470 likes | 724 Views
App Streaming- Architecture & Troubleshooting Techniques. Jesús González, Escalation Engineer K aren Sciberras, Escalation Engineer. Agenda. Streaming technology basics Streaming technology in depth Sandbox reuse introduced in Streaming client 5.2
E N D
App Streaming- Architecture & Troubleshooting Techniques Jesús González, Escalation Engineer Karen Sciberras, Escalation Engineer
Agenda • Streaming technology basics • Streaming technology in depth • Sandbox reuse introduced in Streaming client 5.2 • Features introduced by Streaming client 6.0
Application Streaming Components • Profiler • Captures Application Images • Stores them in the Application Hub • Application Hub • File server which holds the profiled applications • Streaming Client/Offline Client • Streaming to Server • Streaming to Client
Layers Of Glass Analogy Profiler Machine Client Machine/ Presentation Server Application believes installed on physical machine Install program, registry, named objects etc. stored in .CAB file Per User Image Read/Write Installation/Execution Image Read/Write Installation/Execution Image Read Only, None Physical Machine Read Only Physical Machine • Nothing written to the “table” at profile time • Installation program “painted” on “pane” • File redirection • Execution image common to all users – enables centralized app management
Isolation Layers • Per user Image or User Root • Each user gets there own copy of top layer • Writable at application runtime • %AppData%\Citrix\Radecache • Execution image or Install Root • Read only during launch • Writeable during profiling • %Program Files\Citrix\Radecache • Application • Mask the applications view of the Physical machine • Views machine from top down • Per user image starts clear [read/write] • Initial app view = Execution image [read only]
Streaming technology basic concepts Per User Image Installation/Execution Image Physical Machine Isolation Rules File System Registry Named Objects
Streaming technology in depthExample: File System redirection Per User Image • Open a File for Reading • Creating a file • Open a File for Writing • Deleting a File Installation/Execution Image Physical Machine
Streaming technology in depthExample: Open a File for Reading Per User Image Installation/Execution Image C:\Program Files\MyApp\MyConfig.txt Physical Machine Search in the UserRoot %AppData%\Citrix\RadeCache\GUID\Device\C\Program Files\MyApp Found here! Open file for reading Per User Image Search in the InstallRoot %ProgramFiles%\Citrix\RadeCache\GUID\Device\C\Program Files\MyApp Installation/Execution Image If not found, continue search in the regular physical root location C:\Program Files\MyApp Physical Machine
Streaming technology in depthExample: Creating a file Per User Image • C:\Program Files\Myapp\Myconfig.txt Installation/Execution Image Physical Machine During execution %AppData%\Citrix\RadeCache\GUID\Device\C\Program Files\MyApp\Myconfig.txt Per User Image During installation %Program Files%\Citrix\RadeCache\GUID\Device\C\Program Files\MyApp\MyConfig.txt Installation/Execution Image
Streaming technology in depthExample: Open a File for Writing Per User Image Installation/Execution Image Physical Machine C:\Program Files\MyApp\MyConfig.txt Open file for writing here %AppData%\Citrix\RadeCache\GUID\Device\C\Program Files\MyApp Per User Image Found here! Copy file to user Image Layer (Copy On Open for Write) %ProgramFiles%\Citrix\RadeCache\GUID\Device\C\Program Files\MyApp Installation/Execution Image
Streaming technology in depthExample: Deleting a File Per User Image Installation/Execution Image Physical Machine • Isolation environments satisfy two requirements • Not deleting C:\DeleteMe.txt in reality • Isolated applications are told that C:\DeleteMe.txt does not exists anymore
Per User Image Streaming technology in depthExample: Deleting a File Installation/Execution Image C:\DeleteMe.txt Physical Machine A special NTFS stream marker attached Represented as 0 byte file
Streaming Services • RadeRun • RadeRun is to streaming what wfcrun32 is for hosted applications • RadeRun takes .RAD file as parameter, establishes link to streaming service where application is executed • RadeSvc • Obtains profiled application from Application Hub and places it RadeCache • Creates new sandbox instance and executes application
Basic Launch Process Web Interface/ PN Agent XML Broker XenApp .RAD File .RAD File Application Hub RadeSvc.exe RadeRun.exe PN Agent Streaming Client Application 1
How to obtain the RAD file • Streaming client erases RAD File immediately after reading it • Done for house cleaning • RAD file is not available for troubleshooting • App Streaming – Faking out RadeRun http://community.citrix.com/display/ocb/2010/08/20/App+Streaming+-+Faking+out+RadeRun
Independence from IMA or ICA RadeRun.exe /app:“MyAp" /package:“\\AppHub\myApp\MyApp.profile" -x flag will allow you to see the world as the isolated application from a command prompt
RadeRun.exe - Example Windows 7 Profile Streaming client NO CITRIX FARM NO ICA NO IMA
RadeRun.exe - Layers Of Glass Per User Image Installation/Execution Image Physical Machine
RadeRun.exe – “-x” CMD ISOLATED
RadeRun.exe – Layers Of Glass Per User Image NO WIWZIP Installation/Execution Image Physical Machine
RadeRun.exe – delete inside isolation CMD ISOLATED
RadeRun.exe – Outside isolation Per User Image NEW CMD. NOT ISOLATED Installation/Execution Image Physical Machine
What is a Sandbox? • What is a sandbox/isolation/Bubble? • Collection of processes and set of rules which control how application behaves • Isolated process same as normal process but tagged differently to expected • Redirection of Files and Registry • Creation of Sandbox -> Expensive Operation • Opening the CAB file • XML parse for the sandbox isolation rules
Sandbox Not Reused SandBox1 MS Word SandBox2 RadeSvc.exe RadeRun.exe PN Agent MS Excel Streaming Client One Profile
Sandbox Reuse • New feature introduced in Streaming client 5.2 • One creation of sandbox per profile instead per application • It improves the performance of a second time launch • Achieved by new service -> RadeLauncher.exe • RadeLauncher.exe will exist for each sandbox/profile/user
Sandbox Reused MS Word RadeLauncher.exe RadeSvc.exe RadeRun.exe PN Agent MS Excel Streaming Client One Sandbox = One Profile
Sandbox Reused User1 Profile1 User1 Profile2 RadeSvc.exe RadeRun.exe PN Agent User2 Profile1 Streaming Client
RadeLauncher Settings and Considerations • Radesvc.exe checks for Radelauncher.exe; if found uses existing isolation environment. • HKLM/Software/Citrix/Rade/SandboxStatusMonitorperiod • Defined in minutes where default is 5 minutes • Setting value to 0 disables feature, behaviour of old client • Terminate RadeLauncher for sandbox setting to take effect
What is a service? • Program that runs outside of a user’s session • Usually the same service runs once for the whole machine • Generally runs at system startup • Can be configured to run on application demand • Service require more privileges than applications
Service isolation challenges Easy to accomplish Difficult to accomplish • Running services under application isolation • Running services under application isolation with privileges • Keeping the user and system space separate
Service isolation solution Considerations Solution • Customers feedback No problem to run services as long as they can be under control • White list of servers HKLM\Software\Citrix\Rade AppHubWhiteList (REG_SZ)
New streaming service • Citrix Streaming Helper Service (RadeHlprSvc.exe) • Runs under the Local system account • Privilege to create, delete, start services
Service isolation 6.0 (service isolation) 5.2 (no service isolation) User 2 Application Sandbox Service Sandbox Application Sandbox Application Sandbox
Service isolation creation process Service Control Manager now displays isolated services
Change from .CAB files to directory .CAB files Directory structure
Why were .CAB files used? • Using a single file to represent a target makes it easier to copy • CAB file libraries are available on all versions of windows • Ability to use Windows Explorer to open and see inside CAB File without additional code needed
Directory structure change • Introduced to solve XenDesktop streaming delivery issues • This is the first step toward solving the XD issue in a stream-to-client scenario • First time launch slow, second time launch fast • Replaces .CAB file with an unzipped representation • Future release: • Directly mount the App Hub content into the execution environment • Accomplished by creating a symbolic link that points to the App Hub
Take Away’s • Layers of glass • Streaming technology in depth • Launch process • Raderun • Sandbox Reuse • Isolation of Services • Moving from Cab to Directory structure
Session surveys are available online at www.citrixsynergy.com starting Thursday, 7 October Provide your feedback and pick up a complimentary gift card at the registration desk Download presentations starting Friday, 15 October, from your My Organiser Tool located in your My Synergy Microsite event account Before you leave…