Monday 30 April 2012

Quest TEC Conference: 2012



I am enjoying the day in San Diego and working with some of the good people from Microsoft at the Quest TEC Conference.

Yes, today is early (very early) Monday and it's the Microsoft Enlighten day at the TEC 2012 Conference  - the first day of this conference and I will be helping out with the Windows Migration track and the Virtualization working groups.

Here is a brief synopsis of the Microsoft technologies day;

The new Quest Workspace Management sessions will focus on Windows 7 Migration, Application Compatibility, Application Virtualization, VDI, Session Virtualization and topics related to delivery and management of the User Workspace – from applications and data to settings and operating systems.  

Plus, since most enterprise customers leverage solutions from Microsoft partners to extend the functionality of foundational Microsoft technologies, TEC will also feature expert content on managing in cross-platform environments.

TEC is for the experts by the experts and, as such, the sessions are highly technical (300-400 level) and include both instruction and demonstration led by some of the world’s top technologists. Join us for TEC for Virtualization & Workspace Management! Nothing’s lost, as you’ll find plenty of cloud-related content in the 125+ sessions hosted across the 10 conference tracks.

You can read more about the Experts day here: http://www.theexpertsconference.com/us/2012/virtualization-cloud/

Looking forward to meeting up with Brian Madden, Justin Zarb as well as some of the leading lights from Quest such as Patrick Rouse.


Saturday 28 April 2012

Updated Microsoft App-V File Specification


Another quick post, as I am travelling. Currently in San Diego helping with the Quest TEC Conference.

I was sent a link today from my colleague at Quest via a Twitter link (thanks Patrick). I guess that I am a bit old school but, even though I tweet my blog posts to my friends/family/fools and I don't seem to be able to make time to tune into many other twitter feeds.

That said, this link was helpful as it led me to the updated App-V ("V Next) file description. 

You may not be aware of the "troubled" history of this kind of documentation. In the earl days of App-V, the App-V or SFT file format was important to understand and completely opaque. In addition, in those early days (2007/2008) there were very limited tools for editing and viewing. In fact, initially the Microsoft App-V SFT files were a black box. You couldn't view the contents and instead of editing files (like MSI Installer packages) you had to start all over again to make any changes to an App-V package.

As a group (ChangeBASE at the time) we were pretty keen to understand the format and paid a number of consultants to help us with the documentation and understand the file format. This effort turned out to be quite useful as it eventually led to the ChangeBASE AOK product to be able natively load App-V packages and then more recently to automatically convert MSI Installer packages automatically into Microsoft App-V applications.

Now, it's so easy - you can just download the documentation from the MS website… Makes me kinda nostalgic for the good ole days..




Monday 23 April 2012

Mobilism: Learn about browser compatibility

If you are in Amsterdam in May, you and you are interested in application compatibility and browser compatibility, you may want to checkout the Mobilism conference in Amsterdam in the Netherlands.

One of the leaders in browser based compatibility research, Peter-Paul Koch has done some great work with ChangeBASE in the past and has been a key figure in determine what technical issues may cause a web-based application to fail to work or appear correctly.

Peter-Paul (Or more commonly known as PPK) is presenting on the 1st day, May 10th ( at 10:20). You should check his presentation out!

Here is a brief synopsis of his presentation;
 "PPK will attempt to bring some order in the chaos by discussing about seven of the most important actors, their relations, and their long-term plans. After this talk you can amaze your friends by explaining why Windows Phone will never amount to much, why Android fragmentation will become only worse, in which way Apple has stolen a march on its competitors, and what Nokia is doing."
You can find out about the conference here: http://mobilism.nl/2012

And hey, Amsterdam in the spring is beautiful - why not spend time there AND find out about browser compatibility


And more important, his browser compatibility site and blog: http://www.quirksmode.org/blog/

Friday 20 April 2012

Windows 8 gets BYOC

As a subscriber and avid "consumer" of Steven Sinofsky's blog postings on "Building Windows 8" I have posted a number of blog entries on the ChangeBASE application compatibility blog, most notably commenting on the Windows 8 on ARM platform with "Windows 8 on Arm (WoA): A birth of a new ecosystem".

Now that I have "moved up a level" to working with the Quest User Workspace Management team, I was delighted to see another great post from Steven's team on an area on which I will have to focus on over the next little while. Namely, managing applications in a BYOC (Bring Your Own Computer) environment.

Strictly speaking Quest uses the term BYOD (Bring Your Own Device) which intends to cover a slightly greater problem area with the inclusion of mobile devices and other peripherals. 

You can read more about the ideas behind Quest's UWM here:  http://www.quest.com/user-workspace-management/

Or even better, watch the introductory video from Shayne here: http://www.quest.com/tv/1496733762001/Quest-Software---User-Workspace-Management/Video/


Back to Steven's posting on managing applications on the forthcoming Windows 8 platform, which you can read here: http://blogs.msdn.com/b/b8/archive/2012/04/19/managing-quot-byo-quot-pcs-in-the-enterprise-including-woa.aspx

One of the challenges that I have been considering over the past little while was how Microsoft was going to manage internally developed applications. Specifically, how was Windows 8 going to install/update and retire Metro style applications when the client (company) did not want to publish their Line-of-Business (LOB) application on the publicly available Windows 8 Application store. There are obvious reasons for not publishing your internal applications on the Windows 8 store, not least the security concerns and most likely the overhead of publishing to Windows 8 store. 

Previously, we were told that for Windows 8 Metro applications, 
 “consumers obtain all software... through the Windows Store and Microsoft Update or Windows Update.” 

Now, with the addition of the WOA management client, Microsoft has added a fourth trusted source of software for the WOA platform. The Metro style self-service portal application, or SSP, is now the primary interface for the corporate user to access their management infrastructure.

Quoting from the post, there appear to be four types of applications that are supported by the Microsoft SSP including;
  • Internally-developed Metro style apps that are not published in the Windows Store
  • Apps produced by independent software vendors that are licensed to the organization for internal distribution
  • Web links that launch websites and web-based apps directly in the browser
  • Links to app listings in the Windows Store. This is a convenient way for IT to make users aware of useful business apps that are publicly available.

Here is a sample of the corporate application portal or SSP for the Microsoft example site Woodgrove;


As you will note, the styling and layout are consistent (the same??) as the Windows 8 store and should offer reduced training and support overheads for managing your internal Metro styled applications.

I guess the next question is how does a developer perform a manual  "test" install on a new machine without publishing to the SSP? 

You can find out the command line required to install and un-install a Metro style application here:  http://technet.microsoft.com/en-us/library/hh852635.aspx

Wednesday 18 April 2012

VDI Assessment Tools


I quite often talk about virtualization as part of the ongoing application migration story and I thought (since I now work for Quest) I should talk a little bit more about virtualization tools. There are quite a few about, but I thought that I should highlight the following technologies.

Quest VDI Assessment 
Quest VDI Assessment analyzes user behavior and desktop performance over time to build up a complete picture of application usage and resource consumption across the organization. Basically, it's installed in your pre-VDI desktop environment, then it watches what the users do, determines which applications are being used, monitors the intensity (or lack thereof) of each user workload, watches for peripheral usage, and more. After collecting that data for 30 days or longer, it builds a nice report that identifies the best virtualization candidates for different virtualization technologies and uses the results to help build out an ROI model that is unique to the organization. 

The Quest VDI Assessment tool is;
  • Available as an ESX or Hyper-V appliance
  • Identifies which of your users are a best fit for hosted or local (offline) VDI, Terminal Server/RD Session Host or Application Virtualization
  • Analyzes and reports on your current network, user and application usage
  • Assesses the viability of a Windows 7 deployment
  • Calculates improvement in VM density from leveraging Hyper-V Dynamic Memory
  • Pre-determines desktop, network, data center and storage needs to help you build a successful plan to migrate and manage your users with virtual desktops and applications
You can find out more here: Quest VDI Assessment
VDI Flash Calculator
You should  give Andre Leibovici's online
 VDI Flash Calculator a try. Remember, properly sizing your VDI environment is one of the most important aspects of creating a VDI infrastructure design. Without knowing and understanding the workloads and the types of users in your environment, you could be setting yourself up for failure.
If you want to know more about the VDI calculator options and features read the Manual at http://myvirtualcloud.net/?p=1927 or check out the VMware View Calculator Video Training at http://myvirtualcloud.net/?p=2551.
Login VSI
I have always been a fan of Login Consultants (many reasons, and for many years) and part of any good VDI management strategy is being able to determine the optimal hardware configuration required to support the required number of users and applications in your environment. 
Login VSI is a  virtualization specific benchmarking tool to measure the performance and scalability of centralized desktop environments such as SBC and VDI.
Login VSI helps with benchmarking, change impact analysis, load-testing and capacity planning
To find out more, read here: http://www.loginvsi.com/
Quest vWorkspace Desktop Optimizer
This free tool benefits from years of real world experience of desktop "optimizing knowledge," which is then exposed as a list of 40 various optimization settings that can be enabled or disabled using either a GUI interface or using the command line. This simple application allows you to make file and registry tweaks quickly and easily, and it provides the ability to store the details of the changes made for audit purposes. Although the tool is written for Quest vWorkspace environments, it works just as well with either Citrix XenDesktop or VMware View.
As with Quest's assessment tool, you can find support for this free optimization tool on the Quest community [16].
SolarWinds Storage Response Time Monitor
You've heard all about the storage I/O performance demands of VDI, so how do you keep track of storage response times and latency issues within your environment? That's where the free SolarWinds Storage Response Time Monitor  tool comes into play.


Monday 16 April 2012

The route to ChangeBASE


I was asked a little while ago how we came up with the name ChangeBASE and I had to laugh a little. Even though I think the name seems to "work" the journey to create it was a little circuitous and tells maybe a little a too much about my friends and I. 

A few years ago, my mates and I  were playing around with BASE numbers such as BASE10 and BASE2 (decimal and binary). For those of you who have been watching and using ChangeBASE over the past few years, you will note that a number of the application compatibility rules and most of the application conflict rules are based on a 16x16 Binary Matrix.  So thinking in BASE2 was not necessarily alien to us though it did impede polite conversation in our local drinking establishment.

As one of those nights progressed and (more beer, more binary, less polite conversation) and through a fit of pique and caprice we decided to merge two conversations  (or "Loud Thinking") about change to Systems (note: the capital S here)  and how they should be presented.

"Delta's!",  Someone shouted. It's all about Delta's, if there is no change, then I am not interested.

"Fine!", we all agreed.

And then question was presented, "How do you represent change to a system?"

Physics comes in handy here, where change is represented with the Greek symbol Delta (see - it all makes sense now). Some commonly used “Delta’s”  relate to movement such as;
  
  1. Velocity 
  2. Acceleration
  3. Jerk
  4. Snap (or more formally, but less commonly Jounce)

Each of these types of changes are represented by differential equations such as; 

           

I wanted to combine these ideas of change to a "BASE" system. So, we tried VeloBASE, AcceloBASE and for some reason JerkBASE attracted a lot of attention  AND opprobrium (remember my comments on polite conversation) and so we came to Jounce. 

I loved Jounce -  it's sounds great.  Jounce would have been really cool. Unfortunately, everybody thought we were a cool media company or trying to compete with YouTube and so we decided to keep things simple.
"Chaps, it's all about change. We should try to create a platform that will allow our customers to capture information and predict and report the outcomes of future changes. It's a database of  changes, or a ChangeBASE."

Ahhh.... 

So, that's one version of the story. Here is another

Late one night, as the cleaning lady in Greg's office said, 
"Yep, all cleared away. Now this is something you can really BASE your work on. Yes, a good strong BASE for you now...."

References:

If you want to read more about this stuff;



Note: Yes, the cartoon was stolen from Gary Larson - so many thanks to him for the inspiration and laughs.
  

Thursday 12 April 2012

April Linkbait: Industry Reading for Fun and Profit


Back from Easter break and fresh with some new reading and links from our good from Carl...



Platform News
DaRT 8 Beta for troubleshooting and repairing system failures within an organisation.  Q&A
Miss the start button in Windows 8? Some 3rd-party apps to bring it back
ConverterTechnology OfficeConverter 2010 compared with Microsoft’s Office Migration Planning Manager
Bunnies, Eggs and Disney themes for Windows 7

Migration News
XP and Office 2003 support ends in two years
Migrating print queues from 32bit to 64bit OSs
Recorded Webcast with Microsoft and Quest: Fast, Automated Application Readiness for Windows 7, and Office 2010 IE 8 or 9 and Virtualization
Want some free software?

Packaging News
New mechanism for updating Adobe Flash Player
New mechanism for updates in Visual Studio 11
Registration-free COM the old-fashioned way: The car mp3 player
Visual Studio 11 no longer supports .vdproj installer projects
WiX 3.6 RC0 build is now available
The InstallAware vs Embarcadero (Delphi) spat continues
Advanced Installer 9.0 has been released containing an MSI EXE wrapper

Cloud News
Microsoft Online Backup Service, part of Windows8 Server

Virtualisation News
Support policy for Microsoft applications that are running in a Microsoft Server Application Virtualization (Server App-V) environment
Upgrade XenApp 6.0 to 6.5 (if you are very brave)
More info on the new Hyper-V features in Windows 8 Server Part 1 Part 2
New product included in MDOP, Microsoft User Experience Virtualization, try it here

Browser News

Mobile News
Stephen Fry discusses the current state of mobile phones
RIM, makers of Blackberry, whose success I never understood are in trouble

Enjoy!

Wednesday 11 April 2012

Microsoft Patch Tuesday Application Compatibility Report April 10

Application Compatibility Update with Quest ChangeBASE


Executive Summary


With this April Microsoft Patch Tuesday update, we see a set of 6 updates; 4 with the rating of Critical, and 2 with the rating of Important. As seen in March, Microsoft has released another relatively small update, and again, the potential compatibility impact for these updates is likely to be low.

The Patch Tuesday Security Update analysis performed by the ChangeBASE team identified a small number of potential compatibility issues across the thousands of applications included in testing for this release, and these relating only to Update MS12-024, where vulnerability in Windows could allow remote code execution. However, while the issues identified would require manual remediation, the total number of applications in the test sample which could be affected was less than 1%.

Given the nature of the changes and updates included in each of these patches, most systems will require a reboot to successfully implement any and all of the patches and updates released in this April Patch Tuesday release cycle.



Sample Results

Here is a sample of the results for one application and a summary of the Patch Tuesday results for one of our ChangeBASE Sample databases.
MS12-024: Vulnerability in Windows Could Allow Remote Code Execution
Here is a sample Summary report for a sample database where the Quest ChangeBASE Patch Impact team has run the latest Microsoft Updates against a test application portfolio:

Testing Summary



MS12-023

Cumulative Security Update for Internet Explorer (2675157)

MS12-024

Vulnerability in Windows Could Allow Remote Code Execution (2653956)

MS12-025

Vulnerability in .NET Framework Could Allow Remote Code

MS12-026

Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860)

MS12-027

Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)

MS12-028

Vulnerability in Microsoft Office Could Allow Remote Code Execution (2639185)


Quest ChangeBASE RAG Report Summary

 

Security Update Detailed Summary



MS12-023

Cumulative Security Update for Internet Explorer (2675157)

Description

This security update resolves five privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Payload

n/a

Impact

Critical - Remote Code Execution


MS12-024

Vulnerability in Windows Could Allow Remote Code Execution (2653956)

Description

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user or application runs or installs a specially crafted, signed portable executable (PE) file on an affected system.

Payload

Imagehlp.dll, Wintrust.dll

Impact

Critical - Remote Code Execution


MS12-025

Vulnerability in .NET Framework Could Allow Remote Code

Description

This security update resolves one privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. In a web browsing attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.

Payload

n/a

Impact

Critical - Remote Code Execution


MS12-026

Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860)

Description

This security update resolves two privately reported vulnerabilities in Microsoft Forefront Unified Access Gateway (UAG). The more severe of the vulnerabilities could allow information disclosure if an attacker sends a specially crafted query to the UAG server.

Payload

Adfs.internalsite.inc, Adfs.redirecttoorigurl.asp, Adfs.utils.inc, Agent_lin_helper.jar, Agent_mac_helper.jar, Agent_win_helper.jar, Certifiedendpointenrollment.utils.inc, Configmgrcore.dll, Internalsite.inc, Internalsite.utils.inc, Internalsitesharepoint.inc, Microsoftclient.jar, Monitor.applicationlist.asp, Monitor.applicationmonitor.asp, Monitor.applicationmonitorlinerefresh.asp, Monitor.applicationstatisticsresults.asp, Monitor.applicationuserstatistics.asp, Monitor.damonitorcurrentstatus.asp, Monitor.default.asp, Monitor.eventreport.asp, Monitor.eventviewer.asp, Monitor.eventviewerrefresh.asp, Monitor.exceltable.asp, Monitor.farmmonitor.asp, Monitor.global.asa, Monitor.inc.general.inc, Monitor.inc.selectsessiontrunks.inc, Monitor.inc.utils.inc, Monitor.naptseventreport.asp, Monitor.nlbmonitor.asp, Monitor.sessionlist.asp, Monitor.sessionmonitor.asp, Monitor.sessionmonitordatabuilder.asp, Monitor.sessionparameters.asp, Monitor.sessionstatisticsresults.asp, Monitor.statisticsgraphdata.asp, Monitor.userlist.asp, Monitor.usermonitor.asp, Monitor.usermonitordatabuilder.asp, Monitor.usersessionstatistics.asp, Monitor.userstatistics.asp, Monitor.userstatisticsresults.asp, Oesislocal.jar, Otp.internalsite.inc, Otp.utils.inc, Otp.whlclientinst.inc, Redirect.asp, Redirecttoorigurl.asp, Uninstalluagupdate.cmd, Whlfiltauthorization.dll, Whlfilter.dll

Impact

Important - Information Disclosure


MS12-027

Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)

Description

This security update resolves a privately disclosed vulnerability in Windows common controls. The vulnerability could allow remote code execution if a user visits a website containing specially crafted content designed to exploit the vulnerability. In all cases, however, an attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website. The malicious file could be sent as an email attachment as well, but the attacker would have to convince the user to open the attachment in order to exploit the vulnerability.

Payload

n/a

Impact

Critical - Remote Code Execution


MS12-028

Vulnerability in Microsoft Office Could Allow Remote Code Execution (2639185)

Description

This security update resolves a privately reported vulnerability in Microsoft Office and Microsoft Works. The vulnerability could allow remote code execution if a user opens a specially crafted Works file. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Payload

n/a

Impact

Important - Remote Code Execution

*All results are based on a ChangeBASE Application Compatibility Lab’s test portfolio of over 1,000 applications.

.