Monday 29 November 2010

App-V and DCOM Support: Not quite there yet

Don't touch that dial! DCOM TV is here...

Well not quite... but we have some cool videos to show you ... of course you need to be interested in DCOM application compatibility support for Microsoft virtualization technology App-V. If you are then be prepared to be entertained!..

Or at least informed.

OK, so here is the story. We were trying to determine if Microsoft's App-V 4.6 SP1 supported DCOM. Previous versions of App-V did not and so we created a small "test" application that utilized Microsoft's DCOM technology to perform a simple test. In this case, multiplying a number by 2.

As you will see in the video (see link attached below), the sample DCOM application functions correctly under a native environment but does not work properly under an App-V virtualized environment.

Here is the link to the AOK ChangeBase DCOM Youtube video;

AOK DCOM Virtualization Video 

So, no DCOM support for App-V 4.6 SP1.  But hey, at least we get a brand new set of command line functions and improved Sequencer UI... Ooops, looks like I gave away the headlines for one my next posts.

There are a few more of these demonstration style videos about to be released. So watch out for the AOK YouTube channel.

Friday 26 November 2010

ThinApp 4.5 and 4.6 (Isolation not Virtualization)

A colleague (Carl) mentioned this morning that the VMware Virtualization technology called ThinApp was updated a little while ago. VMware describes the ThinApp technology with the following,
" applications are packaged into single executables that run completely isolated from each other and the operating system for conflict-free execution on end-point devices."
Well, if you are packaging applications and need to isolate them (notice that I don't use the over-used term Virtualization) then ThinApp is a pretty good choice.

You can download ThinApp here:

And, the latest SDK here:

If you downloaded the previous version of the SDK (4.5), then it may be helpful to note the differences between 4.5 and 4.6, described in the following snippet from VMware;

  • Full support for Internet Explorer 6 running on Windows 7.
  • ThinApp has been successfully used to help customers virtualize and isolate many browser related issues such as ActiveX controls and various versions of Java.
  • Adds the ability to “Harvest” Internet Explorer 6 from an existing Windows XP instance.
  • Adds a new “ThinDirect” feature which allows redirecting of URLs from native to virtual browsers.
  • Adds support for registering virtual services as boot-time applications
As you will note from the updated features in 4.6, it really looks like the focus for this ThinApp update is Internet Explorer 8 and compatibility issues associated with the migration from IE6 to IE8.

You can also check the VMware blog on What's new with ThinApp 4.6 here:


Tuesday 23 November 2010

TechEd Berlin - Teched Out!

As many of you know I was at TechEd a few weeks back and it’s taken this long for my feet to recover, catch up and generally get back on track.

The first thing I want to do on this posting is congratulate Christopher Mallon of the University of Manchester. He joined us on the ChangeBASE stand and was entered into our prize draw for a weekend for two in Europe. Chris has chosen a spring weekend in Rome for him and Mrs Mallon, which I’m sure will be fantastic.

For those who were at TechEd, I’m sure you’ll agree there’s some pretty exciting stuff happening in the Microsoft world at the minute and we’re very excited about how this knits into AOK and our development roadmap.

Talking to delegates on the ChangeBASE stand and our partners such as Dell, Converter Technology and Flexera, the big thing for me personally was that the industry is really ramping up on their Windows 7 migrations. It looks like 2011 will be the year that the OS makes its mark on the market, and in addition, 64-bit seems to be leading the charge as the preferred hardware platform.

Two other developments from Microsoft stood out for me. The first is the launch of App-V 4.6 SP1. The announcement made on the Wednesday night highlighted the inclusion of some key areas that further position App-V as a major player in the virtualisation space.  The second most exciting thing for me was Remote FX – the new graphics technology built in to Terminal Services.

From a ChangeBASE perspective, if the success of TechEd Berlin is anything to go by, we’ll be out in force at these events in the future.
(I’ll be putting a foot spa and new shoe leather on my Christmas list!)

Monday 22 November 2010

Internet Explorer 8: Sample Compatibility Results

    OK - I admit it. I promised this a little while ago and it took me longer to produce some of the results. I blame TechEd Europe in Berlin... and the week after, which was just as manic!
    I wanted to spend a few minutes discussing some of the AOK Internet Explorer Plugins that we have developed for our clients to analyse their web applications for Internet Explorer 8 web-application compatibility issues.
    Loading web-applications applications into AOK is pretty easy, as we follow the same basic principles as loading desktop applications. It can be a Drag'n'Drop operation from an IIS source directory, a web URL (i.e. or, or we can capture client data and complex application logic through our Client Side Capture tool.
    Here is a quick sample of applications (non-client of course) that I have already loaded into AOK;
    And, once you load your applications into the AOK database, you can then check your applications against our collection of  Internet Explorer 8 Compatibility Analysis, from which I have included a small sample here:
    And look at the results...
    It's going to take a while to explain all of these issues. I wont' be able to cover all these issues in this posting, but there are some which are pretty straightforward; Version Checking and Case Sensitivity are both common issues and computationally pretty straightforward to understand. Other IE8 compatibility issues are more difficult to detect, such JavaScript and conditional logic issues.
    As AOK parses the websites and related JavaScript code, we have to completely understand the syntax and the intention of the JavaScript, and then interrogate the result to determine real compatibility issues that may be experienced by a client viewing a web site or web-application through Internet Explorer 8.

    Here is a quick summary of some of the issues, that AOK discovered when interrogating a number of URL's and web based applications.
    As you probably won't be surprised here, the biggest IE8 compatibility issue is not strictly Internet Explorer's fault. It's nasty, bad developer types who have not catered for Internet Explorer 8. And the result is that the biggest issue is Browser Version Checking. You will hear more about this in the next post on this blog... Don't worry - I won't rant. Don't need to.
    I have data to support me.

Wednesday 17 November 2010

Static Analysis versus Dynamic for Application Compatibility Assessment

Today I get to talk a little about one of the approaches that I use to capture application data and subsequently analyse for application compatibility, suitability and quality issues.

Our company employs an approach termed "static analysis" as it takes an application package (generally a MSI application package) whereas the application package configuration information is extracted and then inserted in a specially formatted database. In addition, all of the binaries (files) included in that application package are extracted to the target file-system and all binary information including; API's, COM, DLL header and dependency information is captured and inserted into a target database.

"Dynamic Analysis" requires the actual exercising of an application (installing, configuring, running, testing, uninstalling). This is a deep-dive approach that really suits application developers but not necessarily corporate system administrators.

For example, the following questions are raised when conducting dynamic analysis testing scenarios.

  1. Do you need to test/exercise/run your applications for a period of time (months/weeks) ?
  2. Do you need to install an agent?
  3. Do you need to create model office? (workstations, power, networking, OS config)? 
  4. Do you need to install the application and configure it?
  5. Do you need to spend 4, 8, 24 hours testing your applications?
  6. Can you capture the testing data and then re-analyse the results for other platforms? 64-bit, App-V, Citrix, RDS, Office 2010, Internet Explorer 8/9?
  7. How do you create consistent test results from other testers and locations?
  8. Do you need access to back-end systems and databases?
  9. Do you need to acquire/configure/install future planned test applications (license issues) ?

And, here are some of the benefits of using the static analysis approach

  • No agent: no change control requirement, no risk to business production environment
  • No applications licenses required, no copyright issues.
  • Applications binary level analysed, not installed or run
  • Application data-capture and analysis in minutes - Vastly improved reporting time
  • Applications can be cross-tested against different technologies and platforms

Of course, I have a bias here. And, I promise to post more on the strengths and weaknesses of both approaches.

Monday 15 November 2010

AOK 4.0 is a Go!

Home! - Got some sleep, saw the kids, looked at a (largeish) pile of receipts.... What?

Yes, here I am - in post TechEd syndrome - I tend to smile at everyone now, and assume (naturally),  that everyone needs to urgently discuss application compatibility right now.This will take a little while to wear off. My kids are enjoying my return with Jenny (my 3-year old) expressing a strong interest in German porcelain dolls and wondering if I was still doing "slap-hat" this week.

And oooh what a week last week was.... . Everyone was busy, with Chris Jackson doing the heavy-lifting with 11 sessions, Aaron in the App-Compat sweat/workshops and Mark Russinovich doing his best to keep up with the Dutch Dance Assassins.

And.... There is a bunch of new stuff coming out of ChangeBase over the next few weeks. We have revved up the reporting and analytical engine for the AOK tool-set and will have a release out in the next shot while or so.

I am working with the good people in  Marketing to see what I can and can't say and will publish some of the new/exciting bits in my blog soon.

But, expect the following enhancements;

  • Improved Reporting (we can now handle 50, applications/packages)
  • Improved Handling of Conditional Logic 
  • Enhanced Reporting tools (your own custom slice and dice analysis tool)
  • Support for new application package formats
  • Integrated web-application support

More to come ... but first, I have to troll through the thousand or so emails that I received/missed while at TechEd - this may take me some time....

Thursday 11 November 2010

Microsoft Patch Tuesday: Application Compatibility Update

Executive Summary
With this November release of the Microsoft Patch Tuesday update we see a very light update after last month’s massive patch of security bulletins. With one “critical”, and two “important” updates, we see the MS10-087 patch raised a number of issues which warrant an AOK Amber grading. Given the extent of the testing of package level and dependency analysis the ChangeBASE impact analysis team recommend further analysis and extensive testing of the patch (MS10-087 – highlighted below) against their client’s application portfolio.

MS10-087 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution

Testing Summary
  • MS10-087 : "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)"
  • MS10-088 : "Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386)"
  • MS10-089 : "Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074)"

Patch NameTotal
Microsoft Security Bulletin MS10-0872%2%YESAmber
Microsoft Security Bulletin MS10-088<1%<1%YESGreen
Microsoft Security Bulletin MS10-089<1%<1%YESGreen

No IssueNo Issues Detected
FixablePotentially fixable application Impact
SeriousSerious Compatibility Issue

Security Update Detailed Summary
MS10-087Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)
DescriptionThis security update resolves one publicly disclosed vulnerability and four privately reported vulnerabilities in Microsoft Office. The most severe vulnerability could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadIetag.dll, Mso.dll
ImpactCritical - Remote Code Execution

MS10-088Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386)
DescriptionThis security update resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadPowerpnt.exe, Powerpnt.exe_1033, Powerpnt.exe_1049, Pp7x32.dll
ImpactImportant - Remote Code Execution

MS10-089Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074)
DescriptionThis security update resolves four privately reported vulnerabilities in Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow elevation of privilege if a user visits an affected Web site using a specially crafted URL. However, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site., Adfs.internalsite.de_de.xml, Adfs.internalsite.en_us.xml, Adfs.internalsite.es_es.xml, Adfs.internalsite.fr_fr.xml, Adfs.internalsite.it_it.xml, Adfs.internalsite.ja_jp.xml, Adfs.internalsite.ko_kr.xml, Adfs.internalsite.pt_br.xml, Adfs.internalsite.ru_ru.xml, Adfs.internalsite.zh_cn.xml, Adfs.internalsite.zh_tw.xml,, Internalsite.de_de.xml, Internalsite.en_us.xml, Internalsite.es_es.xml, Internalsite.fr_fr.xml, Internalsite.it_it.xml, Internalsite.ja_jp.xml, Internalsite.ko_kr.xml, Internalsite.pt_br.xml, Internalsite.ru_ru.xml, Internalsite.zh_cn.xml, Internalsite.zh_tw.xml,, Monitor.sessionparameters.asp, Signurl.asp, Whlfilter.dll, Whlfiltsecureremote.dll
ImpactImportant - Elevation of Privilege

*All results are based on an AOK Application Compatibility Lab’s test portfolio of over 1,000 applications.

Friday 5 November 2010

Automated Fixing is good practice, good change control

I've been singing the praises of automation (hey, I am a computer guy) for several years now and in many instances it has been focussed on the application migration arena .  However, in more and more discussions with organisations the whole BAU (Business as Usual) topic pops up when we’re looking at application compatibility and maintaining that gold standard across the enterprise once the deployment is complete. Meaning, keeping the applications working while the organization changes above and below the application stack.

So this got me thinking about organizational Change Control and how automation fits in. Here’s my "50,000 Application"  view of the benefits of automation for Change Control within an organization;
  1. Automation is good for change control –because of its orderly, process driven fashion it makes it easy for system administrators to achieve consistency across all changes with the application estate.
  2. Automation by its very nature will have some form of log files build it. This puts more than a tick in the box for the auditing process and makes referring back to issues /process simple, quick and cost effective. Auditing tracks user actions and with good logging, you get the logic of the reporting and remediation process as well.
  3. Consistency – already mentioned in part 1 – the removal of human error is key here. When it comes to migrating an application estate of native, web, browsers and portals, consistency is king. Automation enables organisations to achieve this.
  4. It’s quick, it’s fast and it’s cheap. Automation frees up resource to focus on the bigger issues, it saves time and money both things the enterprise is short of in today’s economic climate. Computers are cheap, people are great, but not cheap.
  5. Automation is trustworthy. This is a big leap for some. You trust your calculator because you have used it enough times and it has been right enough times to earn that trust. Automation algorithms (I prefer the term recipes) are generated by humans, performed by computers but generally tested by humans. When you trust an algorithm, you are trusting the humans who tested the outcome. Automation outcomes get tested by more people, more often and generally under more conditions than a manually performed process. Once you get automation right, it stays right, for longer.

So, if you are playing chess, calculating Pi or fixing application compatibility issues, I would place my bets on the  organic/fleshy coach, and the silicon player any time.

See you in Berlin next week!

Thursday 4 November 2010

Windows 7 underwhelms? I say unfair

“Organisations are underwhelmed by Windows 7 – Unfair I cry!”

The recent blog post by kind of surprised me somewhat. So much so that I felt compelled to put pen to paper or at a  least (two) fingers to key board!

Parsing the article, The research firm (Forrester)  indicates that;
The analyst firm said that the operating system has seen "far from overwhelming" take-up and is currently on just 10 per cent of enterprise PCs compared to 75 per cent for Windows XP. state that enterprises have been underwhelmed by Windows 7 and that the adoption rate has not been as expected. In our experience of over 200 Windows 7 pilots and migrations that’s not the case. We have seen a massive increase in global organisations starting to plan their migrations and deploy Windows 7 and IE8 projects which will roll out in 2011.

What these guys are missing is the "iceberg" effect of corporate IT deployments. To get a windows migration completed  you generally need big numbers of  the following;
  • days of planning
  • days of design
  • days testing
  • configuration, updates and additions to the enterprise IT system
  • days of User Acceptance Testing (UAT)
  • days of deployment 

  You can read between the lines and add buckets of tears and blood  - but, hey, no need to be dramatic.

Given, the client adoption rates we are seeing and the work/effort/time required to successfully get through a migration process, I think its fair to say that Windows 7 is now starting to take momentum. 

Throughout this year we’ve seen organisations take stock of their application estate, complete the testing and assess the reports and fix  their business critical applications as appropriate. For those who have not been at the coal face, the Windows 7 migration is an iceberg with such an amount of effort, time and resource going on behind the scenes to ensure the migrations are as smooth as possible. 

Rather than underwhelmed, I think that the Windows 7 migration success story is decidedly under-reported.

Monday 1 November 2010

IE6: Windows 7 hits the brakes... or a wall.

Hey, the Slashdot blog site has been talking about IE6 - IE8 compatibility issues. This is an area which I've been doing alot work in over the last year and there are several things that come out time and time again from working with global organisations

Most importantly, it not just me whingeing now... Everyone is doing it.. Nothing like being first on the complain train...

You can have a look here:

and also here:

So, here are some thoughts on the IE6 compatibilitz problem space, and how it affects organizations moving to Windows 7;

1. Percentage of web apps within the organisations - now equal with native installed apps. Five years ago with the XP migration it was more likely to a ration of 1:4 native versus web based apps forming the application portfolio. The number of web based apps today is totally unknown to the orgs as the chances are they have not assessed their web apps prior to planning the Win7 migration. And when they do come to carry out their due diligence the results are a bit of a shock.

2. Secondly, it's not just the web apps that won't migrate easily. URL's intranets, extranets and portals will have difficulty migrating as well. In many instances, organisations have not considered this factor into their migration plans and this can delay a migration by months.

Ultimately, the IE6 to IE8 and soon IE9 compatibility issue must be addressed to enable a smooth migration. How organisations do that is up to them but in my experience, proactive planning using market leading automated solutions can help speed the process enormously.

And you thought life would be easy... Migrating to Windows 7 used to be about desktop replacements... Now we have to consider;
  • Hardware Support for 64-bit
  • Virtualization Layer support (App-V)
  • Office Updates for inter-dependent applications
  • and.. the Browser (specifically IE6)

The fun never stops...