Symantec Workspace Virtualization at a Quick Glance

Three weeks ago I received an email telling me that the new Symantec Workspace Virtualization was ready to rumble, and they ask me to take a look at it. Like Brian Madden already said in his movie Brian Madden TV, Episode 5: Symantec ManageFusion 2009 Wrap Up I'm considered to be the SVS specialist and probably now also the SWV evangelist.

A couple of months ago (SWV Wow! What an Improvement!) I already tested reviewed the pre beta release to see what was in it and the new highlights.

So let's see what are the major changes, and what do I still miss in it.

Most important is the Isolation part. All the SVS (and SWV) competitors are using a virtualization technology that actually does some or total isolation. This was very helpful because it made applications run even when they couldn't run because of older versions or other software that was denying the software to run easily. But FSLogic (they developed SVS) took a complete different approach. Instead of Isolate they build a technology that redirects the files and registry keys.

To make it easy understandable just take a look at some Windows technology.

When you download a movie on the internet and you have watched it you probably do not want to see it again because the movie was bad or you burned it to a DVD to keep it. Because it takes over 4 GB of your precious hard disk space you delete the movie. So you click on it and press delete. To prevent you from making mistakes Microsoft ask you if you really wish to delete the file. You press OK and the movie is gone.

Surprisingly it only took about 1 to 2 seconds.

But is the movie gone?

No it isn't. The movie is replaced to the trash bin. In fact you copied over 4GB to another location in 1 to 2 seconds! Nope. That is not true. Microsoft just told itself that it now should appear in the trash bin. And when you go to the trash bin you see it there.

What actually happened is that Microsoft changes the table of contents.

SVS is using a similar technology but it is not telling the Table of Contents (TOC) that the file is there or on another location, it is giving the application files and registry keys a kind of a deletebit. In the Table of Contents the delete bit (can be positive or negative) is read and we see the files or we don't.

I'm not stating that it actually works like this, but it is the easiest approach to get understanding.

Instead of isolating the files and registry keys, SVS is only making Microsoft think that it is there. So you could say that Symantec fools Microsoft. I like that quote.

Now Symantec added Isolation to the SVS admin, that gives you the ability to isolate files. The only reason to do this would be Java, but in the last three years I did a lot of Java and I never needed Isolation.

Maybe they did it to say, what you are doing can be done by us also, but we do it as a feature.

Everybody that comes into the application virtualization landscape right now will start using this technology, but the further you come you will see that you will use it less. It is nice technology, but you really do not need it. Use it for your convenience.

I saw a lot of packagers and people who say that they are good packagers, but I also saw a lot of bad packages. Inside the package there are settings that will make Windows slow, unstable or cause profile corruption. With isolation mode you can prevent this and make sure the system will stay running easy and comprehensive.

But then you use Isolation as a cure for the fact that you have bad packages. Best is to learn and understand whey you should build clean packages. In 2009 Symantec will start with an SVS course and this course can be completed with the official SVS packaging certification. More on that will definitely follow in a few weeks or months.

The next very cool addition to the Workspace Virtualization is Virtual Patch archive. This VPA is a cool initiative and I already like it. Instead of upgrading a package and then stream or import it on every client you are now able to build a VPA that only contains the changes between the old package and the new one. This is a great addition. Now we can have the patch as an separate layer and we are able to patch and unpatch a machine without importing or streaming the package in total. For packages like Winzip it doesn't mean anything because the VSA will only be 8 or 9MB. But if you have Adobe Creative Suite 4 running, it is somewhat different. This package is over 3 GB. The VPA will still be 100 to 200 MB, but that is always quicker then 3GB.

In the pre beta we never saw a feature named Cloning. In the final release there will be a feature that will enable you to clone a Virtual Software package. So now you build a package. Then you clone it, and you work further on the package. Then again you can clone it. At that point you will have several of the same packages in various states of completeness. That is helpful. Never start again because you forgot to export the package.

And we do not like exporting the package from within the console, because we see our machines freeze and we are unable to use the machine as long as it is exporting. The same happens on importing, so it is consistent.

There are several features added that you cannot see. Like terminal and Citrix compliancy. It took over three years to bring a Citrix compliant version. I did this already three years ago and that is why I always look under the hood of SVS or SWV from now on. If you are using SWV on Terminal server or Citrix then you should also consider buying Res Powerfuse or Appsense. You need a program that handles the profiles for you and you have to make sure the administrators profile is open to all users.

The reason is that not the first user but the user with the highest permissions sets the variables. So if an administrator logs on to a Citrix server, all users will start writing profiles settings into the administrators profile. Be aware of that. You can overcome that by overruling the profile settings on the Citrix server with an additional program. That is where Res Powerfuse and Appsense comes in.

I never understood why Symantec does not buy Res Powerfuse. Res Powerfuse is a very cool tool for terminal server and it adds very cool tools and a very high security level to environments. (It will make my friends Andre and Phillipe also very happy who now are working for Res)

I did not have the change to take a look at RTO's Profile management, but I definitely will do so and inform you on this.

So the new SWV is a complete and very good tool to replace our beloved SVS? Yes it is. I like it.

At ManageFusion Las Vegas I talked to several of the Symantec guys about this and I told them from the bottom of my heart that I like the way they did it.

In 2009 Virtualization will take more and more of our time in the traditional fat client landscape and a lot of you are already thinking about VDI (Virtual Desktop Infrastructure). In Las Vegas we showed a demo where various Symantec technologies where used to build the smallest VDI image that is possible and to make it full application aware. What we did was build a SWV add-on that uses a centralized physical disk where the FSLRDR directory is located. So thousands of clients will use this centralized repository instead of using one FSLRDR dir on each client. It saves a lot of storage. For this we used a speedstor disk delivered by Superiorsolutions. (www.superiorsolutionsinc.net)

This disk has the largest IOPS (Input Output Pro second) at the moment and we achieved to let 9700 users use this disk with the FSLRDR dir on it simultaneous without bringing in latency or delays. For fat clients this also works, but then all the traffic goes over the network and that will slow down. For the VDI environment we developed a disk protocol that is used by SVS to achieve this without going over the (virtual Network), but for fat clients that can't be used. It was really a problem for us.

But at ManageFusion I talked to Brian Lynah (former CEO of Nsuite) and he solved our problem. With Nsuite we are able to do this also on fat clients. And it reduces the network traffic very far. I will post on Nsuite in the future to let you see what it can mean for you.

Most important is that SWV gave us the possibility to use one software package on all clients. All functionality is now on every client without any differences.

So now I'm reach the final part of this article.

At ManageFusion we talked about the usage of existing MSI's to convert them to VSA's. In the past I developed a program that imports MSI's into VSA's very easily.

In the first box you browse to the MSI.

In the second you browse to the location where the VSA should be stored.

Then you press convert and after a few minutes you hat a clean VSA.

The only reason we never brought this to the market is because MSI's are mostly OS dependent. So if you build an MSI for Windows XP you should not use it on Windows Vista or other Operating Systems.

In the streaming portion of SWV this feature is now added also. You stream an MSI to a client and the client will have it as an VSA virtualized. And after analyzing this process I noted that the same technology is used as we have developed.

It is a good way to get customers up and running easy when they are going to start SVS or SWV, but please warn them that the VSAs that are created this way are operating system dependent.

Randy, Brad, Brian and all the others that are working on SWV, my compliments for doing such a good job bringing us more and more cool technology.

Now the only thing we are waiting for is 64Bit.

Regards

Erik Westhovens

www.dinamiQs.com

www.virtualstorm.org