Limitations of Citrix's Application Isolation Environments

Citrix has just released a knowledgebase article that, for the first time, clearly defines the limitations and compatibility issues of Presentation Server 4 Application Isolation Environments (AIEs). This is a fantastic KB article, and long overdue.

Citrix has just released a knowledgebase article that, for the first time, clearly defines the limitations and compatibility issues of Presentation Server 4 Application Isolation Environments (AIEs). This is a fantastic KB article, and long overdue.

Let's look at the limitations of AIE, and then analyze it a bit. According to Citrix, AIE does not address the following issues: (this bullet list is directly from the KB)

  • Device or Kernel Drivers. Isolation environments do not isolate device or kernel drivers. For example, if the application installs and depends on a driver to function, it will not work in an isolation environment.
  • Windows Services. Some applications install and rely on a Windows service (except MSI) to function correctly. Compatibility issues resulting from such applications may not be resolved using application isolation. Investigate further to see if the application functions correctly without the service. To establish whether an application attempted to install a service, examine the CtxSbxAppMsg section in the Windows Event Log.
  • Windows Class Names or Window Names. If the incompatibility is the result of Windows messages being used as an Interprocess communication (IPC) mechanism, application isolation is not the solution. Isolation environments do not isolate Windows class names or window names.
  • Registry or Application Objects that Do not Link to USER32.DLL. An isolation environment will not resolve compatibility issues caused by applications that do not link to User32.dll. Typically, such applications do not have a Windows interface and use only the console.
  • DCOM. An isolation environment will not resolve compatibility issues caused by applications that rely on Distributed Component Object Model (DCOM) to function correctly.
  • IP Addresses. Application isolation cannot resolve compatibility issues that occur because all instances of an application running on Presentation Server share a common IP address. Investigate further to see if the using Virtual IP (VIP), a new feature in Presentation Server 4.0, resolves the issue.
  • Installers that Require a Reboot During Installation. If an application installer requires a reboot during installation, it may not install correctly into an isolation environment. Removing or renaming files during reboot after an install or repair operation is also not supported.
  • Application Isolation Is Not a Security Feature. Do not rely on isolation environments to provide secure access to an application. Application isolation does not provide any form of security; Citrix administrators should comply with existing Windows security best practices to ensure that users are allowed access only to resources that they are authorized to access.

What does this mean?

Reading this list of limitations confirms what I wrote about AIE last year. I said that Citrix's AIE was NOT application virtualization, but that it was redirection of key components. I took a lot of flack for that statement, but I stood by it then and still stand by it today.

Citrix AIE works by redirecting registry keys, files, folders, and some system objects from common locations on the server to isolated locations. It works by installing and running the applications through an AIE filter application that redirects the objects as needed. However, the applications are still installed on the server. They still write the the registry and the file system. They still run with the rights as the logged on user.

Compare this to Softricity's application virtualization. With Softricity, the application doesn't touch the local file system or registry at all. Softricity can virtualize Windows services, execution rights, and a lot more stuff from this list.

Don't get me wrong here. I think AIE is a great feature of PS4, and it solves a lot of problems. But it is as the name implies, it's Application Isolation, not Application Virtualization. It's meant to help you install tricky applications side-by-side on a server where they wouldn't ordinarily both be able to run.

I want to reiterate that I think it's great that Citrix has released this KB article. The problem was that so many people compared Citrix's AIE to Softricity, and of course AIE fell way short. This meant that people thought that AIE was bad, when in fact AIE is great, it's just that people tried to use it for things that it wasn't designed for.

But now that we have the real list of AIE's limitations, we should be able to really let it shine where it fits!

Join the conversation

29 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Not to mention applications running in AIE are slower than a herd of turtles stampeding through peanut butter.
 
 
Cancel
I agree on the slowiness of AIE. I nearly have my morning breakfast eatin before AIE launches an app.

ORIGINAL: Guest

Not to mention applications running in AIE are slower than a herd of turtles stampeding through peanut butter.


Cancel
Brian,
 
Isnt tarpon going to address most of the limitations of AIE?  And isnt Citrix going to ultimately merge these 2 technologies?
 
I am under the impression that tarpon will offer very similar application virtualization functionality, so why would anyone want to shell out extra cash for softricity 4.0 when tarpon will just about do the job...
 
I am sure Citrix poached the idea of AIE from propero.net, as they won a number of enterprise size implementations because their 'kernelmanager' product did all the file/reg redirection a good year before AIE came out.
 
They also had the ability to associated 'published applications' with vbs application compatibility scripts (which is where the kernel manager rules were set on a per user basis)
 
Why would anyone want to AIE and application when tarpon comes out? AIE is a dead solution, i wouldnt waste to much energy on it...
 
Regards,
Lee - UK
 
Cancel
Nope Tarpon is AIE on the desktop, same limitations, file redirection not Virtualization.  You need to make the decision
on which is best, com/and DCOM will still be an issue.
Cancel
ORIGINAL: Guest

Not to mention applications running in AIE are slower than a herd of turtles stampeding through peanut butter.



 
LOL!
Cancel
Nope.  Tarpon is just AIE for desktops which in my opinions means it isn't worth looking at.  It's not virtualization at all.  Look at VMware.  The take the complete os and virtualize it via a vmdk file.  Softricity does the same thing for apps.  They take the app and turn it into an sft file.  It's portable just like a vmdk file.  This is REAL virtualization.  If you have to install an app or an OS they are not virtual.  If you modify local registry keys or modify the source code of an app then it is not virtual. 
 
So now that you know Tarpon is just AIE at the desktop you can come to your own conclusion.  Citrix is awesome for SBC.  This is where they shine.  They fall short at the desktop.  Too bad they never bought Softricity when Brian posted the rumor awhile back.  https://www.brianmadden.com/content/content.asp?ID=13
 

 

Cancel
So You Don't have to install an OS or An Application to make Softricity Work? And Softricity Doesn't Modify the Registry At all? Not even to Install their Product? Wow! Does Softricity work on Linux Like Vmware vmdk Files?
Cancel
With Softricity you do have to install Windows, and you have to install the Softricity client agent, but that's it.

The statement about Softricity not touching the registry is with regards to Softricity applications. So with Softricity I could take a registry snapshot and then "install" (well, they're not really installed, but I could "run") hundreds of different apps, and then take another registry snapshot, and nothing would have changed. The applications' reg settings are virtualized up into their package. Same goes for files and folders.

The only exception is if I choose to cache the softricity packages locally on the client, but in that case, the only changes to the local system would be pointers to the softricity cache--that's it!

It's important to note with all this that AIE is great for some things. (Running different copies of IE with different version of Java on the same server, for example.) My whole point with this article was that Softricity and AIE are different. They don't compete--they solve different problems.)

Brian
Cancel
I'm not sure why people think Tarpoon is AIE for the Desktop; it will be more than that.  Tarpoon will eventually become Application Virtualization and will make it's way back Presentation Server.

Second, (Tarpoon aside) softricity is no longer the only game in town.    There is at least one other company with a product that does whay softgrid does today.  I am excited because that means Softricity has competition.  While the product Softgrid is great, the company "Softricity" is not.  They are definately a snake of a company.  From what I've experienced, very unethical.  I've tried contacting a few reseller and they refuse to sell the product anymore.

Phil
Cancel
You have got to be kidding me.  Softricity is one of the best companies I have ever worked with.  Their product does what they say it does and they back it up with great support.

J.
Cancel
Hi All,
 
Firstly, I know... Softricity is the dogs boll0ck5... Its an ace product, I consult on it so you dont need to sell me on the benefits.
 
I disagree on the comments about Tarpon though, Tarpon isnt AIE for the desktop.  If it is.. then tell me why the following occurs:
 
Tarpon packages (much like sequencing) an application into a single file (AIE doesnt)
The files is stored on a network share for client or wts server to use (AIE isnt)
With Tarpon, you dont install the application at all (with AIE you do)
With AIE you need an ICA client and you establish a session to a citrix server, Tarpon is a separate product altogether, you dont need a Citrix server to launch a Tarpon application
You dont need an ICA client to launch a tarpon application, you just need a tarpon client (like a softgrid one) again the application isnt installed.
I believe within a year, Citrix will match Softgrid on all aspects of its product, which is a great shame as Softricity had the vision the have been developing for years.
 
When engaged with customers during pre-sales meetings, they all love softricity, but turn off when we mention the extra cost, its very hard to upsell into existing Citrix infrastructures and will be even harder when tarpon hits the market.
 
Regards,
Lee - UK
 
 
 
Cancel
Citrix has publicly stated that Tarpon is AIE extended to the desktop (iForum, Solution Summit, etc).  Not sure where the confusion is on this.  It may be an extended AIE but it is AIE.
Cancel
Correct.  I'm not sure where the confusion is.  At this point it isn't worth a huge debate.  It's way too early in the game to do that.  Citrix is going to have to deal with the overhead issues that AIE has before it's a viable product.  It’s not even a 1.0 product yet so let’s wait and see exactly what it does.  This shouldn’t be an AIE vs Softricity debate.  Both clearly solve specific problems.  AIE can solve a few of the basics but not the types of things an enterprise needs.  If you’re a small shop AIE is great.  If you’re an enterprise you‘re going to need Softricity.  You will have the need to virtualize apps with services, com objects, etc.  AIE is not virtualization at all. 
 
 

Cancel
I would very much be interested in hearing from the person who believes that Softricity as a company is a "snake" company and welcome the opportunity to hear the series of events or concerns that brought you to that conclusion.  At Softricity, we are very focused on delivering world-class products (thanks for the compliment on SoftGrid) AND customer support.  Therefore, we are definitely are open to ideas and suggestions on how to improve both.
 
Please feel free to contact me directly or approach your local Softricity representative. 
 
Regards,
 
Bill Corrigan
VP, Product Management & Marketing
Softricity, Inc.
(617) 896-5604
bcorrigan@softricity.com
 
P.S.  As for the AIE/Tarpon versus SoftGrid debate, we welcome the competition and feel that our solution will continue to be a world-class product that introduces innovative and new ideas to the market on an ongoing basis.  We're confident that we will remain the market leader for the foreseeable future.
 
 
 
Cancel
I can back up everything Bill said.  It's been nothing but Roses dealing with Softricity and have always been treated very well.

J.
Cancel
How many VP's do you know who would take the time to reply to a comment like that? 
 
And does the person who made the comment have the boll0ck5 to justify it, I dont think so...
 
Softgrid also treat the reseller channel very well, with endless updates on product innovation, support with sales and proof of concept environments etc etc...
 
Personally, I would like potential prospects to start perceiving softricity as an actual alternative to citrix for all aspects of application delivery rather than a complimentary
product to the citrix access suite (which clearly it isnt), this helps to drive down the cost of implementation on green field sites.  I think this is sometimes a short coming of reseller account managers not pitching the product correctly, its a shame to see some potential customers not getting the message correctly because the person selling it doesnt fully understand the benefits themselves.
 
With Zero Touch we now have a mechanism to provide access solutions... some adaptive access solutions (end point analysis... :) would be cool too...
 
Regards,
 
Lee - UK
 
 
 
 
 
 
 
Cancel
I don't know Softricity, but you say they are putting everything in a big file on the system (which means they're using the local OS file system - they're just encapsulating everything in their own directory structure in their big file).  So they did put a file entry into the local OS file system to get their big file there.  But since they are virtualizing applications, they must not be messing with other existing local directory structures and files, but instead, redirecting file creates and writes into their big file.
 
I'm guessing Softricity can be allowed to READ the existing registry and files on the local OS.
 
I'm also guessing that you still have to install (package / wrap / etc.) an application (at some point) to get it into Softricity's big file.
 
With the couple of Citrix apps that I have in my AIE, I did have to install (package / wrap / etc.) them one time to get them ready.  But it looks like Installation Manager just copies those packages over to my 6 CPS servers.  It definitely does NOT do the install that it used to for these applications (with a few hundred new registry entries throughout the registry and 40+ files added all over the place).
 
From what I can tell, Citrix created a couple of new registry keys and directories under their existing Citrix structures for redirecting to.  All of those hundreds of changes get redirected to these couple of consolidated entry points.  It appears that Citrix then reads from these AIE points first and then from the local physical resources if it doesn't find things in the AIE points.  And Citrix definitely CREATES and UPDATES all data to the AIE points.
 
So, other than the fact that Softricity put everyting in 1 big file and Citrix put everything in 2 directories and 2 registry keys - it looks to me like they are both doing application virtualization.  They are both making applications believe that they have access to physical registry keys and files that reside elsewhere.
Cancel
Preach on Bill,  but then don't get upset as I find there are so many people that just want to rip on those that make and do killer things for whatever reason.  I find it sad but I guess that that can't have to make themselves feel good somehow.  
 
I've had the pleasure of knowing the Softricity guys for a long time, over four years now, and in that time that have been one awesome bunch of guys that follow through with what they say.  
 
Also, I find this Citrix artcile to be awesome as a YEAR AGO, i wrote a doc called, To Install or Not (www.dabcc.com/toinstallornot) that details almost word for word what Citrix just posted.  AIE is a nice solution for SMALL shops and small servers with some apps but if you are an enterprise, and if your using XPe, then i bet you are on the bigger side, then AIE will just not cut it.  This is where SoftGrid comes to play.  It is like using TS to do what you need Citrix for.  Same story, really is.  One is Enterprise and one is not.  I'm affraid Tarpon will be the same thing.  I really am and what is worse is that the overhead that Tarpon will bring to a workstation is way to much for most PCs to handle and the lack of DCOM support, for one, is gonig to limit the type of apps you can deploy to... well... to where it is really not usable... BUT, Citrix will push it and the Citrix partners will push it becasue they get compensated for it.    Just like they do with the Access Gateway... Citrix will sell a lot of it and then they will find issues that they can't fix, today...   So, if you want real enterprise solution you need Softricit, period.  
 
Now, for anyone that wants to argue with me about Softricity being a bad company then give me a call and we can talk.  Post your real reasons...  Talk to many of their customers,  Talk to the guys in Europe that have been using it for years with sucess...  SoftGrid rocks and with v4.0 is does services too....  I mean, just read, To Install or NOt and then you will see what the differences are.  I'm happy, I was proven right and i was given crap about that doc even from some of the people on this post that say they agreeded...  but then that is par for the course too.   I'm sort of sick of it but i guess that comes with sucess... 
 
 
 
ORIGINAL: Guest

I would very much be interested in hearing from the person who believes that Softricity as a company is a "snake" company and welcome the opportunity to hear the series of events or concerns that brought you to that conclusion.  At Softricity, we are very focused on delivering world-class products (thanks for the compliment on SoftGrid) AND customer support.  Therefore, we are definitely are open to ideas and suggestions on how to improve both.

Please feel free to contact me directly or approach your local Softricity representative. 

Regards,

Bill Corrigan
VP, Product Management & Marketing
Softricity, Inc.
(617) 896-5604
bcorrigan@softricity.com

P.S.  As for the AIE/Tarpon versus SoftGrid debate, we welcome the competition and feel that our solution will continue to be a world-class product that introduces innovative and new ideas to the market on an ongoing basis.  We're confident that we will remain the market leader for the foreseeable future.




Cancel
You think that if you're using the enterprise edition of PS, then AIE won't cut it? But AIE is only included in the enterprise edition? 

Anyway, you said that you wrote almost word-for-word what Citrix posted in the KB? Where in your document is that? I just checked and I didn't see it, but I'd like to read through your version..

Thanks,
Brian
Cancel
The End - I give up....
 
On the plus side, i am getting my hands on Tarpon for the desktop this week... so i can have a play myself and come to my own conclusions as to when it will
add value and when its time to look at a real virtualization product, like the softgrid.
 
I was also engaged in a technical pre sales meeting today, they were using citrix for remote access (how uncommon?) but wanted something else that had the x factor for all application delivery, quick softgrid demo took place, they loved it and we have arranged a further more indepth demo in a few weeks time with some key decision makers...
 
Regards,
 
Lee - UK
 
 
Cancel
I'm a Softricity customer and have nothing but good things to say about them.  There is always someone that will be unhappy in a crowd.  I've had interactions with their sales teams and support people in Boston.  All I can say is FIRST CLASS!  Keep up the good work Bill.  I love SoftGrid. 
Cancel
awesome.   i totally agree with testing it yourself... totally.. but you will need to test a few things and you need to get deep.  Try this,  try to install office 2003 and ExcelXP or Excel 2000.  Then try to embed Excel docs in to a Word doc and see what happens... See if you truely get the right version of Excel.  Or do it will Access.  The problem these guys have is namespace and DCOM issues.  Most apps use DCOM.  Apps like, Office, Oracle, SAP, and a slew of the other big boy apps.  Tarpon will work great for small apps that don't mean much to people.  I've always found that my customers use Citrix to deploy the big boy apps and this is where you are gonig to run in to the most issues.  You will need to dig deep.  You will need to do REAL regression testing.  Don't just install it and see if Acrobat works.  That is what the demo is.  Don't just install it and see if it runs.  You will need to run it and use it as a user does.   The problem is that when you go and do typical "admin style" testing then everything seems to work but when you deploy it to your end-users then the world blows up on you and you then need to yank it out.    This is what we call, "smoke and mirrors".  I'm a huge fan of Citrix but really i'm a bigger fan of solving a problem, not just working around it for some things.  TThat is why for installing applcations i feel there is no better solution on the market today than Softricity SoftGrid.  I find it actaully really cool that now Microsoft is agreeing with me on this.  If you talk to the SMS boys and ask them what the best solution is for virtualizing apps then they will tell you.  They do not have a vested interest in Softrcity as a slew of people work with SMS.  They care about making sure their customers are best served as they want to sell more SMS, not SoftGrid.  I feel that sort of prooves my point.  
 
BUT, test it for yourself.  Let us know but again, do REAL testing... don't just follow the Citrix script or you will end up getting fake results..  Trust me on this but better yet, trust the results you get from real tests and let us know.
 
-DB
 
ORIGINAL: Guest

The End - I give up....

On the plus side, i am getting my hands on Tarpon for the desktop this week... so i can have a play myself and come to my own conclusions as to when it will
add value and when its time to look at a real virtualization product, like the softgrid.

I was also engaged in a technical pre sales meeting today, they were using citrix for remote access (how uncommon?) but wanted something else that had the x factor for all application delivery, quick softgrid demo took place, they loved it and we have arranged a further more indepth demo in a few weeks time with some key decision makers...

Regards,

Lee - UK



Cancel
Thanks DB,
 
Yes I will, what interests me the most is where tarpon ends and softgrid begins.
 
We need to understand this when engaging with clients in the real world, a chart like brian has produced for the logon process would be ideal... e.g Start > Where is application being delivered too?> Is public access required? Yes/No > Is application integration required? Yes/No > Are there application dependancies? Yes/No etc..etc.. which ultimately branches out into the right solution depending on the tarpon limitations + access scenario + user requirements.
 
Result = 98% softgrid - 2% tarpon, ahahaha, only joking... not.
 
Regards,

Lee - UK
Cancel
I've heard there is a memory leak in AIE. A patch is being developed....
Cancel
Did you even read the article at the top ?
 
Both are great products.
 
David
W.Sussex
Cancel
I have to think strategically, if you were pitching a solution and your NOT a techie then how would you influence one over the other to best fit the customer needs, thats where the understanding needs to be in the separation of these two great products.
 
Lee - UK
Cancel
sod memory leaks, what about the turltes and peanut butter!!!
 

Cancel
Hi,
 
When i publish IE in an isolated environment, will my URL redirections in Microsoft Word still work?
Will it be redirected to IE in my isolated environment?
Thanks,
 
Danny.Verkerk
Cancel
Interesting thread. Although, now Microsoft have built Softgrid into the Desktop Optimisation Pack and dramatically reduced licensing, isn't Tarpon looking like a bit of a donkey? Surely Citrix must be starting to get that Derek Rowe feeling.
 
Also, Tarpon, while interesting, is nowhere near Softgrid in terms of a complete solution for fully servicing applications to the desktop, for a start you don't need Citrix. Now that Softgrid is a Windows add-on which re-engages client side computing power, isn't Citrix in danger of becoming marginalised into nothing more than a last ditch point solution? Even then, in light of Longhorn, is a Citrix solution becoming less and less necessary, indeed, could it be justified as an extra licensing cost above Windows and Softgrid? Now there's an irony.
 
Carl - UK Nr Wigan ;)
Cancel

-ADS BY GOOGLE

SearchVirtualDesktop

SearchEnterpriseDesktop

SearchServerVirtualization

SearchVMware

Close