App Streaming- Architecture & Troubleshooting TechniquesJesús González, Escalation Engineer Karen Sciberras, Escalation Engineer
• Streaming technology basics
• Streaming technology in depth
• Sandbox reuse introduced in Streaming client 5.2
• Features introduced by Streaming client 6.0
Agenda
• Profiler• Captures Application Images• Stores them in the Application Hub
• Application Hub• File server which holds the profiled applications
• Streaming Client/Offline Client• Streaming to Server• Streaming to Client
Application Streaming Components
Layers Of Glass Analogy
Installation/Execution ImagePhysical Machine
Installation/Execution Image
Profiler Machine
•Nothing written to the “table” at profile time
Client Machine/ Presentation Server
•Installation program “painted” on “pane”
•File redirection
Per User Image
Physical Machine
Read/Write
Read Only, NoneRead Only
Read/Write
•Execution image common to all users – enables centralized app management
Application believes installed on physical machineInstall program, registry,
named objects etc. stored in .CAB file
Isolation Layers
• Per user Image or User Root
• Each user gets there own copy of top layer
• Writable at application runtime
• %AppData%\Citrix\Radecache
• Execution image or Install Root
• Read only during launch
• Writeable during profiling
• %Program Files\Citrix\Radecache
• Application
• Mask the applications view of the Physical machine
• Views machine from top down
• Per user image starts clear [read/write]
• Initial app view = Execution image [read only]
Streaming technology in depth
Streaming technology basic concepts
NamedObjectsNamedObjects
FileSystem
FileSystem RegistryRegistry
IsolationRules
IsolationRules
Per User Image
Installation/Execution Image
Physical Machine
• Open a File for Reading
• Creating a file
• Open a File for Writing
• Deleting a File
Streaming technology in depthExample: File System redirection
Per User Image
Installation/Execution Image
Physical Machine
Streaming technology in depthExample: Open a File for Reading
C:\Program Files\MyApp\MyConfig.txt
%AppData%\Citrix\RadeCache\GUID\Device\C\Program Files\MyApp
%ProgramFiles%\Citrix\RadeCache\GUID\Device\C\Program Files\MyApp
C:\Program Files\MyApp
If not found, continue search in the regular physical root location
Found here!Open file for reading
Search in the UserRoot
Search in the InstallRoot
Per User Image
Installation/Execution Image
Physical Machine
Per User Image
Installation/Execution Image
Physical Machine
Streaming technology in depthExample: Creating a file
C:\Program Files\Myapp\Myconfig.txt
During installation %Program Files%\Citrix\RadeCache\GUID\Device\C\Program Files\MyApp\MyConfig.txt
During execution
%AppData%\Citrix\RadeCache\GUID\Device\C\Program Files\MyApp\Myconfig.txt
Per User Image
Installation/Execution Image
Physical Machine
Per User Image
Installation/Execution Image
Streaming technology in depthExample: Open a File for Writing
C:\Program Files\MyApp\MyConfig.txt
%AppData%\Citrix\RadeCache\GUID\Device\C\Program Files\MyApp
%ProgramFiles%\Citrix\RadeCache\GUID\Device\C\Program Files\MyApp
Found here!
Copy file to user Image Layer
(Copy On Open for Write)
Open file for writing here
Per User Image
Installation/Execution Image
Physical Machine
Per User Image
Installation/Execution Image
Streaming technology in depthExample: Deleting a File
• Isolation environments satisfy two requirements
- Not deleting C:\DeleteMe.txt in reality
- Isolated applications are told that C:\DeleteMe.txt does not exists anymore
Per User Image
Installation/Execution Image
Physical Machine
Streaming technology in depthExample: Deleting a File
C:\DeleteMe.txt
Represented as 0 byte fileA special NTFS stream marker attached
Per User Image
Installation/Execution Image
Physical Machine
Launch Process
• RadeRun • RadeRun is to streaming what wfcrun32 is for hosted applications• RadeRun takes .RAD file as parameter, establishes link to streaming service
where application is executed
• RadeSvc• Obtains profiled application from Application Hub and places it RadeCache• Creates new sandbox instance and executes application
Streaming Services
Streaming Client
Basic Launch Process
PN Agent
.RAD File
Application Hub
.RAD File
XenAppXML Broker
Web Interface/PN Agent
RadeRun.exe RadeSvc.exe Application 1
• Streaming client erases RAD File immediately after reading it
• Done for house cleaning
• RAD file is not available for troubleshooting
• App Streaming – Faking out RadeRun http://community.citrix.com/display/ocb/2010/08/20/App+Streaming+-+Faking+out+RadeRun
How to obtain the RAD file
Independence from IMA or ICA
Independence from IMA or ICA
RadeRun.exe
/app:“MyAp"
/package:“\\AppHub\myApp\MyApp.profile"
-x flag will allow you to see the world as the isolated application from a command prompt
RadeRun.exe - Example
Windows 7
Profile
Streaming client
NO CITRIX FARM
NO ICA
NO IMA
Per User Image
Installation/Execution ImagePhysical Machine
RadeRun.exe - Layers Of Glass
RadeRun.exe – “-x”
CMD ISOLATED
RadeRun.exe – Layers Of Glass
Per User Image
Installation/Execution ImagePhysical Machine
NO WIWZIP
RadeRun.exe – delete inside isolation
CMD ISOLATED
RadeRun.exe – Outside isolation
Per User Image
Installation/Execution ImagePhysical Machine
NEW CMD. NOT ISOLATED
Sandbox Reuse
• What is a sandbox/isolation/Bubble?• Collection of processes and set of rules which control how application behaves• Isolated process same as normal process but tagged differently to expected• Redirection of Files and Registry
• Creation of Sandbox -> Expensive Operation• Opening the CAB file• XML parse for the sandbox isolation rules
What is a Sandbox?
Sandbox Not Reused
PN AgentStreaming Client
RadeRun.exe
RadeSvc.exe
One Profile
SandBox1
SandBox2
MS Word
MS Excel
• New feature introduced in Streaming client 5.2
• One creation of sandbox per profile instead per application
• It improves the performance of a second time launch
• Achieved by new service -> RadeLauncher.exe
• RadeLauncher.exe will exist for each sandbox/profile/user
Sandbox Reuse
Sandbox Reused
PN AgentStreaming Client
RadeRun.exe
RadeSvc.exe
One Sandbox = One Profile
RadeLauncher.exe
MS Word
MS Excel
Sandbox Reused
PN AgentStreaming Client
RadeRun.exe
RadeSvc.exe
User1 Profile1
User1 Profile2
User2 Profile1
RadeLauncher Settings and Considerations
• Radesvc.exe checks for Radelauncher.exe; if found uses existing isolation environment.
• HKLM/Software/Citrix/Rade/SandboxStatusMonitorperiod • Defined in minutes where default is 5 minutes• Setting value to 0 disables feature, behaviour of old client
• Terminate RadeLauncher for sandbox setting to take effect
Isolation of Windows services
• Program that runs outside of a user’s session
• Usually the same service runs once for the whole machine
• Generally runs at system startup
• Can be configured to run on application demand
• Service require more privileges than applications
What is a service?
Service isolation challenges
Easy to accomplish Difficult to accomplish
• Running services under application isolation • Running services under application isolation with privileges
• Keeping the user and system space separate
Service isolation solution
Considerations Solution
• Customers feedback
No problem to run services as long as they can be under control
• White list of servers
HKLM\Software\Citrix\Rade
AppHubWhiteList (REG_SZ)
• Citrix Streaming Helper Service (RadeHlprSvc.exe)
•Runs under the Local system account
•Privilege to create, delete, start services
New streaming service
Service isolation
Application Sandbox
Service Sandbox
5.2 (no service isolation)
Application Sandbox
6.0 (service isolation)
Application Sandbox
User 2
Service isolation creation process
Service Control Manager now displays isolated services
.CAB to Directory folder
Change from .CAB files to directory
.CAB files
Directory structure
• Using a single file to represent a target makes it easier to copy
• CAB file libraries are available on all versions of windows
• Ability to use Windows Explorer to open and see inside CAB File without additional code needed
Why were .CAB files used?
• Introduced to solve XenDesktop streaming delivery issues • This is the first step toward solving the XD issue in a stream-to-client scenario• First time launch slow, second time launch fast
• Replaces .CAB file with an unzipped representation
• Future release:• Directly mount the App Hub content into the execution environment• Accomplished by creating a symbolic link that points to the App Hub
Directory structure change
Layers of glass
Streaming technology in depth
Launch process
Raderun
Sandbox Reuse
Isolation of Services
Moving from Cab to Directory structure
Take Away’s
Before you leave…
• Session surveys are available online at www.citrixsynergy.com starting Thursday, 7 October• Provide your feedback and pick up a complimentary gift card at the registration desk
• Download presentations starting Friday, 15 October, from your My Organiser Tool located in your My Synergy Microsite event account