There are two types of Collections with Azure RemoteApp: A Cloud Collection and a Hybrid Collection. App-V requires that the client must exist on domain-joined machines in order to be supported. Azure RemoteApp Custom Images can be part of a Hybrid RemoteApp collection where the images are joined to the local domain. This now entails App-V and Azure RemoteApp the possibility of integration with the App-V Management & Publishing Server using a cloud-based or on-premises App-V Infrastructure scenario:
Cloud-based App-V Infrastructure: This is where the App-V Management, Publishing, and Content Sources are based in Azure IaaS (with the content being also available with extended Azure PaaS services as well.) In this scenario the Hybrid Collection must be associated with an existing VNET that also contains the App-V back-end resources. This scenario also requires that the Azure RemoteApp clients and the App-V infrastructure are joined to the same local domain either hosted in Azure IaaS or via the forthcoming Azure AD Domain Services (In preview – https://azure.microsoft.com/en-us/services/active-directory-ds/) The Azure RemoteApp images are pre-configured for the Publishing Server or controlled via GPO (group policy.)
The Cloud-based App-V Infrastructure can easily service both cloud-based resources (RDSH in Azure IaaS, Azure RemoteApp) as well as traditional on-premises clients (via the web, through Site-to-Site VPN’s, or ExpressRoute.)
On-Premises App-V Infrastructure: This is where the App-V Management and Publishing Servers are based in an on-premises network servicing primarily on-premises clients. In this scenario the Hybrid Collection must be associated with a VNET attached and routed to the on-premises App-V infrastructure through a site-to-site VPN or ExpressRoute. The Azure RemoteApp images are joined to the local domain and pointed to the Publishing Servers via pre-configuration or GPO. In this scenario, it is recommended to still leverage Azure-based content sources for content even though streaming over the on-premises connection would be possible – but not recommended.
Walking Through the Process:
For the sake of this conversation, we will assume that an existing App-V 5.1 infrastructure has already been provisioned, be it cloud-based or on-premises. Obviously, before you would start the process of setting up a custom image, you will want to make sure you have this in place.
1.) Create a custom operating system image that has the App-V RDS 5.1 Client installed – then import image into Azure RemoteApp. This is an oversimplification of a process that is further outlined in a previous blog post on configuring and preparing an image for use with App-V and Azure RemoteApp: http://blogs.technet.com/b/gladiatormsft/archive/2015/04/29/app-v-on-app-v-applications-hosted-in-azure-remoteapp.aspx.) You can pre-configure the client and even pre-publish some applications prior to upload. I would advise skipping the client pre-configuration and instead, leverage AD GPO’s to configure the client.
2.) Create an Azure RemoteApp domain-joined (hybrid) collection and leverage the OS image as the template image for the collection. When you go to join the domain, you will want to join the domain to a specific OU (organizational unit) within your local domain. It will be much easier to administer and control the configuration of your ARA images if they are contained within a specific OU. NOTE: This step is massively simplified here in the explanation. More specific ARA information on joining Hybrid Collections can also be found here (https://azure.microsoft.com/en-us/documentation/articles/remoteapp-create-hybrid-deployment/)
3.) The image upload may take a while to provision. Once the image has been provisioned, the status will show as ready.
4.) Once the images have been provisioned, you will start to see computer objects appearing in the OU you specified for the domain join.
5.) At this point you can begin to configure a Group Policy Object and link it to the OU for the ARA images.
Within the GPO, you can leverage the ADMX templates for App-V via the MDOP ADMX template download package (available here: https://www.microsoft.com/en-us/download/details.aspx?id=41183) to control the App-V 5 client settings including App-V Publishing server targets, shared content store mode, scripting configuration, etc.
6.) Now the interesting part begins: The App-V management console allows you to target packages to user AD (Active Directory) groups or machine AD groups. When it comes to targeting groups, GPO’s only allow you to control local group membership. As a result, the targeting options available for machine groups that affect ARA machines is pretty much the Domain Computers Group. However, if you wanted to target the ARA images for machine groups (global publishing) you can effectively use the Domain Computers group coupled with the OU configuration for the specialized publishing server. User Targeting is a more flexible option as there are no restrictions with regards to the non-persistent provisioning of the ARA images.
In this example, I have targeted both the Domain Computers machine group as well as a custom user group within the App-V Management Console.
7.) Publish App-V apps in ARA (using path option or pre-published discovery.) Within ARA, you can publish applications by querying the Start Menu of the image or by using Path Publishing. App-V applications will not show up via a Start Menu query unless they have been pre-published globally in the image. For this reason, it is better recommended to Path Publish the App-V applications. This requires juuuuuuust a bit of a workaround. If you plan on publishing an App-V application by path, you will need to be able to know the actual integration path to the executable in advance.
For machine-targeted (globally published) packages, they will begin with:
For user targeted (user published) packages, they will begin with:
If you do not know the package GUID from sequencing, you can easily retrieve it from the package details within the App-V management console.
Any additional path information beyond the root folder must also be obtained in order to complete the path. Since the APPV format is a ZIP format, you can easily view this information within the APPV package file itself.
8.) Once you have this information, you can proceed to publish the App-V applications n the Azure RemoteApp publishing console.
9.) Upon logon using the ARA RDP client, you should then see your App-V applications appearing just like any other normal application.
Last April, we gave a little bit of information on the limited use of App-V applications with Azure RemoteApp (http://blogs.technet.com/b/gladiatormsft/archive/2015/04/29/app-v-on-app-v-applications-hosted-in-azure-remoteapp.aspx.) This piqued the curiosity of many and over the past several months, we have been validating several scenarios involving the integration of App-V with Azure RemoteApp images within hybrid collections.
As you might have heard, Eric Orman – the Program Manager for Azure RemoteApp, announced at Ignite Australia that App-V *IS* supported with Azure RemoteApp within specific scopes. (https://channel9.msdn.com/Events/Ignite/Australia-2015/WIN336.) This is a significant development for companies that want more options for bringing their desktop applications to Azure as well as the birth of another chapter in the story of App-V in Azure. In the three months since that announcement, one of the most common question I have been getting is “Why? How is this significant?”
Why App-V for Azure RemoteApp?
I would say the three most important aspects about being able to use App-V with Azure RemoteApp are the following:
Keeps Custom Images Thin: Custom Images with Azure Remote App have to remain beneath the 127GB maximum for VHDs. In addition, the more applications pre-installed to ARA images translates to a longer upload time. Customers embracing App-V will have the ability to quickly bake an image for upload with minimal pre-publishing (or NO pre-publishing if leveraging path publishing the with the App-V Publishing Server or Configuration Manager.) In addition, App-V clients baked into Azure RemoteApp images can have those applications stream to memory using the App-V Shared Content Store rather than to disk also preserving permanent storage consumption on the ARA images. It is important to note that Premium Plus subscriptions coupled with a high-end storage back end (Azure Files) would be recommended for Shared Content Store use in ARA.
Allows for Streamed Application Updates: When a company decides they would like to move a LOB application to the Azure cloud using ARA, it involves an image upload. Periodically, the application may require maintenance and patching. Without a demand technology such as App-V, this would require re-uploading and re-provisioning of ARA images. With App-V, applications that have been sequenced for streaming can be dynamically updated to the ARA images without the need to re-upload any new custom images.
On-Premises, Azure IaaS, and Azure RemoteApp resources can share application Content Sources: If your organization is currently leveraging App-V and streaming content from content stores – be it on-premises or in Azure IaaS, these same resources can also be leveraged by your ARA-provisioned images as well.
Scenarios for App-V with Azure Remote App
When designing a strategy for delivering App-V applications with Azure RemoteApp, you will pretty much follow along the same lines as you would when you are designing App-V for any other target. The exceptions in the world of App-V involve the current existing gaps between the App-V IaaS (Infrastructure as a Service) and the Azure RemoteApp PaaS (Platform as a Service.)
The following table outlines the pros and cons of the different options for App-V delivery, application storage, and publishing and targeting with Azure Remote App:
Streaming (on demand from content server)
Application is always the latest and fresh
Possible first time latency upon initial application launch
Mounted (Pre-cached into the ARA image.)
Fastest 1st launch – all of the application assets are already present on the ARA virtual machine.
Potential Image Bloat – applications take up additional image space (remember the 127gb limit)
Primary Application location storage
Shared Content (Stream-to-memory)
App runs in memory of Azure RemoteApp instance
Eats memory and requires good connection to streaming (file) server where the app resides. Affects baseline.
Bloat – takes up image space (127gb limit)
*Requires full standalone App-V infrastructure or Configuration Manager 2012 R2 or later
Pre-publish or target using Publishing server
* In addition, User targeting also requires that the App-V application be pre-published via a path Publishing rule for the Azure RemoteApp collection.
More to come . . . 🙂
With the release of Azure RemoteApp, Enterprise customers can now move their non-persistent RDS session-hosted applications from the on-premises data centers into a hosted cloud – with the Azure platform providing all of the necessary image provisioning and updating services. With Azure RemoteApp, you can use gallery templates or your own custom image. In addition to your own custom image, you can leverage virtual applications using App-V. With App-V, you can reduce the size of your custom image uploads by streaming the content on-demand.
Right now, App-V support in Azure RemoteApp is limited and licensed to only hybrid collection deployments. This is due to the current licensing requirement of App-V needing to be on domain-joined computers. While you could use a cloud collection to test a virtual application, in order to take advantage of the image reduction features of App-V with Azure RemoteApp – and to have full supportability and license compliance, the implementation within Azure RemoteApp would need to be joined to a domain within a hybrid collection deployment using a Site-to-Site VPN.
Setting Up Azure RemoteApp Images
Before you set up your image for Azure RemoteApp, you will need to first set up your Azure RemoteApp Subscription at https://www.remoteapp.windowsazure.com/. In addition, you will need to set up Azure PowerShell on the machine where you will be uploading the image. You can download Azure PowerShell here at the following link:
There is also existing guidance for configuring a custom RemoteApp image for uploading:
Make sure you follow everything specified in the documentation and no steps are missing when configuring the VHD including disabling encryption and ensuring the partitions are MBR-based. For App-V considerations there are some additional steps that you will need to ensure are included with regards to configuring and preparing the image.
Configuring App-V Client and Pre-requisites
- In Server Manager, make sure .NET 3.5 and 4.5 Services are configured as features for Windows Server 2012 R2.
- Install the most recent App-V 5 Client.
- Install the App-V Client pre-requisites here: https://technet.microsoft.com/en-us/library/jj713458.aspx
- Configure the App-V Client as required (script enablement, etc.)
After the App-V Client has been configured, you will need to add and globally publish your virtual applications using PowerShell. You can do this using the built-in App-V PowerShell Cmdlets referenced here: http://technet.microsoft.com/en-us/library/dn508409.aspx. Whether you are using hybrid or cloud deployments, only globally published applications will fully survive the generalization (as well as picked up by the RemoteApp provisioning) so it is currently a hard requirement.
Testing and Final Preparation
You should test and verify your applications within the image prior to uploading your image. Finally, before generalizing your image with the SysPrep tool, you will need to perform a current workaround that involves an issue with App-V and SysPrep. You will need to stop the AppV Client Service and delete the local VFS Folder under Local AppData (%LOCALAPPDATA%MicrosoftAppVClientVFS.)
Also remember, if the image you are uploading is drastically behind in operating system updates, it will further delay provisioning after uploading.
The last thing you will need to do is generalize the image using the command line:
C:WindowsSystem32SysprepSysprep.exe /generalize /oobe /shutdown
Creating the Collection
You will need to create an Azure RemoteApp collection to house the image and published applications from that image. You can use this quick reference for the details: http://azure.microsoft.com/en-us/documentation/articles/remoteapp-create-cloud-deployment/
In order to upload your custom image containing your virtual applications, in the collection dialog, you will need to click “Template Images.” You will then specify to upload a RemoteApp template image:
After you have given the name and location, it will take you to the next screen where you will download a PowerShell script that you will use to upload your VHD to the correct Blob.
Once you download and run the command from an elevated Azure PowerShell session, it will mount, validate, and fixup the image and then proceed to thoroughly check the integrity and then finally uploading to Azure.
While the image is uploading, the status will remain “Upload pending.”
Once the upload is complete, you can then apply the template image to a collection.
Once the image is associated with a collection, the provisioning will begin. This may take a while. It will show a status of “Provisioning” until it is finished fully prepping the image and parsing for applications.
Once the applications become available in the “Publish RemoteApp Programs” screen, you will see that the AppV programs will show alongside the native applications. These application were queried upon the provisioning that occurred after the collection was created. The AppV applications will be the ones originating from the AppV Client’s PackageInstallationRoot (which by default is C:ProgramDataAppV.) Once the applications have been published and user access has been configured, you can then download the Azure RemoteApp RDP client from:
Once you download the ClickOnce application, you will be prompted with a wizard upon first launch:
The first item you will need to do is supply the appropriate credentials. You will need to supply a corporate account or an MSA.
After you have been authenticated, you will see your published applications (both native and virtual applications) assigned and published to the user. You can then begin to test virtual application behavior in Azure RemoteApp.
If you are currently still running MED-V 2.0, be very aware of a known issue. If you install the RDP/RDC 8.1 update for Windows 7 SP1, you may notice after installing the update, you are seeing application crashes of the MED-V Workspace. This update is labeled KB2830477. It was originally released last year and there were sporadic reports of problems with MED-V hosts running it. It has recently been re-released (February 11, 2014) and I have noticed many more reports of this occurring. This issue has been reported for both XP Mode and MED-V in the Technet forums as well.
Right now, there is an investigation ongoing. I would advise in the meantime that you do not install this update on MED-V hosts. If you have already installed this update on MED-V hosts and are experiencing the problem, you can simply uninstall the update and the issues should disappear.
Please note that this is an optional update. This update is not needed for MED-V or Windows 7 functionality. It is not a security update either. It may provide enhanced features if you need to connect your Windows 7 host to Windows Server 2012 or Windows Server 2012 R2-based RDP Sessions or RemoteApps.
Here is the subsequent KB article on the update:
KB2830477: “Update for RemoteApp and Desktop Connections feature is available for Windows”
Some of the most common problems App-V users have when configuring App-V virtualized applications for TSRemoteApps (RemoteApp in RDS) fall into two categories:
1.) Applications not launching properly and/or the incorrect application is launching instead: Do not Use *.ico paths of virtual applications as icon paths. This is outlined in the following documentation:
Even if the App-V packages are distributed to the terminal servers via SCCM, the remote application would still have to be published within the RemoteApp Manager using the following modification:
Command line argument: /launch “App Name”
Like with SFTTRAY, VAPPLAUNCHER will need to locate the EXE or DLL file to map icons so you should not use the .ico file but instead use a .DLL or .EXE for the icon.
2.) File Type Associations will require SFTTRAY and/or VAPPLAUNCHER published separately as a RemoteApp
The reason for this is because published RemoteApps are entered in an “white-list” on the server.
When an application has required command-line parameters, they are also checked. Chances are you will have more than one published virtual application, so you do not want SFTTRAY (or in the case of SCCM integration, VAPPLAUNCHER) limited to that one use. When you associate a file type association with a RemoteApp, that could easily happen. When a document that has an FTA associated with a RemoteApp is opened, the shell API used to launch the document with the RemoteApp does not accept command-line arguments as an input. Instead it just runs the application as it is associated in the registry on the RDS server. When the RDS service performs the white-list check to see whether the executable that will open the document is allowed, it only checks the executable, and not the command-line arguments that will not be used. If SFTTRAY or VAPPLAUNCHER is not published on its own, this will happen.
– Steve Thomas