Your SlideShare is downloading. ×
SYN328: Learn why AppDNA should be a part of every consultant’s toolkit
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

SYN328: Learn why AppDNA should be a part of every consultant’s toolkit


Published on

This was my Citrix Synergy 2013 presentation on why AppDNA should be a part of every consultant’s toolkit. …

This was my Citrix Synergy 2013 presentation on why AppDNA should be a part of every consultant’s toolkit.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide
  • I also think it’s cool because AppDNA has a research and development centre in Perth.
  • Next date would be Windows Vista on 11th April 2017. Too far away to worry about at present.Who had an Application Portfolio Management specialist? Usually comes under the Enterprise Architecture practice.
  • Interact with the audience to understand how many apps some of them have.Are they managed apps?Do they have control of their portfolio?Do they have an Application Portfolio Management specialist and policies?Software does not necessarily have a used by date. It’s about how long the Vendor will support it. And if not, then will the business manage the risk?According to statistics the average piece of software has a 12 year life span. So that could be 3 or more major versions of OS upgrades.VB6 was released in 1998 and it’s still supported, even on Windows 8, which means that it may be around until about 2022.Who has an Application Packaging Factory (APF)? Often outsourced.Who has an Application Compatibility Factory (ACF)? Mostly bundled into the APF as part of outsourcing the application packaging.
  • Apps that use/integrate with the Windows 8 Modern UI (formerly known as Metro) will not work if UAC has been disabled.Windows Resource Protection (WRP) prevents the replacement of essential system files, folders, and registry keys that are installed as part of the operating system.Session 0 Isolation from Vista and above is for non-interactive services only. Interactive (user) sessions start from session 1. Running services and user applications together in Session 0 poses a security risk because services run at elevated privilege and therefore are targets for malicious agents who are looking for a means to elevate their own privilege level. The problem here is that messages can only be sent between processes that are on the same desktop (session). Therefore, if an older application has a service needs to interact with a user, such as an antivirus update service, the user will never see the update prompt.Most applications do a poor job of reporting unexpected errors:Locked, missing or corrupt filesMissing or corrupt registry dataPermissions problemsErrors manifest in several different ways:Misleading error messagesCrashes or hangs
  • A Shim is a database file with an extension of .sdbHow to deploy shims? Use sdbinst.exeShims for writing to protected folder and registry locations:VirtualRegistry is a multi-purpose shim for simulating the existence of appropriate registry entries for legacy applications. It can be used to redirect registry keys to a separate area in the registry (typically to resolve issues where access is denied), or to return different values when an application is looking for a specific key (that may no longer exist) or a different version (when a version number is hard coded). You will explore the version lie aspectsof VirtualRegistry.CorrectFilePaths is another very flexible shim, which includes a number of default file redirections for times when a legacy application may be looking for a known component in one location using a hard coded path, but that component has moved to another location. You can also configure CorrectFilePaths to redirect from one arbitrary path to another, if you want to modify where to place a file. The destination folder structure must exist, or the CorrectFilePaths shim will fail.Version Lie Shims for bad Windows version checks returns the appropriate operating system version information. For example, the WinXPSP2VersionLie returns the Windows XP version information to the application, regardless of the actual operating system version that is running on the computer.UAC file virtualisation doesn't handle renames or deletes. In these cases you need to apply the VirtualizeDeleteFile shim, which is a compatibility fix designed to enable an application to incorrectly think that a file that the user does not have permission to delete, has been successfully deleted.Some tools don’t optimise shims, such as the Microsoft Standard User Analyser (SUA). Microsoft has heuristical detection for installers. However, an exe that is a non-installer will be prompted for elevation if it contains the words setup, update, install or patch in the name or within the binary itself. So you may need to apply the SpecificNonInstaller shim for this exe.Time for a joke:185 desperate and dateless applications walk into a bar. One of them starts chatting to this intimidating, yet hot OS called Windows 7. They hit it off and think they may be compatible. The 184 other apps are egging him on. Things start hotting up. The application spawns processes all over Windows 7. Windows 7 starts leaking, goes all blue and demands that the application stops. The application knows that this is his only opportunity to perform, or he’ll be replaced. So he says “Don’t worry, I’ve got Shims.”
  • Limited User Rights brought us VirtualRegistry Store and VirtualFileSystem Store. This was enhanced under Windows 7 to include a redirection on writes to C:\\. Did you also know that there is a “C:\\Documents and Settings\\<username>” redirection in the Operating System? These are specifically implemented for legacy applications, but did initially create a lot of confusion.I’ve come across an application where a developer had used “C:\\Documents and Settings\\%Username%\\Application Data\\” in their config file. So I asked them to change their app to use %AppData%.ACT is a lifecycle management tool that assists in identifying and managing your overall application portfolio. ACT enables you to create:Compatibility FixesCompatibility ModesAppHelp messagesCompatibility databasesACT Version History:1.0 Windows 2000,Windows XP pre-release2.0 Windows XP RC2.6 Windows XP, .NET Server (AKA Windows Server 2003 pre-release)3.0 Windows XP SP1, Windows Server 2003 RC4.0 Windows XP SP2, Windows Server 2003 SP14.1 Windows XP SP3, Windows Server 2003 SP25.0 Windows Vista RC5.5 Windows Vista SP1, Windows 7 RC5.6 Windows Vista SP2, Windows 7 SP16.0 Windows 8 RCMany that are using it today, only started using it from version 5.0, which was quite a misunderstood version. This may have been due to the extra layers of limited user rights Windows Vista presented us with.ACT 5.5 and above were vastly improved releases.ACT 6.0 is out, but previously most would have been using 5.5 or 5.6.ACT 6.0 is integrated into the Windows Assessment and Deployment Kit (Windows ADK)Compatibility Administrator is what you use to fix problems (ie create shims)Run Compatibility Administrator in expert mode by using the /x switch. ie. compatadmin.exe /xThis shows much more detail on how shims are configured.SUA - previously known as the Limited User Account Analyser or LUA Analyser. Helps you find and fix LUA issues in the application.As mentioned the suggested fixes from SUA does not necessarily optimise the shims. Be aware that SUA potentially includes all Windows System32 modules with each shim it creates. So you therefore need to go back in and edit it. You’ll need to run Compatibility Administrator in expert mode to be able to do this. If you don’t fix it, you’ll waste CPU resources and apps will be slow to start. Note that VB6 Apps, however, must include the msvbvm60.dll.DCP – Detects compatibility problems with the Operating SystemInventory Collector – collects application list and devicesUser Account Control Compatibility Evaluator – picks up UAC issuesWindows Compatibility Evaluator – picks up GINA, Session 0 and Deprecation issuesFrom the DCP and information collected within Compatibility Manager, you can:Create - labels, categories, subcategoriesSet - prioritiesAdd - your assessment, issues and solutionsSetup Analysis Tool was depreciated from ACT 5.6 as it was providing no value.LUA Buglight (by Aaron Margosis) is a utility that helps identify "LUA bugs" in applications; or feature of an application that:works when run by a member of Administrators or Power Usersfails when run by a standard userhas no valid business or technical reason for requiring administrative control over the computer.LUA Buglight is very similar to the Standard User Analyser (SUA) tool, but has more powerful logging and reporting capabilities. However, only LUA Buglight will show you the exact text that was passed into an API.LUABuglightVersion History:1.0 - Support for Windows XP SP3, Windows 2003 SP2, Limited Vista Support2.0 - Support for Vista, 2008R12.1 - Support for Windows 7, 2008R22.1.1 - Support for Windows 7 SP1, 2008R2 SP12.2 - Support for Windows 8Decompiler vs. Disassembler:A decompiler transforms binary code into high-level pseudocode text that can easily be read by humans. We rely on this transformation to analyse and validate programs.A disassembler transforms binary code into assembler, which is much lower level and is more difficult to read for humans. It explores binary programs, for which source code isn't always available, to create maps of their execution. The real interest of a disassembler is that it shows the instructions that are actually executed by the processor in a symbolic representation called assembly language.Decompilers and Disassemblers:.NET Reflector - Decompile, understand, and fix any .NET code, even if you don't have the source.ILSpy - Open-source .NET assembly browser and decompiler. It was developed once Red Gate announced that there would be no more free versions of .NET Reflector.PEBrowse64 Professional - disassembler for Win32/Win64 executables and Microsoft .NET assemblies.IDA (Interactive DisAssembler) - disassembler and debuggerHex-Rays Decompiler – commercial decompiler (still does not support 64-bit code)VB Decompiler – commercial decompiler for programs (EXE, DLL or OCX) written in Visual Basic 5.0 and 6.0 and disassembler for programs written on .NET technology: Hacker - a freeware utility to view, modify, rename, add, delete and extract resources in 32bit & 64bit Windows executables and resource files (*.res): - PEiD detects most common packers, cryptors and compilers for Portable Executable (PE) files: Editor – Commercial text and hex editing with Binary Templates technology: shims use the following registry value in conjunction with SysInternalsDebugView tool:Key: HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlagsValue: ShowDebugInfoType: REG_DWORDData: 9Program Compatibility Assistant (PCA) should be turned off in production, as it confuses users and can potentially cause issues.Xperf from the Windows Performance Toolkit (WPT) helps determine if applications are creating performance bottlenecks on startup or login. Especially application fixes and group policies.Sysinternals: Explorer – process/thread viewerProcess Monitor – file/registry/process/thread tracingProcdump – process memory dumperAutoruns – displays all autostart locationsSigCheck – shows file version information PsExec – execute processes remotely or in the system accountTcpView – shows TCP/IP endpointsStrings – dumps printable strings in any fileDebugView – Desktops – Debugging Tools for Windows: - application and kernel debuggerLogger.exe intercepts the API calls and shows all the details being passed into the API. It creates a log file.Logviewer.exe reads log files created by logger.exe.There are no silver bullets to solving all your problems. You must know and understand how to use all these tools.You could even invest in commercial products to help remove admin privileges, such as BeyondTrustPowerBroker for Windows or AppSense Application Manager.
  • Application migration is the most difficult and costly part of most Desktop Transformation projects. It’s the part where a lot of up-front guestimates are made in the project planning phase.Projects can quickly get out-of-control, timelines need to be extended, more resources brought in to help out…this all effects the budget. Could this be why many organisations stay on the same OS for as long as possible? “Once bitten twice shy”.
  • Inventory, Usage and RationalisationMicrosoft SCCM/ConfigMgrLakesideSysTrack – Has full AppDNA integration.Liquidware Labs Stratusphere FIT - You would use Stratusphere FIT to complete an audit, which includes applications. This data can then be exported from the Application Audit Report to an XLS or CSV, format it for AppDNA, and then import it into AppDNA.CentrixWorkSpaceiQ - Centrix uses an export from AppDNA then an import in the CentrixWorkSpace console. Once the data is imported, you can correlate usage with AppCompat. More importantly, you can focus appcompat efforts on those apps that are most heavily used.SplunkFuturestateIT AppRx (a neat SAAS offering)RES Baseline Desktop Analyzer - free product - the Application Landscape feature to get the DNA of the user. This will tell you what the users actively launch throughout their sessions.Data Collection Packages withinACT are also great for getting an inventory.IT Asset Management (ITAM) system, such as ServiceNow, for example.To succeed you must have a good plan, good people, and good tools and ensure it’s well executed.Using the right toolset for your Application Migration project is like being a conductor of an orchestra.
  • Saves time and reduces cost by accurately predicting application behaviour on new technology platforms. Project risk is reduced by providing clear insight into how applications will function in a new or migrated environment. AppDNA will show a clear path to successful server and desktop transformation.
  • Where Do I Stand?How do I get there?How long will it take?How much will it cost?What do I need to do?
  • In my opinion it should have a Testers role, so that those conducting testing in any form can log in and create journals. Giving Testers the Editors role is not appropriate.
  • We will talk briefly about these, but will not demonstrate them due to time constraints.
  • Green areas mean that the application has no areas of concern against the technologyAmber areas are warnings that indicate areas of interest, but are not necessarily reason for concern.Red areas indicate areas of concern which may or may not have remediation options.A "U" indicates that the combination was untested, and a padlock means that the application is unlicensed for the report.Are red apps all bad? How often is the application used, and by whom? Are there other ways of delivering this app without it side-tracking the project?
  • This report allows admins to classify the application data and determine the best strategy to move forward.Modelling and a what if tool.The baseball/cricket tool - gets runs on the board.Very handy for determining pilot groups, and rollout plan. The initial goal is to discover he low hanging fruit.i.e. The apps that are easy to knock off first, and group them. This way you can plan your pilot groups and perhaps the transition/rollout into production. You may use this data to help create use cases, or for tiering your apps and groups of users, or for client device requirements.For example: if you're having difficulties with the Adobe CS Suite, then you're probably not going to migrate your marketing department first. So you can also deprioritise other apps that only the marketing department use.
  • AppDNA makes the remediation information available in a variety of tailored formats.The right remediation will depend on the application as well as your organization.Sometimes the best solution is not to remediate an application but to upgrade or replace it.Autofix remediation's within AppDNA are voluntary. You are not forced into accepting an automatic fix that does not fit into your packaging best practices.
  • Use SysInternalsZoomit to assist
  • Microsoft's Stephen Rose (@stephenlrose) is another one worth following.Sign up for the Springboard Series Insider (SSI) newsletter: lead an awesome TechEd 2012 presentation on “How many coffees can you drink whilst your PC boots” using Xperf from the Windows ADK.
  • Transcript

    • 1. SYN328: Learn why AppDNAshould be a part of everyconsultant’s toolkit#SYN328 #CitrixSynergy @jeremysaunders @caditc
    • 2. How to make yourself look coolwith Citrix AppDNA?#SYN328 #CitrixSynergy @jeremysaunders @caditcAppDNA is to an IT Consultant as a paperclip is to MacGyver
    • 3. Jeremy Saunders - from Perth, Western AustraliaIndependent Consultant, known as J House ConsultingE-mail: jeremy@jhouseconsulting.comTwitter: @jeremysaundersWeb: http://www.jhouseconsulting.comWarren Simondson - from Brisbane, QueenslandManaging Director and founder of Ctrl-Alt-Del IT ConsultancyE-mail: @caditcWeb: about this session with hashtag #SYN328 and #CitrixSynergy3About Us
    • 4. Holistic approach to Application CompatibilityAll about AppDNADemonstrations & best practice informationQ & A4Agenda
    • 5. Extended Support phase end dates:Windows XP 8th April 2014Includes MED-VWindows Server 2003 14th July 2015Includes Presentation Server and XenApp32-bit to 64-bitApplication VirtualisationDesktop VirtualisationFuture ProofingApplication Portfolio ManagementManage the application portfolio, including forward planning5Motivation
    • 6. In Windows it is essentially a bunch of files and registrykeys. Sure, that’s simplifying it somewhat, but the mainfocus for application compatibility is to simply make itall work. Manage the file and registry locations; APIcalls. Pretty simply really!6What is an App?
    • 7. SecurityTrustworthy Computing initiatives from 2002 that were introduced fromWindows XP SP2 and 2003 SP2.Running everyone with Standard User rights causes the most problems.UAC Virtualisation (The VirtualStore) fixes stuff, but not everything,which is why we still have so many issues.Disabling UAC is NOT the solution.Deprecated components (removal of legacy components such asthe Microsoft Agent and Outlook Express)Windows Resource Protection (WRP)Session 0 IsolationOperating System Version changes7Why do we have issues?
    • 8. Windows Vista/2008 was given version 6.0, which waspretty logical. However, it turned out to be bad forApplication Compatibility simply because many legacy appswritten during the Windows XP period would check majorversion and minor version like this:If Not (vMajor >= 5 AND vMinor >= 1) Then{DisplayMessage(“This program requires Windows XP or newer”);}This is why Windows 7/2008 R2 is version 6.1 & Windows8/2012 is version 6.2. And the new Windows 8.1 is 6.3.8Fact about Windows Versions
    • 9. Many people are unaware of shims, or if they’ve heard ofthem, they have no clue that a shim can be used to fixmany broken/incompatible Win32 apps.The shim modifies the Import Address Table (IAT) onapplication load.With the shim in place it will intercept an API call and doesa redirection.A shim changes the question the application is asking.“A shim basically rephrases the question to something itcan say yes to.” Chris Jackson (AKA The App Compat Guy)Shims need to be optimised!!!9What is a Shim?
    • 10. Application Compatibility Toolkit (ACT)Standard User Analyser (SUA)Compatibility AdministratorInternet Explorer Compatibility Test Tool (IECTT)Create/Deploy/Manage Data Collection Packages (DCPs)Application VerifierLUA BuglightProblem Steps Recorder (PSR)Windows Debugger (WinDbg), including logger.exe and logviewer.exeSysInternals Tools – e.g. Process Monitor, Process Explorer, DebugView, SigcheckReverse Engineer using Decompilers and Disassemblers:.NET Reflector by RedGate – commercial decompilerILSpy by SharpDevelop – free decompilerPEBrowse64 Professional by SmidgeonSoft – free disassemblerIDA by Hex-Rays – commercial disassemblerHex-Rays Decompiler – commercial decompiler10Application Compatibility andDebugging Tools
    • 11. The garbage in, garbage out reality is responsible forthe failure of many IT projects.“Poor data quality is the primary reason for 40% of allIT initiatives failing to achieve their targetedbenefits.” - Gartner Research.11Project Failures –budgets & timelines
    • 12. InventoryUnderstand UsageUnderstand LicensingRationalise/ConsolidateDevelop Software Lifecycle PolicyAnalyseRemediation/PackagingTesting & Validation12Application Migration Approach
    • 13. 2000: Camwood was started as SI company specialising inapplication migration and portfolio Management2004: Application compatibility management tool was born2008: Company “App-DNA” was born, giving us theapplication name: “AppTitude”2011: Citrix acquisition and renamed application to “AppDNA”13AppDNA History
    • 14. AppDNA enables enterprises to confidently discover,automate, model and manage applications for fasterapplication migration, easier application virtualizationand streamlined application management. AppDNAsoftware combines insight about applications withhighly accurate application testing, remediation andcompatibility.14What does AppDNA do?
    • 15. Application AnalysisRuns hundreds of algorithms against your applicationfingerprintsComprehensive ReportingThe reports use a RAG system for Red/Amber/Green.RemediationThoroughly detailed and comprehensive informationApplication PackagingAutomate .MST, .SFT, .APPV15How does it do that?
    • 16. Provides the confidence to present deploymentproject timelines, facts and figuresTypically delivers between 300 - 500% ROIAims to be 95% accurate with it’s analysisRemoves fear, uncertainty and doubt (FUD)Helps you gain control of your application portfolio16Benefits of AppDNA
    • 17. Download itInstall itConfigure itKick-start your projectBecome the Application Detective17Getting Started
    • 18. Can use the product for 30 days under the eval licenseand can access the 2 main high level reports.Eval license lets you unlock full reporting on up to 5Windows and 5 Web Apps.Licenses are currently tied to Sites (databases).18Licensing
    • 19. Users – AD Integration (linked)RolesAdministratorsEditorsUsersProduct Package Importers** Create your own.Sites – There is one default site, create more fordecentralised or devolved management requirements.19Administration
    • 20. SCCM/ConfigMgrLakeside SysTrackThe discovery of applications is done by SysTrack.AppDNA plugs directly into the SysTrack DataMine totake collected data to provide your Imports.20Integrate
    • 21. Desktop AppsDirect Import (.MSI, .SFT, .APPV)Install Capture (.EXE, scripts)Self ProvisioningWeb AppsWeb CaptureWeb Direct Import (.MSI)Stand-alone Spider and MSI Converter21Import & Analyse
    • 22. 22About the Reports
    • 23. 23Effort CalculatorProvides business-oriented data based onmetrics entered to determine time, costand effort. Great for strategic planning!
    • 24. 24Effort Calculator continuedQuantify the level of effort required.KNOW the project effort – DON’T GUESS!
    • 25. 25Estate ViewProvides details on the apps based on thealgorithms. Starts with the Before and AfterChart of applications based on algorithmsused.
    • 26. 26Estate View continuedDetailed information on thealgorithm groups.
    • 27. Provides a high-level status of the applicationportfolio.A "U" indicates that the combination was untested,and a padlock means that the application isunlicensed for the report.27Overview SummaryThe fruit salad ReportProvides a high-level status of the applicationportfolio.
    • 28. 28Custom ReportsThese are reports that you define yourself. You can basecustom reports on existing algorithms and algorithmgroups or new ones that you write yourself. You can alsocreate new algorithms based on your own specializedknowledge of your environment.
    • 29. 29Forward PathThe baseball/cricket toolProvides business-oriented data based onvarious deployment scenarios and theirimpacts.
    • 30. GroupsCollectionsJournal entries30Manage
    • 31. AutomateCreate an App-V packageCreate a XenApp Streamed packageCreate an MSI packageManualCreate your own31Resolve Application Issues
    • 32. 12 June 2013Footer Text 32DEMO
    • 33. Apply Eval license first. This opens up Estate View reportsfor all modules.Import as many apps as possible to start with.If scripting apps, give the script an intuitive name thatrelates to the app, and not just “install.cmd”Create AD linked User Accounts.Create the appropriate rolls for your team members.Create Collections to “Group” applications together.Tune SQL memory usage, especially if running on the samebox.33Best Practices Recap
    • 34. There is no substitute for experience. But those withthe experience must use common sense and use theright tools too.Using the right toolset for your Application Migrationproject is like being a conductor of an orchestra.AppDNA provides you with the knowledge for allchallenges you need to know up front.AppDNA is a product that can give you the confidencethat your application migration or desktoptransformation project is good to go!34Parting Words
    • 35. Hands on Lab – SYN 629 – Automating XenApp andApp-V application migration with AppDNASession – SYN412 – Top 10 application migration tipsfor XenApp and XenDesktopSession - SYN507 - Reducing desktop infrastructuremanagement overhead using “old school” tacticsGeek Speak: Denis Gundarev from Entisys SolutionsPartner Training: CAD-200-1W - Simplifying ApplicationMigration with Citrix AppDNA 6.135Other Sessions and Training
    • 36. Citrix eDOCS: AppDNA Extensions Workspace: AppDNA RIO Calculator: have internal spread sheets that may help provide adifferent angle for you.Citrix Case Studies and White Papers: TV (and YouTube)36Resources
    • 37. Citrix AppDNA on twitter @AppDNASubscribe to Jeremy’s Twitter Lists:AppCompat – Application CompatibilityAPM - Application Portfolio ManagementChris Jackson – @appcompatguyThe App Compat GuyAaron MargosisThe Non-Admin GuyMark Russinovich – @markrussinovichThe Sysinternals LegendDmitry Vostokov - @DumpAnalysisSoftware Engineer at Citrix. He runs http://www.dumpanalysis.orgJohn Robbins - @JohnWintellectCo-founder of Wintellect: Weijnen - @RemkoWeijnenGreat blogger on App Compat issues37Who to follow?
    • 38. What would you like to know?How can we help?38Q & A
    • 39. Conference surveys are available online starting Friday, May 24 at9:00 a.m. PTProvide your feedback by 4:00 p.m. PT that day andyou’ll receive a $30 gift card via emailDownload presentations starting Monday, June 3,from your My Conference Planning tool locatedwithin the My Account section39Before you leave…