Microsoft Desktop Optimization Pack
advertisement
Technical Training Nicola Ferrini info@nicolaferrini.it Trainer Technical Writer Systems Engineer Server & Application Virtualization Technology Specialist More on: http://www.nicolaferrini.it/curriculum.shtml http://www.windowserver.it/ChiSiamo/Staff/tabid/71/Default.aspx This course discusses topics around concepts, benefits, installing and configuring Microsoft Desktop Optimization Pack (MDOP) technologies Focuses on Mid Market Customers Before Starting this Course participants should be familiar with: Desktop Support and Troubleshooting Application Support and Troubleshooting Group Policy concepts including creating, modifying, supporting, and troubleshooting. Before starting this course it would be beneficial to have experience or familiarity with: Licensing Compliance Change Management Process Basic SQL and Operations Manager knowledge Basic Active Directory administrative skills Ore 9:00 - Benvenuto Ore 9:30 - Microsoft Desktop Optimization Pack (MDOP) Ore 11:00 - Coffee Break Ore 11:30 - Microsoft SoftGrid Application Virtualization Concepts Ore 13:00 – Lunch Ore 14:00 - Microsoft SoftGrid Application Virtualization Configuration Ore 15:00 – Coffee Break Ore 16:00 – LAB Ore 17:00 – Fine lavori Ore 9:00 – Riassunto Ore 9:30 – Microsoft SoftGrid Application Virtualization Sequencing Ore 11:00 – Coffee Break Ore 11:30 – LAB Ore 12:30 – Microsoft Application Virtualization 4.5 Preview Ore 13:00 – Lunch Ore 14:00 – Diagnostics and Recovery Toolset (DaRT) Ore 14:30 – LAB Ore 14:45 – Coffee Break Ore 15:00 – Advanced Group Policy Management (AGPM) Ore 16:00 – Desktop Error Monitoring (DEM) Ore 16:30 – Application Inventory Service (AIS) Ore 17:00 – Fine lavori Module 1:Microsoft Desktop Optimization Pack (MDOP) Module 2: Microsoft SoftGrid Application Virtualization Concepts Module 3: Microsoft SoftGrid Application Virtualization Configuration Module 4: Microsoft SoftGrid Application Virtualization Sequencing Module 5:Microsoft Application Virtualization 4.5 Preview Module 6:Diagnostics and Recovery Toolset (DaRT) Module 7:Advanced Group Policy Management (AGPM) Module 8:Desktop Error Monitoring (DEM) Module 9:Asset Inventory Service (AIS) What is MDOP? Mid Market Customer Needs How does MDOP Address Customer Needs MDOP Technology How is MDOP Licensed? What is Software Assurance? The Microsoft Desktop Optimization Pack for Software Assurance is an add-on subscription license available to Software Assurance customers End User Productivity Mobile Users Risk Management Increase End User Productivity Support Mobile Users Improve Risk Management Microsoft SoftGrid Application Virtualization Diagnostics and Recovery Toolset Advanced Group Policy Management Desktop Error Monitoring Asset Inventory Service Low Cost Subscription Based For Customers with Software Assurance for the Windows Desktop Select, Open Value, EA, EAS, CASA MDOP Benefits to Customers Increase End User Productivity Support Mobile Users Improve Risk Management MDOP Benefits to Partners Recurring Revenue Services Revenue Customer Relationship A comprehensive maintenance offering that helps you get the most out of your software investment Software Assurance Benefits to Customers Windows Vista Enterprise Spread Payments New Version Rights Desktop Optimization Pack Training Vouchers Support Incidents Software Assurance Benefits to Partners Recurring Revenue Customer Relationship Describe problems organizations encounter when dealing with application management Describe the benefits of SoftGrid computing in a technical nature Define SoftGrid computing List and explain various SoftGrid system components Understand the SoftGrid environment Deployment Updates Support Termination Conflict Free Pre-Configured Applications Multiple Versions Preservation of Source Code Centralization On Demand Delivery Package .sft don’t have to be delivered at one time Sequencer can mark certain blocks of the .sft as critical launch phase or Feature Block 1 (FB1) During initial stream after FB1 downloaded application can launch All other blocks are stored in Feature Block 2 (FB2) When user accesses feature not in FB1 individual blocks of data downloaded from FB2 Operation known as Out of Sequence Operation User customized settings are stored in UsrVol_sftfs_v1.pkg and stored in user’s AppData Sequencing applications requires extensive knowledge of application Knowledge of how to install the application Knowledge of how to configure the application Limitations of Virtualization Boot-time applications Background services DCOM and COM+ applications Drivers Internet Explorer (Add-ins can be virtualized) Microsoft SoftGrid Application Virtualization Sequencer SoftGrid Management Console Microsoft SoftGrid Application Virtualization Virtual Application Server Microsoft SoftGrid Application Virtualization Management Web Service Microsoft SoftGrid Application Virtualization Data Store Microsoft SoftGrid Application Virtualization Client MSI Utility for Microsoft Application Virtualization Microsoft SoftGrid Application Virtualization Platform Review Sequencing Backed Server Client Launch Pre-Launch Deployment Microsoft SoftGrid Application Virtualization Desktop Configuration Refresh The Launch Process: Describe all minimum requirements needed to install the Microsoft SoftGrid Application Virtualization Components Detail deployment scenarios available Complete a full installation and configuration of the Microsoft SoftGrid Application Virtualization Components System Center Virtual Application Server SoftGrid Application Virtualization Data Store SoftGrid Application Virtualization Management Web Service SoftGrid Management Console SoftGrid Application Virtualization Sequencer MSI Utility for Microsoft Application Virtualization Standalone Mode Delivery thru ESD not shown Connected Mode SoftGrid Client and SoftGrid Sequencer Only No Application Streaming Client in Stand Alone Mode Deployment Options AD publishing through GPO Media Distribution Run from File Share Software Management Systems (SMS/SCCM) When to use? Software Management System already in place Organizations where resources are limited Network bandwidth limitations Limited budgets Known as Classic Mode Uses built-in software distribution from Virtual Application Server (VAS) When to Use SoftGrid Connected Mode Application Streaming Group-based Application Publishing License Enforcement Built-in SoftGrid Reporting SoftGrid Classic Software Usage Reporting Console OSDs & ICOs Download via UNC path (SMB:445) Initial Stream Connect RTSP:554 Client PC Initial Remote Management Connect Remote RPC: 153 Management Return 49152-65535 (1 port) Active Stream RTSP Control RTP Data 49152-65535 (2 ports) SoftGrid Virtual Application Server ODBC:1433 Connection SoftGrid to Management Web Service HTTP: 80 Management Workstation (SoftGrid Management Console) SoftGrid Management Database ODBC:1433 SoftGrid Management Server (SoftGrid Management Web Service) SQL Server Pre-Installation Checklist Typical Server Installation Account authority domain SoftGrid Administrators and Users Group MDAC 2.7 and .NET Framework 2.0 SQL Database Information SoftGrid Browser Account IIS 5.0 or higher Virtual Application Server Data Store Management Web Service Management Console Custom Installation Allows administrators to select individual components to install on a server In larger scenarios integrators can spread the components over multiple servers for higher availability and divided administrative function Current Versions of SoftGrid Clients Windows Desktop 4.1 SP1 HFRU1 version 4.1.2.21 Windows Desktop 4.2 HFRU1 version 4.2.1.21 (Vista support) Terminal Server 4.1 SP1 HFRU1 Suggested Minimum System Requirements Microsoft SoftGrid Application Virtualization Client Installation MSI Installer CD setup Command-line setup Disk Imaging Root Node General Tab Interface Tab File System Tab Network Tab Connectivity Tab Permissions Tab Applications Node File Type Associations Node Desktop Configuration Servers Node System Tray SFTMime.exe SFTTRAY.EXE Installing the MSI Utility Installing the Client for Stand Alone Mode Configuring the Client for Stand Alone Mode Installing an Application with the Virtual Application MSI File Understand how to connect to any machine running the SoftGrid Management Web Service to configure the platform. Create new objects from within the SoftGrid Management Console, using the supplied wizards. Explain each of the containers, objects, and properties within the SoftGrid Management Console. 1. 2. 3. 4. Administrator Adds new package version on the server User either closes application and reopens or opens it after previously streaming the older version Client sees new version available and streams FB1 for new package version Application launches with user’s individual application settings intact SoftGrid Application Virtualization Publishing Manage provider Policies and utilize them for Licensing Manage multiple SoftGrid Application Virtualization Servers by using Server Groups. Utilize reporting to track usage and licensing information. Configure advanced server settings. Provider Policies 1. Create a Provider Policy the enables licensing for auditing or enforcement Licensing 2. Create a license Group for Unlimited, concurrent or named license Application 3. Assign the license group to the application record Customize .OSD 4. Modify the application .osd file to include ?Customer=Custom Provider Policy Name at the end of the HREF URL. Describe the role of the sequencer Discuss Planning and Installation of the Sequencer Learn the steps of sequencing applications Understand OSD editing for enhancing and troubleshooting 1. 2. 3. 4. 5. Standard application installations are used. The application being installed is “monitored” by SystemGuard during installation for all application components. The Sequencing Station then packages all the changes, to recreate them in a virtual environment on a client machine. The Sequencing Station runs the application by using SystemGuard to optimize the package and then slice the package into smaller chunks to deliver it to the client on an asneeded basis. The result of running the Sequencer will generate four files: an .osd file, an .sft file, an .sprj and an .ico file. These are the files needed to run an application in the SoftGrid platform. .ico (~24 Kb) *One per published application ▪ Used to be delivered down to the users machine to provide a means to access the virtual application (a shortcut). .osd (~2Kb) *One per published application ▪ Contains information on how to request and run the package. Can also be used to embed scripts into (similar to an .exe) .sft (up to 4 GB) *One per Suite of applications ▪ Contains all the virtualized components of the application. If the component isn’t part of .sft, it is expected to be present on the local machine. .sprj (~13 Kb) *One per Suite of applications ▪ Used to publish and open existing packages to update or repair. ABSTRACT CODEBASE FILENAME HREF SIZE GUID SYSGUARDFILE PARAMETER ENVIRONMENT VARIABLE ENVLIST CLIENTVERSION XML Version, standalone SIZE VM REGKEY SUBSYSTEM (WIN32 OR WIN16) HIVE KEY SUITE Planning the Sequencer Environment SoftGrid Virtual Drive (Q:\ Drive) Partitioning Clean Operating System Multiple Sequencing Workstations Installing the Sequncer Select Tools|Options Paths Parse Items Exclusion Items Wizard Settings Local Install Document the Installation Application Pre-installation requirements Compression and block size Destination path Suites Application components Automatic Updates Manual/Post-Installation configuration Reboot Request Stop Monitoring ICO Application_Version OSD Application_Version SUITE Name Suite_Vendor_Version_MNT or Suite_Vendor_Version_VFS Package Save Directory Suite_Vendor_Version_MNT or Suite_Vendor_Version_VFS SFT Suite_Vendor_Version_MNT or Suite_Vendor_Version_VFS SPRJ Suite_Vendor_Version_MNT or Suite_Vendor_Version_VFS Package ROOT ApplicationVersion.Package Version (8.3 naming) SoftGrid Application Virtualizaton Introduction to Sequencing Apps the don’t have the option to select the installation directory Called VFS or Virtual File System installs Not Recommended Creates Virtualization Overhead Driver letter sequenced to must be present on client Sequence Internet Explorer add-in Active X Codecs Flash Java Can’t sequence Internet Explorer Allows running multiple versions of add-ins on the same machine Passing Parameters Scripting Virtual Registry TERMINATECHILDREN Tag Environment Variable Customizations SoftGrid Application Virtualization Advanced Sequencing Dynamic Virtualization Extended Scalability Globalization Microsoft Security Standards Full Infrastructure Lightweight Infrastructure Stand-Alone Mode Support for foreign language applications with special characters Foreign language Active Directory and server support Runtime Locale Detection Localized in 11 Languages Brazilian Portuguese Chinese – Simplified, Chinese – Traditional Dutch (Client Only) French German Italian Japanese Korean Russian Spanish Adopt Microsoft Security Initiatives Trustworthy Computing (TwC) Secure Windows Initiative (SWI) Security Development Lifecycle (SDL) Enable Internet facing scenarios No VPN Required Client is on a non-trusted network Server is on a non-trusted network Secure by Default configuration out of the box Client Privileges locked down TLS Support via Schannel (on by default) Kerberos support Server Authentication What is DaRT? When do I use DaRT? Advantages DaRT Technology Explained Demonstration Microsoft® Diagnostics and Recovery Toolset provides powerful, intuitive tools that help administrators recover PCs that have become unusable and easily identify root causes of system and network issues Microsoft Diagnostics and Recovery Toolset can save significant time and reduce the headaches associated with repairing and troubleshooting common system failures. System administrators may now run powerful recovery tools on unbootable systems and can quickly restore failed systems with minimal manual effort—in much less time than is required when restoring PCs from backup or reinstalling operating systems Rapid recovery Flexible recovery options Unique tools Cost savings WinPE/WinRE Basics DaRT Requirements DaRT Interface DaRT Interface Tools DaRT Admin Tools DaRT Network Tools DaRT System Tools Online Tools Windows PE was designed to allow Windows® setup or a 32-bit imaging program to run on a PC even with no version of Windows installed. Integrates the different components of setup into one solution so that a simple boot CD could provide a minimal environment that would let 32-bit setup run WinPE/WinRE now support 64 bit environments Windows Vista Windows Server 2008 Localized in 9 languages Chinese-simplified Dutch English French German Italian Japanese Korean Spanish 1 GHz 32-bit (x86) or 64-bit (x64) processor 512 MB of system memory A CD drive BIOS support for booting from a CD drive Windows 2000 Windows XP (x86 versions) Windows Server 2003 (x86 versions) A minimum of 64 MB (128 MB recommended) of system RAM An Intel Pentium (or compatible) 166 MHz or faster processor A CD drive BIOS support for booting from a CD drive DaRT provides an extension of the WinRE functionality with additional tools for diagnosing, troubleshooting, and repairing workstations Can be connected to the local Windows installation DaRT provides a GUI extension of the WinPE functionality with additional tools for diagnosing, troubleshooting, and repairing workstations Can be connected to the local Windows installation Looks like Windows XP Startup Repair (WinRE tool) System Restore (WinRE tool) Bitlocker Unlock (WinRE tool) Windows Complete PC Restore (WinRE tool) Windows Memory Diagnostic Tool (WinRE tool) Command Prompt (WinRE tool) Microsoft Diagnostics and Recovery Toolset (DaRT tools) Command Prompt Explorer Notepad Search Solution Wizard Help ERD Registry Editor Locksmith Crash Analyzer Wizard Disk Commander File Restore Disk Wipe Search Explorer Computer Management TCP/IP Config Hotfix Uninstall SFC Scan Standalone System Sweeper (DaRT 6.0 only) Crash Analyzer ERD Commander Boot Media Wizard File Restore (Only available in Dart 5.0) Creating the CD To start the ERD commander Boot Media Wizard ▪ Walk through the installation Wizard Creating a Bootable CD that has a time Limit Booting into the DaRT Microsoft Diagnostic and Recovery Toolset 6.0 What is AGPM? When do I use AGPM Advantages Concepts Change Management Using GPOs and AGPM for Change Management AGPM Technology Demonstration Microsoft® Advanced Group Policy Management is an add-on to Group Policy Management Console that provides change management control over Group Policy Objects Provide change control system for group policies Delegate and control group policy administrators access Provide ability to revert to previous versions of group policies Edits to live GPOs can affect many or all computers on network adversely No way to quickly revert to previous group policy settings GPO Editors can deploy GPOs into live environment without testing Multiple GPO editors, without audit information on individual settings Can’t provide review process to accept or reject new settings Granular administrative control Robust delegation model Role-based administration Change request approval Reduced risk of widespread failures Offline editing of GPOs Difference reporting and audit logging Recovery of a deleted GPO Repair of live GPOs Enable effective Group Policy change management Creation of GPO template libraries Subscription to policy change e-mail notifications Version tracking, history capture, and quick rollback of deployed changes GPMC Integration Role-based Delegation Change Management Offline Editing Email notification Advanced Differencing Reports Templates Roll-back Addition of Change Control Object in GPMC mmc Allows administration tasks to be delegated to regional or task-oriented administrators Provide an optional workflow process that includes role-based delegation, review, and approval Roles: Administrator, Approver, Editor, and Reviewer Domain-level and GPO based delegation Store each GPO in a central Archive Administrators can view and edit offline Stores versions for Roll-back Create a new controlled GPO or control a previously uncontrolled GPO. Check out the GPO, so you and only you can modify it. Edit the GPO. Check in the edited GPO, so others can modify it, or so it can be deployed. Review the changes. Deploy the GPO to the production environment. Enables administrators to configure and test changes on live GPOs without effecting live environment Requires controlled GPO that is checked out before editing When checked out no other administrators can edit until GPO is checked in After check in, the GPO can reviewed, approved, and deployed Editor or Reviewer attempts to create, deploy, or delete GPOs an email is sent to configured Approver(s) Approver(s) can accept or reject the request Generate HTML or XML based difference reports Comparison of two controlled GPOs Comparison of controlled GPO and default template All Roles of AGPM administrator can run difference reports Templates enable administrators to save all of the settings of a particular version of a GPO Templates can be used as a starting point for new GPOs Editors can select which GPO template is the default Eliminates settings errors when configuring multiple GPOs that need to comply with company policies Redeploys previous version from archive Overwrites current version in production Prerequisites for AGPM AGPM Server Requirements ▪ ▪ ▪ ▪ ▪ Windows Vista (32-bit version) Microsoft Windows Server 2003 (32-bit version) Group Policy Management Console (GPMC) Membership to the Domain Admins group for install Default Port for AGPM service is 4600 AGPM Client Requirements ▪ Windows Vista (32-bit version) ▪ Microsoft Windows Server 2003 (32-bit version) ▪ Group Policy Management Console (GPMC) Now available Windows Server 2008 timeframe Windows Vista AGPM client Windows Server AGPM service Windows Vista AGPM client Windows Vista AGPM service All Settings Windows Longhorn AGPM service All Settings Windows Vista AGPM client Most Settings* Installation of AGPM Server and Client Delegation of Access to all GPOs in a domain Configuring Email Notification Using AGPM to create and manage GPOs Use a template to create a GPO Delete and restore a GPO What is DEM? When do I use DEM? Benefits DEM Technology DEM Requirements Capacity Planning Security Built on Microsoft Operations Manager 2007 Provides a subset of the Operations Manager features Enables collection of information about application and operating system failures Delivers rich reporting of common errors in the environment Can be configured to provide resolutions of common Microsoft errors Any organization that experiences application crashes and operating system errors One of the most severe and difficult-toresolve problems for users of desktop PCs is when an operating system or application stops responding End users typically deal with this by rebooting their systems: in 90 percent of the cases, they don’t tell anyone in IT about the problem. Enhances IT helpdesk effectiveness, reducing cost of Windows® ownership Identifies the highest-occurring crashes Reduces resolution time by providing crash details and responses Assists in triaging patch deployments and updates Provides metrics for monitoring post-deployment effects Improves desktop stability, increasing enduser productivity and satisfaction Reduces downtime throughout an organization Reactive: provides real-time awareness of critical errors Proactive: helps address errors in applications before they go into production Enables IT-controlled, custom error responses to end users Operations Manager (OM) 2007 Agentless crash monitoring Error Reporting to a central location Rich Data Analysis (utilizing OM reporting) Direct Access to troubleshooting and resolution knowledgebase (OM tie to Microsoft Knowledgebase) System Center Operations Manager is a software solution to meet the need for endto-end service monitoring in the enterprise IT environment Monitors thousands of servers, applications, and clients Provide a comprehensive view of the health of an organization’s IT environment Monitor operating system applications failures that cause your client computers to hang or crash Participate in the Customer Experience Improvement Program No Agent installed on Client Configured through Group Policies DEM stores the error reports to a centralized shared location Temporary location that stores information that could be analyzed by development teams DEM will then take the data sent from the client and put it into the SQL database Data in these directories can be forwarded to Microsoft Operations Manger includes SQL based reporting infrastructure Reports available for Client Monitoring allow administrators to identify the most critical or most frequently occurring errors Reports allow for administrators to engage Microsoft Support, a 3rd party application vendor, or have data to present to the internal development team to find resolutions to the most common or critical problems. DEM is capable of utilizing the Microsoft Knowledgebase to provide prescriptive resolutions to specific errors that are in the environment Administrators can quickly respond to and resolve errors occurring without lengthy research DEM needs to be configured to send information to Microsoft to receive response URLs Windows Server 2003 Active Directory Group Policies SQL 2005 sp1 Powershell .NET 2.0 Use of certificates provides capability of client to server and server to Microsoft SSL based security Delegation of access to provide read-only access to most administrators Installation of SCDEM Configuration of Agentless monitoring Viewing Reports What is AIS? When would I use AIS? Benefits of AIS AIS Client Properties Why is AIS a Hosted Solution AIS Process Advanced Inventory Scanning Comprehensive Inventory Reports Software License Management Easily administered service Security and Privacy AIS gathers data on all of your software assets Identifies all installed software by name, ISV, family, and category Scans systems for software through Add/Remove Programs, Start Menu, Auto start (Startup), and MSIs Scanning is automatically randomized Inventory data is reconciled against the Microsoft Asset Inventory Service Application Knowledgebase Database of software contains titles representing the vast majority of commercially available software For Microsoft and some Third Party applications AIS can interpret the type of software installed (MS: OEM, VL, Retail, 3rd Party: Purchased vs Freeware) Ensure that licenses you’ve paid for have been deployed and are being used Verify software within your enterprise is compliant with your license agreements Designed for ease of use Can be enabled in just a few hours Inventory data is securely hosted by Microsoft No servers to maintain Microsoft ensures that the data gathered in this hosted service is secure and remains confidential to your organization Data center with a caged environment and redundant systems for reliability Protect web sessions through a secure connection Windows Live ID to authenticate users No identifiable Inventory data is shared with anyone within or outside of Microsoft In any environment for collecting an accurate inventory on all the software installed on their desktops on an ongoing basis Effectively managing your software asset inventory to ensure compliance and optimize IT budgets. Identifying applications and installations that are contrary to your corporate policies. Analyzing usage to forecast organizational needs. Enhancing productivity in your IT infrastructure and amongst your staff. Broad support 32-bit and 64-bit support Windows 2000 SP4 or greater Locale neutral Low impact Small size: ~1.5MB Non-resident in memory when not in use Monitor its state and self heal (daily heartbeat) Secure communication Mutual authentication with backend service Inventory upload is over SSL Agent per customer account Additional features of SMS 2003/SCCM 2007 On Premise inside of the firewall Enables both hardware and software inventory Enables real time usage metering of software application use Why AIS if you already have SMS/SCCM Through acquisitions organizations may choose to deploy AIS to the acquired company to assist with their due diligence in a lightweight fashion If the customer has branch office scenarios where they do not have SMS fully deployed Purchasing/procurement team wants to do a simple software asset review without dependencies on the IT department No expensive servers to maintain + Lower break-even point + Easy to setup + Anywhere access + Predictable cost + High reliability + Need Internet access Perceived less secure - Sign-in: sign in through passport View reports: online reports of software assets Clients: set up schedule and send inventory to the service Download agent: MSI package Deploy agent: using preferred deployment method
