using a software distribution system, such as Microsoft System Center Configuration Manager
Depending on the deployment method that you use, you can run RemoteApp programs by:
Clicking a link to the program on RD Web Access Web site
Double-clicking a .rdp file (which could be available locally or on file share)
Double-clicking a program icon on the desktop or in the Start menu
Configuring Remote Desktop Services and RemoteApp 10-19

Double-clicking a file with a file extension that is associated with the RemoteApp program

Question: Why would you distribute links to published RemoteApp programs to your users?
10-20 Implementing and Managing Microsoft Desktop Virtualization

Functions of the RD Connection Broker

Key Points
RD Connection Broker enhances the user experience when connecting to RD Session Hosts that are part
of a load-balanced farm. RD Connection Broker supports load balancing and reconnection to existing
sessions on virtual desktops, Remote Desktop sessions, and RemoteApp programs. RD Connection Broker
also aggregates a list of available RemoteApp programs and virtual desktops from multiple servers.

RD Connection Broker keeps track of user sessions in a load-balanced RD Session Host server farm. The
RD Connection Broker database stores session information, including the name of the RD Session Host
server where each session resides, as well as the session state, session identifier (ID), and the user name
associated with the session. RD Connection Broker uses this information to redirect a user who has an
existing session to the RD Session Host server where the users session resides.
If a user disconnects from a session intentionally or because of a network failure, the applications that the
user is running will continue to run on the RD Session Host server. When the user reconnects, the Remote
Desktop client queries the RD Connection Broker to determine whether the user has an existing session,
and if so, on which RD Session Host server. If there is an existing session, RD Connection Broker redirects
the client to the RD Session Host server where the session exists.

The RD Connection Broker load balancing feature enables you to distribute the session load between
servers in a load-balanced RDS server farm. When a user without an existing session connects to an RD
Session Host server in the load-balanced RD Session Host server farm, RD Connection Broker load
balancing redirects the user to the RD Session Host server with the fewest sessions. If a user with an
existing session reconnects, RD Connection Broker load balancing redirects the user to the RD Session
Host server where the users existing session resides. To distribute the session load between more
powerful and less powerful servers in the farm, you can assign a relative server-weight value to a server.

To participate in an RD Connection Broker farm, the RD Session Host server must be a member of the
following:
An Active Directory Domain Services (AD DS) domain
Configuring Remote Desktop Services and RemoteApp 10-21

The Session Broker Computers local group on the RD Connection Broker server
A load-balanced RD Session Host server farm

Note: To avoid a single point of failure, you can configure the RD Connection Broker role service in
the Windows Server 2008 R2 failover cluster.

Question: Is it necessary to use RD Connection Broker if you want to list RemoteApp programs from
multiple sources on the RD Web Access Web page?
10-22 Implementing and Managing Microsoft Desktop Virtualization

What Is Remote Desktop Web Access?

Key Points
RD Web Access is the RDS role service that provides a single place to list available RemoteApp programs,
remote desktops, and virtual desktops. You can access RD Web Access from a Web browser. Then, on
Windows 7 clients, you can integrate the list of available resources with the Start menu by using
RemoteApp and Desktop Connections. When you install RD Web Access, Web Server, or Microsoft
Internet Information Services (IIS), also is installedas a required component.
Benefits of using RD Web Access include:
Authorized users can quickly access a list of available RemoteApp programs, remote desktops, and
virtual desktops from anywhere, on the Web page.
You can modify the list of available resources easily without the need to distribute, install. and
uninstall applications on the local computers.
RD Web Access provides a simple out-of-the box solution, while providing an infrastructure that can
be used for more complex scenarios.
Users can launch the RDC client from the RD Web Access Web site, which enables users to connect
remotely to the desktop of any computer where they have Remote Desktop access.

Note: RD Web Access does not require Windows 7 clients, but to establish a connection, the client
computers must be using RDC 6.1 or newer, and Internet Explorer 6 or newer.

When a user starts a RemoteApp program, an RDS session also starts on the RD Session Host server that
hosts the RemoteApp program. When a user connects to a virtual desktop, the RD Session Host Server
makes a RDC to a virtual machine that is running on a RD Virtualization Host server.
Configuring Remote Desktop Services and RemoteApp 10-23

Note: RD Web Access only provides a link to launch RemoteApp programs or to connect to a Remote
Desktop session. RD Web Access does not proxy the client request. For the user to run the application,
or connect to the virtual machine or remote desktop, the client must be able to communicate with the
RD Session Host server, the RD Virtualization Host server, or with the computer on which you enable
the remote desktop.

Question: Why would you use RD Web Access?


10-24 Implementing and Managing Microsoft Desktop Virtualization

What Is RemoteApp User Assignment?

Key Points
RDS introduces the RemoteApp User Assignment feature in Windows Server 2008 R2, and it provides you
with the ability to configure a personalized list of RemoteApp programs. Before this feature became
available, the same list of RemoteApp programs and Desktop Connections was available for all users. With
RemoteApp User Assignment, each user gets a personalized list, which displays the users available
RemoteApp programs, desktop connections, and virtual desktops.
You can implement the RemoteApp User Assignment feature by adding an access control list (ACL) to the
RemoteApp program link. When a user logs on to RD Web Access, it obtains from the RD Session Host
servers the list of available RemoteApp programs for the user or group of which the user is a member. If
you configure RD Web Access to obtain the list of available RemoteApp programs from one or more RD
Session Host servers, RD Web Access directly queries the servers. If you configure RD Web Access to
obtain the list of available RemoteApp programs from RD Connection Broker, the RD Connection Broker
server queries the RD Session Host servers, and then filters the list of RemoteApp programs. By default,
when you publish RemoteApp program, all users can see the published RemoteApp program. You can
change the User Assignment through RemoteApp program properties or by using Windows PowerShell.

Here are some factors to consider when you are establishing a RemoteApp User Assignment:
You can assign the RemoteApp programs only to domain users or domain groups, not local users or
local groups.
The computer that performs the check of a users credentials against the RemoteApp User
Assignment settings must be a member of the domains Windows Authorization Access Group or be
joined to a domain that is running in Windows 2000 compatibility mode.
Configuring Remote Desktop Services and RemoteApp 10-25

Note: RemoteApp User Assignment is not a security feature. It is a discoverability mechanism. There
are other ways to secure access to an RD Session Host server, and the RemoteApp User Assignment
feature does nothing to change or improve upon these methods This feature only helps reduce the
number of unnecessary applications that display to users.

Question: Why would you use RemoteApp User Assignment?


10-26 Implementing and Managing Microsoft Desktop Virtualization

Demonstration: How to Publish RemoteApp Programs

Key Points
In this demonstration, you will see how RD Web Access can retrieve and aggregate a list of available
RemoteApp programs from multiple RD Session Host servers. You also will see how to assign RemoteApp
program to a user or group.

Demonstration steps:
1. On the NYC-SVR1 server, configure RD Web Access to retrieve the aggregated list of RemoteApp
programs from the NYC-SVR1 and NYC-DC1 servers.
2. Publish Calculator and Paint as RemoteApp programs on NYC-DC1.
3. Publish Notepad and WordPad as RemoteApp programs on NYC-SVR1.
4. On NYC-SVR1, on the RD Web Access page as administrator verify the available RemoteApp
programs.
5. On the NYC-SVR1, assign the WordPad RemoteApp program to contoso\ruser.
6. On NYC-SVR1, refresh Internet Explorer, and then verify that WordPad is not listed.
Configuring Remote Desktop Services and RemoteApp 10-27

Lesson 3
Accessing RemoteApp Programs from Clients

If you configure RemoteApp programs properly, you can seamlessly integrate these programs and users
usually cannot distinguish between RemoteApp programs and local applications. You can access
RemoteApp programs in different ways: via the RD Web Access Web site, by using the .rdp file, by clicking
on the installed RemoteApp icon, by opening file with extension associated with RemoteApp program, or
by running it from Start menu. When you configure additional options, such as a trusted .rdp publisher,
SSO, and device redirection, user experience with RemoteApp programs is almost identical to locally
running applications. With the RD Easy Print feature, printing from remote applications is similar to
printing from local applications.

When you configure and use RD Gateway, you can access RemotaApp programs from anywhere. RDP
protocol provides security by encrypting the traffic, but RD Gateway provides additional level of security,
by encapsulating and encrypting RDP traffic inside HTTPS packets. RD Gateway enables secure access to
RDS servers from a public network, without first establishing a VPN connection.
10-28 Implementing and Managing Microsoft Desktop Virtualization

Accessing RemoteApp Programs on RD Web Access

Key Points
When you log on to RD Web Access, RD Web Access displays the list of available RemoteApp programs.
You can start RemoteApp programs from the RD Web Access Web page, but you should be aware that
you use RDC to connect to the RDS server. RD Web Access provides links only to start the remote
applications. You can also start a full remote desktop session from RD Web Access or connect to a virtual
desktop, when the VDI infrastructure is in place. You use the HTTP protocol for connecting to RD Web
Access Web site and the RDP protocol to connect to remote applications or remote desktops.

When you start a RemoteApp program in the default configuration, you will see a warning that the
publisher of the RemoteApp program cannot be identified, and that you must decide if you want to
continue. This is because the .rdp files are unsigned. To avoid this warning, you must configure the digital
signature settings, and then specify a trusted digital certificate on the RD Session Host server. However,
even when you configure digital signing, users will continue to receive notifications when they run
RemoteApp programs. The only way to avoid notifications is to configure thumbprints of the trusted .rdp
publisher certificates in Group Policy.

You also receive a prompt to enter your user credentials. Even when you are logged on to the domain
account, you need to provide credentials for running a RemoteApp program. You can avoid this prompt
by configuring SSO. This lesson details SSO later.

After the RemoteApp program starts, its look and feel is similar to a locally installed application. You can
recognize a RemoteApp application by the (Remote) suffix in Task Manager and the slightly modified
icon on the taskbar.

Question: How is running a RemoteApp program in default configuration different from running a locally
installed application?
Configuring Remote Desktop Services and RemoteApp 10-29

What Is RemoteApp and Desktop Connections?

Key Points
In Windows Server 2008 R2, RDS provides the ability to group and personalize RemoteApp programs, as
well as virtual desktops, and make them available on the Start menu of a computer that is running
Windows 7. This feature is known as RemoteApp and Desktop Connections.
RemoteApp and Desktop Connections works with a new feature of RD Web Access--the RemoteApp and
Desktop Connections feed. Instead of presenting RemoteApp programs in the form of a Web page, this
feed presents the programs in the form of an XML document, which it parses and displays on the Start
menu of the Windows 7 or Windows Server 2008 R2 client. With RemoteApp and Desktop Connections,
you subscribe to a feed of RemoteApp programs by providing the client with the feeds URL, typically in
the form of https://contoso.com/RDWeb/Feed/webfeed.aspx. Then, it updates and places a list of
published resources automatically in the users Start menu.

The RemoteApp and Desktop Connections feature offers several benefits, which include:
RemoteApp programs launch from the Start menu, just like a locally installed application.
Published RDCs and virtual desktops are included together with RemoteApp programs on the Start
menu.
Changes to the available resources, such as newly published RemoteApp programs, update
automatically.
Users can access and launch RemoteApp programs easily with Windows Search.
RemoteApp and Desktop Connections does not require domain membership for client computers.
RemoteApp and Desktop Connections is built on standard technologies, such as XML and HTTPS,
which makes it possible for developers to build solutions around it.
You can create a client configuration file (.wcx) in the Remote Desktop Connection Manager console and
distribute it to the users. You can also write and distribute a script to run the client configuration file
10-30 Implementing and Managing Microsoft Desktop Virtualization

automatically, so that RemoteApp and Desktop Connections is set up automatically when the user logs on
to a Windows 7 computer.

Note: If users are not running Windows 7, they can access resources available through RemoteApp
and Desktop Connections from a Web browser, by signing on to the RD Web Access server.

Note: If you require Secure Sockets Layer (SSL) for clients to access the RD Web Access server and you
deploy RemoteApp and Desktop Connections, you must install a certificate that client computers trust
on the RD Web Access server. If the clients do not trust the certificate, the updates from the RD Web
Access server will fail.
Configuring Remote Desktop Services and RemoteApp 10-31

Demonstration: Accessing RemoteApp Programs

Key Points
In this demonstration, you will see how to access a RemoteApp program by using RD Web Access Web
page and locally available RemoteApp program link. You will also see how to package and distribute links
for RemoteApp programs.

Demonstration steps:
1. On NYC-CL1, navigate to the RD Web Access Web page as contoso\ruser.
2. Start the Notepad RemoteApp program, compare it with the local application, and then close it.
3. On the NYC-SVR1 server, create a Windows Installer package for the WordPad RemoteApp program.
Select to associate client extensions with this RemoteApp program, and share the folder to which the
Windows Installer package is saved.
4. On NYC-CL1, run the Windows Installer package from the share.
5. On NYC-CL1, create a file with a .docx extension. Double-click it, and verify that it opens in the
WordPad RemoteApp program.

Question: What is the benefit of using the Windows Installer package to distribute RemoteApp programs
instead of using an .rdp file?
10-32 Implementing and Managing Microsoft Desktop Virtualization

What Is SSO?

Key Points
SSO is an authentication method that allows domain users to log on once, using a password or a smart
card, and then gain access to remote servers without having to enter their credentials again. If you use the
same user account on your local computer and RD Session Host server, enabling SSO will allow you to
connect to RD Session Host server seamlessly, without having to type your password again. You typically
use SSO when you deploy line-of -business (LOB) applications or centralized applications.
Due to lower maintenance costs, many companies prefer to install their LOB applications on an RD
Session Host server, and then make these applications available as RemoteApp programs or through
remote desktop. SSO makes it possible to give users a better experience by eliminating the need for them
to enter credentials every time they initiate a remote session.
To implement the SSO functionality in RDS, ensure that you meet the following requirements:
Users can use SSO for remote connections only from a Windows XP SP3 or newer operating system to
connect to a Windows Server 2008 Terminal Server or Windows Server 2008 R2 RDS Session Host.
If the server to which you are connecting cannot be authenticated via Kerberos or SSL certificate, SSO
will not work.
If you have saved credentials for the target machine, they take precedence over the current
credentials.
If the terminal server is configured to Always prompt or RDP file setting Always prompt, then SSO will
not work.
User accounts that are used for logging on have appropriate rights to log on to both the RD Session
Host and the Windows client.
The client computer and RD Session Host must be joined to a domain.
Configuring Remote Desktop Services and RemoteApp 10-33

Note: You can enable SSO by using domain or local Group Policy. You should configure the Allow
Delegating Default Credentials setting in the Computer part of Group Policy.

Question: What is the advantage of using SSO when you start a RemoteApp program?
10-34 Implementing and Managing Microsoft Desktop Virtualization

What Is Device Redirection?

Key Points
When you configure device redirection, you can use the redirected device in a remote desktop session.
You can redirect most devices, including printers, smart cards, serial ports, drives, Plug and Play devices,
media players based on the Media Transfer Protocol (MTP). You can redirect digital cameras based on the
Picture Transfer Protocol (PTP). When the user connects to the RD Session Host server, the Plug and Play
device that is redirected automatically installs on the remote RDS server and Plug and Play notifications
appear in the notification area on the remote computer. If you select the Devices that I plug in later
check box in the RDC client, the Plug and Play device is installed on the remote computer when you
connect the device in the local computer during the remote desktop session. After RD Session Host server
installs the redirected Plug and Play device on the remote computer, the Plug and Play device is available
for use in a session. For example, if the digital camera is redirected, you can access it from Scanner and
Camera Wizard on the remote computer in the Remote Desktop session.

Plug and Play device redirection is not supported over cascaded RDCs. This means that when you connect
remotely to one RD Session Host server, and from within that session you connect to another RDS server,
the second connection is cascaded. For example, you can redirect, and then use, a Plug and Play device
attached to your local computer when you connect to a remote computer. However, if you connect to a
second remote computer from the first one, you cannot redirect and use the Plug and Play device with
the second computer.

Note: Due to security restrictions, you cannot copy a file from a remote computer to the root folder of
a drive on the computer unless you are logged on using the default computer administrator account.

Note: You can control device redirection by using Group Policy settings.
Configuring Remote Desktop Services and RemoteApp 10-35

Question: Can you redirect only the devices that are connected locally when you establish a remote
connection?
10-36 Implementing and Managing Microsoft Desktop Virtualization

Demonstration: Using Device Redirection

Key Points
In this demonstration, you will see how to use the device redirection feature.

Demonstration steps:
1. On NYC-CL1, establish an RDC as Administrator to the NYC-DC1 server, without redirecting the
printers to the session.
2. Verify that the local drives are redirected and available in the remote session. Assess the redirected C:
drive.
3. Verify that the files are on the local drive C, and then log off the RDC.
Configuring Remote Desktop Services and RemoteApp 10-37

What Is RD Easy Print?

Key Points
The RD Easy Print feature enables you to print from a RemoteApp program or from a Remote Desktop
session to the local or network printers that you configure on the client computer, without having to
install printer drivers on the RD Session Host server. The RD Easy Print feature uses the print drivers
installed locally on the client to print from a RD session, which results in a consistent printing experience
between local and remote sessions.
When you print from the RD session to a local printer, you can see the full printer properties dialog box
from the client and you can access all of the printer functionality. RD Easy Print universal driver acts as a
proxy and redirects all printing-related work to the client, even if the drivers are not available on the RD
Session Host server. RD Easy Print renders the document to be printed in XPS format on the RD Session
Host server and then transfers it to the client, where the local print driver prints the document. Since you
can create and print XPS documents on x86 and x64 platforms and are platform-independent, there are
no cross-platform compatibility issues when using RD Easy Print.
You can use Group Policy to configure RD printer redirection options, such as limiting the number of
printers that are redirected to just the default printer or using the RD Easy Print printer driver first.

To use the RD Easy Print feature, clients must run the RDC 6.1 or newer and have at least Microsoft .NET
Framework 3.0 Service Pack 1 installed. Both of these components are included with the current Windows
operating systems and are available for download for Windows Vista and earlier client operating systems.
10-38 Implementing and Managing Microsoft Desktop Virtualization

Accessing RemoteApp Programs from an External Network

Key Points
RD Gateway is a role service in the RDS role that allows authorized remote users to connect to RD Session
Host and remote desktop computers that you host behind firewalls on private networks and across
Network Address Translation (NAT) devices. More specifically, RD Gateway enables authorized remote
users to connect to terminal servers, RD Session Host servers, and remote desktops on the corporate
network from any Internet-connected device that is running RDC 6.0 or newer. RD Gateway tunnels all
RDP traffic over HTTPS to provide a secure, encrypted connection. All traffic between the users client
computer and RD Gateway is encrypted while in transit over the Internet.

When the perimeter network receives data through an external firewall, RD Gateway decrypts HTTPS and
contacts the domain controller to authenticate the connection. RD Gateway also contacts the network
policy server to verify if the user can cross the gateway and contact the RDS host. If the user receives
validation, and the connection is allowed, RD Gateway passes the RDP traffic to the destination host and
establishes a security-enhanced connection between the user who sends the data and the destination
host.

RD Gateway eliminates the need to configure VPN connections, enabling remote users to connect to the
corporate network through the Internet, while providing a comprehensive security configuration model
that enables you to control access to specific resources on the network. The RD Gateway Management
snap-in console provides a single, one-stop tool that enables you to configure policies to define
conditions that users must meet to connect to resources on the network.

RD Gateway:
Provides a comprehensive security configuration model that enables you to control access to specific
internal network resources.
Provides a secure and flexible RDP connection that allows users to access resources to which their
RDP host has access, and prevents remote users direct network connectivity to all internal network
resources. This helps protect the internal resources.
Configuring Remote Desktop Services and RemoteApp 10-39

Enables remote users to connect to internal network resources that are hosted behind firewalls on
private networks and across NAT devices.
Enables you to configure authorization policies to define conditions for remote users to connect to
internal network resources by using RD Gateway Manager.
Enables you to configure RD Gateway servers and Remote Desktop clients to use Network Access
Protection (NAP) to enhance security.
Provides tools to help you monitor the RD Gateway connection status, health, and events. By using
RD Gateway Manager, you can specify events such as unsuccessful connection attempts to the RD
Gateway server that you want to monitor for auditing purposes.

Question: In which situations would you use RD Gateway?


10-40 Implementing and Managing Microsoft Desktop Virtualization

Demonstration: Configuring RD Gateway

Key Points
To function correctly, RD Gateway requires that you install, and run, several other Windows Server 2008
R2 role services and features. When you install the RD Gateway role service, the required server roles and
services are installed and started automatically, if they are not already installed.
In this demonstration, you will see how to configure the RD Gateway by performing following steps:
Install the TS Gateway role service.
Obtain and configure a SSL certificate for the RD Gateway server.
Create a Remote Desktop connection authorization policy (RD CAP).
Create a Remote Desktop resource authorization policy (RD RAP).
Limit the maximum number of simultaneous connections though RD Gateway (optional).

Demonstration steps:
1. On the NYC-SVR1 server, configure RD Gateway to use the external.contoso.msft digital certificate.
2. On the NYC-SVR1 server, create a new Connection Authorization Policy, and then name it
Authorized Remote Users.
3. Allow RD Users to connect through RD Gateway, and accept default options for other settings.
4. On the NYC-SVR1 server, create a new Resource Authorization Policy, and then name it
Authorized Target Computers.
5. Allow members of RD Users group to connect to computers in RD Web Computers group and
accept other default settings.

Question: What will be the consequences if you skip one of the steps in configuring RD Gateway such as
not configuring RD CAP?
Configuring Remote Desktop Services and RemoteApp 10-41

Using Group Policy to Configure an RD Client

Key Points
Although you can set most RD connection properties by using the administrative tools or the RDC client,
you might want to set them by using Group Policy. Using Group Policy typically is a simpler method for
configuring RDS, especially in an environment with multiple RDS servers.
Group Policy provides many RDS related settings in Computer, as well as in User configuration. They are
available under Administrative Templates, in Windows Components part of the Group Policy settings. By
using Group Policy, you can configure the following properties:
RD Licensing and Security settings, such as client connection encryption level and prompt for
password.
Remote Session and Environment settings, such as display resolution, color depth, font smoothing, or
session time limits.
RDC Client settings, such as trusted .rdp publisher.
RD Client settings, such as redirection of devices, printers, and resources.
Do not forget that some Group Policy settings, such as Credentials Delegation, which is required for SSO,
also apply for remote desktop sessions!

Note: RDS settings that you configure by using Group Policy take precedence over the user account
properties that you configure in the Active Directory Users and Computers snap-in, and the per-
connection settings that you configure by using the Remote Desktop Session Host Configuration snap-
in.

Question: What is the result if you configure the same RDC Group Policy setting in the Computer
Configuration node, as well as in the User Configuration node?
10-42 Implementing and Managing Microsoft Desktop Virtualization

Lab: Configuring RDS and RemoteApp Programs

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. Ensure that the 10324A-NYC-DC1, 10324A-NYC-SVR1, and 10324A-NYC-CL1, virtual machines are
running.
3. If required, connect to the virtual machines. Log on to 10324A-NYC-DC1, and 10324A-NYC-SVR1
as Contoso\Administrator using the password Pa$$w0rd.
4. Log on to 10324A-NYC-CL1 as Contoso\ruser using the password Pa$$w0rd.
Configuring Remote Desktop Services and RemoteApp 10-43

Exercise 1: Preparing the RDS Environment


Scenario
You have Windows Server 2008 R2 server infrastructure. Security regulations require that certain
applications are available just on central servers, so you need to provide RDS to your users.

The main tasks for this exercise are:


1. Add the Remote Desktop Service role to the NYC-DC1 server.
2. Add the Remote Desktop Service role to the NYC-SVR1 server.
3. Configure Group Membership on the RD Session Host servers.

Task 1: Add the Remote Desktop Service role to the NYC-DC1 server
1. On NYC-DC1, add the Remote Desktop Session Host role service of the Remote Desktop Services
role. Specify Require Network Level Authentication for Authentication Method, and then accept
the default values for the other settings.
2. After the restart, log on to NYC-DC1 as Contoso\Administrator with Pa$$w0rd as password.

Task 2: Add the Remote Desktop Service role to the NYC-SVR1 server
1. On NYC-SVR1, add the Remote Desktop Session Host, Remote Desktop Connection Broker, and
Remote Desktop Web Access role services of the Remote Desktop Services role. Specify Require
Network Level Authentication for Authentication Method, and accept the default values for the
other settings.
2. After the restart, log on to NYC-SVR1 as Contoso\Administrator with Pa$$w0rd as password.

Task 3: Configure Group Membership on the RD Session Host servers


1. On NYC-DC1, add the RD Web Computers group as a member to TS Web Access Computers
group, and the RD Users group as a member to the Remote Desktop Users group.
2. On NYC-SVR1, add the RD Web Computers group as a member to the local TS Web Access
Computers group, and add the RD Users group as a member to the local Remote Desktop Users
group.

Results: After this exercise, you should have added the RDS role to the NYC-DC1 and NYC-SVR1
servers and configured group membership to allow access to the RD Web Access server.
10-44 Implementing and Managing Microsoft Desktop Virtualization

Exercise 2: Publishing RemoteApp Programs


Scenario
After you prepare the RDS infrastructure, you want to provide users with access to available RemoteApp
programs. You want to provide a central place from where users can see and access only the applications
for which they have permissions.

The main tasks for this exercise are:


1. Publish RemoteApp programs.
2. Configure Remote Desktop Connection Broker to aggregate a list of RemoteApp programs.
3. Configure Remote Desktop Web Access to use Remote Desktop Connection Broker.
4. Access Remote Desktop Web Access from the client.
5. Configure and test RemoteApp User Assignment.

Task 1: Publish RemoteApp programs


1. On NYC-DC1, use RemoteApp Manager to add Calculator and Paint to the RemoteApp Programs
list.
2. On NYC-SVR1, use RemoteApp Manager to add WordPad and Notepad to the RemoteApp
Programs list (Notepad is in the Windows\System32 folder).

Task 2: Configure Remote Desktop Connection Broker to aggregate a list of RemoteApp


programs
On NYC-SVR1, add NYC-DC1.contoso.com and NYC-SVR1.contoso.com as a RemoteApp source
name in Remote Desktop Connection Manager.

Task 3: Configure Remote Desktop Web Access to use Remote Desktop Connection
Broker
1. On NYC-SVR1, use Remote Desktop Web Access Configuration to configure to use NYC-
SVR1.contoso.com as the RD Connection Broker server.
2. Verify that the Enterprise Remote Access Web page displays four RemoteApp published
applications.

Task 4: Access Remote Desktop Web Access from the client


1. On NYC-CL1, connect to https://NYC-SVR1.contoso.com/RDWeb in Internet Explorer, and then log
on as Contoso\ruser with Pa$$w0rd as password
2. Start the Notepad RemoteApp program.
3. Verify that the RemoteApp program looks and behaves as if it was installed locally, and then close
Notepad.

Task 5: Configure and test RemoteApp User Assignment


1. On NYC-SVR1, use RemoteApp User Assignment to assign WordPad to contoso\Administrator.
2. On NYC-CL1, refresh the Web page in Internet Explorer and verify the number of listed RemoteApp
programs.
3. On NYC-DC1, select Hide in RD Web Access for the Paint RemoteApp program.
4. On NYC-CL1, refresh the Web page in Internet Explorer, and then verify the number of listed
RemoteApp programs.
Configuring Remote Desktop Services and RemoteApp 10-45

Results: After this exercise, you have several published RemoteApp programs on two RD Session Host
servers. You also have configured RD Web Access to use RD Connection Broker, which aggregates a list
of available RemoteApp programs, and you tested access to the RD Web Access Web page and
RemoteApp User Assignment.
10-46 Implementing and Managing Microsoft Desktop Virtualization

Exercise 3: Accessing Published RemoteApp Programs


Scenario
After you provide RD Web Access Web portal to users, you discover that users do not have a seamless
experience when running RemoteApp programs. You want to change that, so that users do not receive
multiple prompts when they start remote applications. Additionally, to reduce training costs, you want to
provide shortcuts to the remote application on the desktops of users, and you want to integrate the
available RemoteApp programs on the Start menu.

The main tasks for this exercise are:


1. Configure digital signing of .rdp files on RD Session Host servers.
2. Configure SSO for accessing RD Session Host servers.
3. Configure a trusted .rdp publisher.
4. Package a RemoteApp program as a Windows Installer package.
5. Install and test the RemoteApp Windows Installer package.
6. Implement RemoteApp and Desktop Connections.

Task 1: Configure digital signing of .rdp files on RD Session Host servers


1. On NYC-SVR1, configure a Digital Signature for .rdp files by selecting the digital certificate for NYC-
SVR1.contoso.com.
2. On NYC-DC1, configure a Digital Signature for .rdp files by selecting the digital certificate for NYC-
DC1.contoso.com.
3. On NYC-CL1, refresh the Web page in Internet Explorer.

Task 2: Configure SSO for accessing RD Session Host servers


On NYC-CL1, enable Credentials Delegation in Local Group Policy. To find this setting in Local
Group Policy expand Computer Configuration, expand Administrative Templates, and then
expand System and then click Credentials Delegation. Enable the Allow Delegating Default
Credentials setting and enter TERMSRV/* as the Value. You need to click the Show... button first.

Task 3: Configure a trusted .rdp publisher


1. On NYC-CL1, enable the Specify SHA1 thumbprints of certificates representing trusted .rdp
publishers Local Group Policy setting. To find this configuration expand Computer Configuration,
expand Administrative Templates, expand Windows Components, expand Remote Desktop
Services, and then click Remote Desktop Connection Client.
2. On NYC-CL1, switch to Internet Explorer, and copy the value of the Thumbprint field for the NYC-
SVR1.contoso.com computer certificate that you want to use to sign .rdp files.

Note: Do not highlight the leading or ending space in the thumbprint box!

3. Paste Thumbprint field value to the Comma-separated list of SHA1 trusted certificate thumbprints
entry box of the Group Policy setting.
4. On NYC-CL1, in Internet Explorer, click Notepad, and then verify that it starts without any prompts.

Task 4: Package a RemoteApp program as a Windows Installer package


1. On NYC-SVR1, create a Windows Installer package for the WordPad RemoteApp program. Select to
create a shortcut on the Desktop, and then associate client extensions with the RemoteApp program.
2. Share C:\Program Files\Packaged Programs with default permissions.
Configuring Remote Desktop Services and RemoteApp 10-47

Task 5: Install and test the RemoteApp Windows Installer package


1. On NYC-CL1, install \\nyc-svr1\Packaged Programs\wordpad.msi.
2. Start WordPad from the desktop, and then verify that it opens without any prompt. Close WordPad.
3. On the desktop, create a file called Report.docx, and then double-click it. Verify that file opens in the
Wordpad RemoteApp program, and then close Wordpad.

Task 6: Implement RemoteApp and Desktop Connections


1. On NYC-CL1, set up a new connection with RemoteApp and Desktop Connections, and specify
https://NYC-SVR1.contoso.com/RDweb
/Feed/webfeed.aspx as the Connection URL.
2. Verify that there is new program group, RemoteApp and Desktop Connections, available in All
Programs on the Start menu.

Results: After this exercise, you have configured digital signing for .rdp files, trusted .rdp publisher
and enabled SSO for NYC-CL1 computer. You also created Windows Installer package for RemoteApp
program, install it and test how RemoteApp and Desktop Connections works.

To prepare for the next lab


When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. Right-click the virtual machines used in this lab, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
10-48 Implementing and Managing Microsoft Desktop Virtualization

Module Review and Takeaways

Review Questions
1. Do you need to install the RDS role if you only want to provide Remote Desktop access for remote
administration?
2. Is the RD Web Access role service required if you want to provide RemoteApp program access for
your clients?
3. Can you connect from Windows Vista SP1 client to RD Session Host server on Windows Server 2008
R2?
4. How can you control who sees the RemoteApp program link on the RD Web Access Web page?
5. What benefits does SSO provide when you run RemoteApp programs and where can you configure
it?
6. Does RD Gateway provide full end-to-end protection of RDP traffic?

Common Issues and Troubleshooting Tips Related to RDS


Identify the causes for the following common issues related to RDS and fill in the troubleshooting tips. For
answers, refer to relevant lessons in the module.

Issue Troubleshooting tip

Users can connect to the RD Session Host server


from Windows 7 and Windows Vista clients, but
they cannot connect from Windows XP clients.

When users establish a Remote Desktop session


with RD Session Host, they cannot use any of the
Windows 7 features, like desktop themes and
photo management.
Configuring Remote Desktop Services and RemoteApp 10-49

Issue Troubleshooting tip

When users establish an RD session from a


Windows 7 client, they can see the Aero Glass
effect in the session. However, when the same
users establish an RD session from a Windows
Vista client, the Aero Glass effect is not available.

Several users can see a published RemoteApp


program on the RD Web Access Web page,
while other users cannot.

When users start RemoteApp programs, they


always receive prompts for their credentials.

Users can open data files in a RemoteApp


program, but when they double-click on the
same file in Windows Explorer, the RemoteApp
program does not start.
10-50 Implementing and Managing Microsoft Desktop Virtualization
Implementing User State Virtualization 11-1

Module 11
Implementing User State Virtualization
Contents:
Lesson 1: Overview of User State 11-3
Lesson 2: Configuring Roaming Profiles and Folder Redirection 11-15
Lab: Implementing User State Virtualization 11-30
11-2 Implementing and Managing Microsoft Desktop Virtualization

Module Overview

User state virtualization is a concept that allows administrators to provide more flexible client
environments, and to provide users with ability to have documents and settings following them from
computer to computer. Also, this concept provides better ability to backup and centralize user data, as
well as to prevent data loss. By virtualizing user state, you provide ability to users to have their data always
with them, no matter on which machine they log on. This technology can be combined with other
virtualization technologies.
This module discusses technologies that provide user state virtualization and various ways to provide
virtualization. This module also discusses how to configure roaming profiles and users folder redirection
as part of user state.
Implementing User State Virtualization 11-3

Lesson 1
Overview of User State

User state consists of several operating system files from users documents, data and settings. The user
state presents whole environment that makes user unique to the system. Many users spend significant
time customizing and configuring their environment items such as desktop wallpaper, screen savers, and
other unique Windows operating system elements. They usually expect these settings to be available to
them, no matter which computer they use.
Files and settings that contain user states are usually stored locally on computer where the user is
working. They can also be placed on a network location, and they can follow user on all computers that
the user logs on to.
This lesson discusses user state and user profiles, their types and scenarios of usage.
11-4 Implementing and Managing Microsoft Desktop Virtualization

What Is User State?

Key Points
User state is a general term to describe several categories that determine user environment, user data and
settings. User state cannot be identified in one specific file or setting, but it rather presents a set of various
files and settings. In operating systems such as Windows Vista and Windows 7, the user state separates the
user environment, files and settings from files and settings specific to the installed operating system as
well as those belonging to applications.

Also, user state is specific to each user of computer, which means that every user has its own user state
that is mostly independent of other users.
The user state includes users data as well as application or operating system configuration settings.
Traditionally, users PCs contain the authoritative copy of users data and settings.

Note: User state is often equivalent with a user profile, however, when it comes to virtualization, the
term user state is used to describe the process of how data from a user profile moves with user.

User state consists of four main categories of data:


User settings. This component of user state describes all settings that user has personalized to himself
after operating system is installed.
User Registry. This is part of machines registry that is specific to each user. Registry node
HKEY_CURRENT_USER (HKCU) stores settings that are specific to the currently logged-in user. The
HKCU key is a link to the subkey of the HKEY_USERS node that corresponds to the user. The same
information is accessible in both locations. On Windows Vista and Windows 7 based systems, each
user's settings are stored in their own files called NTUSER.DAT and USRCLASS.DAT inside their own
Users folder on boot volume. Settings in this node follow users with a roaming profile from machine
to machine.
Implementing User State Virtualization 11-5

Application data. This is one of the folders that are part of user state. This folder contains mostly
application settings specific for a user. For example, if a user installs Microsoft Word, and personalizes
its settings to fit his needs (e.g. adjust toolbars, set language, etc.) these settings will be stored in the
Application Data folder. In Windows 7 this folder is called AppData and it is stored inside users profile
folder. Unlike previous version of Windows, such as Windows XP, where Application Data folder stores
application-related data with little or no separation of user-related or computer-related application
settings, in Windows 7, the AppData folder replaces Application Data, and provides a high degree of
separation for user-related and computer-related application settings.
User data. This component contains all user specific data, such as files in My Documents folder,
Favorites folder, Pictures folder, etc.

Question: What is the main difference in handling user state in Windows XP comparing to Windows Vista
and Windows 7?
11-6 Implementing and Managing Microsoft Desktop Virtualization

Benefits and Challenges of User State Virtualization

Key Points
Before discussing virtualization of user state, let us discuss some main challenges to user state
management in general.

There are three main challenges with managing the user state.

The first challenge is how to back up user data and settings that are scattered from PC to PC and then
restore users productivity after a computer replacement or after a laptop is lost or stolen. Many users
make a lot of changes to their environment, and save a lot of data inside their user profiles. Since files are
stored locally, it might be hard to backup these data, as well as restore them on new PC if necessary.

The second challenge is how to migrate the user state during operating system migrations. Currently, this
challenge is mostly addressed by using Windows Easy Transfer and User State Migration Tool utilities.
While Windows Easy Transfer is mostly intended for single use, USMT can be used in enterprises during
operating system migrations. However, users might not be aware or familiar with these utilities, and also
usage of these utilities requires additional time and resources.
The final challenge is how to make the data available to the user regardless of the PC being used. In many
companies, users are using several computers, sometimes even in different office locations. It might be
pretty tricky to enable user to have access to his data and settings all the time and on every computer.
Also, if you want to provide users with same environment when they are using Remote Desktop Services
(RDS) with Terminal Services or with Virtual PC (like Windows XP Mode), it might be difficult to achieve
that if user profiles are located locally.

In any case, user state virtualization provides a solution.


With user state virtualization, organizations store users data and settings in a central location (and,
optionally, cache them locally for offline usage when users are mobile). That location is usually a network
share on file server or Storage Area Network (SAN).
Implementing User State Virtualization 11-7

The result is that users are free to roam, and their data and settings follow them from computer to
computer. The whole point of this concept is to separate data that are user-specific (and can roam) from
data that are computer-specific and must be stored locally.

User state virtualization can also mitigate productivity loss of PC replacement. The central copy of the
data is on the network, so it is easily restored in case of a lost or stolen PC and the users settings can be
re-applied automatically. When the IT department sets up the policy to allow offline access to the
redirected folder, Windows BitLocker Full Volume Encryption can be applied to the PC to help ensure data
safety. A typical example of this type of virtualization is using Windows with Windows 7 Folder Redirection
with Offline Files and a Roaming User Profile, which will be discussed later.

Core technologies that enable usage of user state virtualization are:


Roaming Profiles
Folder Redirection
Offline files
These technologies are enhanced in Windows Server 2008 R2 and Windows 7 and will be discussed in
later topics and lessons.

Question: How your companies address user state management challenges presented in this topic?
11-8 Implementing and Managing Microsoft Desktop Virtualization

What Is a User Profile?

Key Points
A user profile consists of a folder hierarchy, or namespace, files, junctions and registry settings that store
the appropriate and often personalized settings for a users computer and application environment.
In Windows Vista and Windows 7, user profile is located in %SystemDrive%\Users folder, inside
NTUSER.DAT file, on partition where operating system is installed. User profile is always named after user
logon name, and it contains several folders inside. Some folders inside user profiles are hidden and can be
viewed only after option for showing hidden files and folders are enabled while others are accessible by
default.
The first time a user logs on to a computer, the Windows operating system creates the desktop
environment according to various defaults and administrator-configured settings. Any changes made to
that environment during the session are saved automatically when the user logs off, thereby ensuring that
the settings are available for future sessions. However, other users can also log on that very same machine
and create their own environment.

User environment settings defined in user profile include following:


The appearance and behavior of the users desktop
Settings for applications that have been configured by the user
Documents, pictures, music, and other data files belonging to the user
The users favorites in Microsoft Internet Explorer
Any other user-specific application settings and data
Beside folders that contain user documents, in Windows 7 and Windows Vista, user profile has a new
folder called AppData that separates local and roaming data, via appropriate subfolders. This is approach
is new to Windows Vista and Windows 7. These subfolders are:
Implementing User State Virtualization 11-9

Local. This folder contains application settings and data that are computer specific. These data should
not be roaming, or are too large to be used for roaming. Content of this folder is essentially the same
as content of folder Local Settings\Application Data that was used in Windows XP.
Roaming. This folder contains data and settings that are roaming when Roaming user profiles are
configured and used. Data inside this folder are not computer dependent, so they can roam with user
from computer to computer. Content of this folder is the same as content of Application Data folder
in root folder of user profile in Windows XP.
LocalLow. This folder has very specific intention of usage. It did not exist in Windows XP. Data stored
in this folder is written by processes that could potentially compromise operating system security or
functionality. For example, applications running within Internet Explorer Protected Mode are using
this location for their data and settings.
In general, there are two main types of user profiles: Local and Roaming. Local profiles are located on
users machine, and can not be automatically moved to another machine, without using specific utilities
such as Easy Transfer or User State Migration Tool (USMT). Roaming profiles are located on network
location, and they are used on each machine where user logs on. Both Local and Roaming profiles have
additional profile subtypes, which will be discussed later.
11-10 Implementing and Managing Microsoft Desktop Virtualization

How Does a User Profile Work?

Key Points
When a user logs on for the first time, Windows creates their initial profile by using either the default local
profile or the default network profile which depends on how the system is configured. Windows connects
to the specified profile path (locally it is %SYSTEMDRIVE%\Users), and creates a subfolder beneath the
specified path that matches the users account name. Similarly, this will also happen on network profile
location, if one is specified. After subfolder is created, Windows assigns full-control NTFS file system
permissions to the user account on the subfolder, and marks the user account as the folder owner. This
process creates a structure of user profile folder. Initially, content of default profile (either local or
network) is copied inside users profile folder while folders that contain user data (such as Documents,
Pictures, etc.) are mostly empty. Now the user can begin to customize its settings and environment, as
well as to store data inside his profile.

Registry node HKEY_CURRENT_USER (HKCU) plays very important role in working with user profiles. All
settings related to user-specific environment are stored in registry while user is logged on. All changes to
the user environment are also reflected in registry.
Each time when user logs on, content of NTUSER.DAT file is loaded to registry node HKCU. During user
session, when user changes his environment, changes are performed in registry. When user logs off,
changes are saved back to NTUSER.DAT file, so they are retained for future use. Since each user has its
own NTUSER.DAT file, each user can have its own set of settings, loaded in registry node HKCU while user
is logged on.

However, there are some settings that are common to all users of one computer. For example, application
installed on a computer might be used by all users, so it creates its shortcut in common location in Start
Menu or Desktop.

For that purpose, a profile called Public is used in Windows Vista and Windows 7 (earlier, it was AllUsers
profile in Windows XP). The content of this profile is accessible to all users of the computer. Unlike regular
profiles, this profile does not have specific registry node, since this profile is never directly loaded. Settings
Implementing User State Virtualization 11-11

contained in this profile are written to HKEY_LOCAL_MACHINE (HKLM) and they are applied to each user
that logs on to that computer.

If, for any reason, user profiles cannot be loaded into registry, a temporary user profile is used. Temporary
profiles are deleted at the end of each session, and changes made by the user to their desktop settings
and files are lost when the user logs off. If user is logged on using temporary profile, warning message will
be issued at logon. Logging to temporary profile is not normal, and it requires troubleshooting.
It is also important to know that not all user data are stored in the registry. Inside the users profile there
are several folders that contain user documents such as, music, pictures, etc. These data can also be
virtualized by using folder redirection which will be discussed in Lesson 2.

Logging to Terminal Server


If user logs on to a computer using terminal session, procedure of loading user profile is slightly different.
Besides working with HKCU registry node, HKLM is also used in this scenario. Key
HKLM\Software\Microsoft\WindowsNT
\CurrentVersion\Profile List contains a list of all currently logged on users with profiles that they are using.
In this registry node, users are identified with their security identifiers (SID) but you can easily identify user
by browsing the node as you will find locations for users roaming profile.

Question: From the perspective of user profiles, what is the main difference between HKCU and HKLM?
11-12 Implementing and Managing Microsoft Desktop Virtualization

Types of User Profiles

Key Points
There are several user profile types available in Windows Vista and Windows 7 used in various scenarios.
In general, Local and Roaming user profiles are the main types, but they both have its subtypes.
These types are:
Default profile. Windows stores a default profile in the C:\Users\Default folder. Windows uses this
default profile to build the users initial desktop environment. This default profile can also be stored
on a domain controller in the Netlogon shared folder.

Note: It is recommended to use Group Policy to configure Default Profile path. Also, some issues may
arise if you have different versions of client operating systems.

Local user profile. As descried earlier, when a user logs off, their desktop environment is saved in a
local user profile file (NTUSER.DAT). This profile is used the next time the user logs on to the same
computer. The Local User profile is not accessible if the user logs on to a different computer. Local
user profiles are stored in the C:\Users folder, in a subfolder related to the users account name.
All users/Public. Previous Windows versions provided the All Users desktop profile. Windows Vista and
Windows 7 replace all users with the public profile. Windows merges the Public profile folder
contents. For example, Desktop and Start menu, with the users own profile during logon.
Roaming profile. Domain user accounts with a roaming profile location can be configured. When the
user logs off, the desktop environment is saved to the designated folder so that it is available at next
logoneven if that logon is to a different computer. Roaming profiles will be discussed in more detail
in later topics.
Temporary user profile. A temporary user profile is issued each time an error condition prevents the
user's profile from loading. Temporary profiles are deleted at the end of each session, and changes
made by the user to desktop settings and files are lost when the user logs off.
Implementing User State Virtualization 11-13

Mandatory profile. A mandatory profile is a read-only version of roaming profile that is preconfigured
and secured by the network administrator to ensure a consistent look and behavior for all users. Users
cannot modify settings in mandatory profile. When user account is configured to use mandatory
profile, each time user logs on to machine, profile content will be downloaded from network share,
just like with roaming profiles. However, if a user makes changes during their session, these changes
will not be stored in their profile when user logs off. In the next logon session, the user will be
presented with original settings and environment specified in mandatory profile.
You can create mandatory profiles similar to creating roaming profiles. If Windows cannot
successfully load the mandatory profile, the user can still log on. Windows creates a transient profile
in this situation, but this condition usually needs troubleshooting.

Note: If you use mandatory profiles, you must configure folder redirection in order to allow users to
save files to their personal folders that are part of their profile, since no changes can be made to
mandatory profile.

Super mandatory profile. The super mandatory profile is a mandatory profile with extra security.
However, unlike mandatory profile, if the user is configured to use super mandatory profile, he will
not be able to log on if super mandatory profile is not available, or can not be loaded into registry for
any reason. Therefore, super-mandatory user profiles should be used only in environments in which
the network infrastructure is very reliable and the presence of the user profile is critical.
Special identitys profiles. In Windows Vista and Windows 7, special identities are used for service
accounts such as Local system, Local service, and Network service. These accounts also use profiles.
These profiles are located on following locations:
LocalSystem - %WinDir%\system32\confi g\systemprofile
LocalService - %WinDir%\serviceprofiles\Localservice
NetworkService - %WinDir%\serviceprofiles\Networkservice

Question: In which scenarios should you use super mandatory profiles?


11-14 Implementing and Managing Microsoft Desktop Virtualization

Demonstration: Exploring User Profiles

In this demonstration, your instructor will show you how to access and browse user profile folders, and
how to use roaming and mandatory profiles.
Demonstration steps:
1. Unhide protected/hidden files and folders using Control Panel Folder Options applet on NYC-DC1.
2. Browse to folder C:\Users\Administrator and see the folder structure.
3. Create a folder called Profiles on NYC-DC1 and share it as Profiles with Authenticated Users.
4. Create a folder called mandatory.v2 within the Profiles folder.
5. From NYC-CL1 computer, copy default profile to \\NYC-DC1\Profiles
\mandatory.v2 location. After files are copied, browse this folder on NYC-DC1 and rename file
NTUSER.dat to NTUSER.man.
6. In Active Directory Users and Computers console, configure Candy Spoon to have her profile located
at \\NYC-DC1\Profiles\%username%. Configure Terri Chudzik to have her profile located at
\\NYC-DC1\Profiles$
\mandatory.
7. Log on to NYC-CL1 as Candy Spoon, make some changes to desktop environment and log off.
8. Log on to NYC-CL2 as Candy Spoon, and verify that all changes that are made on NYC-CL1 are
retained.
9. Log on to NYC-CL1 as Terri, and make some changes to desktop environment.
10. Log off and log back on and verify that no changes are retained.
Implementing User State Virtualization 11-15

Lesson 2
Configuring Roaming Profiles and Folder Redirection

Roaming profiles and Folder Redirection are two technologies that provide companies with the ability for
users to roam between computers and access their personalized desktop environments with their personal
data and settings. Corporate roaming also provides enterprises with flexibility in seating arrangements.
Users need not be guaranteed the same computer each time they come to work, such as in a call center
where users have no assigned desk or seating and must therefore share computers with other users at
different times or on different days, but still want to retain their personal settings and data.
11-16 Implementing and Managing Microsoft Desktop Virtualization

How Roaming Profiles Work

Key Points
Roaming User Profiles allow enterprises to store users profiles on a central network location instead
locally on client computers. Roaming profile structure is the same as with local profiles, however the
location of roaming folder is not.

The main benefit of storing user profiles on network location is that users can access their desktop,
application settings, and data from any computer they have access to. When a user logs on to his
machine, instead of loading local NTUSER.DAT file into registry the roaming profile from network is
loaded. During the users session, he might change his environment, and create and save data. All these
changes will be copied to roaming profile location after user logs off, so they are retained for next session.
Also, if a user changes his computer, all data and settings will be available to him, as roaming profile will
be used from network.

Creating and Using Default Network Profile


Just like local users profiles can be replaced with roaming profiles, you can also replace default local
profile with default network profile. As explained earlier, default profile is used to create new user profile.
It is used only once for each user, during first log on. Default location for this profile is C:\Users\Default.
However, you can also configure this profile to be on network location, so that each user uses the same
default profile for creation of their roaming or local profiles. If the computer is joined to a domain,
Windows first checks to see whether there is a default network user profile. In Windows Vista and
Windows 7, the default network user profile must be named Default User.v2 and stored in Netlogon
folder on domain controller.

Default network user profiles are optional. You do not need to create them if you do not want to. Also, it
is not mandatory to use default network profile if you are using roaming profiles and vise-versa.

Question: When should you use default network profile?


Implementing User State Virtualization 11-17

Configuring Roaming User Profiles

Key Points
Roaming profiles are not enabled by default. You must first prepare infrastructure before you enable user
accounts to use roaming profiles.
Before you create a roaming user profile, you need to create each user account. Then, log on to a server
as an administrator to create a network share to store the roaming user profiles, designate the groups of
users to receive the roaming user profiles, and grant all users Full Control permissions.

Let us discuss steps that need to be performed to configure roaming user profiles and enable users to use
them.
First we need to prepare storage location for roaming profiles. In order to achieve that, you must
complete following steps:

1. Create a shared folder. Create a shared folder on an appropriate file server. In a large organization,
you might use a departmental server to host this shared folder. In a smaller organization with a single
server, you might use the domain controller to host the shared folder. The folder should be
identifiable, and therefore use a recognizable share name such as Profiles. If you have many users,
you might need to create a shared folder for roaming profiles on multiple servers or use DFS to
achieve better availability.
2. Secure the shared folder. Users require at least Change permissions on the shared folder. Therefore,
remove the default shared folder permission, and enable the Allow Change permission for the
Authenticated Users group.

After location is prepared, you should configure user accounts to use roaming profiles. You should do
following:

1. On the domain controller, open Active Directory Users and Computers.


2. Locate the user account, and then modify the profile path for the user.
11-18 Implementing and Managing Microsoft Desktop Virtualization

3. When configuring a user account to use a roaming profile, you typically designate a Universal
Naming Convention (UNC) path that includes the variable %username%. For example, you can
specify the path
\\sea-dc1\profiles \%username%, where the users name is substituted for the username variable
when the profile is created during the logoff process.
4. Windows then creates a folder named username.v2 in the parent shared folder.

Best Practices for Roaming Profiles


To optimize the logon process and to help ensure trouble-free user profile processing, consider the
following points when planning user profiles:
Exclude folders such as the Documents folder from the roaming profile. To ensure that roaming
profiles are loaded quickly and efficiently, consider excluding frequently used folders, such as
Documents from the users roaming profile. Availability of these folders can be achieved through
folder redirection feature.
Do not use the Encrypting File System (EFS) with roaming profiles. The EFS is not compatible with
roaming profiles. If you encrypt user profile folders with EFS, the users profile will not roam.
Do not use offline folders on roaming profile shares. You must disable offline folder caching for the
roaming user profile shared folders. Failure to do so may result in synchronization problems when
both the offline folders and roaming user profiles try to synchronize files in a users profile
Use folder redirection for data folders when logging on to both Windows XP and Windows 7. Because
of the significant differences in profile structure between Windows XP and Windows Vista, consider
using folder redirection.
Create only the root profile share, and let Windows create the folders for each user. This ensures that
the appropriate file permissions are assigned. Failure to observe this recommendation could result in
users having either excessive permissions in other users profile folders, or insufficient permissions in
their own profile folders.
Implementing User State Virtualization 11-19

Limitations of Roaming User Profiles

Key Points
Although Roaming User Profiles provides several benefits to both end users and administrators, there are
some limitations that you must be aware of when using this technology.

Some of important limitations of roaming user profiles are:


Potentially bad performance. Since the entire user profile folder is synchronized between client and
server, this can result in slow logon and logoff procedures. This can be especially slow, when user is
logging on a computer for the first time as the whole profile must be downloaded.
Synchronization of entire profile. Each time when a user log off from machine roaming profile on
server is updated with changes that user has performed locally. However, entire profile is
synchronized every time, even if only a single setting has changed.
No online synchronization on Windows Vista and older. By design, roaming profile is updated only
when user logs off from the computer. If user is not logging off but rather than that hibernates his
computer (which is very often with laptops) changes made will not be uploaded to roaming profile
for a long time.

Note: Beginning in Windows 7, users with roaming user profiles will have their current user settings in
HKCU (in other words, the entire NTuser.dat from their profile) periodically synchronized back to the
server while they are logged on to their computers. This is a change from Windows Vista and earlier
versions, in which roaming user profiles were synchronized back to the server only on logoff.

Simultaneous logons. There are potential sync issues that can arise if you use simultaneous logons on
several computers. For example, if a user logs on to one computer, edits and saves a document stored
in the Documents folder, leaves the computer logged on and then moves to a second computer, logs
on, edits and saves the same document, and then logs off from both computers, the computer from
which the user logs off of last will take precedence. That is, the edits made to the document on that
computer will be the only edits that will be preserved. The edits done on the other computer will be
11-20 Implementing and Managing Microsoft Desktop Virtualization

lost. It is important to remember that when conflicts like this occur, roaming user profile (RUP)
resolves them on a last-writer-wins basis.
Application inconsistencies. If an application makes changes to a user profile that might not produce
expected result on all computers that user is using. For example, if user installs an application and it
creates a shortcut on desktop, that shortcut will be shown on all computers where that user logs on.
However, not all computers will be able to start that application if it is not installed.

Note: you can use the Exclude Directories On Roaming Profile Group Policy setting to prevent
roaming the Desktop folder, which will prevent this inconsistency from arising.

Enabling on individual basis. If you want to use roaming user profiles you must enable them on per-
user basis by configuring user account Properties or by using a script. You can also use template
accounts to enable roaming profile for each new user.
Coexistence with older platforms. If you have a user that roams between various operating system
platforms, you might not be able to use roaming profiles for that user. Each operating system
platform has its own folder structure, and they are not compatible.
Implementing User State Virtualization 11-21

What Is Folder Redirection?

Key Points
Before discussing Folder Redirection, let us focus on one limitation of using Roaming Profiles. If a user is
configured to use Roaming Profile, each time he logs on, whole profile is downloaded to its local machine.
Since profile contain users folders like My Documents, Music, Videos and Downloads, and these folders
usually contain large amount of data, process of downloading these data can take significant amount of
time. This can result in very slow logons. Similar, when user logs off, whole profile is synchronized back to
network location, and that cause very slow log offs. Based on this process, it is very convenient if we
separate user data content from users profile, but still be able to keep that on network location so data
can follow users but do not slow down logon and logoff procedures. Technology that enables this is
called Folder Redirection.

Folder redirection is a client-side technology that provides the ability to change the target location of user
specific folders, such as My Documents, found within the user profile. This redirection is transparent to the
user and gives the user a consistent way of saving their data, regardless of its storage location.

Folder redirection provides a way for administrators to divide user data from profile data. This division of
user data decreases user logon times because Windows downloads less data when user is logging on, and
that directly speed up logon process. Windows redirects the local folder to a central location, giving the
user immediate access to their data when they save it, regardless of the computer they are using. This
immediate access removes the need to update the user profile.
Folder Redirection can be used with or without Roaming profiles. If you need only data to follow users,
but not their settings of environment, Folder Redirection is enough. Also, if user is simultaneously using
computers with various operating systems (such as Windows 7 and Windows XP), usage of roaming
profiles can result in incompatibility issues. Folder Redirection is agnostic to this, so it can be safely used
on various operating system platforms.
11-22 Implementing and Managing Microsoft Desktop Virtualization

Folder Redirection is configured by using Group Policy settings. Besides just setting up location for
redirected users folders, there are several other options that can be configured. This will be discussed in
next topic.

You must be aware that not all folders are redirected. This mostly depends on operating system used on
client side. Core user folders that can be redirected on all client platforms from Windows XP are:
Documents, Pictures, Desktop
Start Menu, Application Data
Additional folders can be redirected in Windows Vista and Windows 7:
Pictures
Music
Videos
Favorites
Contacts
Downloads
Links
Searches
Saved
Games
Implementing User State Virtualization 11-23

Demonstration: Configuring Folder Redirection

In this demonstration, your instructor will show and explain to you available options for Folder
Redirection.

Demonstration steps:
1. Open Group Policy Management Console on the Domain Controller.
2. Create new Group Policy Object.
3. Start Group Policy Management Editor.
4. Browse through Folder Redirection options.
11-24 Implementing and Managing Microsoft Desktop Virtualization

Guidelines for Folder Redirection

Key Points
Usage of Folder Redirection can provide many benefits to both end users and IT administrators. However,
in order to have full potential from Folder Redirection and avoid issues, you should follow these
guidelines:
Do not redirect folders to your home directory unless you have legacy home directories in your
organization. The Documents folder and its subfolders allow you to select the Redirect to the users
home directory redirection option. This redirects the Documents folder, and optionally, its subfolders,
to the home folder path configured in the user objects properties. Unless you are using legacy home
folders in this way, avoid configuring this option.
Let Windows create folders for each user. To ensure that the folders required for Folder Redirection
are created and secured properly, do not manually create the folders. Instead, let Windows create and
secure them when users log on. You must create the parent folder and share it with the previously
described permissions.
Use the Follow Documents folder setting. The Music, Pictures, and Videos folders support the Follow
Documents folder setting. This setting redirects these folders as Documents folder subfolders. This
option causes the selected subfolder to inherit Folder Redirection options from the parent Documents
folder, and it disables other Folder Redirection options for the selected folder. Consider using this
setting to store all user data folder structure elements in one place without the need to individually
configure Folder Redirection for each subfolder.
Consider the impact of removing a Folder Redirection Group Policy setting. The default behavior for
Folder Redirection removal settings is for the redirected folder to remain in its location even after you
remove the policy setting. In some scenarios, you might want to copy the files back to the original
locationthat is, to the users local profile. Bear in mind that changing a Folder Redirection policy
setting can have an impact on network performance. For example, if you select to redirect the folder
back to the local user profile location when the policy setting is removed.
Implementing User State Virtualization 11-25

When troubleshooting Folder Redirection, be aware that this technology relies on shared folders stored
on remote file servers. You should verify network connectivity to the target folders before you investigate
more complex reasons for Folder Redirection failure. Pay special attention to NTFS and shared folder
permissions. If you have implemented Advanced Redirection for specific Windows security groups, verify
that the user experiencing the problem belongs to the appropriate groups. Also, verify Group Policy
settings. Because you implement Folder Redirection with Group Policy settings, determine if the problem
is related to a Group Policy problem.
11-26 Implementing and Managing Microsoft Desktop Virtualization

What Are Offline Files?

Key Points
Offline files allow mobile users to download and use shared files on their local computers when they are
not connected to the network. This benefit also applies to onsite workers who temporarily lose network
connectivity due to technical problems.

When you designate a shared file for offline use, the local computer downloads, or caches, a local copy of
the file. You can then continue to work using this file even if you are not connected to the network. When
the computer connects to the network again, the operating system automatically compares any changes
made to the offline file, with the copy stored on the server, and resolves any differences
In Windows Vista and Windows 7, you can encrypt your offline files to help secure private information.
When you encrypt offline files, only your user account can access the cached data.

Offline files can be used together with Folder Redirection. This enables you to provide access to redirected
folders even when user is not connected to network. Since Folder Redirection is used to redirect user
personal folders, if you make these folders available for offline access, users will always be able to have
their documents. These two technologies can also be combined with Roaming User profiles to achieve full
functionality.

Offline files are very convenient in scenarios where user is connected to a slow network. Since local copy is
cached on users computer, he can work on these files without being affected by slow network.

Offline Files Operating Modes


There are four operating modes for Offline files:
Online Mode. This is default mode for operating Offline Files. In this mode, user is connected to
network and every change that is made on files, is actually made on network copy, and after that on
local cached copy. When user reads the file, it is being read from local cache to improve performance.
Auto Offline Mode. If Offline Files detects a network error during a file operation with a shared folder,
Offline Files automatically transitions the network share to auto offline mode. When share is in this
Implementing User State Virtualization 11-27

mode, all changes are performed on local level, while Offline Files client is trying to access network
copy every two minutes. During Auto Offline Mode user cannot initiate manual synchronization, nor
can he access previous versions of file.
Manual Offline Mode. In this mode, user manually puts network resources in Offline Mode. This
means that all file operations are performed on local cached copy. Synchronization is preformed only
if user initiates it manually. Offline mode remains active until computer restarts or until user manually
switches back to Online Mode.
Slow-link Mode. This mode is dependent on Group Policy setting that specifies slow link detection. If
this setting is configured, it will be applied to Offline Files. When slow link is detected, Offline Files will
automatically switch to Offline Mode and also will switch back to Online mode if network conditions
are improved.
Offline files are configured on several locations. You must enable Offline caching on shares for which you
want to allow caching. Also, you should configure Offline caching behavior on user side. At the end,
Group Policy can be used to control Offline Files.

Offline Files Improvements in Windows 7


In Windows 7, Offline files are additionally improved comparing to Windows Vista and Window XP. Most
important improvements are:
Offline support with Background Sync. Usually Offline support provides remote and branch office
users with faster access to files that are located in a network folder across a slow network connection.
Windows 7 enhances this feature by including Background Sync, a feature that synchronizes Offline
Files in the background, ensuring that the server is frequently updated with the latest changes. When
a client computers network connection to a server is slow (as configured by the administrator),
Offline Files automatically transitions the client computer into an Offline (slow connection) mode.
The user then works from the local Offline Files cache. On Windows 7, Background Sync runs at
regular intervals as a background task to automatically synchronize and reconcile changes between
the client computer and the server. IT administrators can configure synchronization intervals and
block out times. With this feature, users no longer must worry about manually synchronizing their
data with the server when working offline.
Exclusion List. The Exclusion List feature reduces synchronization overhead and disk space usage on
the server, and speeds up backup and restore operations by excluding files of certain types from
replication across all Folder Redirection clients. Prior to Windows 7, all files in an Offline Files folder
were replicated to the server. This often meant that a users personal files or large files not relevant to
the enterprise were replicated to one or more servers, thereby consuming disk space and slowing
backup and restore times. On Windows 7, administrators can use the Offline Files Exclusion List
feature to prevent files of certain types (for example, MP3 files) from being synchronized. The list of
file types is configured by the IT administrator by using Group Policy.
Transparent caching. Transparent caching optimizes bandwidth consumption on wide area network
(WAN) links and provides near local read response times for mobile users and branch office workers
that are accessing network files and folders that are not explicitly made available offline. Prior to
Windows 7, to open a file across a slow network, client computers always retrieved the file from the
server, even if the client computer had recently read the file. With Windows 7 transparent caching,
the first time a user opens a file in a shared folder, Windows 7 reads the file from the server and then
stores it in the Offline Files cache on the local hard disk drive. The subsequent times that a user opens
the same file, Windows 7 retrieves the cached file from the hard disk drive instead of reading it from
the server. To provide data integrity, Windows 7 always contacts the server to ensure that the cached
copy is up to date. The cache is never accessed if the server is unavailable, and updates to the file are
always written directly to the server.
11-28 Implementing and Managing Microsoft Desktop Virtualization

Transparent caching is not enabled by default. IT administrators can use a Group Policy setting to
enable transparent caching, improve the efficiency of the cache, and configure the amount of hard
disk drive space that the cache uses.
Implementing User State Virtualization 11-29

Demonstration: Configuring Offline Files

In this demonstration, your instructor will show you how to configure Offline Files.

Demonstration steps:
1. Create a CorpData folder on (C:) drive on NYC-DC1, share it and configure permissions so that
Authenticated Users have Full control on share and NTFS permissions. Configure caching options on
this folder so that only the files and programs that users specify will be available offline.
2. Open Default Domain policy GPO, and navigate to Computer Configuration, Policies,
Administrative Templates, Network, and select Offline Files.
3. Enable option Administratively assigned offline files, and enter
\\NYC-DC1\CorpData as a location.
11-30 Implementing and Managing Microsoft Desktop Virtualization

Lab: Implementing User State Virtualization

Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. Ensure that the 10324A-NYC-DC1, 10324A-NYC-CL1, and 10324A-NYC-CL2 virtual machines are
running.
3. If required, connect to the virtual machines. Log on to 10324A-NYC-DC1 as Contoso\Administrator
using the password Pa$$w0rd. Do not log on to the client machines until directed to do so.
Implementing User State Virtualization 11-31

Exercise 1: Configuring and Testing Roaming Profiles


Scenario
In order to provide users with the ability to move data and settings between computers, you want to
implement Roaming Profiles. In the testing phase, you will implement Roaming Profiles for a pilot group
of users, and you will test some basic functionality of this technology.

The main tasks for this exercise are as follows:

1. Configure a roaming profile and configure a pilot group of users to use roaming profiles.
2. Make changes to user environment.
3. Log on to a second computer, and verify roaming of the changes.

Task 1: Configure a roaming profile and configure a pilot group of users to use roaming
profiles
1. On NYC-DC1, configure C:\Profiles as follows:
Shared as Profiles
Share permissions: Authenticated Users: Change, Administrators: Full control
Caching: No files or programs should be available offline
2. Configure the User Accounts Candy Spoon and Terri Chudzik to use roaming profiles to the \\NYC-
DC1\Profiles\%username% location, by editing Properties of their user accounts in Active Directory
Users and Computers on NYC-DC1.

Task 2: Make changes to user environment


1. Log on to NYC-CL1 as Candy with the password of Pa$$w0rd.
2. Change the Desktop theme to Landscapes, change the Desktop Background picture location to
Windows Desktop Backgrounds and create a shortcut to C:\ on the Desktop.
3. Log off of NYC-CL1.

Task 3: Log on to a second computer and verify roaming of the changes


1. Log on to NYC-CL2 as Candy with the password of Pa$$w0rd.

Question: Do the Desktop personalization options appear as you configured them, including the
desktop shortcut?
Question: Is the shortcut to drive C retained on Desktop?

2. Log off of NYC-CL2.

Results: After this exercise, you should have configured and tested Roaming User Profiles.
11-32 Implementing and Managing Microsoft Desktop Virtualization

Exercise 2: Configuring and Testing Folder Redirection


Scenario
The IT department of Contoso requires that users data is centralized and available from every machine
that users are logging onto. However, in order to reduce logon time, they do not want to place this data
in roaming profiles. You propose folder redirection as a solution. Now you have to test this solution and
see how it performs on few pilot users.

The main tasks for this exercise are as follows:


1. Configure folder redirection.
2. Verify that folders are redirected and not stored in the profile.

Task 1: Configure folder redirection


1. On NYC-DC1, on the C:\ drive, create folder named Redirected Folders and two subfolders named
Marketing and Production.
2. Configure hidden shares for folders Marketing and Production and set permissions that only
members of groups Marketing and Production can access corresponding folders and have ability to
Create folders / append data.
3. Create a new GPO named Redirection and link it to domain.
4. Configure the Redirection GPO in a way that the Documents folder for the Marketing group is
redirected to \\NYC-DC1\marketing$ and the Documents folder for the Production group is
redirected to \\NYC-DC1
\Production$. Configure folders Music, Pictures and Videos to follow the Documents folder.
5. Configure the Redirection GPO so that redirected folders are back to users profile after policy is
removed.
6. Log on to NYC-CL1 as Contoso\Administrator with the password of Pa$$w0rd. Refresh Group
Policy on NYC-CL1.

Task 2: Verify that folders are redirected and not stored in the profile
1. Log on to NYC-CL1 as Contoso\Adam with the password of Pa$$w0rd.
2. Open the Documents folder and verify the path. Create a text document in the Documents folder.
3. Log off of NYC-CL1.
4. Log on to NYC-CL1 as Contoso\Bart with the password of Pa$$w0rd.
5. Open the My Documents folder and identify the path.
Question: What path is revealed?

6. Browse to Barts profile located in C:\Users\Bart.


7. Ensure that the folders redirected in Task 1 are not present.
8. Log off of NYC-CL1.
9. Switch to the NYC-DC1 computer, and browse to C:\Redirected Folders.

Question: Can you see the Bart folder?

10. Close all open windows on NYC-DC1.

Results: After this exercise, you should have configured and tested Folder Redirection.
Implementing User State Virtualization 11-33

Exercise 3: Configuring Offline Files


Scenario
Contoso has some important data that must be available even if the network is not available. You will
implement Offline Files to achieve this.

The main tasks for this exercise are as follows:


1. Create and share the company-wide data folder.
2. Configure the client-side offline settings using Group Policy.
3. Refresh Group Policy on the client workstations.
4. Create a text document and make it available offline.
5. Simulate a network problem and try to access offline file.

Task 1: Create and share the company-wide data folder


1. On NYC-DC1, create folder named C:\CorpData.
2. Share the folder and allow Authenticated Users to have Full Access to folder.
3. Enable Offline access on the CorpData folder.

Task 2: Configure the client-side offline settings using Group Policy


1. Open Group Policy Management and then edit the Default Domain Policy. Expand Computer
Configuration, expand Policies, expand Administrative Templates, expand Network, and then
click Offline Files.
2. Configure the GPO setting Administratively assigned offline files to be Enabled. Type CorpData
in Value name field and type
3. Enable the GPO setting Synchronize all offline files when logging on.

Task 3: Refresh Group Policy on the client workstations


Log on to both NYC-CL1 and NYC-CL2 as Contoso\Administrator with the password of Pa$$w0rd.
Refresh group policy. Log off when instructed to do so by the group policy refresh.

Task 4: Create a text document and make it available offline


1. Log on to NYC-CL1 as Contoso\Don with the password of Pa$$w0rd. Map network drive Z as
\\NYC-DC1\CorpData.
2. In CorpData folder, create a folder named Don, and create a rich text document file named Dons
Document in the folder. Open the document, type Saved by Don, and save the document. Close
Wordpad.
3. Make the document available offline and then close all open windows.

Task 5: Simulate a network problem and try to access offline file


1. Disable network interface on NYC-DC1.
2. From NYC-CL1, try to access CorpData folder and make sure that text document from Task 4 is
available.

Results: After this exercise, you should have configured and tested Offline Files.

To prepare for the next lab


When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:
11-34 Implementing and Managing Microsoft Desktop Virtualization

1. On the host computer, start Hyper-V Manager.


2. Right-click the virtual machines used in this lab, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
Implementing User State Virtualization 11-35

Module Review and Takeaways

Review Questions
1. What is a User Profile? What types of User profiles exist?
2. What is the main benefit of User state virtualization?
3. List some limitations and drawbacks when using Roaming Profiles.
4. Which technology will enable users that are disconnected from network to access data on specific file
shares on network servers?
5. You want to configure permissions for the Administrator user account on all users roaming profile
folders, but you do not want to make this change folder-by-folder. How can you achieve this
objective quickly and easily?
Common Issues related to user state virtualization
Issue Troubleshooting tip

User is logged on using temporary


profile

Redirected files and folders are not


present when user is offline

Folder redirection is not applied

Folders are not redirected back to


User local profile after GPO is
removed

Real-World Issues and Scenarios


Adatum is considering implementing user state virtualization to address some issues that they currently
have. After discussing with IT administrator, you defined following as their main requirements and issues:
11-36 Implementing and Managing Microsoft Desktop Virtualization

A. Datum IT Admins team wishes to create a standard desktop that loads each time a user logs on for the
first time.

Occasionally, network outages prevent users from completing important project work. Where possible, it
must be ensured that users can continue working on important files.
It is important to incorporate users files into the backup regime by placing them on file servers. In
addition, it must be ensured that users can recover their own local files when the need arises.

Any shared folders used to implement profiles must be hidden.

Question: What kind of solution will you recommend?

Best Practices Related to User State Virtualization


Supplement or modify the following best practices for your own work situations:
Combine Roaming User Profiles with Folder Redirection instead of storing user data within profile.
Create default network profile if you want to have consistent and equal initial user environment for
each new user.
Use mandatory and super mandatory profiles on computers that are publicly accessed (such as kiosks,
info-portals, etc).
Do not enable Offline Files feature on all file shares, but only on those that should be accessible in
offline mode.
Do not use EFS with roaming profiles.

Tools
Tool Used for Where to find it

Control Panel System Management of local user Control Panel


Properties profiles

Group Policy Create and apply GPOs that Administrative Tools


Management Console handle folder redirection

Offline Files Setting client options for Control Panel Sync Center
Management Offline Files feature
Configuring Virtual Desktop Infrastructure 12-1

Module 12
Configuring Virtual Desktop Infrastructure
Contents:
Lesson 1: Overview of Windows Server 2008 R2 Hyper-V 12-3
Lesson 2: Introduction to VDI 12-17
Lesson 3: Configuring Personal and Pooled Virtual Desktops 12-31
Lab: Configuring Virtual Desktop Infrastructure 12-42
12-2 Implementing and Managing Microsoft Desktop Virtualization

Module Overview

Using virtualization technologies for desktop virtualization can be very convenient. Microsoft provides
virtual desktop infrastructure (VDI) as a techno