Use the Microsoft Desktop Optimization Pack to maximize your desktop-management experience
Windows 7 Enterprise provides a fantastic client experience. But to fully optimize the desktop from an IT operations perspective -- to deliver the best application delivery, inventory, compatibility, and execution experience plus great troubleshooting and management -- Microsoft offers the Microsoft Desktop Optimization Pack.
MDOP is available as an annual subscription, priced per PC and available to organizations with Software Assurance or Windows Intune, the new Microsoft Software as a Service (SaaS) cloud-based PC-management solution. Basically, if your organization has access to Windows 7 Enterprise, then you can subscribe to MDOP, generally at around $10 per desktop per year. (For most organizations, such an agreement is little more than a rounding error.)
Many people might remember that in 2006, Microsoft purchased a number of companies, including Softricity and Winternals. Microsoft combined those companies' products with its Desktop Error Monitoring (DEM) solution to create the first version of MDOP. Additional acquisitions of AssetMetrix, DesktopStandard, and Kidaro plus plenty of in-house work resulted in MDOP 2011 R2. This current version, which we'll explore in this article, includes a host of desktop-optimization tools:
- Application Virtualization (App-V)
- Microsoft Enterprise Desktop Virtualization (MED-V)
- Asset Inventory Services (AIS)
- Advanced Group Policy Management (AGPM)
- Microsoft BitLocker Administration and Monitoring (MBAM)
- Diagnostics and Recovery Toolset (DaRT)
Many organizations that have heard of MDOP think first of App-V. This application-virtualization solution is commonly thought of as the flagship component of MDOP and is certainly the most used.
App-V lets you execute applications on an OS instance without those applications actually being installed. This execution without installation is achieved by a creating a virtualized version of the application, through a process that is known as sequencing.
Sequencing involves creating a clean OS environment that runs the App-V Sequencing component. This component takes all the changes to the file system, registry, COM, user mode services, fonts, and so on that are made during an actual installation and places that data into virtual layers, such as a virtual file system and virtual registry, inside a binary stream. This binary stream, which holds the layers that contain the installed version of the application, can then be streamed to App-V clients, into an instance of the App-V virtual environment.
The application then runs in that virtual environment. The application's interaction with the local OS goes through the virtual layers. The application is unchanged; it thinks that it's reading from the OS storage for its program files, which in reality are in the virtual layer, as Figure 1 shows. The same process applies to components such as the registry, user services, and fonts.
This approach of running applications without needing to install them brings a number of benefits:
- Application-to-application incompatibilities resulting from any kind of clash (such as DLLs or configuration) are solved. Every virtual application runs in its own virtual environment, which can't see the virtual environments of other applications.
- The time required to get new applications or application updates is significantly reduced. Testing no longer needs to include the many combination-scenario tests to determine whether app A works if apps B and C are installed because the applications don't see one another.
- The operating system stays cleaner and does not experience bloat over time.
- Applications can be delivered to users almost instantly, on demand. No installation is required, only the content of the stream needs to be transferred to the client, and only the part of the stream that is used to initially launch the application -- maybe 20 percent of the total stream size -- is necessary; the rest is streamed in the background.
Most applications can be virtualized through App-V. If you need virtualized applications to communicate with each other outside standard OLE methods, App-V now features a capability called Dynamic Suite Composition -- a fancy name for the ability to create links between virtual applications so that they can share a virtual environment. The only restriction on App-V is that it can't virtualize drivers, system services, or components of the OS, including Internet Explorer (IE). But we have a different solution for IE.
MED-V is the solution for applications that won't run on Windows 7 but that work fine on Windows XP. In App-V, the application still fundamentally runs on the local OS; if the application won't run on Windows 7, then virtualizing the application through App-V does nothing to help. MED-V works by running a Windows XP virtual machine (VM) under the covers, using Windows Virtual PC, into which you install those applications that you can't make run on Windows 7 or for which no Windows 7 compatible version or viable alternative is available.
The user experience is seamless. As with App-V, there is no real indication when running an application that is being served through MED-V that the application isn't a local application. The application shortcuts are part of the Windows 7 Start menu, the launched application is displayed seamlessly on the Windows 7 desktop, icons appear in the Windows 7 system tray, and access to Windows 7 drivers and printers is available. The only hint the user might get that something is a bit different is that the application will have the Windows XP border, plus the dialog boxes and the feel of the application will be those of Windows XP.