Friday 15 April 2011

Virtual IE6: Gateway to Chrome


As of late, I have been writing more "here is an interesting fact" or "have a look here at this new bit of technology news".  Today, I am going to have express my personal opinion.

First the fact:  Microsoft does not want anyone to virtualize Internet Explorer 6 (IE6)  for deployment on Windows 7 without shipping a copy of Windows XP as well.

And next the opinion; this is a bad idea.

Some may disagree, as Microsoft has published a white paper titled, "Solutions for Virtualizing Internet Explorer" which you can read here:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=495934c8-5684-451c-a16e-5ceb50706a42

This Microsoft white paper is pretty extensive (at 31 pages) and offers 3 solutions for virtualizing IE6 including;

1) Microsoft Med-V
2) Terminal Services (and therefore RDS and Citrix)
3) Windows XP Mode

These solutions will work - as they can deliver IE6 web applications but not as an integrated desktop solution. A few vendors were trying to deliver an integrated virtualized solution for IE6  via ThinApp, SVS and Spoon.NET. Microsoft took a pretty strong view that other than the three above listed virtualization options (Med-V, TS and XP Mode) you should not virtualize IE6 due to licensing constraints as explained in the Microsoft Lifecycle Support note here;
"Internet Explorer is considered as a component of the operating system (OS) for which it was released. The support timelines for IE are inherited from the OS and its associated service packs. Basically, this means that the versions of Internet Explorer that shipped for a specific OS or service pack will be supported with the support lifecycle of the OS or service pack. Support for older versions of IE will not end unless we ship a replacement version of IE in a future OS service pack."
You can read the whole document here: http://blogs.technet.com/b/lifecycle/archive/2009/06/27/the-support-lifecycle-for-internet-explorer.aspx

Also, you can read the Gartner article on this topic here: http://blogs.gartner.com/neil_macdonald/2010/09/22/virtualizing-ie6-using-application-virtualization-violates-microsofts-eula/

So, according to Microsoft, unless you virtualize a whole copy of IE6 and the surrounding  operating system (in this case Windows XP) you can't virtualize IE6.

I think that this decision is a mistake. I can understand that Microsoft wants (and needs) people to move off of IE6 and move to Windows 7.  However, requiring a full copy of Windows of XP for each instance of IE6 is too much. Particularly, for large enterprise clients who may only have 1 or 2 web-based IE6 dependency  business- critical applications that are used by thousands of clients. This would require thousands of additional copies of XP and the associated management costs.

As a direct result of the these constraints imposed by Microsoft, we see a large number of enterprise clients effectively saying "Never again!" to a single browser desktop model. Most of our clients were happy with a single browser on XP. The advantages of this approach strongly out weighed any negative considerations. However, with Windows 7 we are seeing a dual-browser approach adopted by large enterprises. And, predominantly that other browser is Google's Chrome.

As a direct result of Microsoft's restrictive policy on IE6, we are seeing the introduction of Chrome on enterprise desktops. Surely, this was not the plan??



Wednesday 13 April 2011

April Patch Tuesday 2011: Massive Update, Moderate Impact


With this Microsoft Patch Tuesday update, we see a large number of updates, 17 in total, in comparison to the recent small list of updates released by Microsoft for the months of January, February and March. Of these, 9 are rated Critical and 8 are rated Important. Although this is a large update from Microsoft, the potential impact of the updates is likely to be small due to the small number of applications dependent on the changes. Of the all of the Microsoft Security Updates released on this April Patch Tuesday, the ChangeBASE team recommends that the patches MS11-025 (Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution) and MS11-029 (Vulnerability in GDI+ Could Allow Remote Code Execution) are given the highest testing focus for this batch of releases.

As part of the Patch Tuesday Security Update analysis performed by the ChangeBASE team, we have seen only a moderate cause for potential compatibility issues.
Given the nature of the changes and updates included in each of these patches, most systems will require a reboot to successfully implement any and all of the patches and updates released in this April Patch Tuesday release cycle.

Here is an example of the results generated from AOK for the patch MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)



Testing Summary
  • MS11-018 : Cumulative Security Update for Internet Explorer (2497640)
  • MS11-019 : Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455)
  • MS11-020 : Vulnerability in SMB Server Could Allow Remote Code Execution (2508429)
  • MS11-021 : Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)
  • MS11-022 : Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2489283)
  • MS11-023 : Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293)
  • MS11-024 : Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution (2527308)
  • MS11-025 : Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)
  • MS11-026 : Vulnerability in MHTML Could Allow Information Disclosure (2503658)
  • MS11-027 : Cumulative Security Update of ActiveX Kill Bits (2508272)
  • MS11-028 : Vulnerability in .NET Framework Could Allow Remote Code Execution (2484015)
  • MS11-029 : Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)
  • MS11-030 : Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)
  • MS11-031 : Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666)
  • MS11-032 : Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2507618)
  • MS11-033 : Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2485663)
  • MS11-034 : Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2506223)


Patch NameTotal
Issues
Matches
Affected
RebootRatingRAG
Microsoft Security Bulletin MS11-018<1%<1%YESGreen
Microsoft Security Bulletin MS11-019<1%<1%YESGreen
Microsoft Security Bulletin MS11-020<1%<1%YESGreen
Microsoft Security Bulletin MS11-021~1%~1%YESGreen
Microsoft Security Bulletin MS11-022~1%~1%YESGreen
Microsoft Security Bulletin MS11-023~1%~1%YESGreen
Microsoft Security Bulletin MS11-024<1%<1%YESGreen
Microsoft Security Bulletin MS11-02534%3%YESAmber
Microsoft Security Bulletin MS11-026<1%<1%YESGreen
Microsoft Security Bulletin MS11-027<1%<1%YESGreen
Microsoft Security Bulletin MS11-028<1%<1%YESGreen
Microsoft Security Bulletin MS11-02944%4%YESAmber
Microsoft Security Bulletin MS11-030<1%<1%YESGreen
Microsoft Security Bulletin MS11-031~1%~1%YESGreen
Microsoft Security Bulletin MS11-032<1%<1%YESGreen
Microsoft Security Bulletin MS11-033<1%<1%YESGreen
Microsoft Security Bulletin MS11-034<1%<1%YESGreen

Legend:
No IssueNo Issues Detected
FixablePotentially fixable application Impact
SeriousSerious Compatibility Issue

Security Update Detailed Summary
MS11-018Cumulative Security Update for Internet Explorer (2497640)
DescriptionThis security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 is not affected by the vulnerabilities.
PayloadBrowseui.dll, Html.iec, Ieencode.dll, Iepeers.dll, Mshtml.dll, Mshtmled.dll, Mstime.dll, Shdocvw.dll, Tdc.ocx, Urlmon.dll, Wininet.dll
ImpactCritical - Remote Code Execution

MS11-019Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455)
DescriptionThis security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server.
PayloadMrxsmb.sys
ImpactCritical - Remote Code Execution

MS11-020Vulnerability in SMB Server Could Allow Remote Code Execution (2508429)
DescriptionThis security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities.
PayloadSrv.sys, Xpsp4res.dll
ImpactCritical - Remote Code Execution

MS11-021Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)
DescriptionThis security update resolves nine privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadExcel.exe
ImpactImportant - Remote Code Execution

MS11-022Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2489283)
DescriptionThis security update resolves three privately reported vulnerabilities in Microsoft PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadVbscript.dll
ImpactImportant - Remote Code Execution

MS11-023Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293)
DescriptionThis security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file or if a user opens a legitimate Office file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited either of these vulnerabilities could gain the same user rights as the logged on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadIetag.dll, Ietag.dll_1033, Mso.dll
ImpactImportant - Remote Code Execution

MS11-024Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution (2527308)
DescriptionThis security update resolves one publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opened a specially crafted fax cover page file (.cov) using the Windows Fax Cover Page Editor. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadFxscover.exe
ImpactImportant - Remote Code Execution

MS11-025Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)
DescriptionThis security update resolves a publicly disclosed vulnerability in certain applications built using the Microsoft Foundation Class (MFC) Library. The vulnerability could allow remote code execution if a user opens a legitimate file associated with such an affected application, and the file is located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by the affected application.
Payloadappcore.cpp, array_s.cpp, Atl.lib, atl71.dll, atl71.pdb, atlbase.h, atlbuild.h, atlcom.h, atlcomcli.h, ATLComTime.inl, atldload.lib, atlevent.h, atlhost.h, atlmincrt.lib, atlmincrt.pdb, atls.lib, atls.pdb, atlsd.lib, atlsd.pdb, atltime.h, atltime.inl, atlwin.h, bardock.cpp, dbcore.cpp, dlgcore.cpp, dllinit.cpp, docmgr.cpp, eafxis.lib, eafxis.pdb, eafxisd.lib, eafxisd.pdb, filelist.cpp, filest.cpp, isapi.cpp, mfc.bsc, mfc71d.dll, MFC71.dll, mfc71.lib, mfc71.pdb, mfc71.prf, MFC71CHS.DLL, MFC71CHT.DLL, mfc71d.lib, MFC71D.MAP, MFC71d.pdb, MFC71DEU.DLL, MFC71ENU.DLL, MFC71ESP.DLL, MFC71FRA.DLL, MFC71ITA.DLL, MFC71JPN.DLL, MFC71KOR.DLL, MFC71u.dll, mfc71u.lib, MFC71U.MAP, mfc71u.pdb, mfc71u.prf, mfc71ud.dll, mfc71ud.lib, MFC71UD.MAP, mfc71ud.pdb, mfcdload.lib, mfcs71.lib, mfcs71.pdb, mfcs71d.lib, mfcs71d.pdb, mfcs71u.lib, mfcs71u.pdb, mfcs71ud.lib, mfcs71ud.pdb, nafxcw.lib, nafxcw.pdb, nafxcwd.lib, nafxcwd.pdb, nafxis.lib, nafxis.pdb, nafxisd.lib, nafxisd.pdb, objcore.cpp, occcont.cpp, occdlg.cpp, oleasmon.cpp, oledlgs1.cpp, oledobj2.cpp, olefact.cpp, olepset.cpp, olestrm.cpp, oleui2.cpp, statreg.h, uafxcw.lib, uafxcw.pdb, uafxcwd.lib, uafxcwd.pdb, VC_User_ATL71_RTL_X86_---.msm, VC_User_MFC71_Loc_RTL_X86_---.msm, VC_User_MFC71_RTL_X86_---.msm, winctrl3.cpp, winfrm.cpp, winocc.cpp
ImpactImportant - Remote Code Execution

MS11-026Vulnerability in MHTML Could Allow Information Disclosure (2503658)
DescriptionThis security update resolves a publicly disclosed vulnerability in the MHTML protocol handler in Microsoft Windows. The vulnerability could allow information disclosure if a user visited a specially crafted Web site. In a Web-based attack scenario, a Web site could contain a specially crafted link that is used to exploit this vulnerability. An attacker would have to convince users to visit the Web site and open the specially crafted link.
PayloadInetcomm.dll
ImpactImportant - Information Disclosure

MS11-027Cumulative Security Update of ActiveX Kill Bits (2508272)
DescriptionThis security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft software. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page that instantiates a specific ActiveX control with Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for three third-party ActiveX controls.
Payload
ImpactCritical - Remote Code Execution

MS11-028Vulnerability in .NET Framework Could Allow Remote Code Execution (2484015)
DescriptionThis security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.
Payload
ImpactCritical - Remote Code Execution

MS11-029Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)
DescriptionThis security update resolves a privately reported vulnerability in Microsoft Windows GDI+. The vulnerability could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadGdiplus.dll, Gdiplus.man
ImpactCritical - Remote Code Execution

MS11-030Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)
DescriptionThis security update resolves a privately reported vulnerability in Windows DNS resolution. The vulnerability could allow remote code execution if an attacker gained access to the network and then created a custom program to send specially crafted LLMNR broadcast queries to the target systems. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. In this case, the LLMNR ports should be blocked from the Internet.
PayloadAfd.sys, Dnsapi.dll, Dnsrslvr.dll, Mswsock.dll, System.adm, Tcpip.sys, Tcpip6.sys
ImpactCritical - Remote Code Execution

MS11-031Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666)
DescriptionThis security update resolves a privately reported vulnerability in the JScript and VBScript scripting engines. The vulnerability could allow remote code execution if a user visited a specially crafted Web site. An attacker would have no way to force users to visit the Web site. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.
PayloadJscript.dll, Vbscript.dll
ImpactCritical - Remote Code Execution

MS11-032Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2507618)
DescriptionThis security update resolves a privately reported vulnerability in the OpenType Compact Font Format (CFF) driver. The vulnerability could allow remote code execution if a user views content rendered in a specially crafted CFF font. In all cases, an attacker would have no way to force users to view the specially crafted content. Instead, an attacker would have to convince users to visit a Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.
PayloadAtmfd.dll
ImpactCritical - Remote Code Execution

MS11-033Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2485663)
DescriptionThis security update resolves a privately reported vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.
PayloadMswrd8.wpc
ImpactImportant - Remote Code Execution

MS11-034Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2506223)
DescriptionThis security update resolves thirty privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
PayloadWin32k.sys
ImpactImportant - Elevation of Privilege


*All results are based on an AOK Application Compatibility Lab’s test portfolio of over 1,000 applications

Monday 11 April 2011

Microsoft Patch Tuesday for April 2011: A Preview


Well, we had a bit of a break last month with just a few Microsoft Security Updates. Most importantly, last month we really could not see any real application compatibility or dependency impact on our sample application portfolio of roughly 1000 application packages.

That said, Look out for April - we have a massive update coming. And our preview tells us that there are going to be some issues.

From the previous it looks like we have the following update profile;

  • 9 Updates rated as Critical, 8 rated as Important
  • 1 Update related to Elevation of Privilege
  • 15 updates to resolve Remote Code Execution issues
  • 1 Update is related to potential Information Disclosure issues

I have created a chart that details the affected platform here:



Note: I have BOLDED the interesting updates, and the * for the Windows 7 and Server 2008 platforms relate to both 32-bit and 64-bit platforms.

You can read the preview here: http://www.microsoft.com/technet/security/Bulletin/MS11-apr.mspx

As we do every month, I will post an update on the sample results from out test portfolio on the potential application compatibility issues that each Microsoft Security update may present.


Friday 8 April 2011

AOK Lite: Windows 7 Application Compatibility for Everyone


I can't describe how excited I am about this our latest release of our automated application compatibility product  - AOKLite.

Working with the Microsoft Springboard team, we have created a downloadable version of Changbase's AOK product with a focus on Windows 7 compatibility.

You can find the link to the AOK Lite site here: http://www.changebase.com/aoklite/aoklite.aspx

Once you register you can download a trial version of AOK and test YOUR applications for Windows 7 compatibility issues. And, most importantly, you can automatically fix those issues.

Stephen Rose from Microsoft has posted an update on the Microsoft Springboard forum  with the following notes;

"First, ChangeBASE, the AppCompat testing and remediation specialist, has partnered with Microsoft to develop AOKLite. AOKLite, which launches today, is a free downloadable version of ChangeBASE’s core software, the AOK Workbench which enables members of the TechNet community to test and automatically fix up to 10 applications ahead of migration. It automates the process of identifying and solving incompatibilities between new or updated software and the existing infrastructure, as well as highlighting incompatible applications before a migration takes place. It also automates many of the other tasks in the packaging process, such as enforcing standards, resolving inter-application conflicts and Windows Installer errors, to enable faster, more cost-effective migrations."


If you have any questions on AOK Lite, please feel free to submit them to our AOK Lite forum located here: http://www.changebase.com/aoklite/forum/

I will try to personally answer a number of them - so I can see a few blog posts in the future relating to any common issues/scenarios encountered.

Happy downloading and looking forward to your thoughts on AOK Lite.




Wednesday 6 April 2011

AOK Link-bait: Industry Reading for fun and profit


My colleague Carl has done it again, and has collected some great links to some industry reading.

Here are a sub-set of the best links for your perusal. 

Windows 8 Milestone 3 is available on Microsoft Connect and its users are leaking info:

  • Its explorer is going to have a ribbon with sync capability ‘similar to Windows Live Mesh to synchronize folders across computers. On top of that, “Web sharing” might enable SkyDrive-like functionality to make their files and folders accessible through a web URL, for easy sharing’
  • It has History Vault like Apple’s time machine
  • System Reset feature wipes and reinstalls windows
  •  Pretty wallpaper
  • Windows Home Server 2011 operating system is available
  • 29 years of Microsoft.  Nice vid
  • Usual new Windows 7 themes link, seaside this month.

Browser News

Office
Office 15 first leaks and screenshots

Cloud
  • A new player in the storage area, Amazon Cloud lets anyone store 5Gb online.  If you store music there you can stream it to your phone, after the legal issues are resolved.
  • Windows Intune update
  • Cloud-based meetings

Mobile

Packaging

Virtualization
  • App-V 4.6 is in WSUS
  • App-V 4.6 SP1 and MED-V 2.0 are available as part of MDOP 2011.
  • A special version of Windows 7 called Windows Thin PC has been launched by Microsoft for VDI use.  In addition to Windows 7 functionality, “Windows Thin PC has incorporated a number of embedded specific enhancements to help lock down public facing devices, including Write Filters for creating stateless or semi-stateless environments, suppression of unwanted dialog message boxes, and a keyboard filter for suppressing unwanted keystrokes […] “.  That sounds like they’ve built in some virtualisation into the OS.  This is Carl’s top tip for something interesting watch out for.


Fun stuff that you stick at the end
The Indian Rupee has its own currency symbol. Update windows to be able to use it.
Hellish facial recognition

Twitter is 5 years old, everything is boring except computers (warning: links contain swearing and puerile humour)


Of course, the IE9 application compatibility cook book will be a favorite for readers of this blog.

Monday 4 April 2011

Server App-V: Shift, Pause and Play for Server Applications


Well, to say that my time in Las Vegas at MMS 2011 was well ... Spent... Would be accurate.

Whether it was well spent - is another question. That said, I was able to meet up with the Microsoft App-V team (thanks Sean, Lidiane and Angie) and we were able to chat a little about the next version of App-V (version 5) and also spend some time on the new release of Microsoft's server application virtualization product - Microsoft Server App-V

There is a "release update" blog posting from the Microsoft Application Virtualization team blog, where you can read about this cool server-based virtualization product here:
http://blogs.technet.com/b/virtualization/archive/2011/03/25/microsoft-server-application-virtualization-it-s-all-about-the-app.aspx

This is a pretty detailed posting about the features of the Server App-V product with some important optimizations which include;

  • State persisted to local disk
  • Windows Services
  • IIS Applications
  • Registry
  • COM+/DCOM
  • Text-based Configuration Files
  • WMI Providers
  • SQL Server Reporting Services
  • Local users and groups
  • Java

The key bits here are that I am interested in are the state persistence, COM+DCOM and services support.  From what I understand, the Server App-V does not take a bubble or isolated approach to virtualizing each application - from what I understand it's more a "layer" approach. Where the application is installed on the target platform - but isolated from the server build.

This approach has a couple of benefits :

  1. COM+/DCOM applications are likely to work
  2. Services support - a key benefit for server platforms
  3. Reduced virtualization application compatibility potential - More apps will work!


There are a few downsides to this approach;

  1. You may get application level conflicts
  2. Middleware dependencies and components may require a little more thinking/planning 

My favourite bit about this whole approach is that you can "Pause" an application - save that state and then move that application (with it's saved state intact) and move it to another platform. This is a killer feature and should make Server App-V a big hit with the data-center boys.