Instant Application Delivery and Activation with AppStream and SVS
AppStream provides on-demand delivery and user-based management for desktop applications. Combined with Altiris SVS, users get instant delivery and activation of virtualized applications, while completely avoiding conflicts between applications, and without altering the base Windows installation.
Altiris SVS enables the creation of a portable package that can be activated and deactivated at will as a virtualized application on an end-user system. This is an excellent way to protect the target system and minimize support calls. But traditional delivery mechanisms can be a poor match for this very cool, instant-on approach. How easy is it to get these portable packages to distributed systems? How quickly can users get the applications they need? How many IT managers does it take to get an application to a desktop?
In order to provide true instant access to virtualized applications, SVS can now be paired with an on-demand delivery mechanism - application streaming. And although streaming is fundamentally a delivery technology, there are a number of other useful advantages that come along with the technology, like user-based management and automatic license recovery.
Streaming provides a comprehensive back end and delivery platform that is well suited and philosophically matched with the SVS product. Together they deliver ubiquitous self-service access to common application packages, while eliminating the daily burden on IT to manage desktop applications.
The concepts of streaming and virtualization have been intertwined and confused recently, to the point that industry articles have even blurred the definitions. To clear things up, Altiris SVS provides virtualization, defining the way that an application behaves while executing on a system; AppStream provides streaming, the most efficient and flexible way to deliver on-demand applications to the desktop. SVS doesn't deliver, and AppStream doesn't virtualize.
Streaming virtualized applications
AppStream's technology was originally developed specifically to deliver applications to desktops in such a way that there is no difference in behavior, interaction or performance compared to an application that is installed conventionally by CD. This includes normally installed registry entries, dlls and other system and shared files.
Now, when streaming an application virtualized with SVS, it behaves in exactly the way Altiris designed virtualized applications to run. That is, registry entries, etc. remain contained in the appropriate layers, as do any changes to these files. The full functionality and benefits of SVS layers are combined with the instant delivery and license control of streaming. In fact, AppStream's 5.1 release streamlines the whole process of getting users productive faster by automating the process of importing and activating virtual software packages (VSPs) and building core layer functionality directly into the streaming client.
In the diagram that follows, the orange circles represent the discrete steps in the life of a VSP, and the insert shows explicitly how streaming combines with this cycle to streamline the delivery and activation process. With a simple command line, a virtual software archive (.vsa) file is converted to a streamable package. For the end-user, the process is as simple as clicking the pre-populated application icon. This automatically performs four of the standard SVS steps: delivery, import, activate, and run.
The lifecycle of a streamed VSP
For those not already familiar with streaming, here is a quick overview.
An application must first be prepared for streaming, and AppStream makes this easy. A virtual software package can be quickly converted for streaming in the AppStream system with a simple command line. In addition to the VSP format, AppStream also converts MSI files, and even provides a utility to create streamable packages from scratch. Note that the latter formats will not be virtualized when streamed.
Next, the packages are loaded onto the streaming server and each is provisioned according to the individuals and groups that are allowed to use them. Active Directory may be referenced when making these assignments. Once the end users log into their systems, their desktops are populated with the application icons for their provisioned applications, as if they were already installed.
The first time a user clicks on one of these pre-populated icons, assuming that there are available licenses, small bits of the application rapidly stream to the local system. Once there is enough of the application present to open the user interface, the application starts and the user can be productive. These initial bits, or "the starting block", can be as little as 2% of the application, and can allow users to be up and running in seconds. Even remote users on DSL can be productive on a new installation of Microsoft Office in just a few minutes.
As the user accesses new areas of functionality in the streamed application, the bits to support that functionality are streamed in response. This is transparent to the end-user's experience, and they will never get more of the application streamed than is needed. One exception to this is when users are provisioned for offline use. In this case, the whole application is streamed on the first access, and the system no longer has to be connected to run the application. For the second and subsequent executions of streamed applications, no streaming is required unless new functional areas of the application are required.
Another very important thing takes place the first time a user accesses a streaming application. The system first verifies the availability of a license for that individual, and then acquires the license as part of the process. This can provide a huge cost advantage, as it is no longer necessary to pre-consume licenses of every application in fully loaded standard system images for every employee. The licenses are acquired only when the user first requires it for a productive purpose.
AppStream provides a well-suited backend infrastructure for SVS, bringing Active Directory-based authentication to every application deployment. In addition to license control and monitoring, the actual usage for each application on each system is reported back to the server. Now SVS applications, along with all other applications can be tracked, monitored and restricted from a central location, and compliance to license agreements is guaranteed.
License utilization can actually be optimized through two additional features of the user-based management. The first is the ability to limit provisions. This is a mechanism where an expiration date, or duration, may be attached to a provision, such that the application automatically uninstalls itself and returns the license on the prescribed date. This is an effective and secure method of deploying applications to contractors and any employees that require applications only for a limited time.
The other tool is an idle timer for each application. A maximum idle time may be set such that applications will be automatically removed from systems if they are not used for the specified period of time. Visio, for example, may be used infrequently by many users, and can be set to uninstall if inactive for a period of time. It would be more cost-effective to have fewer licenses and know that licenses will be automatically returned and redeployed where needed, without any IT intervention. Another useful option with this tool is to set an application for single use only. In this case, the application is removed and the license returned as soon as the application is closed.
Keeping applications up to date
SVS currently does not have a simple mechanism for deploying version or patch updates to applications. AppStream makes this very simple for IT and completely seamless for the users. The following process works similarly for SVS layered applications as with conventional streamed applications.
Since the master images for each application reside in a central location, it is sufficient to simply place the new version alongside the old version and declare it to be the new default version. Although most people running the older version will already have enough of the application installed such that no additional streaming is required, at each execution, there is a quick check to verify that the correct version is in use.
If a new version is detected at the time of execution, the changed blocks only will be swapped out on the user system during startup of the application. There is no un-installation, download, or reinstallation process required. Simply, the new version executes instead of the old version. Note that if only 8 percent of the application is present on the system, then only the changed blocks of that 8 percent need to be streamed during this process.
Managing the desktop
Once SVS applications are delivered to the desktop for use, the SVS Admin Console provides valuable layer functions, such as Activate, Deactivate, and Reset. For applications that have been delivered by streaming, these functions are available through a simple right-click dropdown in the AppStream Application Manager. These functions work exactly the same as if accessed through the SVS Admin Console, even if the console is not installed.
AppStream Application Manager with SVS layer functions
In this diagram, it is easy to see that a legacy version of Microsoft Office is required alongside the current Office 2003. Using an SVS package of Office 97, both can coexist on the same system. Note that Office 2003 is installed for offline use and has nearly 570MB streamed to support use in a disconnected mode. SVS Office 97, however, is provisioned for online use and can be run with a paltry 7MB present on the system. Although a streamable package will be similar in size to a standard VSP, only a small fraction of that package is required to be productive.
If the user wishes to deactivate Office 97, or completely hide it from the system, he only has to right click on the application and select Deactivate from the dropdown menu. Activate will appear as an option for deactivated applications. Reset is also available directly through this menu. Note that if an application is removed, either manually or through one of AppStream's automated mechanisms, AppStream automatically handles the deactivation and removal from the SVS client. If the application is required at a later date, and the user is still authorized to use it, and there are still available licenses, then clicking on the application icon will re-stream, import, activate, and run the application again.
A light and scalable infrastructure
A basic installation to support up to 2000 users requires only a single Pentium 4 level server. Since streaming only takes place the first time an application is accessed from each system, and each stream is initiated by an end-user click, bandwidth usage is not only very light, but randomly distributed over time. In every case the bandwidth required for streaming is less than or equal to a conventional push. In most cases bandwidth will be a small fraction of what is currently required. As needed for growth, simply add additional servers alongside the first to support additional users.
On the other end of the spectrum, it is simple to establish a multi-tiered structure of servers to efficiently support even the largest and most geographically distributed enterprises. And at any level, it is possible to separate the end-user facing authentication and streaming server components from the database and management console portion, and locate them strategically where they may most efficiently be accessed on-demand. It is even typical to define a number of server groups that may contain separate sets of applications for different departments or locales.
In every scenario, administration is accomplished through a simple web-based console that can be accessed from anywhere. Because the administrator is only required to package and provision applications once in a single location, it is common to see an 80% reduction in the resources required for application management. And since end users are empowered and able to help themselves, in both delivery and repair of applications, there is no added burden for managing systems in remote and home offices.
In recent years, many technologies have cropped up to address the difficulty and expense of managing desktops, including terminal servers, thin clients, etc. Although widely adopted, these technologies each compromise the end-user experience and, consequently, workforce productivity in some way. If application delivery and management were not so difficult, who wouldn't want to have the advantage of running applications on fully functional desktops and laptops for every user, as intended and designed by every major software provider?
Today, the obstacles have been removed. With SVS and AppStream, everyone can have the simplicity of on-demand delivery that requires zero interaction from IT, single-point user-based management and monitoring of applications, and the security of virtualized applications that protect the target systems and reduce or eliminate associated support calls.