10 Replies Latest reply on Sep 29, 2017 9:12 AM by phoffmann

    Are you using Virtual Applications?

    JMello Apprentice

      We have a lot of smaller applications that do not support silent installs and have very specific configurations. I believe visualizing these apps would help out with deployment. we have about 300 desktops and this has been a manual process that takes a lot of tech time. Searching around the community I am not finding much in terms of current methods of doing this. Seems Microsoft AppV is the most current method as posted by LANDave.  About Microsoft APPV and LANDESK Management Suite

      Is VMWare Thinapp no longer supported?

      What about the limited version of AdminStudio?

       

      Any advice on this subject would be greatly appreciated.

       

      Thanks

      /J

        • 1. Re: Are you using Virtual Applications?
          phoffmann SupportEmployee

          Technically, you can try to push most virtualised apps - a lot of it comes down to "how the virtualisation works" specifically to see whether / how much we can be involved with.

           

          We're no longer partnered with Thinstall (haven't been for a while), so don't explicitly support their stuff, but that said, you can still push / copy stuff around (if you create single-contained exe's).

           

          In general, "yes" - application virtualsiation is its own topic. It should be treated very much as its own specialist area (in the same way that software packaging is an artform -- there's a good reason why there's full time packagers out there, as I've run into many "ghastly" packages that were created by folks who (like me, I admi!) started with a mindset of "can't be THAT hard surely..." (and I've learned to know better since then) .

           

          So - yeah, it's very much its own discipline, and can vary *VERY* much by vendor (essentially - each type of virtualisation tool will have its own gotchas / pit-falls to look out for).

           

          That said, I'm generally a fan of virtualisation, as it can help contain haemorrhaging security issues like Flash and/or Java especially!

           

          I remember one guy who went (not one of mine - a fellow TAM's customer) from something like 6 separate Citrix servers (because of Java) down to 1 because of the shift to virtualisation alone (so HUGE cost-saving right there for one).

           

          On top of that, it's much easier to control what versions people are on (useful for those "fragile" in-house apps that can respond allergically to certain security updates - like .NET for instance).

           

          So ... treat it like HIPS. Treat it like deciding to being pregnant ... either DO IT - or DON'T do it. Don't do it "a little bit" / "part-time only" as that's more than likely only going to result in wasted time & effort / blood, sweat & tears with limited (if any) success.

           

          As for which tool to go for ... that's a "chose your poison / adventure" type thing. We are (/were?) partnered with "Spoon" (haven't used it myself), so there's definitely stuff out there betyon just Microsoft & VMWare's approaches to it. As for which one is best for you - that one I can't help with (limited experience, I just know that there's plenty of "little details" to get wrong/right as I sat behind a guy who ended up becoming quite specialised with Thinstall a bunch of years ago) .

           

          Hope that helps a bit?

          • 2. Re: Are you using Virtual Applications?
            JMello Apprentice

            Thank you for your detailed response. That at least gets me on the right track. I am basically the solo Ivanti administrator for the entire suite including Service Desk. We have hundreds of applications so this is going to be a huge undertaking.

            • 3. Re: Are you using Virtual Applications?
              phoffmann SupportEmployee

              Yeah, I begin to see the picture / situation you're in.

               

              So - pieces of advice for your boss (/to point your boss at) in quick-fire mode (15 years of being one of "the clean-up guy"-s of experience via support:/ TAM / TRM, etc). Hopefully it'll help you / your org not to make certain common mistakes that I see time and time again (even in larger organisations). Hope this helps .

               

              • Software (re-)packaging and/or application virtualisation are specialist areas. Tend to require their own dedicated head to succeed (that, or contract someone in to do it for you). The difference between "someone who knows their stuff" and a generalist "having a go at it" is HUGE in terms of sustainability & problems down the road.
                • Case in point example that still has me chuckling to this day was a "business critical app" that essentially everyone in the business was scared to even touch. It was (for no discernable reason) an exe, wrapped in an MSI, wrapped in an exe, wrapped in an MSI, called by a batch-file which used CMD-line parameters that didn't exist/work for MSI's ... the whole thing had 0 documentation, and was only addressed becayse I ended up performing an (unrelated) intervention & they had a professional (re-)packaging guy who actually was good & did things professionally (i.e. - with documentation ).
                • I've learned to really respect those folks & genuinely treat them as separate expertise areas to do so WELL.

               

              • Virtualisation (of OS'es / packages) *CAN* save you a lot of heartache / pain / money -- it depends on how much of a mess your business software stack is. But don't treat it as a magic bullet and don't do it "blindly". By that I mean situations like this:
                • A few years ago, I pointed out to someone that 2003 had been EOL for a while now, and was essentially a giant security risk (your network is only as safe as the weakest link, after all). Their intended "solution" (because of course, their business-critical application only would RUN on Win 2003 ...) was to virtualise the 2003 boxes and continue running them as VM-s. That only moves the problem, it's still a massive security hole .

               

              • On a more positive note / example - this sort of stuff REALLY benefits from front-loading your position with knowledge. Identify what the main headaches are for your organisation (let's say "Java" + ".NET" for arguments sake). Approach your virtualisation options with those main headaches first ... there may be odd situations where you "have to have a clean Windows XP machine, so you can run .NET 1.0 and actually install an ancient app" ... is that a risk that's worth doing?
                • And/or is it worth (my opinion defaults to "always - YES") actually investing the time in bringing back "ancient but business critical application X" out of the comparable dark ages & into the present (security paradigms, data retention, Auditing, etc.)?
                • And yes, I know it hurts (the purse-string holders financially), But I'll just point in the direction of the "minor" shambles Experian is currently going through - about the cost (reputational, financial, etc.) that not having security aspects alone shored up can be downright gargantuan. Depending on where/how you do business, this goes further as I believe recalling reading that the EU is considering laws to make companies responsible for data leaks essentially (so - "make sure your customer data is secure in its own right") type stuff . It's certainly writing on the wall, with more & more large-scale breeches of the last few years (many of whom have been entirely preventable by simple patching, for instance).

               

              Hope that helps getting you "what you need" (i.e. - dedicated people to help with that stuff). Happy to respond (caveat being time) if there's any questions needed here . Those are unlikely to cover ALL of the basis for consideration (those would include probably things like "what OS'es do you need to cover & how homogenous/heterogenous is your environment" and so on) as well ... it's an entire conversation in its own right.

               

              So - should be treated with the relevant respect that topic deserves.

               

              <Might also be worth lurking / asking questions on any potential candidates' forum-sites, to see about any positive / negative experiences. If "product A" is REALLY good at dealing with Java 1.1 (again - just an example) which is a huge issue for you, that is worth keeping in mind & weighing that properly. Though - I suspect that no single solution will "be the Nirvana of all things", finding the BEST fit is worth while doing >

              2 of 2 people found this helpful
              • 4. Re: Are you using Virtual Applications?
                JMello Apprentice

                 

                 

                • 5. Re: Are you using Virtual Applications?
                  phoffmann SupportEmployee

                  A TRM is generally NOT a software packaging specialst. We're "girls for everything" by nature (in that we need to be able to figure out where problem X is coming from, which goes ways beyond just IEM, and essentially covers most of the IT back-end stuff).

                   

                  "Yes - we CAN build a few basic packages" if need be, but when I'm talking about "a dedicated person" (which we're not), I do mean someone who does "software (re-)packaging full time professionally". A TRM generally has plenty of hands full keeping up with the "immediate" tech in the IEM suite itself, and the "immediate" surrounding tech (which cancers out to "nearly everything" anyway), such as IIS, networking, AD, SQL Server, etc. etc... .

                   

                  I can't point you in the direction of training - mainly as I've not attended some of that myself in that regard (so I've not got a "this company did well for me" advice).

                   

                  ITNinja is a starting point for (as you found) common applications (such as your basic Office deployment).- but the reason why I recommend a professional is so that they can help you with exactly those custom packages that are a headache to deal with. Also (hopefully) - being a professional, they should've picked up the experience & painful gotchas (that's a *HUGE* part of many expertise areas - the "pain" areas & knowing how to solve them) of software packaging.

                   

                  So if you want to pick up that skillset, do be prepared that you'd be quite likely need to go through a lot of the "painful learning curves" (as with most expertise areas).

                   

                  The TRM can give you general advice / guidance with certain things in how it relates to your company (i.e. "based on your infrastructure / layout, having a "single file" versus "multi file packages") and so on (so - stuff being put in a context of "your IEM adventure"). And while we do have people who are better at this or that particular branch of tech, due to the nature of our work (covering the best part of a good 80% of the IT back-end, in some cases including hardware stuff like network switches) ... I wouldn't want to suggest that this can make up for someone who has been doing 5-10 years of "nothing but" software (re-packaging).

                   

                  So the TRM can help things along / help you optimise the usage (and should cooperate with the software package) - but a full-time software re-package we don't have in our ranks (as far as I know at any rate) .

                   

                  Does that help?

                  1 of 1 people found this helpful
                  • 6. Re: Are you using Virtual Applications?
                    JMello Apprentice

                    Yes,

                     

                    Oh the life of the (All in One Ivanti guy) Another duty added to the list.

                    it-guy.jpg

                    • 7. Re: Are you using Virtual Applications?
                      phoffmann SupportEmployee

                      It's why I advise your boss to either hire or contract in a professional packager to build your packages for you (however long that'll take for the various packages you have).

                       

                      It's the sort of thing that you'll (well - the company) will end up paying through the nose to fix, if it isn't gotten right in the first place. One of those "false economy" type traps .

                       

                      <It's why I've put those anecdotal stories up top - as a warning for your budget-holders to understand not to be tight in this regard ... or it'll cost 'em a lot more in the longer run (or heck - even short to mid) >

                      1 of 1 people found this helpful
                      • 8. Re: Are you using Virtual Applications?
                        phoffmann SupportEmployee

                        ... on a side-note, I could share some (ghastly) details about a "Not Petya" clean-up I was involved with ca. 2 months ago about why "having a dedicated security team" and "actually paying attention to the security team" would be good ideas ... (ca. 80% of back-end infrastructure being "securly encrypted" all of a sudden was not fun).

                        • 9. Re: Are you using Virtual Applications?
                          JMello Apprentice

                          OMG!!! Heads would roll.

                          • 10. Re: Are you using Virtual Applications?
                            phoffmann SupportEmployee

                            Sadly, not often the case.

                             

                            Me: "So how come this wasn't patched some 4-5 months ago, when those things came out first?" (if memory serves, NotPetya made use of vulnerabilities that had been patched by M$ back in Feb 2017...)

                             

                            Them: "Well .... errr ..."

                             

                            Me: "All right ... guess we'll just focus on cleaning up then ..."

                             

                            this whole "taking responsibility thing" and "learning from mistakes" is something a lot of people / companies have developed an odd resistance to. I just try to spread the word & reduce some pain to fellow IT folks where I can.

                            1 of 1 people found this helpful