Brian Madden Logo
Your independent source for application and desktop virtualization.
Blogs » Original Blogs on BrianMadden.com » Brian Madden » Limitations of Citrix's Application Isolation Environments
Marketplace

advertisement
Brian Madden's Blog

Syndication

Recent Posts

Tags

View more

Archives

Limitations of Citrix's Application Isolation Environments

Written on Apr 27 2006
Filed under: , , ,
12,224 views, 27 comments

by Brian Madden

Citrix has just released a knowledgebase article that, for the first time, clearly defines the limitations and compatibility issues of Presentation Server 4 Application Isolation Environments (AIEs). This is a fantastic KB article, and long overdue.

Let's look at the limitations of AIE, and then analyze it a bit. According to Citrix, AIE does not address the following issues: (this bullet list is directly from the KB)

  • Device or Kernel Drivers. Isolation environments do not isolate device or kernel drivers. For example, if the application installs and depends on a driver to function, it will not work in an isolation environment.
  • Windows Services. Some applications install and rely on a Windows service (except MSI) to function correctly. Compatibility issues resulting from such applications may not be resolved using application isolation. Investigate further to see if the application functions correctly without the service. To establish whether an application attempted to install a service, examine the CtxSbxAppMsg section in the Windows Event Log.
  • Windows Class Names or Window Names. If the incompatibility is the result of Windows messages being used as an Interprocess communication (IPC) mechanism, application isolation is not the solution. Isolation environments do not isolate Windows class names or window names.
  • Registry or Application Objects that Do not Link to USER32.DLL. An isolation environment will not resolve compatibility issues caused by applications that do not link to User32.dll. Typically, such applications do not have a Windows interface and use only the console.
  • DCOM. An isolation environment will not resolve compatibility issues caused by applications that rely on Distributed Component Object Model (DCOM) to function correctly.
  • IP Addresses. Application isolation cannot resolve compatibility issues that occur because all instances of an application running on Presentation Server share a common IP address. Investigate further to see if the using Virtual IP (VIP), a new feature in Presentation Server 4.0, resolves the issue.
  • Installers that Require a Reboot During Installation. If an application installer requires a reboot during installation, it may not install correctly into an isolation environment. Removing or renaming files during reboot after an install or repair operation is also not supported.
  • Application Isolation Is Not a Security Feature. Do not rely on isolation environments to provide secure access to an application. Application isolation does not provide any form of security; Citrix administrators should comply with existing Windows security best practices to ensure that users are allowed access only to resources that they are authorized to access.

What does this mean?

Reading this list of limitations confirms what I wrote about AIE last year. I said that Citrix's AIE was NOT application virtualization, but that it was redirection of key components. I took a lot of flack for that statement, but I stood by it then and still stand by it today.

Citrix AIE works by redirecting registry keys, files, folders, and some system objects from common locations on the server to isolated locations. It works by installing and running the applications through an AIE filter application that redirects the objects as needed. However, the applications are still installed on the server. They still write the the registry and the file system. They still run with the rights as the logged on user.

Compare this to Softricity's application virtualization. With Softricity, the application doesn't touch the local file system or registry at all. Softricity can virtualize Windows services, execution rights, and a lot more stuff from this list.

Don't get me wrong here. I think AIE is a great feature of PS4, and it solves a lot of problems. But it is as the name implies, it's Application Isolation, not Application Virtualization. It's meant to help you install tricky applications side-by-side on a server where they wouldn't ordinarily both be able to run.

I want to reiterate that I think it's great that Citrix has released this KB article. The problem was that so many people compared Citrix's AIE to Softricity, and of course AIE fell way short. This meant that people thought that AIE was bad, when in fact AIE is great, it's just that people tried to use it for things that it wasn't designed for.

But now that we have the real list of AIE's limitations, we should be able to really let it shine where it fits!

Comments

Guest wrote Also ...
on 04-28-2006 3:24 AM
Not to mention applications running in AIE are slower than a herd of turtles stampeding through peanut butter.
 
 
Guest wrote RE: Also ...
on 04-28-2006 4:18 AM
I agree on the slowiness of AIE. I nearly have my morning breakfast eatin before AIE launches an app.

ORIGINAL: Guest

Not to mention applications running in AIE are slower than a herd of turtles stampeding through peanut butter.


Guest wrote What about Tarpon
on 04-28-2006 11:14 AM
Brian,
 
Isnt tarpon going to address most of the limitations of AIE?  And isnt Citrix going to ultimately merge these 2 technologies?
 
I am under the impression that tarpon will offer very similar application virtualization functionality, so why would anyone want to shell out extra cash for softricity 4.0 when tarpon will just about do the job...
 
I am sure Citrix poached the idea of AIE from propero.net, as they won a number of enterprise size implementations because their 'kernelmanager' product did all the file/reg redirection a good year before AIE came out.
 
They also had the ability to associated 'published applications' with vbs application compatibility scripts (which is where the kernel manager rules were set on a per user basis)
 
Why would anyone want to AIE and application when tarpon comes out? AIE is a dead solution, i wouldnt waste to much energy on it...
 
Regards,
Lee - UK
 
Guest wrote RE: What about Tarpon
on 04-28-2006 11:24 AM
Nope Tarpon is AIE on the desktop, same limitations, file redirection not Virtualization.  You need to make the decision
on which is best, com/and DCOM will still be an issue.
Guest wrote RE: Also ...
on 04-28-2006 12:48 PM
ORIGINAL: Guest

Not to mention applications running in AIE are slower than a herd of turtles stampeding through peanut butter.



 
LOL!
Guest wrote RE: What about Tarpon
on 04-28-2006 5:11 PM
Nope.  Tarpon is just AIE for desktops which in my opinions means it isn't worth looking at.  It's not virtualization at all.  Look at VMware.  The take the complete os and virtualize it via a vmdk file.  Softricity does the same thing for apps.  They take the app and turn it into an sft file.  It's portable just like a vmdk file.  This is REAL virtualization.  If you have to install an app or an OS they are not virtual.  If you modify local registry keys or modify the source code of an app then it is not virtual. 
 
So now that you know Tarpon is just AIE at the desktop you can come to your own conclusion.  Citrix is awesome for SBC.  This is where they shine.  They fall short at the desktop.  Too bad they never bought Softricity when Brian posted the rumor awhile back.  http://www.brianmadden.com/content/content.asp?ID=13
 

 

Guest wrote RE: What about Tarpon
on 04-28-2006 6:22 PM
So You Don't have to install an OS or An Application to make Softricity Work? And Softricity Doesn't Modify the Registry At all? Not even to Install their Product? Wow! Does Softricity work on Linux Like Vmware vmdk Files?
Brian Madden wrote RE: What about Tarpon
on 04-29-2006 8:37 AM
With Softricity you do have to install Windows, and you have to install the Softricity client agent, but that's it.

The statement about Softricity not touching the registry is with regards to Softricity applications. So with Softricity I could take a registry snapshot and then "install" (well, they're not really installed, but I could "run") hundreds of different apps, and then take another registry snapshot, and nothing would have changed. The applications' reg settings are virtualized up into their package. Same goes for files and folders.

The only exception is if I choose to cache the softricity packages locally on the client, but in that case, the only changes to the local system would be pointers to the softricity cache--that's it!

It's important to note with all this that AIE is great for some things. (Running different copies of IE with different version of Java on the same server, for example.) My whole point with this article was that Softricity and AIE are different. They don't compete--they solve different problems.)

Brian
Guest wrote RE: What about Tarpon
on 04-29-2006 12:26 PM
I'm not sure why people think Tarpoon is AIE for the Desktop; it will be more than that.  Tarpoon will eventually become Application Virtualization and will make it's way back Presentation Server.

Second, (Tarpoon aside) softricity is no longer the only game in town.    There is at least one other company with a product that does whay softgrid does today.  I am excited because that means Softricity has competition.  While the product Softgrid is great, the company "Softricity" is not.  They are definately a snake of a company.  From what I've experienced, very unethical.  I've tried contacting a few reseller and they refuse to sell the product anymore.

Phil
Guest wrote RE: What about Tarpon
on 04-29-2006 11:47 PM
You have got to be kidding me.  Softricity is one of the best companies I have ever worked with.  Their product does what they say it does and they back it up with great support.

J.
Guest wrote RE: What about Tarpon
on 05-01-2006 5:11 AM
Hi All,
 
Firstly, I know... Softricity is the dogs boll0ck5... Its an ace product, I consult on it so you dont need to sell me on the benefits.
 
I disagree on the comments about Tarpon though, Tarpon isnt AIE for the desktop.  If it is.. then tell me why the following occurs:
 
Tarpon packages (much like sequencing) an application into a single file (AIE doesnt)
The files is stored on a network share for client or wts server to use (AIE isnt)
With Tarpon, you dont install the application at all (with AIE you do)
With AIE you need an ICA client and you establish a session to a citrix server, Tarpon is a separate product altogether, you dont need a Citrix server to launch a Tarpon application
You dont need an ICA client to launch a tarpon application, you just need a tarpon client (like a softgrid one) again the application isnt installed.
I believe within a year, Citrix will match Softgrid on all aspects of its product, which is a great shame as Softricity had the vision the have been developing for years.
 
When engaged with customers during pre-sales meetings, they all love softricity, but turn off when we mention the extra cost, its very hard to upsell into existing Citrix infrastructures and will be even harder when tarpon hits the market.
 
Regards,
Lee - UK
 
 
 
Jeff Pitsch wrote RE: What about Tarpon
on 05-01-2006 10:43 AM
Citrix has publicly stated that Tarpon is AIE extended to the desktop (iForum, Solution Summit, etc).  Not sure where the confusion is on this.  It may be an extended AIE but it is AIE.
Guest wrote RE: What about Tarpon
on 05-02-2006 1:51 AM
Correct.  I'm not sure where the confusion is.  At this point it isn't worth a huge debate.  It's way too early in the game to do that.  Citrix is going to have to deal with the overhead issues that AIE has before it's a viable product.  It’s not even a 1.0 product yet so let’s wait and see exactly what it does.  This shouldn’t be an AIE vs Softricity debate.  Both clearly solve specific problems.  AIE can solve a few of the basics but not the types of things an enterprise needs.  If you’re a small shop AIE is great.  If you’re an enterprise you‘re going to need Softricity.  You will have the need to virtualize apps with services, com objects, etc.  AIE is not virtualization at all. 
 
 

Guest wrote RE: What about Tarpon
on 05-02-2006 9:16 AM
I would very much be interested in hearing from the person who believes that Softricity as a company is a "snake" company and welcome the opportunity to hear the series of events or concerns that brought you to that conclusion.  At Softricity, we are very focused on delivering world-class products (thanks for the compliment on SoftGrid) AND customer support.  Therefore, we are definitely are open to ideas and suggestions on how to improve both.
 
Please feel free to contact me directly or approach your local Softricity representative. 
 
Regards,
 
Bill Corrigan
VP, Product Management & Marketing
Softricity, Inc.
(617) 896-5604
bcorrigan@softricity.com
 
P.S.  As for the AIE/Tarpon versus SoftGrid debate, we welcome the competition and feel that our solution will continue to be a world-class product that introduces innovative and new ideas to the market on an ongoing basis.  We're confident that we will remain the market leader for the foreseeable future.
 
 
 
Guest wrote RE: What about Tarpon
on 05-02-2006 12:47 PM
I can back up everything Bill said.  It's been nothing but Roses dealing with Softricity and have always been treated very well.

J.
Guest wrote RE: What about Tarpon
on 05-02-2006 5:28 PM
How many VP's do you know who would take the time to reply to a comment like that? 
 
And does the person who made the comment have the boll0ck5 to justify it, I dont think so...
 
Softgrid also treat the reseller channel very well, with endless updates on product innovation, support with sales and proof of concept environments etc etc...
 
Personally, I would like potential prospects to start perceiving softricity as an actual alternative to citrix for all aspects of application delivery rather than a complimentary
product to the citrix access suite (which clearly it isnt), this helps to drive down the cost of implementation on green field sites.  I think this is sometimes a short coming of reseller account managers not pitching the product correctly, its a shame to see some potential customers not getting the message correctly because the person selling it doesnt fully understand the benefits themselves.
 
With Zero Touch we now have a mechanism to provide access solutions... some adaptive access solutions (end point analysis... :) would be cool too...
 
Regards,
 
Lee - UK
 
 
 
 
 
 
 
Guest wrote Citrix App Virtualization
on 05-03-2006 1:28 AM
I don't know Softricity, but you say they are putting everything in a big file on the system (which means they're using the local OS file system - they're just encapsulating everything in their own directory structure in their big file).  So they did put a file entry into the local OS file system to get their big file there.  But since they are virtualizing applications, they must not be messing with other existing local directory structures and files, but instead, redirecting file creates and writes into their big file.
 
I'm guessing Softricity can be allowed to READ the existing registry and files on the local OS.
 
I'm also guessing that you still have to install (package / wrap / etc.) an application (at some point) to get it into Softricity's big file.
 
With the couple of Citrix apps that I have in my AIE, I did have to install (package / wrap / etc.) them one time to get them ready.  But it looks like Installation Manager just copies those packages over to my 6 CPS servers.  It definitely does NOT do the install that it used to for these applications (with a few hundred new registry entries throughout the registry and 40+ files added all over the place).
 
From what I can tell, Citrix created a couple of new registry keys and directories under their existing Citrix structures for redirecting to.  All of those hundreds of changes get redirected to these couple of consolidated entry points.  It appears that Citrix then reads from these AIE points first and then from the local physical resources if it doesn't find things in the AIE points.  And Citrix definitely CREATES and UPDATES all data to the AIE points.
 
So, other than the fact that Softricity put everyting in 1 big file and Citrix put everything in 2 directories and 2 registry keys - it looks to me like they are both doing application virtualization.  They are both making applications believe that they have access to physical registry keys and files that reside elsewhere.
Guest wrote RE: What about Tarpon
on 05-03-2006 4:00 AM
Preach on Bill,  but then don't get upset as I find there are so many people that just want to rip on those that make and do killer things for whatever reason.  I find it sad but I guess that that can't have to make themselves feel good somehow.  
 
I've had the pleasure of knowing the Softricity guys for a long time, over four years now, and in that time that have been one awesome bunch of guys that follow through with what they say.  
 
Also, I find this Citrix artcile to be awesome as a YEAR AGO, i wrote a doc called, To Install or Not (www.dabcc.com/toinstallornot) that details almost word for word what Citrix just posted.  AIE is a nice solution for SMALL shops and small servers with some apps but if you are an enterprise, and if your using XPe, then i bet you are on the bigger side, then AIE will just not cut it.  This is where SoftGrid comes to play.  It is like using TS to do what you need Citrix for.  Same story, really is.  One is Enterprise and one is not.  I'm affraid Tarpon will be the same thing.  I really am and what is worse is that the overhead that Tarpon will bring to a workstation is way to much for most PCs to handle and the lack of DCOM support, for one, is gonig to limit the type of apps you can deploy to... well... to where it is really not usable... BUT, Citrix will push it and the Citrix partners will push it becasue they get compensated for it.    Just like they do with the Access Gateway... Citrix will sell a lot of it and then they will find issues that they can't fix, today...   So, if you want real enterprise solution you need Softricit, period.  
 
Now, for anyone that wants to argue with me about Softricity being a bad company then give me a call and we can talk.  Post your real reasons...  Talk to many of their customers,  Talk to the guys in Europe that have been using it for years with sucess...  SoftGrid rocks and with v4.0 is does services too....  I mean, just read, To Install or NOt and then you will see what the differences are.  I'm happy, I was proven right and i was given crap about that doc even from some of the people on this post that say they agreeded...  but then that is par for the course too.   I'm sort of sick of it but i guess that comes with sucess... 
 
 
 
ORIGINAL: Guest

I would very much be interested in hearing from the person who believes that Softricity as a company is a "snake" company and welcome the opportunity to hear the series of events or concerns that brought you to that conclusion.  At Softricity, we are very focused on delivering world-class products (thanks for the compliment on SoftGrid) AND customer support.  Therefore, we are definitely are open to ideas and suggestions on how to improve both.

Please feel free to contact me directly or approach your local Softricity representative. 

Regards,

Bill Corrigan
VP, Product Management & Marketing
Softricity, Inc.
(617) 896-5604
bcorrigan@softricity.com

P.S.  As for the AIE/Tarpon versus SoftGrid debate, we welcome the competition and feel that our solution will continue to be a world-class product that introduces innovative and new ideas to the market on an ongoing basis.  We're confident that we will remain the market leader for the foreseeable future.




Brian Madden wrote RE: What about Tarpon
on 05-03-2006 7:08 AM
You think that if you're using the enterprise edition of PS, then AIE won't cut it? But AIE is only included in the enterprise edition? 

Anyway, you said that you wrote almost word-for-word what Citrix posted in the KB? Where in your document is that? I just checked and I didn't see it, but I'd like to read through your version..

Thanks,
Brian
Guest wrote RE: Citrix App Virtualization
on 05-03-2006 1:00 PM
The End - I give up....
 
On the plus side, i am getting my hands on Tarpon for the desktop this week... so i can have a play myself and come to my own conclusions as to when it will
add value and when its time to look at a real virtualization product, like the softgrid.
 
I was also engaged in a technical pre sales meeting today, they were using citrix for remote access (how uncommon?) but wanted something else that had the x factor for all application delivery, quick softgrid demo took place, they loved it and we have arranged a further more indepth demo in a few weeks time with some key decision makers...
 
Regards,
 
Lee - UK