App Streaming- Architecture & Troubleshooting TechniquesJesús González, Escalation Engineer Karen Sciberras, Escalation Engineer

• Streaming technology basics

• Streaming technology in depth

• Sandbox reuse introduced in Streaming client 5.2

• Features introduced by Streaming client 6.0

Agenda

• Profiler• Captures Application Images• Stores them in the Application Hub

• Application Hub• File server which holds the profiled applications

• Streaming Client/Offline Client• Streaming to Server• Streaming to Client

Application Streaming Components

Layers Of Glass Analogy

Installation/Execution ImagePhysical Machine

Installation/Execution Image

Profiler Machine

•Nothing written to the “table” at profile time

Client Machine/ Presentation Server

•Installation program “painted” on “pane”

•File redirection

Per User Image

Physical Machine

Read/Write

Read Only, NoneRead Only

Read/Write

•Execution image common to all users – enables centralized app management

Application believes installed on physical machineInstall program, registry,

named objects etc. stored in .CAB file

Isolation Layers

• Per user Image or User Root

• Each user gets there own copy of top layer

• Writable at application runtime

• %AppData%\Citrix\Radecache

• Execution image or Install Root

• Read only during launch

• Writeable during profiling

• %Program Files\Citrix\Radecache

• Application

• Mask the applications view of the Physical machine

• Views machine from top down

• Per user image starts clear [read/write]

• Initial app view = Execution image [read only]

Streaming technology in depth

Streaming technology basic concepts

NamedObjectsNamedObjects

FileSystem

FileSystem RegistryRegistry

IsolationRules

IsolationRules

Per User Image

Installation/Execution Image

Physical Machine

• Open a File for Reading

• Creating a file

• Open a File for Writing

• Deleting a File

Streaming technology in depthExample: File System redirection

Per User Image

Installation/Execution Image

Physical Machine

Streaming technology in depthExample: Open a File for Reading

C:\Program Files\MyApp\MyConfig.txt

%AppData%\Citrix\RadeCache\GUID\Device\C\Program Files\MyApp

%ProgramFiles%\Citrix\RadeCache\GUID\Device\C\Program Files\MyApp

C:\Program Files\MyApp

If not found, continue search in the regular physical root location

Found here!Open file for reading

Search in the UserRoot

Search in the InstallRoot

Per User Image

Installation/Execution Image

Physical Machine

Per User Image

Installation/Execution Image

Physical Machine

Streaming technology in depthExample: Creating a file

C:\Program Files\Myapp\Myconfig.txt

During installation %Program Files%\Citrix\RadeCache\GUID\Device\C\Program Files\MyApp\MyConfig.txt

During execution

%AppData%\Citrix\RadeCache\GUID\Device\C\Program Files\MyApp\Myconfig.txt

Per User Image

Installation/Execution Image

Physical Machine

Per User Image

Installation/Execution Image

Streaming technology in depthExample: Open a File for Writing

C:\Program Files\MyApp\MyConfig.txt

%AppData%\Citrix\RadeCache\GUID\Device\C\Program Files\MyApp

%ProgramFiles%\Citrix\RadeCache\GUID\Device\C\Program Files\MyApp

Found here!

Copy file to user Image Layer

(Copy On Open for Write)

Open file for writing here

Per User Image

Installation/Execution Image

Physical Machine

Per User Image

Installation/Execution Image

Streaming technology in depthExample: Deleting a File

• Isolation environments satisfy two requirements

- Not deleting C:\DeleteMe.txt in reality

- Isolated applications are told that C:\DeleteMe.txt does not exists anymore

Per User Image

Installation/Execution Image

Physical Machine

Streaming technology in depthExample: Deleting a File

C:\DeleteMe.txt

Represented as 0 byte fileA special NTFS stream marker attached

Per User Image

Installation/Execution Image

Physical Machine

Launch Process

• RadeRun • RadeRun is to streaming what wfcrun32 is for hosted applications• RadeRun takes .RAD file as parameter, establishes link to streaming service

where application is executed

• RadeSvc• Obtains profiled application from Application Hub and places it RadeCache• Creates new sandbox instance and executes application

Streaming Services

Streaming Client

Basic Launch Process

PN Agent

.RAD File

Application Hub

.RAD File

XenAppXML Broker

Web Interface/PN Agent

RadeRun.exe RadeSvc.exe Application 1

• Streaming client erases RAD File immediately after reading it

• Done for house cleaning

• RAD file is not available for troubleshooting

• App Streaming – Faking out RadeRun http://community.citrix.com/display/ocb/2010/08/20/App+Streaming+-+Faking+out+RadeRun

How to obtain the RAD file

Independence from IMA or ICA

Independence from IMA or ICA

RadeRun.exe

/app:“MyAp"

/package:“\\AppHub\myApp\MyApp.profile"

-x flag will allow you to see the world as the isolated application from a command prompt

RadeRun.exe - Example

Windows 7

Profile

Streaming client

NO CITRIX FARM

NO ICA

NO IMA

Per User Image

Installation/Execution ImagePhysical Machine

RadeRun.exe - Layers Of Glass

RadeRun.exe – “-x”

CMD ISOLATED

RadeRun.exe – Layers Of Glass

Per User Image

Installation/Execution ImagePhysical Machine

NO WIWZIP

RadeRun.exe – delete inside isolation

CMD ISOLATED

RadeRun.exe – Outside isolation

Per User Image

Installation/Execution ImagePhysical Machine

NEW CMD. NOT ISOLATED

Sandbox Reuse

• What is a sandbox/isolation/Bubble?• Collection of processes and set of rules which control how application behaves• Isolated process same as normal process but tagged differently to expected• Redirection of Files and Registry

• Creation of Sandbox -> Expensive Operation• Opening the CAB file• XML parse for the sandbox isolation rules

What is a Sandbox?

Sandbox Not Reused

PN AgentStreaming Client

RadeRun.exe

RadeSvc.exe

One Profile

SandBox1

SandBox2

MS Word

MS Excel

• New feature introduced in Streaming client 5.2

• One creation of sandbox per profile instead per application

• It improves the performance of a second time launch

• Achieved by new service -> RadeLauncher.exe

• RadeLauncher.exe will exist for each sandbox/profile/user

Sandbox Reuse

Sandbox Reused

PN AgentStreaming Client

RadeRun.exe

RadeSvc.exe

One Sandbox = One Profile

RadeLauncher.exe

MS Word

MS Excel

Sandbox Reused

PN AgentStreaming Client

RadeRun.exe

RadeSvc.exe

User1 Profile1

User1 Profile2

User2 Profile1

RadeLauncher Settings and Considerations

• Radesvc.exe checks for Radelauncher.exe; if found uses existing isolation environment.

• HKLM/Software/Citrix/Rade/SandboxStatusMonitorperiod • Defined in minutes where default is 5 minutes• Setting value to 0 disables feature, behaviour of old client

• Terminate RadeLauncher for sandbox setting to take effect

Isolation of Windows services

• Program that runs outside of a user’s session

• Usually the same service runs once for the whole machine

• Generally runs at system startup

• Can be configured to run on application demand

• Service require more privileges than applications

What is a service?

Service isolation challenges

Easy to accomplish Difficult to accomplish

• Running services under application isolation • Running services under application isolation with privileges

• Keeping the user and system space separate

Service isolation solution

Considerations Solution

• Customers feedback

No problem to run services as long as they can be under control

• White list of servers

HKLM\Software\Citrix\Rade

AppHubWhiteList (REG_SZ)

• Citrix Streaming Helper Service (RadeHlprSvc.exe) 

•Runs under the Local system account

•Privilege to create, delete, start services

New streaming service

Service isolation

Application Sandbox

Service Sandbox

5.2 (no service isolation)

Application Sandbox

6.0 (service isolation)

Application Sandbox

User 2

Service isolation creation process

Service Control Manager now displays isolated services

.CAB to Directory folder

Change from .CAB files to directory

.CAB files

Directory structure

• Using a single file to represent a target makes it easier to copy

• CAB file libraries are available on all versions of windows

• Ability to use Windows Explorer to open and see inside CAB File without additional code needed

Why were .CAB files used?

• Introduced to solve XenDesktop streaming delivery issues • This is the first step toward solving the XD issue in a stream-to-client scenario• First time launch slow, second time launch fast

• Replaces .CAB file with an unzipped representation

• Future release:• Directly mount the App Hub content into the execution environment• Accomplished by creating a symbolic link that points to the App Hub

Directory structure change

Layers of glass

Streaming technology in depth

Launch process

Raderun

Sandbox Reuse

Isolation of Services

Moving from Cab to Directory structure

Take Away’s

Before you leave…

• Session surveys are available online at www.citrixsynergy.com starting Thursday, 7 October• Provide your feedback and pick up a complimentary gift card at the registration desk

• Download presentations starting Friday, 15 October, from your My Organiser Tool located in your My Synergy Microsite event account