In this chapter, we will cover:
Obtaining the App-V installers
Configuring Active directory
Configuring a distributed filesystem
Configuring Internet Information Services
Configuring SQL Server
Deploying a standalone management and publishing server
Accessing the management console
Adding additional administrators
Deploying a second Publishing server
Microsoft Application Virtualization 5 (App-V 5) enables system administrators to deliver applications to end users in a consistent and efficient manner without the hassle of traditional deployment methods.
The individual components of App-V 5 can be used in a variety of combinations to meet your particular needs. A full App-V 5 server deployment would employ the following services:
The flexible nature of App-V also allows for applications to be deployed through Microsoft System Centre Configuration Manager (SCCM) as well as through Electronic Software Distribution, for example, with Group Policy assignments. In this cookbook, we will cover these alternative deployment methods in later chapters.
We will use the following IP addresses and hostnames in order to cover the full range of deployment options. Each server runs Windows Server 2012 R2 on the 255.255.248.0
subnet. These servers can be configured as virtual or physical machines. I suggest that you use vCPU, RAM, and storage allocations for the demo environment, which can also be found in the following table:
IP Address |
Hostname |
vCPU |
RAM |
Storage |
---|---|---|---|---|
172.16.0.1 |
(default gateway) |
N/A |
N/A |
N/A |
172.16.0.2 |
DC |
2 |
2GB |
40GB |
172.16.0.3 |
FS1 |
2 |
2GB |
80GB |
172.16.0.4 |
FS2 |
2 |
2GB |
80GB |
172.16.0.5 |
WEB1 |
2 |
2GB |
80GB |
172.16.0.6 |
WEB2 |
2 |
2GB |
80GB |
172.16.0.7 |
RDS |
4 |
4GB |
80GB |
172.16.0.8 |
APPV1 |
2 |
2GB |
40GB |
172.16.0.9 |
APPV2 |
2 |
2GB |
40GB |
172.16.0.10 |
SCCM |
4 |
8GB |
100GB |
The 172.16.0.12
and 172.16.0.13
IP Addresses should be reserved for use with Network Load
Balancing (NLB).
In addition, you will need to create a number of Windows 8.1 clients for the sequencing and testing of applications as well as to access the App-V management console.
Tip
Note that the specifications in the preceding table are only suitable for a demo environment. For your production environment, consult the App-V 5.0 Capacity Planning page at https://technet.microsoft.com/en-gb/library/dn595131.aspx.
This recipe provides the links to download the App-V 5 installers.
It is assumed that you have a valid Microsoft account and have purchased the Microsoft Desktop Optimization Pack (MDOP) as part of Volume License Agreement. Depending on your subscription level, you may also have access to the App-V installers as part of a Microsoft Developer Network (MSDN) subscription.
The following list shows you the fundamental steps involved in this recipe and the tasks required to complete the recipe:
Browse to the Microsoft Volume Licensing Service Centre website (https://www.microsoft.com/licensing/servicecenter).
Navigate to the Downloads and Keys option.
In the product filter, search for Microsoft Desktop Optimization Pack for Software Assurance 2014 R2.
Select Download and then click on Continue to begin the download. Ensure that you save the ISO file to a memorable location:
Microsoft App-V 5 Service Pack 3 supports Microsoft SQL Server 2008, 2008 R2, and 2012 for use with the management server database and the reporting server database. A full list of supported configurations can be found at http://technet.microsoft.com/en-gb/library/jj713426.aspx.
This recipe shows you the Active Directory configuration on a domain controller that will be used through this cookbook. In addition, it shows the configuration of a Group Policy Object (GPO) that will allow traffic through the firewall of Windows servers.
It is assumed that you have access rights to create objects in Active Directory, including Organizational Units (OUs), security groups, and user accounts.
The following list shows you the fundamental tasks involved in this recipe and the tasks required to complete the recipe (all of the actions in this recipe will take place on the server with the hostname DC
):
Creating required OUs
Creating required security groups
Creating required computer accounts and user accounts
Creating a new GPO and linking it to an OU
Configuring the GPO with a Windows firewall policy
The implementation of the preceding steps is as follows:
Create the following OUs and pre-provision the computer accounts as shown:
Under the Domain Groups OU, create the following Security Groups:
Under Domain Users, create the following user accounts. In addition to this, add Sam Adams to the App-V Administrators Security Group option:
Open the Group Policy Management Console (GPMC) console, expand the OU tree to show Domain Servers, and then right-click on the App-V Servers OU. From the menu that appears, click on Create a GPO in this domain, and Link it here.
In the dialogue box that appears, enter
Allow 440-442
as the name and click on OK.In the new window that appears, right-click on the policies title option, and from the menu that appears, click on Properties.
Tick the Disable User Configuration settings checkbox and click on OK:
Expand the tree structure to navigate to Computer Configuration | Policies | Windows Settings | Security Settings | Windows Firewall with Advanced Security | Windows Firewall with Advanced Security – LDAP.
In the window that appears, select the Port radio option and click on Next.
Leave TCP selected, enter
440-442
in the Specific local ports box, and click on Next.Leave Allow the connection selected and click on Next.
Remove the ticks from Private and Public to leave only Domain checked. Now, click on Next.
Finally, give the policy the name
Allow 440-442
, and click on Finish.
Microsoft App-V 5 packages can be stored on a Windows share or on a web server. Using a Distributed File System (DFS) namespace to host App-V packages allows you to scale out your infrastructure or move the packages between servers at a later date, if required, without the burden of updating the paths to the App-V database. Using Distributed File System Replication (DFS-R) allows you to host the packages (and keep those packages in sync) on multiple servers for redundancy.
In this recipe, we will create two DFS namespaces: FileStore
for general purpose use and App-V
for hosting the App-V packages.
This recipe assumes that you have provisioned and domain-joined two file servers with the names FS1
and FS2
, respectively. It is suggested that a unique namespace be used to host the packages.
The following list shows you the fundamental tasks involved in this recipe and the tasks required to complete the recipe:
Install the DFS and DFS-R roles on FS1 and FS2
Create the
FileStore
namespace on FS1Enable replication between FS1 and FS2
Join FS2 to the FileStore namespace
Create the App-V namespace and replication group on FS1 and FS2
The implementation of the preceding steps is as follows:
Start by installing the DFS and DFS-R features on FS1 and FS2. This can be performed from a PowerShell prompt by entering the following command:
Install-WindowsFeature -Name FS-DFS-Namespace, FS-DFS-Replication -IncludeManagementTools –Restart
Once the installation is complete (and the server is restarted if required), navigate to the start screen from the applications list, and under Administrative Tools, click on DFS Management to launch the DFS management console.
In the new window that appears, click on New Namespace… to create a new DFS namespace.
In the New Namespace Wizard window, enter FS1 as the server that will host the namespace, and click on Next.
Enter FileStore as the name of the namespace, click on Edit Settings. In the window that appears, set
C:\DFSRoots\FileStore
as the local path to the shared folder and set the shared folder permissions to custom with the Everyone security group having read only access and the App-V Administrators having full access. Click on Next.Leave the domain-based namespace selected with the Enable Windows Server 2008 mode tick box checked. Now click on Next:
Review the settings and then click on Create to set up the namespace.
When the final page confirms that the setup is completed successfully, click on Close.
With the DFS namespace created, we will now create a replication group between FS1 and FS2. This will automatically replicate changes between the two file servers.
In the DFS management console, click on New Replication Group….
In the window that appears, leave the Multipurpose replication group selected option selected and click on Next.
Set the name of the replication group as FileStore and click on Next.
On the Replication Group Members screen, add both FS1 and FS2, and click on Next.
Leave Full mesh selected on the topology screen and click on Next.
On the Schedule and Bandwidth screen, leave the default settings as they are and click on Next.
Set FS1 in the Primary member option of the replication group and click on Next:
Add
C:\DFSRoots\FileStore
as the path for the replicated folder on FS1 (the one created in step 5 in this recipe) and click on Next.At the Local Path option of FileStore on the Other Members screen, set the path of FS2 as C:\DFSRoots\FileStore, click on Next.
Review the settings that will be used to create the replication group and click on Create.
You will then receive confirmation that the replication group has been created successfully. Click on Close to finish the wizard.
Before joining FS2 to the DFS namespace, you must increase the size of the Staging Quota option on the replication group. This allows for large files (for example, whole App-V packages or ISOs) to replicate between the servers successfully.
In the DFS management console, expand Replication and select FileStore. In the memberships tab, right-click on FS1 and select Properties from the drop-down menu.
In the Properties window, browse to the Staging tab and set the Quota option to the size of the largest file that you will be storing on your file server (for example, 8192 MB). Do the same for FS2 as well.
Tip
By way of example, Office 2013 with Visio and a single language pack is approximately 1.2 GB in size, while the Adobe CS6 suite is up to 4 GB. Ensure that you continue to review the size of your staging quota as your use of App-V increases to ensure that the single largest file will always be able to replicate.
We will now add FS2 to the namespace. Doing this provides redundancy in the namespace, allowing for FS1 to fail without impacting your clients.
In the DFS management console, expand namespaces and select the FileStore namespace that you created earlier. Select the Namespace Servers tab and note that only FS1 is listed. On the right-hand side of the window, click on Add Namespace Server….
In the window that appears, set FS2 as the Namespace server option and click on Edit Settings:
Set
C:\DFSRoots\FileStore
as the path and use custom permissions with the Everyone security group set asread only
, and the App-V Administrators security group set to full control.Click on OK to close the Edit Settings window, and then click on OK again to add FS2 to the namespace.
Finally, set the NTFS permissions on the FileStore to allow everyone to read the contents of the folder and for App-V Administrators to have full control over the folder.
To complete this recipe, repeat steps 3 to 26 using App-V as the name of the namespace with the file path set as
C:\DFSRoots\App-V
and replication enabled for that folder between FS1 and FS2.
As an alternative to using a simple DFS share, you can also host App-V packages on an Internet Information Services (IIS) web server. Doing this gives you the added benefit of caching the App-V packages in RAM, which allows for multiple loads of the same package on multiple clients to be faster than just hosting the package on a network share.
Using NLB and hosting the packages on a DFS share allows the web servers to have a fault-tolerant configuration.
This recipe assumes that you have provisioned and domain-joined two web servers with the names WEB1 and WEB2, respectively. You will need administrative permissions on both WEB1 and WEB2 as well as the ability to create a DNS entry.
The following list shows you the fundamental steps involved in this recipe and the tasks required to complete this recipe:
Provision a DNS entry for the load balancer
Install the required Windows server roles on WEB1 and WEB2
Create the App-VIIS namespace and replication group on WEB1 and WEB2
Configure Network Load Balancing
Configure IIS
Configure caching
The implementation of the preceding steps is as follows:
On DC, launch the DNS management console, expand Forward Lookup Zones, and right-click on your domain. From the drop-down menu, select New Host (A or AAAA)….
Set the name to
appv
and the IP address option to172.16.0.12
. Click on Add Host to create the record:On WEB1 and WEB2, launch PowerShell and run the following command to install the DFS and DFS-R roles along with NLB and IIS:
Install-WindowsFeature -Name FS-DFS-Namespace, FS-DFS-Replication, Web-Default-Doc, Web-Dir-Browsing, Web-Http-Errors, Web-Static-Content, Web-App-Dev, Web-Http-Logging, Web-Request-Monitor, Web-Performance, NLB -IncludeManagementTools –Restart
After allowing the server to restart if required, launch the DFS management console on WEB1, and using steps 3 to 26 of the previous recipe, provision a DFS namespace and replication group with the name App-VIIS and the folder path set to
C:\DFSRoots\App-VIIS
on WEB1 and WEB2. This namespace and replication group will be used to host the App-V packages on the web servers; however, IIS will be used to present the files to the clients.We will now configure NLB between WEB1 and WEB2; doing this provides redundancy between the two servers and ensures that under normal conditions, neither server is overloaded with requests.
From the Start screen, launch the Network Load Balancing Manager software:
In the window that appears, select Cluster and then click on New.
In the New Cluster option, connect window enter
WEB1
as the host and click on Connect. From the list of interfaces, select the interface with the IP address172.16.0.5
and click on Next.From the Host Parameters screen, leave the default settings in place and click on Next.
On the Cluster IP Address screen, add a new IP address and set the IPv4 address option to
172.16.0.12
with255.255.248.0
as the Subnet mask option:At the Cluster Parameters option, leave
172.16.0.12
as the IP address and set the Full Internet name toappv.demo.org
(as set in step 1 of this recipe). Also, set the Cluster operation mode to Multicast and click on Next.Accept the default configuration for Port Rules and click on Finish to create the cluster.
To add WEB2 to the cluster, expand Network Load Balancing Clusters, right-click on appv.demo.org (172.16.0.12), and click on Add Host To Cluster:
In the window that appears, set WEB2 as the host and click on Connect. In the interface with the IP address 172.16.0.6 selected, click on Next.
At the host parameters, accept the defaults (note that the unique host identifier of this server is set to 2) and click on Next.
Accept the defaults for the Port Rules option and click on Finish.
After a short wait, the two hosts will enter the Converged state. This completes the setup of the NLB cluster.
We will now configure the IIS web server on WEB1
.
From the Start screen, launch the Internet Information Services management console:
Expand the WEB1 option, go to the Sites option and then right-click on the Default Web Site option and click on Remove.
Click on Application Pools, right-click on DefaultAppPool, and click on Remove.
Right-click on Sites and click on Add Website…
In the Add Website... window, set the Physical path option to the DFS root that you created earlier (
C:\DFSRoots\App-VIIS
) and the Host name to appv.demo.org. Leave Start Website immediately checked and click on OK.To allow the server to handle the
.appv
file type, select WEB1 from the connection tree and then double-click on MIME Types in the Features View option:In the MIME Types window, click on Add…. In the window that appears, set the File name extension as
.appv
and the MIME Types option asapplication/appv
.With IIS configured, we will now set the file cache on the server to allow for large files (up to 4096 MB) to be stored in RAM when served through the web server.
On WEB1, open Notepad from the Start screen and enter the following:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters] "ObjectCacheTTL"=dword:000004b0 "MaxCachedFileSizeInMB"=dword:00001000
Save the Notepad file to the desktop with the name
updatecache.reg
, and then double-click on it to run the file; this will in turn add the entries to the registry under theHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters
parameter.Finally, open the
C:\Windows\system32\inetsrv\config\applicationHost.config
file in Notepad, search for<serverRuntime />
, and replace it with the following:<serverRuntime frequentHitTimePeriod="00:00:01" frequentHitThreshold="1" />
The
frequentHitThreshold
parameter determines how many hits the file receives before it is cached (in this case, only one hit is required), and thefrequentHitTimePeriod
value determines how many hits the file receives in a time period before it is cached (in this case, in a single second).
Microsoft SQL Server is required to host the App-V Management and Reporting databases. With the exception of very large deployments of App-V, SQL server can be collocated on the App-V Management Server (and on the Publishing server as well).
This recipe assumes that you have provisioned and domain-joined a server with the name APPV1, and that you have a valid licence to install Microsoft SQL Server 2008, 2008 R2, or 2012 at the Standard, Enterprise, Datacenter, or Developer Edition levels. Note that the Express edition is not supported.
Here are the fundamental steps involved in this recipe:
Install and configure a default setup of SQL Server.
Launch the SQL Setup application, select Installation and New SQL Server stand-alone installation or add features to an existing installation.
Allow the Setup Support Rules check to complete and click on OK.
Enter your product key and click on Next.
Review the terms of the licensing agreement, tick the I accept the license terms box, and click on Next.
Allow the Setup Support Rules check to finish. At this stage, you might have a warning on Windows Firewall stating that certain ports are not open. This can be safely ignored as we are hosting the App-V Management server and SQL server on the same machine. Click on Next.
On the Setup Role screen, select SQL Server Feature Installation and click on Next.
On the Feature Selection screen, tick the Database Engine Services option and click on Next.
Allow the Installation Rules check to complete and click on Next.
Leave the Default instance option selected with Instance ID set to MSSQLSERVER. Click on Next.
Review the Disk Space Requirements check and click on Next.
Accept the defaults for the Service Accounts option and click on Next.
On the Database Engine Configuration set, select Windows authentication mode and click on Add Current User to make the account that you are logged in with an administrator on SQL Server. You must use the same account to install the App-V Management Server in the next recipe.
On the Error Reporting page, accept the defaults and click on Next.
Review the Installation Configuration Rules check and click on Next.
Review the final SQL Server configuration and click on Install to begin the setup.
After the installation is complete (depending on your hardware this could take a few minutes), click on Close to finish the setup process.
In a typical App-V 5 deployment, you will deploy a Management server that stores information about packages, applications, file types, and shortcuts in SQL server (as set up in the previous recipe). In turn, Publishing servers regularly poll the management server for a compiled list of these applications and settings to present authenticated requests to the clients. In this recipe, you will deploy a standalone Management and Publishing server.
This recipe assumes that you have completed the steps in the previous recipe and have set up SQL server to host the Management database on.
The following list shows you the fundamental steps involved in this recipe and the tasks required to complete the recipe:
Install the App-V 5 Server prerequisites
Install the Management and Publishing server roles of App-V 5
Install the latest App-V 5 hotfix
Tip
App-V 5 on Windows Server 2012 R2 has few prerequisites compared to other editions of Windows Server. If running a previous version of Windows Server, consult the following link before proceeding further: http://technet.microsoft.com/en-us/library/jj713458.aspx.
The implementation of the preceding steps is as follows:
On the server APPV1, download and install the Microsoft Visual C++ 2013 Redistributable Package for both the x64 and x86 architectures from the following link: https://www.microsoft.com/en-us/download/details.aspx?id=40784.
Next, install the required Window Server features by executing the following command in a PowerShell session:
Install-WindowsFeature -Name Web-Static-Content, Web-Default-Doc, Web-Asp-Net45, Web-Net-Ext45, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Windows-Auth, Web-Filtering -IncludeManagementTools -Restart
With the prerequisites installed, mount the MDOP 2014 R2 ISO file and navigate to
D: \App-V\App-V 5.0 SP3\Server
, whereD
is the drive letter of the mounted ISO file.Launch the
appv_server_setup.exe
application to begin the installation process.On the installation splash page, click on Install.
Review the Software Licence Terms and select the I accept the license terms radio button and click on Next.
Select the Use Microsoft Update when I check for updates radio box and click on Next.
Select the Management Server, Management Server DB and Publishing Server features and click on Next.
On the Create New Management Server Database page, leave the Use the default instance and Use the default configuration radio boxes selected and click on Next.
Review the Create New Management Server Database page and click on Next.
Set the demo\App-V Administrators security group as the group that is authorized to manage App-V and set Port binding to
440
(to match the firewall rule configured in the second recipe). Click on Next.In the Publishing Server configuration option, set Port binding to
441
and leave all other settings as the defaults.Review the list of the features to be installed and click on Install to begin the installation process.
The installation should take minutes, if not seconds, and at the end, you will be presented with the URL that can be used to access the App-V management web console from the local machine. Click on Close to finish the installation.
The App-V Management Console is hosted on the App-V Management server. The console is based on Microsoft Silverlight, and as such, can be accessed only on Windows PCs from Internet Explorer with the Silverlight 5 plugin installed.
This recipe assumes that you have completed the steps in the previous recipe and have set up an App-V Management server with the Publishing role included. All of the actions in this task will be conducted on a domain-joined Windows 8.1 client.
The following list shows you the fundamental steps involved in this recipe and the tasks required to complete the recipe:
Install the latest version of Microsoft Silverlight
Browse to the web-based management console and log in
The implementation of the preceding steps is as follows:
On your Windows 8.1 client, open Internet Explorer and browse to http://www.microsoft.com/getsilverlight. Then, click on the Install Silverlight button.
Allow the download to complete and then launch the Install Silverlight application and click on Install now to begin the installation. Close any open Internet Explorer windows.
Open Internet Explorer and browse to http://appv1.demo.org:440/Console.html.
A dialogue box will prompt you to log in with your credentials. Log in with the Sam Adams account created earlier, which is part of the App-V Administrators security group.
Once logged in, you will be presented with the Packages screen of the console. Note that the name of the account is listed in the top-right hand corner and that you can check the version number of the console by clicking on the About option.
App-V leverages Active Directory Security Groups and user accounts to define administrators. When installing the App-V Management server, you can only choose a single Security Group or account; you can then configure extra accounts to manage your App-V deployment through the web-based management console.
This recipe assumes that you have completed the steps in the previous recipe and have successfully logged in to the App-V management server.
The following list shows you the fundamental steps involved in this recipe and the tasks required to complete the recipe:
Add an Active Directory Security Group as an App-V administrator
Add an Active Directory user account as an App-V administrator
Remove administrator permissions from a Security Group or User account
The implementation of the preceding steps is as follows:
Log in to the App-V management console and select Admin. When the page refreshes, you will see the current administrators that are assigned to the App-V server. Click on Add Administrator in the top-right hand corner of the page.
In the Active Directory Name box, enter the name of the security group in the format
<domain>\<security group name>
. In this case, enterdemo\Domain Admins
and then click on Check.Select the demo\Domain Admins security group from the drop-down menu that appears and click on Add to confirm the selection:
Alternatively, you can type the name of a user account again in the format
<domain>\<account name>
. In the following demonstration, you can see that the account user Maddy has been added and that its status as a user account instead of a security group is listed under the Type heading.To remove a security group or user account from the administrators list, right-click on it and select the remove as administrator option.
A confirmation dialogue will appear at the top of the page. Click on Confirm to complete the removal.
The App-V Publishing server regularly polls and caches the list of App-V packages and applications to present to the clients. Deploying a second Publishing Server and utilizing NLB between the servers provides a basic level of redundancy to your clients, as well as offering a way to scale out your deployment in the event that your initial publishing server becomes overwhelmed. The App-V capacity planning guide at the following link can prove helpful in determining whether you will need an additional publishing server: https://technet.microsoft.com/en-gb/library/dn595131.aspx.
This recipe assumes you have provisioned APPV1 as prescribed in the previous recipes and that you have provisioned APPV2 for use throughout this recipe.
The following list shows you the fundamental steps involved in this recipe and the tasks required to complete the recipe:
Create a DNS entry for use with the NLB cluster
Install and configure NLB between APPV1 and APPV2
Install the Publishing server role on APPV2
Register the server in the App-V management console on APPV1
Configure the Publishing Server website to accept requests from the NLB domain name
The implementation of the preceding steps is as follows:
On DC, launch the DNS management console, expand Forward Lookup Zones, and right-click on your domain. From the drop-down menu, select New Host (A or AAAA)….
Set the name as app-vpublishing and the IP address to 172.16.0.13. Click on Add Host to create the record:
On APPV1 and APPV2, run the following command in a PowerShell session to install the NLB feature:
Install-WindowsFeature -Name NLB -IncludeManagementTools -Restart
Complete steps 5 to 16 of the Internet information services configuration recipe, setting up an NLB cluster between APPV1 and APPV2 with a cluster IP address of
172.16.0.13
, the Full Internet name of app-vpublishing.demo.org with Multicast as the Cluster operation mode.With the cluster configured being the installation process for App-V on the server APPV2 (as per the instructions given in the Deploying a standalone management and publishing server recipe), simply select the Publishing Server role from the Select App-V Server Features to be Installed page:
On the Publishing Server Configuration page, set http://appv1.demo.org:440 as the management service to be used by this publishing server. In addition, set 441 as the Port binding for the Publishing Server Web Site Configuration:
Complete the installation.
On your Windows 8.1 client machine, log in to the App-V web-based management console, and from the navigation bar on the right, select Servers.
Click on Register New Server. In the Server Name box that appears, enter the name of your second publishing server in the format
<domain>\<hostname of the server>
; In this example, demo\APPV2.Click on the Check button and from the drop-down list that appears, select the server demo\APPV2 and click on Add to include the server in the list of publishing servers.
Tip
By default, the publishing server will poll the management server every 10 minutes for updates to the packages. You can force an update by restarting the AppVPublishing Application Pool service in the IIS management console. It is also possible to change the interval by modifying the registry on a publishing server. Visit http://support.microsoft.com/kb/2780177 for more details.
To complete the configuration, open the IIS management console on APPV1, expand Sites, and select the Microsoft App-V Publishing Service website. On the Actions pane, select Bindings….
Select the existing binding and click on Edit….
Enter app-vpublishing.demo.org as your Host name and click on OK. Close the Site Bindings window.