Reining in Rogue AppsBy David Strom | Posted 2008-04-30 Email Print
Streaming applications can improve security and manageability, but making it work isn’t easy.
Let me ask you a simple question: How many versions of Microsoft Office do you currently have throughout your enterprise?
If your answer is more than one, or you don’t know or your users are running three different word processors, then it may be time to think about streaming your applications from a central place and trying to regain control.
The idea is simple: You can stream your applications in the same way that you stream a video or music file to your desktop from across the Internet, without making a copy of it on your hard drive.
Think of how VMware virtualizes the desktop and the operating system, and fools the PC into hosting another machine. These application servers virtualize the application itself. The target PC thinks it’s running an app from its local hard disk, but instead, the bits are being transmitted over the wire.
A streaming server sends all the information needed to run the application at the moment it is needed. Of course, you can use application streaming for more than just tracking down errant versions of Office or any other supported application, but Office certainly makes a compelling case. Running multiple Web browser versions on the same PC is another good use of application streaming.
For one thing, you don’t consume individual client licenses for each streaming application. You also save on desktop disk storage space and installation issues. And you regain some control over runaway version-itis, because your apps are always patched and current, and upgrades are trivial.
This is appealing to enterprises that want to simplify the management of their security exposure. Another advantage is that users can work at a wide variety of desktops—including at an airport lounge or a coffee shop—without having to worry about whether their applications are preinstalled. And, as you roll out new applications, you can deploy them with centralized access controls to make them more manageable.
The key vendors in this space are Microsoft, through its purchase of Softgrid; Appstream.com; Thinstall.com, which was recently acquired by VMware; and the Altiris unit of Symantec, with its Software Virtualization Service. Just to complicate matters, the three non-Microsoft vendors have a complex web of cross-licensing arrangements.
There are some downsides. (Aren’t there always?)
First, while the concept is simple, the actual execution is anything but. There are a lot of subtleties, such as figuring out the right “package” to stream down to each client, to ensure that everything needed by the application—DLLs, configuration files, drivers and so forth—is in the package and in working order.
A streaming vendor also has to deal with application isolation, to make sure that it is protected from other applications on the client system that could step on it—or it on them. And the package needs to be optimized for the end-user experience just like a streaming video does, so that the app starts up in a reasonable amount of time and doesn’t consume gobs of Internet bandwidth in the process of being streamed.
Another consideration involves the integration of the package delivery with the vendor’s enterprise software distribution system, which is why both Microsoft and Altiris are in the game. If you’re already using Systems Management Server or some other desktop delivery service, it pays to take a closer look at how streaming can help.
You also need to keep in mind that these products are still fairly new and rough around the edges. Thinstall requires a Microsoft network share to deploy, so it won’t work across the Internet without a VPN. And not all applications can be streamed—not just yet anyway.
If your application requires access directly to the underlying operating system, or to specific services, it will not be streaming-friendly. To help this situation, the vendors have put together some developer tools, such as Altiris’ Juice and Microsoft’s Desktop Optimization pack.
Despite the limitations of application streaming, it’s worth taking a closer look to see how this technology can help cut the support costs of running multiple software versions across your enterprise.