A Deep Dive into MSIX App Attach – Windows Virtual Desktop


Introduction

This article provides a introduction into MSIX & a deep dive / walk through on MSIX App Attach, Microsoft’s layering solution for delivering Applications to a modern workspace.

The three main components of a End-user compute environment are typically the operating system, applications and User profile. Un stitching or separating these components enables you to simply deployments, virtual desktop delivery and operating system updates/upgrades.

Traditionally, Application, installs, updates and removal actions are completed within the master gold image. The introduction to MSIX App Attach presents a new concept of application delivery and maintaining applications within a virtual desktop environment.

Today’s Application deployment Options for WVD:

  1. create a OS image per role – creating customised application sets on user group specific images.
  2. The Use of App Masking – centralising applications on one OS image, and the use of App Masking to only show the required applications to specific user groups.
  3. MSIX App Attach – Attach the required applications (containerised) to the operating system. This provides no footprint on the OS and offers applications to be mounted via a virtual disk (dynamically).

The difference between Application Layering and Application Virtualisation:

One of the most common themes to manage virtual applications is application layering. The technology allows you to wrap applications in a container like layer in the form of a virtual disk drive or similar format. This essentially allows you to reduce the need to have many individual revisions of each application and can simplify the delivery of applications to an operating system.

The goal of layering is not to isolate the application within its own virtual file system and registry but house all the required components on its own virtual disk. This is the core difference between Application virtualisation.

When a user logs on, the layering technology accesses and combines the data from the virtual hard drive into the host operating system, to make the operating system (OS) think the application is installed within the operating system when in fact the app is running from a mounting disk drive.

What is MSIX

MSIX is a new Windows app Package format that provides a modern app packaging experience for windows applications. The MSIX Package format preserves the functionality of existing application packages and enables new, modern deployment features for Win32, WPF, and Windows Forms applications.

Features:

  • Network bandwidth Optimisation – MSIX decreases the network impact by using the 64k block. This is done by using the AppxBlockmap.xml file contained within the MSIX Application package. MSIX has been specifically designed to support cloud and modern systems.
  • Disk Optimisations – MSIX removes the duplication of files across apps and windows, enabling shared files across applications. The applications are still independent of each other, and updates will not impact any other application that may share a file.
  • Reliability – MSIX provides a reliable install and its suggested that the success rate is around 99.96% over millions of installs with a MS guaranteed uninstall.

The Following Video From Microsoft provides a introduction to MSIX …

Inside a MSIX Package:

This section briefly covers the internals of a MSIX Package.

The following diagram depicts the components inside a MSIX Package.

Inside a MSIX Package
  • App Payload – The payload files are the app code files and assets that are created when building the image, for example “icon”.
  • AppxBlockMap.xml – The package block map file is a XML file that contains a list of the app’s files including, indexes, cryptographic hashes for each block of data that is stored in a package. The block file is verified and secured with a digital signature when the package is signed.
  • AppxManifiest.xml – The package manifest contains the information needed to deploy, display and update the MSIX Application. The information includes, Package identity, package dependencies, required capabilities, visual elements and extensible points.
  • AppxSignature.p7x – This file is generated when the package is signed. All Packages are required to be signed before you and run them (Validated).

Please see the link for which platforms MSIX supports: https://docs.microsoft.com/en-us/windows/msix/supported-platforms

What is MSIX App Attach

MSIX App Attach is Microsoft’s Application layering technology using the new MSIX package format. This App Layering technology enables you to separate applications from the core Operating system and deliver applications to users dynamically. Its suggested that MSIX App Attach is similar in concept to FSlogix Profile containers where the user profile is detached and filter drivers are used to redirect the profile to a virtual disk.

The following table from Microsoft compares key feature of MSIX app attach and other app layering.

FeatureTraditional app layeringMSIX app attach
FormatDifferent app layering technologies require different proprietary formats.Works with the native MSIX packaging format.
Repackaging overheadProprietary formats require sequencing and repackaging per update.Apps published as MSIX don’t require repackaging. However, if the MSIX package isn’t available, repackaging overhead still applies.
EcosystemN/A (for example, vendors don’t ship App-V)MSIX is Microsoft’s mainstream technology that key ISV partners and in-house apps like Office are adopting. You can use MSIX on both virtual desktops and physical Windows computers.
InfrastructureAdditional infrastructure required (servers, clients, and so on)Storage only
AdministrationRequires maintenance and updateSimplifies app updates
User experienceImpacts user sign-in time. Boundary exists between OS state, app state, and user data.Delivered apps are indistinguishable from locally installed applications.
Table detailing the MSIX App Attach and App Layering

You can find out more here: https://docs.microsoft.com/en-us/azure/virtual-desktop/what-is-app-attach

How MSIX App Attach Works:

This section will cover how MSIX App Attach works and a number of technical videos showing you how to create and deploy MSIX App Attach.

The following diagram depicts the MSIX App Attach Process.

MSIX App Attach Process Flow
  1. The user open’s the “Remote Desktop” Client and enters their credentials and selects the host pool they have access to.
  2. The process of communicating with the WVD management service (broker etc) is completed and a session is assigned to a available Virtual machine within the host pool.
  3. The FSLogix Agent on the session host requests the user profile from the file share for the user in question.
  4. The file share could be Azure Files, Azure Netapp Files or Iaas File server / other.
  5. Applications (App Attach) are mounted to the Virtual Machine for that user. This can be achieved using a logon script, general scripting, third party applications etc.

As you will see from the diagram, both the User profile and Application(s) are separate from the main operating system. This enables improvements in terms of dynamic delivery of applications and profiles, Something I refer to as Dynamic User Roaming (DUR) Coined 😃.

I use the term “Dynamic User Roaming” to describe the ability to take a particular user’s profile and applications enabling the ability to access any device (session host in this case) with the same experience.

The term “Dynamic” is characterised by constant change, activity, or progress. which is very fitting when describing user roaming to any device offering the same experience, profile and applications. It suggested that “Dynamic User Roaming” is the future for a true roaming experience.

Traditional Image App Delivery:

To help explain this in detail, I have depicted the traditional way that IT admins deploy applications and desktops to users in the below diagram. Essentially, multiple images are created for departments or user types/categories. This way of image management is time consuming and you effectively have to manage the applications and windows updates for each individual image.

Removing the need to update/remediate applications provides a much simpler approach for Image Operating system management. You could even consider spinning up new images automatically each time a update is completed if the User profile and applications are separated from the gold image, as it would make no difference compared to traditional methods.

The segmentation of applications, offers many advantages, one of the key benefits is simple management and the ability to focus on a specific area rather than the whole image when it comes to remediation, updates and future deployments. This means you could have different remediation cycles, specific to a area of image management, reducing the amount of change in one maintenance window.

Example of Traditional Image App Delivery

MSIX App Attach App Delivery:

The following Diagram depicts how MSIX App Attach works and the elasticity it offers Windows Virtual Desktop.

MSIX App Attach Delivery Example

As you can see from the diagram, FSlogix profiles are mounted to each virtual Machine. You will also note that each VM has the generic (common Applications) Applications deployed on the image (core). You could deploy all applications to App Attach, however, in this example, departmental images are separated from the Os.

You will see that each different department’s users, are presented with specific applications they require. For example, Sales only receive Sales App1 and Sales App2. MSIX App Attach enables you to isolate applications for the required specific user groups in question.

MSIX App Attach Terminology:

The following diagram provides some context on the different steps/processes/ actions relating to MSIX App Attach.

MSIX App Attach Terminology

Create a MSIX Package

The following Video shows you how to create a MSIX App Attach. This demo shows the creation of a Notepad++ MSIX Package.

Create a App Attach Container (Virtual Disk (VHD):

I have created a script to help with the process. You can find this code here:

https://github.com/RMITBLOG/MSIX_APP_ATTACH/blob/master/createvdisk.ps1

You will need to download the script and set the execution policy before running.

The following video shows the creation of the VHD disk for MSIX App Attach:

Unpack a MSIX file to the VHD format

Download MSIX MGR here: https://aka.ms/msixmgr

Use the following cmd to unpackage the MSIX

msixmgr.exe -Unpack -packagePath "C:\temp\appattach_test_path\MSIX unpack\notepadpp_1.0.0.0_x64__ekey3h7rct2nj.msix" -destination "C:\temp\appattach_test_path\notepad++" -applyacls

The following Video shows the process of un-packing a MSIX package ready for MSIX:

Testing a MSIX App Attach Package

I have created a number App Attach Scripts for testing applications: https://github.com/RMITBLOG/MSIX_APP_ATTACH

The video shows the scripts in use and a notepad++ running via MSIX App Attach.

Publishing an MSIX App Attach Application as a Remote App

In this brief section, we will cover the publication of a Remote App using MSIX App Attach.

When creating a MSIX App Attach Remote App, you need to ensure the following:

  • The MSIX App Attach App is staged and then registered for the user in question.
  • The Remote app has been configured with the required Application group in the ARM WVD Console.
  • You also need to ensure you configure the Remote application using the correct file paths.

Application Path: C:\temp\AppAttach\mytestsuccess_1.0.0.0_x64__ekey3h7rct2nj\msix\mytestsuccess_1.0.0.0_x64__ekey3h7rct2nj\pinball.exe

Icon Path: C:\Program Files\WindowsApps\mytestsuccess_1.0.0.0_x64__ekey3h7rct2nj\pinball.exe

For this example I have used Pinball. I have used the application source of file Path to configure the Remote App.

Video Demo of MSIX App Attach Remote App(s). This example we are using Pinball!…

(.CIM) New File Extension

I found in the details in Microsoft’s MSIX App Attach Documentation (glossary) that suggests new file extension ( at the time of writing this post). Microsoft have stated the following “.CIM is a new file extension associated with Composite Image Files System (CimFS). Mounting and unmounting CIM files is faster that VHD files. CIM also consumes less CPU and memory than VHD.”

“The following table is a performance comparison between VHD and CimFS. These numbers were the result of a test run with five hundred 300 MB files in each format run on a DSv4 machine.”

SpecsVHDCimFS
Average mount time356 ms255 ms
Average unmount time1615 ms36 ms
Memory consumption6% (of 8 GB)2% (of 8 GB)
CPU (count spike)Maxed out multiple timesNo impact
Table on performance metric provided by Microsoft.

Find out more here: https://docs.microsoft.com/en-us/azure/virtual-desktop/app-attach-glossary#cim

Update on the CIM format 27/09/2020:

The .CIM (Composite Images (CIMs)) format has been introduced into the Windows 10 2004 release. This image format is similar to the .WIM or read-only .VHD. These have been designed as a Windows Container image layout offering read-only disk and file system volume device for the image.

The .CIM image consists of a small collection of files including metadata and filesystem description files. “As a result of their “flatness” CIMs are faster to construct, extract and delete than the equivalent raw directories they contain.”

CIMs are composite as they can contain multiple file systems that can be mounted individually while sharing the same data region backing files.

One other benefit to CIMs is that the image type support deduplication at the file level.

It is suggested that CIMfs will be supported on both Windows 10 & Windows Server 2019 builds 19041 (version 2004) and onwards.

MSIX App Attach Update: 22/09/2020

Microsoft announces an update for MSIX App Attach on Windows Virtual Desktop (22/09/2020). MSIX App Attach has now been baked in to the WVD Azure blade to simplify the delivery of App Attach. You will still need to create and test MSIX App Attach packages (vDisk’s) (package) however the delivery to the WVD host pool has been taken care of by the WVD team at Microsoft 😀.

There has been a few comments in the IT community regarding no need for the previously required scripts for stage, register, de-register and de-stage scripts. However, this is not entirely true, it is advised these scripts are still required for testing App Attach. You may also choose to package on a none WVD host, and may need the scripts to test before uploading to storage.

One or Many – As stated in the announcement and my previous comments, throughout the preview, you can have one or many Applications on an App Attach disk. Just remember larger the app, slower the attach to the operating system. larger applications should be separated to their own virtual disk. You also need to factor in IOPS usage in to your storage requirements.

Blogpost_MSIX.png
Microsoft image showing preview of adding MSIX App Attach using the WVD Azure blade.

you can find out more here: https://techcommunity.microsoft.com/t5/windows-virtual-desktop/announcing-new-management-security-and-monitoring-capabilities/m-p/1699543

You can also watch Christian Brinkhoff & Dean Cefola talk about MSIX App Attach with Pieter Wigleven, WVD PM lead here >>>.

Delivering MSIX & MSIX App Attach to Enterprise:

The process for creating MSIX App Attach “Applications” is lengthy and time consuming. check out the following commercial tools that remove the pain points and let you deliver MSIX App Attach in minutes.

AppCURE – is a application packaging tool that enables you to extract applications from a source device without the need for the Application Media. The output offers the application files raw in a program folder or a MSIX package. So for those moving from older systems like Windows 7, AppCURE would help you extract those Applications quickly.

Find out more here: AppCURE Website

Application Studio (previously known as code name MSIX to VDM) – This tool enables you to spit out MSIX App Attach ready disks including the configuration information in seconds. There are also lots of added features including converting from APPV to MSIX then to MSIX APP Attach, as well as a built in feature enabling App Attach conversions for VMware app volumes 4. This technology has a wide range of features to help organisations get to MSIX App Attach quicker as well as convert, manage, secure, export MSIX App Packages.

Find out more here: MSIX to VDM website

Summary:

MSIX App Attach is a interesting concept, and I do like the fact that Microsoft area using the same MSIX format for App Attach which is a really good way of keeping things simple and standardised.

This will effectively enable a higher success rate of application delivery to Windows Virtual Desktop and local desktops as the format is standardised. I do also like the fact you can reverse MSIX App Attach back into a MSIX, as the format and structure is exactly the same.

This does provide some structure / comfort in regards to the future capabilities of application delivery and organisations can have some piece of mind knowing that Microsoft have clearly thought this out.

Noted that there are some Apps that don’t work with MSIX as of yet, however I’m sure these kinks will be ironed out.

It will be interesting to see if other vendors will adopt MSIX App Attach or align their technologies with Microsoft’s MSIX. I am really looking forward to seeing the advancements in MSIX App Attach and hopefully the GA of MSIX App Attach for Windows virtual Desktop.

2 thoughts on “A Deep Dive into MSIX App Attach – Windows Virtual Desktop

Add yours

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: