In April of 2019, Bob Kelly, Tim Mangan and Rod Trent hosted a webinar entitled, MSIX - The Future of Software Packaging. A two part series, there were a lot of great questions we just could not get to in part one of the live event. Several of those questions along with answers offered by Tim Mangan and Bob Kelly are highlighted here for your reference. Have more questions? Please come ask in the new AdminStudio community forums.Do you know if App-V is going away?
Tim replied, “No, App-V is not going away. At least not for a long time. That's part of it being built into the OS. MSIX is a work in progress and will take a while to know what it can really do. Ultimately, the MSIX container is built to protect the OS. App-V was built to protect the app and remediate older behaviors that need help in newer deployments. MSIX is trying to pick up some of that remediation behavior, but it will be incomplete. There is no single way to deploy all of the apps an Enterprise wants to deploy, and you will use multiple methods. You can use App-V for most and MSIX for some newer things that work, or you can focus on MSIX and use App-V for the ones that won't work there. You decide!”
Bob replied, “Microsoft has been careful to not deter anyone from derailing any App-V efforts. One should not wait for MSIX to be enterprise ready but should proceed and simply keep an eye on MSIX as a potential enhancement in the future. I anticipate an App-V to MSIX migration path is likely, if not from Microsoft, as a capability of AdminStudio.”Does MSIX support Windows 7 and Windows Server 2008?
Tim replied, “MSIX is native in Windows 10 1809 and above. There is a download to add it to 1803 and 1709 which is the equivalent. For Win 7 (and potentially other Windows OSs) Microsoft has announced but not delivered a solution. Details are sketchy, but I'd bet it ends up natively installing the MSIX package like it was an MSI. So, no MSIX Runtime, no PSF, no integration into modern things.”
Bob replied, “To add to that, Microsoft has talked about the idea of just how isolated an application is running from MSIX may be a modifiable behavior in the future. Turn isolation up to keep it completely isolated, turn it down some to allow more interaction, and finally turn it all the way off and have something much close to a legacy installation. I suspect this “turn isolation off” approach may be a strong use case for supporting older operating systems (and potentially overcoming application-specific limitations associated with isolation).”Please discuss the difference between being a software company and packaging vs a corporate enterprise and packaging for internal distribution.
Tim replied, “ISVs will generally use developer tools, like InstallShield in Visual Studio, to produce MSIX packages. Enterprises will use repackaging tools, like the Microsoft MSIX Packaging Tool and AdminStudio to repackage existing installers without access to source files.”
Bob replied, “I don’t think things change terribly when comparing the use case of a software vendor and that of an enterprise admin when looking to Windows Installer as a model. With MSI we had vendor setups and Windows administrators would repackage what didn’t come as an MSI to create their own custom MSI packages. The same should be the case for MSIX. No vendors provided us App-V packages so everything had to be converted or repackaged. MSIX could get us to a place closer to what it might have looked like if software vendors started shipping their products with App-V setups—you still need to customize (and plenty wouldn’t come in the desired format) but with MSIX the possibility now exists that we could get virtual containers as installers right from software vendors.”How do we deal with custom settings which are environment dependent and do not come with the standard software from the vendor?
Tim replied, “You take the vendor package and create a Modification Package (aka Add-On) that includes registry and file-based settings that you need. The add-on does not include the original files, so it is tiny.”
Bob Replied, “This concept of a Modification Package to inject changes is a pretty impactful enhancement over the current Transform file mechanism we have for Windows Installer packages. They can be independently replaced or removed without having to remove/re-install underlying application and the relationship is not package specific so you should be able to leave your modification package in place and just update the application alone so long as the intent of the modification is still applicable to the newer versions of the application.”
Last year at ignite in the Flexera session on MSIX. There were people there from Microsoft MSIX team and they stated as they did in sessions that end of 2020 was EOL for App-V. Is there newer info out than that? They also stated how they were working with vendors to separate out drivers is there any more information on that?
Tim replied, “No definitive timeline has been announced. I'm not sure what you heard, but it was probably that no decision would be made until at least 2020. Once a decision is made to deprecate (and I'm betting that isn't 2020), they can't just rip it out right away. Microsoft knows that App-V will remain the only way that enterprises can deliver some of the apps they have today, and they don't want to pull that rug out from under you. The quote from Microsoft I use is ‘I'm about to start a new project with a customer on App-V. Should I do this, or should I wait for MSIX? No, today that's still a good decision; go with App-V for that project and we will make sure that you have a smooth path over to MSIX’.”
Bob replied, “I went back and listened to the recording of that MS Ignite session (sorry it is still not publicly posted; I’m working on that) and while there were a number of questions, I didn’t hear 2020 mentioned or any talk of a planned EOL. As Tim said above, Microsoft is very committed to the continued support of App-V and there are currently no concerns of an EOL announcement; MSIX will be a new option on top of App-V for some period of time and would appear to have a long life ahead of it. As for getting vendors to separate drivers from their accompanying applications, we'll have to see how that plays out!”What happens if a certificate is not trusted for a package?
Tim replied, “The package will not install. The messages shown will indicate the certificate is not trusted.”
Bob replied, “I expect you are asking about the user experience here—such would be an installation failure and not a runtime failure so if installed silently there would be no pop-ups or notifications of failure to the end user. The Windows application log, the installation log and or return code would be your indicator of failure as with installation failures you deal with today.”How does it check if binaries need to be re-downloaded or skip and copy only required binaries?
Tim replied, “A hash is generated uniquely identifying the content of a block. That hash is in the block map and the file system looks for existing blocks with that hash.”
In a VDI environment, rerunning the decompression on each machine may results in high I/O and CPU utilization... can you control the level of compression with MSIX?
Tim replied, “It turns out that wouldn't help with CPU. Decompression takes the same amount of CPU no matter the level of compression. The ‘fastest’ versus ‘best’ compression labels used by zip vendors refer to the effect at compression time. You won't be installing many 8GB packages at runtime. IT WILL BE BETTER THAN MSI for that purpose.”
If my company is a mix of Win7 32bit and Win10 64bit, but all will be eventually Win10 64bit, what bit-ness should I package in?
Tim replied, “Get those desktops off of x86! But if you must, you should be able to package on x86 and deliver to x64. I haven't done a lot of testing on that scenario, so you might find unknown gotchas.”
Bob replied, “If you need 32bit packages for some period of time, it may be worth building both for now and the retire use of the x86 packages as soon as possible. I’m just thinking that if you are going through the whole workflow of packaging, testing it would be less work to do both now than to come back later and create x64 as a separate effort in the future.”
Can MSIX packages work in a multi-user environment like Citrix?
Tim replied, “Yes-ish. There is some work to do on settings persistence today, so 1809/1903 and the initial Server 2019 might not be production ready, but it is coming.”
Building MSIX project doesn't work with Admin Studio 2018 R2. Do you know if this will be fixed as part of Repackager 2018 or if a fix will be part of 2019 Repackager?
Bob replied, “Repackager support for generating MSIX packages was not introduced in AdminStudio 2018 R3, but there was a known issue observed on some versions of Windows which was addressed in AdminStudio 2018 R4. Please be sure you have the latest (R4) installed as there are no known issues with Repackager support for MSIX today. “
Does AdminStudio leverage or integrate with PowerShell App Deploy Toolkit (PSADT)?
Bob replied, “Yes, AdminStudio ships with PSADT as of April 2018. You can easily apply your PSADT template to any package for deployment in AdminStudio. Keep an eye out for a webinar on this very topic soon featuring the creators of PSADT.“
We have found that context menu apps do not work in MSIX packages. Is this a known issue?
Tim replied, “Yes, this is a known issue that is being worked on.”
In the enterprise, will each app packager need a certificate, or will an app packaging team be able to use one enterprise certificate?
Tim replied, “I just started working on that. I think you can do it either way. If you trust all of your packagers, you can have one trusted code-signing cert for everyone. Please password protect it, though! Otherwise, you have less trusted packagers use a self-signed test code signing cert with limited lifespan. A gatekeeper owns the production cert and resigns the package for production. Production machines only trust that cert. The key is that the subject name (a string like CN=company) has to match.”
In the creation of MSIX packages, does it include capture (installation) and then re-packaging steps that we do in MSI packaging?
Tim replied, “It can include recapture. But if you have an MSI without custom actions it could possibly be converted with the right tools. “
Bob replied, “AdminStudio 2019 will support MSIX conversion in its upcoming release later this April”
Nesting multiple MSIX files into one, will uninstalling the primary MSIX remove all?
Tim replied, “Your scenario is unclear. If bundling, then yes, you uninstall the whole bundle. If add-on, add-ons can be individually removed, but if main package is removed add-ons get removed too. MSIX doesn't have the equivalent to Connection Groups (Virtual Environments in SCCM) yet, but if it does get added then you'd have true independence. So feel free to push Microsoft for that feature.”
Do you know if there are plans to have a streaming capability for MSIX packages for App-V customers?
Tim replied, “No streaming, but the differential download does what you want. Non-persistent scenario support is still largely in the works, so stay tuned.”
Does MISX support an All Users\Per Machine install or are all installs Per User? If it doesn't support "per machine" installs, is that coming?
Tim replied, “Installs are always per user (but with Single Instance Storage). There is a pre-install capability that you can use to but the bits into an image and then have a fast user-based publishing.”
Are there plans for AdminStudio to hook into Intune as its capabilities are brought closer to SCCM?
Bob replied, “Yes, we are looking to support Intune for deployment in AdminStudio as you currently see with SCCM, WorkspaceONE, LANdesk, Altiris and others today.”
We use WiseScript as a "wrapper" for MSIs, Transforms, etc. We digitally sign the WiseScript EXE, but not the MSI inside. Will we need to additional sign the MSIX as well in the future?
Tim replied, “You'll need to sign the MSIX file. Signing the internal files is optional but I'd recommend it.”
Can one re-sign an MSIX package created externally with an internally trusted cert?
Tim replied, “Yes. You use the signtool from the WIndows SDK. The subject name in the two keys must match each other and also match the publisher name in the AppXManifest. That's the CN=name value.”
Does MSIX uses any client on the machine to run like Windows Installer or App-V Client?
Tim replied, “Everything is built in. Installation uses a component called AppxInstaller.”
How to handle plugins in MSIX (e.g. Office plugins, IE plugins)? Should it be bundled with the core package always?
Tim replied, “Right now, only exe files inside a package can run. So, having a plug-in package that calls out to a native exe (or exe in another package) doesn't fly. Microsoft understand the problem with that and should be doing something about it. Stay tuned.”
Be sure to come join Bob and TIm for Part 2 of MSIX - The Future of Software Packaging next week!
Have a question of your own? Please join us in the new AdminStudio community forums!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.