Head-to-head of Citrix, Endeavors, InstallFree, Microsoft, Spoon, Symantec and VMware - Oct 2011

Are you looking for an independent overview of the Application Streaming and Virtualization solutions and curious about the different features and functions each Application Virtualization vendor is offering!?

The complete and in-depth 'Application Virtualization Smackdown v3' whitepaper can be downloaded in English here

Are you looking for an independent overview of the Application Streaming and Virtualization solutions and curious about the different features and functions each Application Virtualization vendor is offering!? This is the blog and whitepaper you definitely must read!

In the current market there is an increasing demand for unbiased information about Application Virtualization solutions. This white paper is focused on solutions that are anticipated to have an important role in Application Virtualization deployments. An overview of available features of each solution is created to better understand each solution's capabilities.

The growing reality of the transition to a dynamic and optimized desktop is causing many IT organizations to reevaluate traditional IT operations, deployment, delivery, packaging, support, and management methods. Application Virtualization is a key component in the Optimized Desktop. It’s important to have a Vision and Strategy around Application and Desktop Delivery. Designing, building, managing and maintaining the Application Virtualization infrastructure using the right technologies, corresponding vendors, and products is an important last step.

We see a lot organizations primarily focusing on products and vendors and lacking a clear and profound vision and strategy. This approach isn’t good or bad, it depends on what the goal of the organization is. When the organization needs a point solution, the various vendors and corresponding products can help to solve this issue and fill-in the demands. When the organization is investigating possibilities, advantages, use cases and functionality of the vNext “Optimized desktop”, a profound vision and strategy should be in place.

The following discussions and corresponding topics should be part of the Application Virtualization and Optimized Desktop strategy:

  • What do you want to achieve, A business enabler, overall cost of ownership (TCO) and cost reducer?
  • What are the use-cases? And does the use-case require Application Virtualization?
  • What is the business-case?
  • Are you investigating a tactical (point)-or strategic solution? What do you want to solve?
  • What’s your Desktop delivery and migration strategy for Windows 7?
  • What endpoints do you support- and facilitate and what is the role of these devices in the optimized desktop?
  • Are the endpoints managed?
  • What is the strategy around Client Management, PC life Cycle Management, solution and how does Application Virtualization fit?
  • Is a Bring Your Own Computer (BYOC) concept one of the key Access Scenarios?
  • What is your application delivery model? Is delivery of applications focused on SaaS, Enterprise, SMB or the Consumer space?
  • Are billing, license-management, reporting and/or charge-back of the delivered applications needed?
  • Is a client- or agentless Application Virtualization solution required?
  • Do you need to integrate and/or isolate your applications from each other or from the OS? Do you need both functionalities and how do you manage the application integration?
  • What is the expected packaging success ratio of Virtualizing applications? How do you handle the ‘exception’ applications which can’t be virtualized?
  • Is the strategy ‘Package once runs everywhere’ important? What are your expectations?
  • How do you design and build the user’s profile and his ‘workspace’? Does Application Virtualization fit into this strategy?
  • Licensing of the Application Virtualization solution. Stand-alone, part of a license stack? Is Microsoft Software Assurance or other subscription form needed?
  • What is the (business) applications vendor support policy for virtualized applications?
  • How do you handle Application Compatibility issues such as IE6 and Java components while migrating to Windows 7?
  • What is your Application Readiness Assessment strategy? Are Windows 7, VDI, Application Virtualization and x64 included?
  • Is an open, standardized and extendable application package format key?
  • Does the Application Virtualization solution need to be proven and mature? What is your definition of proven?
  • Do you need to convert current application packages to the new virtual application package? 
  • What’s your overall Desktop Delivery strategy model with solutions such as Laptop (Offline), Desktop (Online), VDI and Remote Desktop Services? How can Application Virtualization enhance these solutions?
  • Does the Application Virtualization solution offer shared-cache or cache-less functionality? What is the use-case?
  • Bottom Line: What’s your current Desktop strategy?! 

What's in a name?

It seems that almost every vendor has a different name for the same technology. Is the technology really the same, is the functionality different? In the haze of messaging and marketing around Application Virtualization, different names can blur the Application Virtualization arena; therefore it’s good to have definitions of streaming, virtualization, isolation, integration and re-direction. The name ‘client’ or ‘end-point’ can be a Desktop, Laptop, Virtual Desktop, Terminal Server or Remote Desktop Server.

Managing expectations is always hard; a good starting point is to make sure everyone speaks the same (IT) language. It is important to note that not all vendor implementations support all aspects of the definitions provided below.


The delivery process of transporting the application specific data/resources to the end-point at the time the application is executed is called streaming. The application is quick-up-and-running and only the minimum amount of data (commonly between 10-30% of the total application) is delivered to a client before the application is launched. Not only does this result in a quicker first time launch for the user, it also results in significantly reduced load on the network (compared with full application distribution pre-caching) and makes it possible to keep end-user images “stateless”. Additional features of an application are delivered on demand, or ‘in the background’ without user intervention. Application packages are stored on a (centralized) server, which can be a dedicated or shared infrastructure component. The streaming protocol transports the data over the network in an optimized, efficient and secure way.

Streaming can operate at a file-level (whole files are copied when they are needed) or block-level (file chunks are copied when they are needed) and cache resources locally on the endpoint for offline execution or faster subsequent startups. Streaming is particularly effective in well-connected environments where applications should be executed on-demand from a network resource and end-user images should be kept stateless – e.g. VDI and RDS/TS.


The process where applications are encapsulated or isolated from other applications and the underlying Windows Operating System on which they are executed is called Virtualization. This improves portability, manageability and compatibility and reduce conflicts of Windows ‘end-user’ applications. Virtualized applications run in their own discrete, or virtual, environments.

Application Virtualization requires a virtualization layer that replaces part of the runtime environment normally provided by the operating system. The layer intercepts all function calls to the Windows Operating System such as File, Registry and objects such as COM and DCOM. The application is executed inside the Virtual Environment, (sometimes called bubble or sandbox) and behaves as if it is running alone in the Operating System. So the underlying Operating System is protected, since the Application Virtualization prevents changes to System Components. Applications can use the hardware- and software components that are installed and available inside the Operating System. While most application virtualization technologies today provide an adequate level of isolation between applications, thus preventing app-to-app conflicts, very few provide full OS isolation and are able to prevent app-to-OS conflicts.

A quick summary of what application virtualization must provide:

  1. All resources required by the virtual application are included in the package; 
  2. The virtual application is completely separated (virtualized/isolated) from the operating system and other applications; 
  3. The virtual application cannot write to the OS file system or registry, or modify the native OS in any way; 
  4. The virtual application must operate the same way as a natively installed application and provide full OS shell integration, inter-process communications, etc.


Application installation is the process where Windows Applications are installed on the Windows Operating System. Installed applications are fully integrated with the system and are able to communicate with other installed applications and the Operating System itself. The Windows Installer (MSI) is the defacto standard used for the installation, maintenance, and removal of application. The installation information, and often the files themselves, are packaged in installation packages known as "MSI files". Applications that are installed and integrated don’t run in a sandbox environment.


Client-less, or agent-less, application virtualization involves the use of an embedded virtual OS that is deployed as part of the virtualized application. While creating the Virtual Application package the application and client components are compiled and stored in one single container, mostly a single executable. These virtualized applications are fully encapsulated and able to run as a standalone executable from multiple locations such as a network drive, local drive, or USB drive. Every virtualized application contains a ‘built-in’ agent. So no agent, or client-component, is installed in the Operating System but every application has an agent.


Client-based, or agent-based, application virtualization involves the use of a locally installed agent or client on the endpoint. This agent contains functionality to setup and maintain the Virtual Environment for each application. The agent takes care of management tasks such as Shortcut creation, File Type Associates (FTA) registration and is a key component in the streaming behavior. This behavior is a key functionality for agent-based Application Virtualization solutions.

Kernel- and User Mode

Windows runs all code, application and services, in one of two modes, user-mode and kernel-mode. The two modes reflect two different security models. Code running in kernel-mode has full Operating System access. Kernel-mode code typically comes from device drivers and the windows kernel itself. A kernel-mode driver or service is part of a locally installed agent on the endpoint. Code running in User-mode does not have full Operating System access and there is no direct interaction with the kernel of the endpoint’s Operating System. Problems when executing code in kernel mode can quickly lead to complete system halts (Blue Screen Of Death). Kernel mode drivers require admin privileges to be initially installed. User-mode agents don’t. Kernel mode drivers require admin privileges to be initially installed. User-mode agents don’t.

Portable Apps

Portable applications are software programs that are able to run independently without the need to install files to the system they are run upon and irrespective of the version of Windows installed on the system. They are commonly used on a removable storage device such as a CD, USB flash drive, flash card, or floppy disk. Agent-less Application Virtualization may convert even complex application into portable apps.


U3 is a proprietary method of launching windows applications from U3 compatible USB drives. Applications that comply with U3 specifications are allowed to write files or registry information to the host computer, but they must remove this information when the USB flash drive is ejected. Customizations and settings are redirected and stored with the application on the flash drive. This isn’t a virtualization technology, but has its use-cases though

Find the balance

What is the best Application Virtualization solution? Is this solution, Agent-less running in User-mode, Agent-based running in Kernel-mode or a more integrated Virtualization solution?! Can the solution balance between the fully isolated- or virtualized world and more open ‘integrated’ world? Good questions! :-)

There isn’t a single best answer about which solution is THE best solution. Use-cases, delivery mechanism, client-Management, Security, Application integration are just some important topics in this discussion. The Strategy is the key to the question: ’ What is the best Application Virtualization solution’.


Web Apps: The new P@in in the @$$

For the last 10 years, web applications grew in popularity because of the easy implementation. They promised to be accessible from any device and from any browser, therefore no need to deploy client software, update the software, test client software (for conflicts with other software) or the need for an application virtualization solution. If only it was THAT simple…

The Need for ... IE6

While Web app-development was a growing business, Internet Explorer 6 was dominating the browser market. As a result, a lot of (legacy) Web apps were developed and tested for IE6 only. Many of the Web apps use ActiveX-controls and/or a plugin, like Java, often depending on a specific version of a plugin and a specific version of a browser. The HTML standards have also changed over the years. While using Web apps promised to be accessible from any device and from any browser, in the end this promise didn’t hold up. There are still ‘some’ web apps still dependent of IE6 and or a specific browser plugin version. This makes Web apps the new “DLL hell”. 

IE6 and Windows 7

Migrating to Windows 7 is on the agenda of almost every company. It’s not a question of if but “when”. Application virtualization is useful for a lot of applications and strategic in the migration to Windows 7. But Web apps are a different story. How can you run your “IE6 only” compatible web applications on Windows 7 which uses IE8?. There are different options to accomplish this. One option is to use a Server Hosted VDI or Remote Desktop Service to host IE6 and then  seamlessly presented this to the end-user. Another option is to use Microsoft Enterprise Desktop Virtualization (MED-V), part of Microsoft Desktop Optimized Pack (MDOP), or use XP-mode in Windows 7. In both cases a Virtual Machine running Windows XP is installed on the end-point. Microsoft Internet Explorer 6 runs inside the VM and is presented on the local client. The different options from Microsoft’s point of view is described here: http://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=495934c8-5684-451c-a16e-5ceb50706a42

Virtualize IE6

A third scenario to deliver IE6 to Windows 7 is to virtualize Internet Explorer 6 with Application Virtualization. The big and main advantage is web applications which need IE6, and IE6 only, can run on Windows 7. Even the plugins can be virtualized so that different versions of Plugins can run simultaneously side-by-side. Various Application Virtualization vendors provide tools to virtualize IE6 and IE7 and run these on Windows 7. There are, however, a number of things to keep in mind:

  • Support: Running Multiple Versions of Internet Explorer On Single Operating System is not supported by Microsoft: http://support.microsoft.com/kb/2020599
  • Support: IE6 running on Windows 7 isn’t supported by Microsoft. For various enterprises this is an important reason to find a different solution to run IE6 on Windows7. On the other hand some Application Virtualization vendors will give full support on running Virtualized IE on Windows 7.
  • Legal: Ask Microsoft if running IE6 in your scenario meets EULA;
  • User Experience: Users may need to start a different browser for each web app. It would be nice (or a must with a lot of web apps) that the web application is automatically and seamless redirected to the appropriate (virtualized) browser.

Ideally, web apps should work on any device with any browser, without the need for plugins. In the real world companies will face (legacy) web apps and they will need to find a way to solve the compatibility issues described above. Part of the strategy around Application Virtualization is the question; Is it important to have an Application Virtualization solution that can Virtualize and deliver IE6 to Windows 7 machines and ultimately without any downsides to the end-user experience?!

Application Virtualization Smackdown: Head-to-head analysis of Endeavors, Citrix, InstallFree, Microsoft, Spoon, Symantec and VMware

The complete and in-depth 'Application Virtualization Smackdown v3' whitepaper can be downloaded in English here. We did our best to be truthful and accurate in investigating and writing-down the different solutions. When you see improvements please let us know! rsp@pqr.nl or www.twitter.com/rspruijt

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

you mentionned 2 products as Free For Personal Use (FFPU) but I could ot find anything on it on both web site... Either its too late and I'm tired or I'm missing something.


sorry, IT rules #1... While writting the note, I finally found that the 90 days/25 users eval like from endeavours point you to a light version for personnal use... Will probably find the Symantec one ;-)

time to sleep !


Hi Ruben, again a great piece of work you (and the team) delivered to the community!

Regards Josef


Ruben, thank you very much for the excellent white paper, Great service for the community!

I tip my hat.


"Application behaves in essence the same as an installed application, apps are in-tegrated with other applications and local OS"

In my mind this is one of the most important items in the matrix and Symantec was the only one to have this functionality.  Organizations spend so much time these days packaging/sequencing apps so that they can talk to eachother, meanwhile Symantec just does it by default.  Of course they can isolate also if necessary, but i never understood why other app virt vendors don't do this.  In most cases, Apps need to/ are meant to interact with other apps!!!


I would like to start a debate. The debate is what does app virtualization mean. There are references to isolation having a lot to do with the definition. I believe isolation is a feature of vritualization. If you think of OS virtualization, it is a layer of code that sits between the hardware and the OS that allows it to never fully ingrain with the hardware, thereby making it portable and all the other great things. App virt is the same thing, except its the code that sits between the OS and the application and never allows it to become part of the OS. Isolation has nothing to do with that. Isolation is a limited user case solution that allows you to isolate conflicting apps from each other. Thats the problem with most of the solutions. They use user mode drivers to try and containerize the app from the OS and other apps. That is fine if my only problem is keeping two versions of Jave away from each other. But in the context that we are all talking about, that is not the user case. We want to make apps portable and to never become one with the OS or other apps. We want apps that work like apps do today, but without the problems of it becoming part and parcel of the OS. SE is dead on above. That is the functionality you need. Usermode virtualization does not provide this. As I say about those types of tools. The great thing about them is they isolate very well. The bad thing about them is the isolate very well. Would appreciate comments.



I welcome a debate/discussion on the whereabouts of application virtualization especially the internals and specification thereupon.

Let me state this directly. I’m no expert on this topic. I might be opinionated, but really just another explorer. I also realize that @Rick is argumenting out of kernel mode vs. user mode “App virt” (correct if I’m wrong in that assumption).

That said. Let’s get the ball rolling :)

I think “App virt” most definitely is part of the OS in a profound way. For example: the “compile once, execute everywhere” part of the Java doctrine in middle to late ‘90s is nowhere nearer the matter of things as are any of “App virt” of today.

Aside the OS intermingling, version conflicts, dependence this, dependence that – in my world it’s just another headache. While it’s solving some of the problems of the past, the new black is in many shades of color the old blue.

I fail to see how a kernel mode “App virt” component would in any way change the ball game. By its very definition it’s infringing, limited and confined, in varies degrees of the scale, to all the user mode – or whatnot. As easily as that is said, just add the :ng to the keywords above(humor inserted) .

Now then, tell me all about what you really think. For myself, at the moment I just think around the above stated ;)

Thanks @Rick for throwing in the ball, I think this topic could become quite educating.


Very interesting paper and article ! I would like to add another alternative to application virtualization. I and friends though we could use the browser native features to make a plugin free, universal solution. And we did it :p

http://www.steemind.com works on any browser, including the "old" HTML 4 ones and touchpads. You can publish or transform your software instantly into a website. For example, by going to http://www.123software.com, you would arrive directly into your "123" software...

http://www.steemind.com has a video and an interactive demo.

Many thanks.