Dynamically provision applications across physical and virtual Windows desktop environments in a friction-free manner
Before 2020, most organizations who provided remote access for employees relied on technology such as virtual private networks or virtual applications and desktops. Even then, these were often only provided to a subset of users, such as IT staff, Directors, and on-call staff. As such, most enterprises did not have the infrastructure or operations to support every employee working remotely at the same time.
When the pandemic hit and workers were sent to work from home en-masse, the shortcomings of existing remote access solutions rapidly became apparent. A prime example being how quickly VPNs were overwhelmed when all remote workers were required to connect through them, causing frequent connection drops and drastically hindering performance for applications that required database access.
Those using published applications found their users could not access all applications they required for day-to-day responsibilities because they were installed on workstations back in the office. Even those with virtual desktops didn’t have the applications they needed, as IT could not get every application in their estate into their desktop images. Moreover, installing missing applications into virtual desktop images yielded extensive user disruption while application updates were provisioned.
The sudden embrace of remote work and now hybrid work is leading to a rapid transformation in End User Computing, requiring truly modern application management solutions that can scale elastically, dynamically deliver applications without disruption to end users, and are cloud-native to help untether organizations from their VPN. Achieving this optimal state for the modern workplace is two-fold: application containers to package and deploy your entire application estate with modern provisioning through a platform-agnostic cloud-based container management platform.
Legacy Application Package Formats Hinder Modernization
Many organizations still deploy applications in package formats that have been around for a quarter of a century. 25 years ago, hybrid work styles were unheard of. It is no surprise that these dated package formats are inadequate for modern enterprises. Setup.exes and Windows Installers (MSI) perform full application installations on systems. In a virtual desktop scenario, this means cracking open a desktop image every time IT wants to provision a new application or application update. This type of change then effects every end user the desktop image is deployed to, regardless of whether they use the application in question.
Deploying those updated images using desktop provisioning tools can mean rebooting machines or rolling a machine to a new snapshot. Both options require a state change to the machines, which may need to be performed out of business hours to avoid disrupting employees during the workday. However, if an application update goes wrong and the service desk becomes overwhelmed with calls the morning after such a change, your EUC team may have to revert back to the previous version of the image or snapshot during the workday, further disrupting users of those desktops.
Installing applications into desktop images is also a security risk as applications files, services, registry, and other components lay exposed to all users and processes with access to those desktops. Installing applications into desktop images can also lead to application conflicts, leading to image sprawl – where you have multiple images to keep conflicting applications apart – and image corruption (e.g., services fail to start or applications can no longer be uninstalled) – and also image bloat where the image size gets large due to the number of applications installed in it.
In summary, installing applications into your desktop images exposes your organization from a security perspective. Doing so can lead to common Windows application issues, wasting IT teams’ time and resources on remediation efforts and costing organisations millions in lost end user productivity. More images to manage and larger images yield operational inefficiency and inflate storage costs while hindering application portability and agility across different platforms, such public clouds etc.
What About Application Layering?
When exploring alternatives for deploying windows applications, enterprises may consider application layering which is a great solution for deploying some applications. Organizations mileage may vary depending on the application layering product they choose. Some application layering products work best when deploying the layers as part of the machine boot process. While every layering product provides a feature to deliver applications to users in “real-time”, the level of application compatibility can suffer when deployed in this manner. Some application layering products deliver the full application components as though they were installed on the system, which means they expose those components to potential bad actors.
MSIX App Attach offers an interesting solution, where application layering is utilized in tandem with MSIX application containers. This combination of solutions seems like a match made in heaven. In theory, it could provide a relatively fast solution for delivering application containers to users. Perhaps a faster deployment than deploying MSIX packages in Intune. Delivering application containers at scale and at speed is an ideal solution for modern enterprise application management. MSIX App Attach shows great promise. However, at this time rate of compatibility for MSIX is relatively low, which can make deploying even a small majority of an enterprises applications in this format a challenge.
Application Containers Enable You to Modernize NOW
To address the rapidly evolving remote and hybrid workplace for enterprises, the time to modernize application management is now. They need a solution to immediately optimize application management to support hybrid work styles at scale. Many enterprises are actively modernizing their desktops with the latest desktop as a service (DaaS) solutions and even planning their Windows 11 migrations. Whatever the journey, there is a need to move applications now. Thus, enterprises cannot wait for MSIX to gain wider adoption from vendors, as that could mean re-touching every application again years after their migration projects have been completed. They need a solution that instantly enables all their applications to be seamlessly packaged, provisioned, and managed by IT across their new modern workspaces. That solution is application containers.
Why Application Containers?
Application containers encapsulate all the components that make up an application into their own dedicated container space. This means an application’s folders, files, services, drivers, etc. are delivered inside a container rather than installed directly on the Windows desktops. As files and other components run within their own dedicated space, they eliminate application conflicts as each container sees the files it needs and will not try to use a different application’s files. This enables multiple versions of the same application to run side by side on the same machine, if required, and addresses issues with DLL hell and other types of conflicts.
As application containers have their own dedicated space and do not install files on the local system, applications delivered in these containers can always be cleanly removed which eliminates failed application updates and application corruption.
Traditional application package types struggled delivering files and registry to user directories such as the user profile and HKCU. This is because those packages were typically targeted to machines rather than users and were often deployed to device collections. In a Windows installer scenario, the use of the active update feature was required to handle those user components. Unfortunately, the feature had its flaws, such as causing slowness at login and sometimes resulting in errors if the original package or cached installer could no longer be found. Generally, application layering products do not support user-based installs as part of the application’s virtual disk.
Application containers can provide the files and registry required in the user profile and HKCU within the container eliminating the need for active updates and providing a higher rate of compatibility for your applications than application layers.
Application containers also help enhance enterprise security by reducing the surface layer for attack by cyber gangs. As the components of applications are not widely exposed to users or processes, if a bad actor infiltrates your network and searches for applications or application components that may be useful for an attack due to known vulnerabilities, they will not be able to see those applications on the local systems in their scans of directories and common registry keys.
Application containers assist with application compatibility challenges. If you have applications that you just can’t move off an old version of Windows, application containers may be able to help as by their nature application containers can run with full isolation, which means they can be packaged with all known dependencies to enable an application to run on a modern Operating System. Cloudpaging application containers can also be configured to run in a desired compatibility mode for a specific Windows OS version.
These are just some of the benefits of using application containers to modernize your application management. Of course, a container format is just one part of the equation. You need to be able to orchestrate the application containers and manage them at scale across your enterprise, which means you will need a container management solution. At this point, I would like to discuss Cloudpager and the application containers it can help you manage and dive into what makes our offering unique.
Cloudpager for Application Container Management
While MSIX does not have wide coverage for Windows applications yet, the value of application containers is clear. Microsoft and other large entities in the industry are invested in containers to unlock agility, speed, and management at scale. If MSIX does not work for a large percentage of your applications today, what alternative is there for delivering and managing applications in application containers? The answer is Cloudpager!
Cloudpager supports deploying and managing applications in several formats, including App-V, MSIX, WorkSpaces Application Manager (WAM) packages, and Cloudpaging application containers. This enables you to adopt a platform to manage your existing App-V packages and onboard MSIX containers as the technology reaches wider adoption. App-V has a higher success rate when packaging applications due to a high rate of compatibility than MSIX, but App-V customers often struggle to break past 70% of their applications delivered with the product. Numecent Cloudpaging application containers achieve 95%+ success of containerizing and delivering Windows applications. Customers have successfully delivered complex 40GB+ sized applications. Application components such as drivers, services, and COM+ Component Services that pose issues with virtualization solutions are not a problem for Numecent’s modern application container format.
With Cloudpager, you can dynamically provision more than 95% of your applications across your enterprise from a single pane of glass. You do not need to compromise and deliver some applications at boot-time or as part of your image to achieve a high success rate with the product. You can get away from re-provisioning desktops as part of application management and break-fix for failed application updates processes altogether. In fact, Cloudpager provides a unique Rollback feature that Administrators can use to quickly revert application updates dynamically, even in active user desktop sessions. No more hours or days long remediation required.
The application cache used by Cloudpaging application containers is delivered with encryption by default and the application cache is uniquely encrypted per machine which again helps reduce the surface layer for attack. While application layering solutions can be resource intensive when delivering applications as mounted virtual disks, application containers are relatively lightweight in nature. Cloudpaging application containers, in-particular, leverage our patented prefetch feature which optimizes application launch times. Cloudpager automatically captures the first launch experience of each application container, syncs that to the customers central repository and then delivers that for users for all subsequent launches. Essentially automating the optimization of the application launch and providing the best user experience possible.
Cloudpager provides a unique Policies feature which can be used to enforce application licensing to keep enterprises within the conditions of their license agreements with vendors but also to automate application lifecycle management through time-based software reclamation which removes applications on a set date. Applications can also be removed after a defined period of inactivity, meaning if users have access to applications but they do not use them within a certain number of days, that application is removed. No more leaving applications sitting on machines, potentially causing security risks and desktop bloat.
Conclusion
Legacy approaches to application virtualization and delivery are not suited for today’s modern enterprise. True modernization for applications and IT operations requires application containers. They maximize application compatibility, portability, and security across modern physical and virtual desktop environments, ensuring end users can seamlessly run your entire application estate regardless of where they reside, desktop type, or location.
Moreover, they don’t just provide end users with a native application experience but equip IT with truly modern capabilities that are not available with traditional solutions, such as the ability to rapidly provision, update, roll back, and recall any application across your enterprise without requiring virtual desktop end users to log off or reboot – even for those in active user sessions.
The advantages of application containers are maximized with a born-in-the-cloud container management platform. Delivered as a fully managed SaaS platform, Cloudpager provides a single, modern solution to dynamically provision applications to end users in seconds with the scale of the cloud to any Windows desktop, anywhere, and on any network making it ideal for a modern workplace with hybrid work styles.
Cloudpager is truly a transformative solution for modernizing application management in the enterprise. It removes obstacles that have existed with Windows application management for decades, provides the agility required for application management with changing work styles and overall improves the user experience.
Getting Started
To see the magic of application containers in action, schedule a demonstration of with our Solutions Architects to see how Cloudpager enables you to dynamically provision, update, roll back, recall, and meter your entire application estate in real time: www.numecent.com/demo.