In April of 2019, Bob Kelly, Tim Mangan and Rod Trent hosted a webinar entitled, MSIX - The Future of Software Packaging. A two part series, there were a lot of great questions we just could not get to in part one of the live event. Several of those questions along with answers offered by Tim Mangan and Bob Kelly are highlighted here for your reference. Have more questions? Please come ask in the new AdminStudio community forums. 

Tim replied, “No, App-V is not going away.  At least not for a long time.  That's part of it being built into the OS. MSIX is a work in progress and will take a while to know what it can really do.  Ultimately, the MSIX container is built to protect the OS. App-V was built to protect the app and remediate older behaviors that need help in newer deployments.  MSIX is trying to pick up some of that remediation behavior, but it will be incomplete.  There is no single way to deploy all of the apps an Enterprise wants to deploy, and you will use multiple methods.  You can use App-V for most and MSIX for some newer things that work, or you can focus on MSIX and use App-V for the ones that won't work there.  You decide!”

Bob replied, “Microsoft has been careful to not deter anyone from derailing any App-V efforts. One should not wait for MSIX to be enterprise ready but should proceed and simply keep an eye on MSIX as a potential enhancement in the future. I anticipate an App-V to MSIX migration path is likely, if not from Microsoft, as a capability of AdminStudio.”

Tim replied, “MSIX is native in Windows 10 1809 and above.  There is a download to add it to 1803 and 1709 which is the equivalent.  For Win 7 (and potentially other Windows OSs) Microsoft has announced but not delivered a solution.  Details are sketchy, but I'd bet it ends up natively installing the MSIX package like it was an MSI.  So, no MSIX Runtime, no PSF, no integration into modern things.”

Bob replied, “To add to that, Microsoft has talked about the idea of just how isolated an application is running from MSIX may be a modifiable behavior in the future. Turn isolation up to keep it completely isolated, turn it down some to allow more interaction, and finally turn it all the way off and have something much close to a legacy installation. I suspect this “turn isolation off” approach may be a strong use case for supporting older operating systems (and potentially overcoming application-specific limitations associated with isolation).”

Tim replied, “ISVs will generally use developer tools, like InstallShield in Visual Studio, to produce MSIX packages.  Enterprises will use repackaging tools, like the Microsoft MSIX Packaging Tool and AdminStudio to repackage existing installers without access to source files.”

Bob replied, “I don’t think things change terribly when comparing the use case of a software vendor and that of an enterprise admin when looking to Windows Installer as a model. With MSI we had vendor setups and Windows administrators would repackage what didn’t come as an MSI to create their own custom MSI packages. The same should be the case for MSIX. No vendors provided us App-V packages so everything had to be converted or repackaged. MSIX could get us to a place closer to what it might have looked like if software vendors started shipping their products with App-V setups—you still need to customize (and plenty wouldn’t come in the desired format) but with MSIX the possibility now exists that we could get virtual containers as installers right from software vendors.”

Tim replied, “You take the vendor package and create a Modification Package (aka Add-On) that includes registry and file-based settings that you need.  The add-on does not include the original files, so it is tiny.”

Bob Replied, “This concept of a Modification Package to inject changes is a pretty impactful enhancement over the current Transform file mechanism we have for Windows Installer packages. They can be independently replaced or removed without having to remove/re-install underlying application and the relationship is not package specific so you should be able to leave your modification package in place and just update the application alone so long as the intent of the modification is still applicable to the newer versions of the application.”

Last year at ignite in the Flexera session on MSIX.  There were people there from Microsoft MSIX team and they stated as they did in sessions that end of 2020 was EOL for App-V.  Is there newer info out than that?  They also stated how they were working with vendors to separate out drivers is there any more information on that?

Tim replied, “No definitive timeline has been announced. I'm not sure what you heard, but it was probably that no decision would be made until at least 2020.  Once a decision is made to deprecate (and I'm betting that isn't 2020), they can't just rip it out right away.  Microsoft knows that App-V will remain the only way that enterprises can deliver some of the apps they have today, and they don't want to pull that rug out from under you.  The quote from Microsoft I use is ‘I'm about to start a new project with a customer on App-V. Should I do this, or should I wait for MSIX? No, today that's still a good decision; go with App-V for that project and we will make sure that you have a smooth path over to MSIX’.”

Bob replied, “I went back and listened to the recording of that MS Ignite session (sorry it is still not publicly posted; I’m working on that) and while there were a number of questions, I didn’t hear 2020 mentioned or any talk of a planned EOL. As Tim said above, Microsoft is very committed to the continued support of App-V and there are currently no concerns of an EOL announcement; MSIX will be a new option on top of App-V for some period of time and would appear to have a long life ahead of it. As for getting vendors to separate drivers from their accompanying applications, we'll have to see how that plays out!”

Tim replied, “The package will not install.  The messages shown will indicate the certificate is not trusted.”

Bob replied, “I expect you are asking about the user experience here—such would be an installation failure and not a runtime failure so if installed silently there would be no pop-ups or notifications of failure to the end user. The Windows application log, the installation log and or return code would be your indicator of failure as with installation failures you deal with today.”

Tim replied, “A hash is generated uniquely identifying the content of a block.  That hash is in the block map and the file system looks for existing blocks with that hash.”

Tim replied, “It turns out that wouldn't help with CPU.  Decompression takes the same amount of CPU no matter the level of compression.  The ‘fastest’ versus ‘best’ compression labels used by zip vendors refer to the effect at compression time.  You won't be installing many 8GB packages at runtime.  IT WILL BE BETTER THAN MSI for that purpose.”

Tim replied, “Get those desktops off of x86! But if you must, you should be able to package on x86 and deliver to x64.  I haven't done a lot of testing on that scenario, so you might find unknown gotchas.”

Bob replied, “If you need 32bit packages for some period of time, it may be worth building both for now and the retire use of the x86 packages as soon as possible. I’m just thinking that if you are going through the whole workflow of packaging, testing it would be less work to do both now than to come back later and create x64 as a separate effort in the future.”

Tim replied, “Yes-ish.  There is some work to do on settings persistence today, so 1809/1903 and the initial Server 2019 might not be production ready, but it is coming.”

Bob replied, “Repackager support for generating MSIX packages was not introduced in AdminStudio 2018 R3, but there was a known issue observed on some versions of Windows which was addressed in AdminStudio 2018 R4. Please be sure you have the latest (R4) installed as there are no known issues with Repackager support for MSIX today. “

Bob replied, “Yes, AdminStudio ships with PSADT as of April 2018. You can easily apply your PSADT template to any package for deployment in AdminStudio. Keep an eye out for a webinar on this very topic soon featuring the creators of PSADT.“

Tim replied, “Yes, this is a known issue that is being worked on.”

Tim replied, “I just started working on that.  I think you can do it either way.  If you trust all of your packagers, you can have one trusted code-signing cert for everyone.  Please password protect it, though! Otherwise, you have less trusted packagers use a self-signed test code signing cert with limited lifespan.  A gatekeeper owns the production cert and resigns the package for production.  Production machines only trust that cert.  The key is that the subject name (a string like CN=company) has to match.”

Tim replied, “It can include recapture.  But if you have an MSI without custom actions it could possibly be converted with the right tools. “

Bob replied, “AdminStudio 2019 will support MSIX conversion in its upcoming release later this April”

Tim replied, “Your scenario is unclear.  If bundling, then yes, you uninstall the whole bundle.  If add-on, add-ons can be individually removed, but if main package is removed add-ons get removed too.  MSIX doesn't have the equivalent to Connection Groups (Virtual Environments in SCCM) yet, but if it does get added then you'd have true independence.  So feel free to push Microsoft for that feature.”

Tim replied, “No streaming, but the differential download does what you want.  Non-persistent scenario support is still largely in the works, so stay tuned.”

Tim replied, “Installs are always per user (but with Single Instance Storage). There is a pre-install capability that you can use to but the bits into an image and then have a fast user-based publishing.”

Bob replied, “Yes, we are looking to support Intune for deployment in AdminStudio as you currently see with SCCM, WorkspaceONE, LANdesk, Altiris and others today.”

Tim replied, “You'll need to sign the MSIX file. Signing the internal files is optional but I'd recommend it.”

Tim replied, “Yes. You use the signtool from the WIndows SDK.  The subject name in the two keys must match each other and also match the publisher name in the AppXManifest.  That's the CN=name value.”

Tim replied, “Everything is built in.  Installation uses a component called AppxInstaller.”

Tim replied, “Right now, only exe files inside a package can run. So, having a plug-in package that calls out to a native exe (or exe in another package) doesn't fly.  Microsoft understand the problem with that and should be doing something about it.  Stay tuned.”

Be sure to come join Bob and TIm for Part 2 of MSIX - The Future of Software Packaging next week!

Have a question of your own? Please join us in the new AdminStudio community forums!