All about application delivery

Well – the office resource kit says that you jsut need to run Setup /admin – sound cool and would be, if not the ADMIN folder would be missing on technet download. To get this admin folder you need to download the “Office 2010 Administrative Template files (ADM, ADMX/ADML) and Office Customization Tool” but googling for it, leads you to the beta which is reported to make problems with the RTM version. The REAL stuff you get here:http://go.microsoft.com/fwlink/?LinkId=189316 - you can run the download with the commandline /extract:Path. In the path you will find the necessary admin folder. Copy this one to the directory where the setup.exe of office resides and then you can run the command setup.exe /admin. enjoy customizing!

finally language packs are also available on MSDN. There is one package that includes Office, Visio and Project including the proofing tools for the language.

I am relly happy because my German spelling is not 100% – and so I can avoid most errors (oh – the same counts for English )

Application deployment changes more and more to a user based deployment than a machine based. Thererfore you need to link the Application to an Active directory group. Sounds good or? You just add a user to a group and then he has access to the associated application.

But his scenario brings another challenge into the game. The limit of the kerberos ticket. Making it even more complex there are two limits involved. First the maximum size of the token itself and second the maximum of SIDs that can be member of the token. The limit is 1024 SIDs that can be part of the ticket thus meaning a user cannot be member of more than 1023 groups, substracting one for his own SID. Microsoft suggest to assign not more than 1015 groups – why? Because also built in groups count.

The second limit is the size of the token, which is limited to 12.000 Byte by default. So are we close to this limit? Depending which kind of groups you use by default. Domain local groups take 40 byte each and universal und Domain global 8 byte each. Additionally you have to add 1200 bytes for ticket overhead, but this value can vary. If you extensively use domain local groups, you can reach the limit much faster than using domain global groups. Using SID History attributes also brings in additional group counts and using  “trusted for delegation” adds additional size.

 You can pimp this value up to 65.535 Bytes and you have to do this on all machines in the domain! This will have only slightly performance impact because the used memory will slightly increase. Shouldnt be a problem in current days!

Hm – in former times I preached to use the following model AGLP Accounts into global groups, global groups into local groups and the local groups get the permission. Using this sceanrio the user would be member of two groups (the global and the local) per application that he needs to access, which can fast lead to a token larger than 1015 groups.

For further information see http://support.microsoft.com/kb/263693/en-US or http://support.microsoft.com/kb/327825/en-us

I just had the chance to see the new zero client from Fujitsu. Hm – the powerpoint says you dont need to manage anything – it will reduce TCO, will ease management and in the end the whole ThinClient story – but now for real. I disagree!!!! The system does not perform with video content – even with a 1 Gbit network. It currently only supports VMWare View. There is no support for Video Conferencing. Bidirectional audio will come with the next release. you will need some kind of server software that manages the communication. This is currently delivered as a virtual appliance – but nobody could really tell me how much bandwidth is necessary to deliver a good quality – they tested it with 6 MBit. So – yes it looks sexy to only have a monitor – but with this zero client I think you would go to a dead end – the customers I see want multi media or will need it soon for Office Communication Server.

I was searching  – and searching and searching. I more wanted the proofing tools and then I saw a deployment guide for Office 2010 MUI – so I continued searching because I assumed that if there is a deployment guide there should be also a software package. After getting frustrated I downloaded the guide, seeing that the MUI and Proofing tools are not available yet

WOW – very impressive. A secret will be soon revealed. THe secret what is saved in the app-v cache files. Currently there is no way to show which files and keys are in the different cache files but soon the sft explorer will be released:

http://www.virtualisointi.fi/en/archives/193

App-V Stencils are not included in standard Visio. There are nice drawings from Microsoft but only as a full picture. Attached you can find some nice (well at elast I found them nice) stencils that I created related to the black/orange design of microsoft.

my colleague Ment van der PLas informed me yesterday, that App-V 4.6 is released. Well I checked out if the shared cache feature is documented – and I found this on technet. So my assumption is right. With shared cache you lose the agility! http://technet.microsoft.com/en-us/library/ee956915.aspx

The App-V Shared cache is the feature (see http://blogs.technet.com/virtualworld/archive/2010/01/20/getting-started-with-the-app-v-shared-cache-in-4-6-rc-part-1.aspx
) that was missing especially for VDI scenarios. You can share a single App-V cache file with multiple clients, thus saving a lot of storage and the precache headache for virtual applications. But how can you manage this central shared cache file. Because currently there is no documentation out I had to find out on my own. It seems that you only can create the cache file, which is normally stored at C:\programdata\Microsoft\Application Virtualization Client\SoftGrid Client\sftfs.fsd, on a standard App-V client. If the cache is filled with the right applications, you need to copy the sftfs.fsd file to the central location. You cannot exchange this file, while other clients access the shared cache. That means that you really need a downtime for managing this virtual application. So you gain the advantage of need of less storage by losing the agility of streaming.
I hoped that on client can have write access to the shared cache, but if this is enabled the read only clients will not start. So the process for such a scenario need to include a real downtime of all appliances that access the shared storage. Because it is still beta and no documentation is available there is probably a different way – hoping someone can comment.

and one more how to for shims – the thing is about redirecting registry queries. This you do with the shim “virtualRegistry” – the parameter is:

AddRedirect(Originalkey^Redirectedkey) blanks need to be filled with %20 so for example if you want to reidrect “HKLM\Software\with blank” to “HKCU\Software\Blank” you have to write:

AddRedirect(HKLM\Software\with%20blank^HKCU\Software\Blank)