Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Evaluating user virtualization tools and technologies

In part two of our virtual desktop toolbox series, we explain why roaming profiles aren't enough anymore and the types of profile management tools available for user virtualization.

Desktop virtualization promises to save enterprises from rising data center costs and management headaches. IT administrators, however, have had to contend with immature technology, inconsistent terminology and executive and user reluctance. Fortunately, you can get the most out of virtualization by assembling a toolbox of assorted technologies.

One of the big promises of desktop virtualization is that virtual desktops are simpler to manage than traditional desktops. Sounds good, right? Unfortunately, when people make statements like that, they don't really explain exactly how that's going to happen.

So, I'll tell you here: A big way -- perhaps even the biggest way -- you can save money with desktop virtualization is by maintaining a single master disk image that all your users share. After all, if you have 500 users, what's cheaper to manage: 500 instances of Windows or one? This applies regardless of the type of desktop virtualization you're using, whether it's Remote Desktop, virtual desktop infrastructure (VDI), client-based virtual machines (VMs), client hypervisors, operating system streaming or a combination of all of them.

Of course, you'd like to manage just one image. This would be fine if all 500 of your users were identical to one another. If they all had the same apps, the same data and the same preferences, it would be a trivial task to build a disk image and to distribute 500 identical copies. But until we perfect cloning, we're probably going to have 500 different desktops for 500 users.

User personalization with roaming profiles

Fortunately, user personalization is nothing new to Windows desktop administrators. Microsoft introduced roaming profiles way back in 1994, and they have done a decent job of centrally storing user preferences, such as wallpapers and menu layouts.

But roaming profiles were designed more than a decade before desktop virtualization was even conceived. And now, 17 short years later, we're running up against its limitations.

The biggest problem with roaming profiles is that it captures only the files and settings that are saved in the actual user profile folder. And the unfortunate truth is that a lot of stuff in Windows isn't stored in that folder and is therefore invisible to the roaming-profile engine.

The gravity of this can be illustrated through a simple example: Think about your own personal laptop computer. What if I came in and said that I was going to take it away from you right now and replace it with a new one? You might protest, to which I'd answer, "Don't worry! I'll copy your user profile folder from your old laptop to your new one."

Would you be happy with that?

I know I wouldn't be. Sure, the user profile folder will include my personal registry settings and my Start menu. But what about the custom apps I installed? What about all my data? Are they there or somewhere else? (It depends on the configuration.) What about all the little things that I stored who knows where? What about all the machine customizations that aren't stored in my registry?

The list goes on and on. The reality of today's Windows desktop environment is that a lot of stuff is stored all over the place and the simple roaming-profile mechanism isn't robust enough to capture everything.

More roaming profiles limitations

You may be saying, "So what if roaming profiles don't capture everything?"

In the context of desktop virtualization, if corporate IT wants to save money by just managing a single image for all of its users, it has to ensure that users can work with their desktops in a way that they're used to. You can't say things like, "You can put your data there," or "You can't install that app," just because we can't capture it.

Remember, we're talking about their full, real desktops -- this isn't Terminal Services, where it's just an auxiliary desktop or a desktop for a few simple workers.

The other severe limitation of roaming profiles is the whole "last write wins" issue. The Windows roaming-profiles capability was designed in an era when a user was logged on to only a single computer at a time. So, the user logs in and his roaming profile is downloaded from a server. The user works throughout the day and then logs out and at that time, the profile is copied back to the server.

But in today's environments, we might have users with two, three or four desktops, all accessed simultaneously. This could include a local installation of Windows, a few Remote Desktop Session Host sessions and perhaps a client VM. All of these profiles can conflict and overwrite one another, depending on what the user changes on which desktops at which times.

Even though Windows 7 now "streams" profile changes back and forth, that streaming happens at the file level, so users who have multiple simultaneous settings can still screw up registry settings.

Enter profile management

All of these problems can be solved today with profile management or "user virtualization," as it's now called. Vendors such as AppSense, Immidio, RES Software, triCerat and Scense all provide user virtualization products. Much like application virtualization, each of these vendors takes a different approach to profile management/user virtualization. Some, like AppSense and RES, are complex, far-reaching solutions that give you a high degree of management. Others, such as Immidio, are simpler and solve a handful of singular problems.

Most of these products have similar architectures, where they run an agent on Windows that communicates with a back-end configuration and storage database. Admins can then specify which settings should be enforced for which users and specific changes the users make are stored centrally.

And when users make changes, the agents can capture everything, regardless of whether the user puts it in the right place. This means that an admin can replace the underlying Windows installation with a new one without losing anything the user has done. And for the ultimate solution, combine this user virtualization with app virtualization, and then take a step back and think about how complete your desktop environment is -- virtual or not!

Actually, a lot of companies deploy user virtualization products into their physical desktop environments before they ever consider desktop virtualization. Doing so allows them to get a handle on the existing environment now, making their ultimate migration to virtual desktops a relatively simple exercise.

Brian Madden is an independent industry analyst and blogger, known throughout the world as an opinionated, supertechnical desktop virtualization expert. He has written several books and more than 1,000 articles about desktop and application virtualization. Madden's blog, BrianMadden.com, receives millions of visitors per year and is a leading source for conversation, debate and discourse about the application and desktop virtualization industry. He is also the creator of BriForum, the premier independent application delivery technical conference.

Dig Deeper on Virtual desktop management

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Hi Brian,

What are your thoughts on the Liquidware Labs Profile Unity solution? You mention the other platforms that use an agent, a key advantage of the LWL solution is that it's agentless.

Regards, Norman Annette
@norma49657 et al- evaluating all products will help anyone understand the real differences between all the products and solutions available. There are significant differences between "traditional profiles", "a profile management solution" and a "User Virtualization solution"...its not all marketing BS....as an employee of AppSense for over 8 years I can assure you that the majority of them perform well in the profile management space....The Citrix Sepago/UPM technology has come a long way over the last couple years and offers an excellent profile management solution for clients looking at using SMB protocols and file shares....the UPM technoogy is simple to configure and works nicely by integrating with GPO...Whilst AppSense promote User Virtualization as a complete offerring (includes other non profile management tools, such as App control, elevation, desktop configuration etc) it does offer 2 methods to better manage a profile. AppSense promotes and recommends the use of its "personalization server" technology...this IIS/SQL based infrastructure scales far greater than traditional methods and includes replication and DR capabilities for instance. The technical implementation of the solution also means its the only solution to offer true migration capabilities, across OS versions and application delivery mechanisms such as moving from native apps to app v apps. Whilst decoupling the user in this the technology future proofs any organisation, AppSense understands that not all organisations have moved to a completely user centric model....and hence, AppSense environment manager can manage profiles utilising file shares and SMB protocols.....this is something that many people fail to realise and which in many cases can provide a "stepping stone" to a complete UV solution.....this method mentioned is still live in accounts I have personally worked on, which in many cases support apx 40K users and above....In short, the choice whether to "manage a profile" or "move to UV" is the customers and is based on what other areas of desktop virtualziation are being adopted....................PS, please please dont be fooled by any vendor that claims there technology is "agent less" - nothing is agent less......whether its called an agent or a process, something still has to run on the client to process the profile.....PPS I would always prefer an agent which operates on the client than a solution which involves Domain controller alterations...PPPS...come see me or any of the AppSense guys at VMWorld or Synergy...we'd be more than happy to demonstrate both methods of managing the user persona, and show you what else is on offer, Simon T, AppSense
User persona management has absolutely become a necessity at this point in the desktop game. There is a significant difference between the profile management practices of the past and how the space has evolved in recent years. We are a society of users that need more roaming options and those options are enabled by making application and user personality settings portable. And standard roaming profiles have never been the answer.

Some of the more advantageous uses of user persona management is portability between operating systems and OS versions - like moving from XP to Windows 7 or from RDS on W2K3 to W2K8 seamlessly. Quite frankly, this technology has a place in every organization regardless of whether VDI is a direct use. General persona management creates so many options for desktop management - so much so that a properly managed user persona makes VDI an easy jump rather than a complex paradigm shift in desktop management.

As Simon points out, AppSense offers a solution, but they are by no means the only solution out there. We (VDX) do a lot with persona management and we've implemented all of the solutions out there. The number one factor is to explore the real requirements you have of a persona solution and to really understand what you want to do with desktop. @Norma - Don’t focus on an agent or agentless solution. Of course, too many agents can create a problem, but don’t shy away from a solution because it adds a simple agent. LwL has a very simple solution, but they also can’t do everything that RES or AppSense can do so understand what you need of the solution and align that to capabilities.

Managing all three layers of persona - user personality, application settings AND user data are critical to a well-managed user environment. Don’t overlook user data portability. Also look for capabilities to assist in crafting the important aspects of the persona. Some solutions work with templates or require a lot of guesswork, while others can help craft the settings using real sampling of the users' desktops. RES does a great job of this. Examine the implementation minutia – some solutions are far more complex than others.

My final advice for evaluating any technology solution is to not take the word of the vendor. You must do your own exploration and evaluation of what is important to your requirements for persona management. Vendors will always tell you their solution is the best and all the rest are sub-standard. Do your own investigation and question any vendor that attempts to discredit others. Read blogs (from neutral 3rd parties), talk to colleagues, or get a 3rd party involved to assist in an unbiased evaluation. Look at persona as an extension of user and desktop management – not just for VDI. A well-managed persona solution makes traditional desktop behave more like VDI and can even rule out the need for VDI as a solution.
Wow Micha, excellent post, and totally true about persona being a key part of the desktop strategy for any organization. We have in many cases solved a clients problems by implementing AppSense or RES and they found that they did not need VDI on the original scale they had anticipated. In the case of AppSense vs. RES its really a case of marketing fluff over reality. You mentioned in your post to not look over the user data as part of the profile. I cannot believe how many CIOs overlook this and do not consider managing the user's data. AppSense fails to tell the prospects (and even us partners at first) that their solution is simply to flip on Microsoft Folder Redirection!...This to us was the single biggest differentiator why our customers have been going to RES for their Folder Redirection, which allows them to sync users data (Selectively with filters, exceptions etc). When we first started working with AppSense, several years ago it was pretty much the "Rolls Royce" in this category and it was primarily used in Citrix environments. AppSense actually has advantages over RES in the Citrix space with their Performance Manager, but RES is a MUCH better and more flexible tool in say a "Desktop Transformation" or Windows 7 deployment scenario. I guess the deeper pockets of AppSense have afforded them the ability to just market the hell out of it, create a very sleek and sexy interface (Not as User Friendly as RES, but sexier). We still approach our clients from a neutral perspective, I have to be honest, I really feel bad when a client does not do the due diligence and makes the choice based on the perceived market leader and not the real requirements and most importantly....how difficult is this to deploy?.....example, if you have a company that has hundreds of sites all around the globe, the Appsense architecture diagram would make even the Cisco engineer gag. Do not take the Vendor's word for it, and by all means, check out AppSenses only real competitor RES. For us, we still like both products, if we had to segregate the 2 into category strengths...AppSense Strong in XenApp, Performance Manager tips the scales, and the architecture is simpler because its centralized in the datacenter, RES for VDI and Desktops larger deployments because the architecture is much simpler, the database choices are wider (MSSQL, ORACLE, DB2 etc) and mostly because of Folder Syncronization. One other very well kept secret, is the RES Automation Manager...don't get me started on that but it is mind blowing the potential that this has. Also you can have the entire RES suite (Workspace and Automation) for about what AppSense Suite costs.
The other thing I noticed was that there seems to be alot of misconceptions about the scalabilty of RES ves AppSense....trust me nothing but FUD, we are currenly implementing 30,000 seat Workspace Manager in a site that already owns AppSense!....that speaks volumes! This is a great thread...and please I know how "Un-nice" some of these appsense people can be (especially the CIO) if you are going to rebutt....do it nicely.
And now consider that RES Workspace Manager 2011 Express is for free. A very comprehensive (too comprehensive?) that you can use for $0. I do not agree that RES Workspace Manager is complex. It can look complex when you just has a brief look at the console, but it is a completely different way of managing the desired user state than what most IT admins are used to. When you get the concept and spend a day in front of the console......it is quite easy!

I know first hand that it the learning curve is WAY steeper with AppSense. The RES Interface is very Intuitive. Also the arhitecture is much simpler. ROI and TCO are much better as a result. Also RES has the functionality of all of the Appsense products combined in just the WorkSpace Manager....
I have started to see the shift start to change toward's RES in the US.
AppSense was here first and has the Advantage of being the first real premium UEM solution available in the US. RES, has been in this space for like 12 years (Alot of people assume they are new). In the Windows 7 Migration space, I agree with Darrel in that the Folder Syncronization feature in RES makes it the only suitable choice. Its also not the first time I have heard a customer that owns already owns AppSense in the Citrix environment, gives up and buys RES for the physical desktops.