What’s new in VMware Horizon Mirage 4.4 (Tech Edit)

Today VMware released version 4.4 of Horizon Mirage. Even if the official version is just a minor change there are major new features in this release.

In this article I try, like I did for ThinApp 5.0, to summarise and give an overview of all the new features included in version 4.4 from a technical point of view.

Windows 8 / 8.1 support for disaster recovery scenarios

First of all the installation of the Mirage client is now supported on Windows 8 and 8.1. While the full feature set, especially layer management and migrations, isn’t yet support the disaster recovery scenario is fully supported in Mirage 4.4. The disaster recovery scenario contains file/full system recovery and restore as well as self-service recovery using the Mirage file portal and client context menu. One thing important to know is that restore operations for Windows 8 devices can only be performed within the same operating system version, for example, Windows 8.0 to Windows 8.0 or Windows 8.1 to Windows 8.1. But using Mirage 4.4 you will be able to downgrade a Windows 8/8.1 device to Windows 7. This feature is more then welcome when you get new hardware preinstalled with Windows 8(.1) and want to deploy your corporate standard Windows 7 image using Mirage.

To support Windows 8 and Windows 8.1 Mirage now supports version 6.3 of the User State Migration Toolkit (USMT). Mirage now actually supports three versions of USMT:

  • USMT 4 or 5  for Windows XP to Windows 7 migrations and user data restores
  • USMT 6.3 for Windows 8 and 8.1 for user data restores

Mirage44USMT

The import function also was enhanced to block the import of USMT 4.0 if it does not include the Office 2010 hotfix.

Mirage DMZ edge gateway

The ability to connect external / roaming users to Mirage without VPN was request from many clients. While Mirage always supported to work via VPN most users aren’t connect to VPN all the time. Therefore Mirage 4.4 introduces the Mirage gateway. The Mirage gateway is a hardend Windows service which normally will be deployed in a DMZ and is made available over the internet. This allows the Mirage client to securely connect (SSL is a requirement) to the internal Mirage infrastructure, tunnel through the Mirage gateway, if the machine is successfully authenticated. The authentication is done by the user itself when the Mirage client connects to the Edge gateway the first time. When the username and password is validated a is token created and stored for future authentications. It is possible to set a time-out for the token so a re-authentication, to make sure the device is still allowed to connect to Mirage, would be required. A Mirage edge gateway supports up to 1000 end points per server and multiple edge gateways can be deployed.

One thing to mention is that the Mirage gateway allows features like file restore, layer management and centralisation to work for distributed users. But operations which require the end point itself to communicate with the Active directory, for example full system restores of domain joined computer or Windows migrations, are not supported using the gateway because it only tunnels Mirage specific traffic and nothing more.

Support for updating Horizon View agents via Mirage (app) layers

Following the support of managing full clone persistent desktops in Mirage 4.3 the newest release of Mirage now supports updating Horizon View agents from version 5.3 to future releases. As you can see the integration of View and Mirage proceeds further and makes managing persistent desktops much easier. The ability to do Horizon View agents upgrade via Mirage application or base layers makes migrations to newer View releases much easier as all persistent desktops can update using as simple 2-step process.

  1. Create an updated app or base layer containing a future View agent release
  2. Deploy the layer to all clients and after a reboot the update is done

Additionally, no 3rd party tools are required to manage full clone persistent desktops.

Do Windows migrations without centralising the end point

In Mirage 4.3 the ability to do layer management only was introduced. This allowed you to deploy application and base layers to desktops without centralising them. This way you can do central image management for all your end points without using Mirage backup / disaster recovery functionalities. In Mirage 4.4 this function was enhanced to support Windows 7 migrations without the need to centralising the client first.

While you will lose the possibility to revert your desktop to your old Windows version in the case something goes wrong the storage requirements are much less. Therefore the most complex part (storage) of a Mirage infrastructure design is no longer needed. You just need a small amount of storage to hold your base and application layers, drivers and USMT.

Enhancements to the file portal and web management

The most prominent change to the Mirage file portal and the web management is the requirement of a SSL certificate. Access to both services is now only possible through a HTTPS connection. This decision was made to protect user (and admin) credentials and data accessed using both portals. So please make sure when you upgrade to version 4.4 to have a SSL certificate ready to use on your IIS hosting the file portal and web management.

The file portal was enhanced to allow users to allow multiple file portal at once.

Mirage44FilePortalMultiSelect

The web management  got some minor face lifting and also a new mass centralisation functionality which allows you to centralise many clients at once by simply selecting them or applying a rule.  The mass centralisation functionality can be access by clicking the “pending devices” tile on the dashboard.

Mirage44WebMgmtMassCentralization

Better client identification

Last but not least in Mirage 4.4 the client identification was enhanced. In prior version of Mirage the client was identified by using the clients UUID and BIOS identifier. Unfortunately sometimes, when these value were not available or could not be read, Mirage misbehaved. To solve this issue all clients are now identified not only by the UUID and BIOS identifier but also using a attribute, an auto-generated GUID.

Release notes, documentation and download

Using the buttons below you find direct access to the VMware Horizon Mirage 4.4 release notes, the documentation and the download (requires a MyVMware account). With Mirage 4.4 also a nice new VMware Horizon Mirage Getting Started Guide (PDF direct link) is released.

I hope you enjoy this release as much as I do and if you have any comments or questions just leave them below.

Release Notes | Documentation | Download

What’s new in VMware ThinApp 5.0 (Tech Edit)

Today VMware made ThinApp 5.0 generally available. While there is a lot of information out there on what’s new spread across multiple announcements, release notes and blogs I want to summarize the most critical information on what’s new in VMware ThinApp 5.0 from a technical point of view.

End-of-availability canceled

Even if this isn’t a technical point it is still pretty important to know. With the announcement of the VMware Horizon Suite it was also announced that after December 15th, 2013 ThinApp would not be available as standalone product anymore. Shortly after this announcement was made is was pretty clear that our customers where not amused and VMware clearly had underestimated on how many customer count on ThinApp – one of the leading application virtualization products – as a standalone product.

Therefore with the announcement of ThinApp 5.0 VMware also announced that the end-of-availability is canceled. This means VMware will continue to offer ThinApp as a standalone product and you will be able to get at least five more years of service and support for ThinApp.

Re-architecture

In version 5.0 much was changed on the internal plumbing of ThinApp. From a very technical point of view VMware is moving away from import address table hooking of Win32 API to inline hooking of the Windows Native API (NTDLL.dll). As you can see in the figure below this hooking takes place in a much earlier stage and therefore increases the overall application compatibility.

Image source: http://technet.microsoft.com/en-us/library/cc768129.aspx
Image source: http://technet.microsoft.com/en-us/library/cc768129.aspx

Also it greatly reduces the number of hooked API. Because instead of hooking all the high-level Win32 API functions ThinApp now hooks low-level functions of the Windows Native API, which are also used internally by all the Win32 API functions.

The following screenshots are showing the DLLs used by a virtualized instance of Notepad++. As you can see there are a lot more DLLs in play with ThinApp 4.7.3 as  there are with ThinApp 5.0.

HookedDLLsThinApp

All in all the number of of hooked APIs are reduced from about 600 to 200. Which results in a much smaller code base of ThinApp 5.0 and therefore decreases the number of potential bugs. Also, as already mentioned, it should boost the already very good application compatibility of ThinApp to a new level.

64-bit support

ThinApp always supported 64-bit operating systems and was always able to run virtualized 32-bit applications on top of Windows 64-bit versions. But with ThinApp 5.0 finally the virtualization of 64-bit applications is  possible. This was one of the most requested feature by our customers.

The ability to virtualize 64-bit applications opens up many new use cases, i.e. the virtualization of 64-bit version of Office and Internet Explorer but also the virtualization extensive CAD/CAM applications.

The following tables shows the supported capture and deployment scenarios of ThinApp 5.0.

As you can see ThinApp supports pretty much every available scenario with the exception of the following two:

  1. ThinApp 5.0 does support capturing 32-bit applications on top of 64-bit operating systems but only if you build and deploy it to 64-bit machines only. If you want to run a 32-bit package on top of 32 and 64-bit operating systems you need to create the package on top of a 32-bit operating system.
  2. ThinApp still supports the virtualization of 16-bit applications on top of 32-bit operating systems but does not and never will support 16-bit applications on top of Windows 64-bit. You can blame – or in my opinion thank – Microsoft for that. See 64-bit versions of Windows do not support 16-bit components, 16-bit processes, or 16-bit applications

VMware supports the following operating systems for running virtualized 64-bit applications:

  • Windows 7 64-bit
  • Windows Server 2008 R2
  • Windows 8 64-bit
  • Windows Server 2012
  • Windows 8.1 64bit
  • Windows Server 2012 R2

Not supported are:

  • Windows XP 64-bit
  • Windows Server 2003 64-bit
  • Windows Vista 64-bit
  • Windows Server 2008 64-bit

ThinApp 5.0 of course still support these platforms for running virtualized 32-bit applications on top of them. And of course all other 32-bit platforms (like Windows XP, Vista, 7 and so on) are still supported.

Office 2013 and Internet Explorer 10 support

With ThinApp 5.0 you can virtualize the latest Microsoft applications like Office 2013 and Internet Explorer 10. While Office 2010 was a pain to virtualize in prior version of ThinApp, ThinApp 5.0 includes many fixes to make packaging much more reliable. Also VMware provides official packaging guidelines for Office 2010 (See KB 1022287) and 2013 (See KB 2062691).

Unfortunately support for both products is limited at the moment. While virtualizing Internet Explorer 10 with ThinApp 5.0 is supported up to Windows 8 (but not 8.1), virtualizing Office 2013 is only supported up to Windows 7 (but not Windows 8 / 8.1).

This is likely to change within a future version of ThinApp.

Compatibility

One big advantage of ThinApp’s agent- and client-less architecture is that you are able to run multiple versions of the ThinApp runtime at the same time. Therefore integrating a new version of ThinApp is easy as pie. Still there are some things to consider when bringing ThinApp packages in version 5.0 in to an existing ThinApp environment.

AppLink: with ThinApp 5.0 we support linking ThinApp 5.0 packages with ThinApp 4.5 (and later) packages. There is only one gotcha: The parent package always has to be packaged with ThinApp 5.0. So if you for example have Mozilla Firefox virtualized and several AppLink packages like Flash and Java connected you first have to update the Mozilla Firefox package to ThinApp 5.0 in order to update any linked package (Flash or Java) to ThinApp version 5.0.

In-place update: With ThinApp it was always possible to update current ThinApp packages to a newer version of the runtime or the application it self by copying the new package side-by-side with the old package and adding integer at the end of the package.

For example: If the user is currently using Notepad++ 6.0 as a ThinApp package called Notepad++.exe and you want to deploy Notepad++ 6.5. Just copy the new ThinApp package as Notepad++.exe.1 side-by-side to the original Notepad++.exe ThinApp package and as soon as the user launches or relaunches (yes, you can do this while the user is using the application) he will get the new Notepad++ 6.5 package.

When doing an in-place update to a 5.0 package that contains the new .alt file this file should be named as *.n.alt where n is the integer you choose for the base .dat or .exe file. In this case it would be Notepad++.exe.1.alt.

AppSync: Of course you can also update your applications using the AppSync mechanism but only 32-bit packages. Also see the following article: When you perform Appsync from 4.7.2 to 4.7.3. AppSync displays the following error message “The operating system cannot run”.

MSI: Updating ThinApp packages from prior versions of ThinApp to version 5.0 is done the normal way. (See Upgrade a deployed ThinApp package with the help of MSI) There are no special considerations necessary.

Sandbox: It it worth mentioning that the sandbox (if the sandbox names are identical) will be reused during an upgrade. So if you updating your packages to ThinApp 5.0 all application settings are available after the update. Please keep in mind that updating to a newer version of an application or even a different application bitness (32-bit vs. 64-bit) may result in loss of the application settings as they are probably  saved in a different location in the registry. In this scenario it would be advisable to use a new sandbox and not to reuse the existing sandbox.

ThinDirect enhancements

ThinDirect in ThinApp 5.0 was update to support newer browsers like Internet Explorer 10 and also 64-bit versions of Internet Explorer.

Also the ThinDirect policies – that controls which URL should be opened in which virtual browser – are now available as ADMX template.

Updated SDK

The ThinApp SDK was also updated with version 5.0. It now includes a separate 64-bit DLL (ThinAppSDK64.dll) and therefore eliminates the need of the ThinAppSDKSrv.exe on 64-bit operating systems.

You can use the new SDK and all your scripts/programs without any change with existing ThinApp packages prior version 5.0. If you want to enable your scripts/programs to support ThinApp 5.0 packages you actually have to change them.

Have a look at the release notes to get more details on this particular point.

VMware Horizon View and Workspace integration

ThinApp is an integral part of VMware Horizon View, Workspace and Mirage. While you can start using ThinApp 5.0 in your Mirage deployments right away as there is no direct link between Mirage and ThinApp you have to be aware of some limitations when it comes to the View and Workspace integration.

The current releases of Horizon View will support ThinApp 5.0 32-bit packages out of the box. Support for 64-bit ThinApp 5.0 packages will be introduced in future version of Horizon View. Horizon Workspace 1.5 does not support ThinApp 5.0, neither 32-bit nor 64-bit.

In regards to Horizon View you of course have always the possibility to use ThinReg or the SDK to register ThinApp 5.0 64-bit packages using a logon script or deploy them via MSI. This is fully supported and this way you can enjoy 64-bit ThinApps from day one.

For more information see the official knowledge base article: Horizon View and Horizon Workspace support for ThinApp 5.0 applications

AppSense Environment Manager integration

While it was always possible to manage the personality of a ThinApp package using Environment Manager from AppSense by copying the sandbox at logon and logoff. With VMware ThinApp 5.0 the Environment Manager from AppSense can actually look into the sandbox and therefore do all the amazing cross-application personalization stuff. So you can for example configure your local Office 2010 on your laptop and when you connect to your virtual VMware View desktop you have the same settings in your Office 2010 ThinApp package.

More information on the integration can be found in the following blog post by AppSense: AppSense Environment Manager Integrates with VMware ThinApp 5.0

As you can ThinApp 5.0 contains many major improvements and new features. I hope you will enjoy working with ThinApp 5.0 as much as I do.

Release Notes | Documentation | Download

Does ThinApp run on Windows RT?

The short answer: No, ThinApp doesn’t work on Windows RT.

The long answer: It depends on the version of Windows the particular tablet is running.

Source: http://www.microsoft.com/en-us/news/ImageDetail.aspx?id=B763681267E9CED7F6D7E962E9306C02A1106B80
Source: http://www.microsoft.com/en-us/news/ImageDetail.aspx?id=B763681267E9CED7F6D7E962E9306C02A1106B80

The Microsoft Surface RT or Windows tablets like the Dell XPS 10, Lenovo Yoga 11 are sporting Microsoft’s new operating system called Windows RT. While Windows RT seems to be very similar to Windows 8 it isn’t. In fact Windows RT is specially developed to run on mobile platforms and therefore is using a completely different architecture called ARM. ThinApp doesn’t work on this platform.

On the other hand there are tablets running Windows 8 like Microsoft Surface Pro, Dell Latitude 10 or the HP ElitePad 900. These tablets are running a full blown version of Windows 8. This is possible as all these tablets are based on the Intel x86 platform. As this platform isn’t different from any installation of Windows 8 on a classical desktop PC and ThinApp officially supports Windows 8, ThinApp will just run fine on these tablets.

Why does ThinApp doesn’t work on Windows RT?

Both platforms are using different instructions sets and therefore application code may be interpreted different on each platform. While it would be possible to port x86 applications to the ARM platform by optimizing the code so that it behave the same on each platform this isn’t the cause why ThinApp does not work on Windows RT.

The problem with Windows RT is that Microsoft only supports a subset of the Win32 API on this platform and most of the Windows applications out there relying on this API, ThinApp does too. Also Microsoft doesn’t support porting x86 desktops apps to Windows RT.

Metro style apps in the Windows Store can support both WOA and Windows 8 on x86/64.
Developers wishing to target WOA do so by writing applications for the WinRT (Windows APIs for building Metro style apps) using the new Visual Studio 11 tools in a variety of languages, including C#/VB/XAML and Jscript/ HTML5. Native code targeting WinRT is also supported using C and C++, which can be targeted across architectures and distributed through the Windows Store. WOA does not support running, emulating, or porting existing x86/64 desktop apps. Code that uses only system or OS services from WinRT can be used within an app and distributed through the Windows Store for both WOA and x86/64. Consumers obtain all software, including device drivers, through the Windows Store and Microsoft Update or Windows Update.
Source: http://blogs.msdn.com/b/b8/archive/2012/02/09/building-windows-for-the-arm-processor-architecture.aspx

Thats the cause why ThinApp isn’t supported and will not work on Windows RT and probably never will. Even if ThinApp would work on Windows RT most of the applications you want to virtualize wouldn’t work, as these applications simply don’t work on Windows RT. They have the same problems ThinApp has, the lack of Win 32 API functionality and support on part of Microsoft.

Release: New VMware View clients (1.7) available

With the release of VMware View 5.1.2 we also released a wave of new View clients for all mayor plattforms:

VMware View Client for Windows 5.2.1
The Windows View client brings support for Windows 8 and URI (Uniform resource identifier).
Release Notes: http://bit.ly/ViewClientWindowsReleaseNotes

VMware View Client for Mac OS X 1.7
As first vendor VMware with VMware View now supports USB redirection from a Mac to a virtualized Windows desktop.
Release Notes: http://bit.ly/ViewClientMacReleaseNotes

VMware View Client for Linux 1.7
The new version of the View client for Linux now supports FreeRDP when using RDP rather then PCoIP. Also there a several improvements to the USB redirection feature.
Release Notes: http://bit.ly/ViewClientLinuxReleaseNotes

VMware View Client for Android 1.7
Also a new version of the Android client was released which includes support for Android 4.2, Nexus 7, Nexus 10 and the Kindle Fire HD 8.9. While the RSA authentication and the display resolutions (Resolutions of up to 2560 X 1600 are now supported.) where enhanced there is finally a full screen touchpad functionality available!
Release Notes: http://bit.ly/ViewClientAndroidReleaseNotes

VMware View Client for Windows Store 1.7 (Tech Preview)
While the VMware View client is not available via the Windows Store yet you can download and install a TechPreview of the VMware View Client Metro client. The Metro client runs on Windows 8 and Windows RT but currently only supports RDP connections.

VMwareViewMetroClient

Release Notes: http://bit.ly/ViewClientMetroReleaseNotes

Documentation | Download