The new release of Microsoft Application Virtualization 4.5 introduces a set of deployment models that are available for delivering virtualized applications to clients. This post discusses the HWS model, which is closest to the "traditional" SoftGrid server that we know from the older 4.0/4.1 (SP1) releases of the SoftGrid server. The components for this set-up are as follows:
- MCVAS server (Microsoft System Center Virtual Application Server) which performs the desktop configuration of the clients and performs the streaming.
- SQL server and Active Directory backends for the MCVAS.
- Fileserver for the content location
- Management Web Service which communicates with the SQL backend.
- Management Console for performing the MCVAS configuration; the management console connects to the management webservice.
The MCVAS setup comes in the form of an MSI installer, as was the case with the previous 4.x server installs.
- After starting the installer, I was informed that I need to install MMC 3.0 before the MCVAS installation could complete. This is quite surprising since I already had installed MMC 3.0 on that particular machine (Windows 2003 Standard Edition SP1). Luckily, this was not a showstopper for the installation which continued after this error message.
- An existing 4.1 SP1 server installation is properly detected and an upgrade path was proposed. This upgrade succeeded flawlessy.
- Prerequisites for installing the MCVAS server are the same as for a 4.1 SP1 installation:
- Microsoft Management Console 3.0
- Microsoft .NET Framework 2.0
- Internet Information Services Web Service (presumably IIS 5.0 is sufficient?)
- Microsoft Management Console 3.0
- It is no longer possible to install the "SoftGrid Client Management Console" from the server installer.
- The default installation path has changed from "C:\Program Files\Softricity\SoftGrid server" to "C:\Program Files\Microsoft SoftGrid\Microsoft System Center Virtual Application Server".
- It is no longer possible to install MSDE --- aka "the SQL overlords will punish you if you still use that one" --- during the MCVAS installation. The availability of a database is now simply a prerequisite for the installation. I used SQL Server 2005 Express Edition SP2 without problems during my tests.
- The default database name is now "SOFTGRID", which is irony at its best. The very release that they finally change the default database name from "SOFTRICITY" to "SOFTGRID", the product gets renamed.
- It is no longer necessary to provide the a SQL built-in account with sufficient privileges during the installation; integrated authentication is used instead (no longer necessary to configure your SQL server to mixed authentication). The user that is installing the MCVAS needs sufficient privileges on this server to create a new database or to modify an already existing database.
- Several new features that are asked during the installation include:
- The "SoftGrid Secure Communication Mode", which allows to assign a server certificate to the server to immediately allow secure communications (more on this later in this post). The server certificate must be installed before the setup is started.
- The port to use for the MCVAS server's communications (RTSP, default: 554)
- The port to use for the MCVAS server's secure communications (RTSPS, default port: 322). That is no typo, the default port number for RTSPS has indeed changed from 332 to 322.
- A small "bug", or rather, discomfort, that I ran into is when trying to install the MCVAS on a server that is not joined to a domain. When prompted for the SoftGrid Administrators and SoftGrid Users group, this leads to an error in the installer log file "ADSOpenObject Error 0x80005000, no value for domain name". The default option of "Domain Admins" (for the SoftGrid Administrators) is listed instead, and only when trying to continue, an error message stating that the domain could not be found is listed. We will see later in this report that indeed it is no longer possible to install the MCVAS on a server that is not joined in the domain.
2. Management Console
A first thing I noticed (also throughout the installation) is that the term "SoftGrid" is still used in many locations; for example, the management console is still named "SoftGrid Management Console", the opening picture that has "Softricity" in it is still used, and the reports still contain the same old logo's.
Sure, no drama here, but it makes you wonder why 17 months after the purchase of Softricity by Microsoft, no-one took the time to replace the GIF images in "C:\Program Files\Softricity\SoftGrid Management Console\images" ?
At first sight, not many things seem to have changed in the MCVAS management console:
- The good old options "Applications", "Filetype Associations", "Packages", "Application Licenses" and "SoftGrid Administrators" seem to be the same as in the previous versions with no visual differences.
- The "Provider Policies" option has been simplified; in the provider pipeline, the "Basic Authentication" and "Anonymous Authentication" have been dropped, now you can only authenticate using "Windows Authentication".
This might have a consequence for those of you that use separate provider pipelines for anonymous authentication or PC's that are not joined in a domain.
- An interesting development in the "Server Group" option is the easier management of certificates in the "Ports" tab of a SoftGrid server.
By clicking the "Server Certificate" button, it is possible to select a certificate that is stored in the Computer account's personal certificate store as the base certificate for RTSPS communications. This greatly simplifies the configuration of encrypted streaming (see a previous blog post of mine for the lengthy procedure in pre-4.5 servers).
- In the advanced configuration of a SoftGrid server, the "Max. Block Size" option is still present, even though AFAIK, the entire 4.x range of servers simply ignores this option and automatically determines the maximum block size.
- The greatest surprise is without doubt the absence of the "Account Authority" option which allowed to configure a SoftGrid AD browser account in previous versions of the SoftGrid server. In practice, this means that the reference domain for assigning rights to applications is now the domain that the MCVAS server is placed in. This is also a simplication that was to be expected after generic LDAP support was dropped.
Of course the major changes implemented in version 4.5 are not in the graphical interface, but functionalities that are only visible when looking a bit deeper. Here are some nice changes that I discovered when poking around in version 4.5's internals:
- Remember that pesky server.conf file that contained a database user and password in plaintext? That is finally fixed: now the machine account of the MCVAS server is used to read the configuration from the database (the machine account receives SFTeveryone and SFTread roles in the database). In order to make changes to the database, the default security on the database is such that you need to be in the SoftGrid Administrators group (SFTadmin SQL role). This also means that no longer the "sa" account is needed during the installation, and that mixed authentication can be disabled on your SQL database server.
- The registry keys for the SFT content and logging have moved from "HKLM\Software\Softricity\SoftGrid Server" to "HKLM\Software\Microsoft\SoftGrid\4.5\Server". The only new value created there is a "Version" REG_SZ value which contains the complete build number of the 4.5 SoftGrid server, in casu "220.127.116.116".
- Corrected: The older SoftGrid 4.1 / 4.2 clients seem to (partially?) work with the new 4.5 beta server. I was able to stream a pre-4.5-sequenced application but let it be clear that there is no guarantee whatsoever that a new 4.5-sequenced package will work on an older client. (This should not come as a surprise of course, how would an older client know how to interpret features that were introduced in a newer version of the sequencer/server?)
In fact, as Gene Ferioli pointed out in a comment, Microsoft does not support the connection of older clients to the 4.5 server; the recommended upgrade path is to first upgrade all the clients to 4.5 (since this client knows how to talk to the earlier 4.1/4.2 servers) and only then to upgrade the server to version 4.5.
The functional improvements that are visible in this beta version of the HWS MCVAS surely have their benefit:
- the integration with the domain is more tight (no need for browser accounts, direct Windows authentication, no database accounts).
- the configuration of RTSPS is much easier and now directly compatible with a Microsoft Certification Authority.
- it is still not possible to have a delegated SoftGrid administrator permissions (as is possible, for example, in SMS and SCCM where you can have separate server and package administrators).
- For centralized client management, it still seems necessary to revert to third-party or self-made administrative templates for GPO's.