Systems Management: Empower Your Business Systems with MDOP
The Microsoft Desktop Optimization Pack includes a quiver of applications configured to help streamline management tasks and reduce costs.
The power inherent in computer software is its ability to unlock our potential. Some applications help us to communicate or collaborate to better conduct business, build partnerships and connect with customers. Other applications provide critical computing horsepower—collecting data and crunching numbers so we can make the best possible business decisions with the most current and complete information.
Some applications exist specifically to help us become more efficient. They help us do more with less, gain deeper insight and make the most of existing resources. This is where the applications in the Microsoft Desktop Optimization Pack (MDOP) fit in.
The MDOP is a suite of technologies available on a subscription basis as part of the Microsoft Software Assurance plan. The MDOP applications help improve application compatibility and management, reduce support costs, improve asset management and enhance policy control. The MDOP can help your organization realize greater efficiency and significant cost savings.
The MDOP includes two applications specifically focused on making it easier for you to manage and deploy applications: Microsoft Application Virtualization (App-V) and Microsoft Enterprise Desktop Virtualization (MED-V) help you resolve troublesome and costly application-compatibility issues.
App-V uses virtualization technology to make applications available to client desktops without having to install the applications directly on those machines. It does this through a process known as application sequencing. This lets each application run in its own self-contained virtual environment on the client computer.
Virtualized applications run simultaneously on the client machine, but isolated from each other. This eliminates application conflicts, while still letting applications interact with the local OS and other applications running on the client computer.
The App-V client manages the virtual environment in which the virtualized applications run on each machine. After installing the client, you make the applications available through a process known as publishing. This lets individual users run virtual applications on their machines. The publishing process copies the virtual application icons and shortcuts to the local machine, along with a package definition and file type association information. Publishing also makes any content associated with that application available on the user’s machine.
You can copy the virtual application package content to one or more application virtualization servers. This way, you can have it streamed down to clients on-demand and cached locally. You can also use file servers and Web servers as streaming servers, or copy the content directly to the user’s machine. The Application Virtualization (App-V) Video Series includes a number of instructive videos to help you get started with App-V.
MED-V helps you run applications in older OSes, such as Windows XP. It’s completely seamless and transparent to the end user. Applications appear and operate as if they were installed on the host desktop. Your users can even pin their virtualized legacy applications to the taskbar.
By locally hosting a virtualized version of a previous OS, MED-V helps you eliminate legacy application compatibility issues as a roadblock. As a result, your business can realize all of the benefits of Windows 7, while still running legacy applications the latest OS may no longer support.
The MED-V solution includes the following elements:
- Administrator-defined virtual machine (VM): This includes a full desktop environment, including an OS, applications, and optional management and security tools.
- Image repository: This stores all virtual images on a standard IIS Web server and facilitates virtual image version management, client-authenticated image retrieval, and efficient download (of a new image or updates) via Trim Transfer technology.
- Management server: This associates virtual images from the image repository, along with your usage policies, to Active Directory users or groups. The management server also aggregates clients’ events and stores them in an external database for monitoring and reporting purposes.
- Management console: This lets you control the management server and the image repository.
- End-user client: This lets users access VMs, manage their session state (start, stop and lock VMs), and run applications installed on the VM seamlessly within the host OS (including access through the Start menu and integration with other applications on the desktop).
The Microsoft Enterprise Desktop Virtualization Planning, Deployment and Operations Guide can help you get started with MED-V. This includes detailed technical guidance on deploying, configuring and managing MED-V in your enterprise.
There are two applications included in the MDOP aimed at reducing IT support costs. System Center Desktop Error Monitoring (DEM) lets you track, monitor and respond to issues occurring on end-user desktops. The Microsoft Diagnostics and Recovery Toolset, or DaRT, is a suite of tools (see in Figure 1) to help you quickly respond to user issues.
When an application crashes on a Windows PC, information is typically sent to Microsoft to help the support staff evaluate the issue and notify the user of any solutions. DEM helps you gather this data within your organization. You can use this to help you see trends and more effectively relate them to recent network or system changes.
Because it uses the standard Windows error reporting system, you can deploy DEM throughout your organization with a single Group Policy in Active Directory. This makes it a simple and effective way to save money on your IT support. DEM also provides multiple reports that help you understand which crashes occur most frequently, triage patch deployments and use metrics to monitor post-deployment effects.
Figure 1 The Microsoft Diagnostics and Recovery Toolset
DaRT includes 14 different administrative, system and network utilities to help you troubleshoot and resolve critical technical issues. There are utilities like Emergency Repair Disk (ERD) Commander, which boots unresponsive systems into a Windows-like repair environment. There’s also Crash Analyzer, which helps you determine the most likely cause of a system crash. Standalone System Sweeper gives you offline malware, rootkit and other unwanted software detection.
Get a Handle on Your Assets
Information equals efficiency. The more you know about your environment and infrastructure, the better positioned you are to make informed decisions, respond to trends and realize the maximum value from your IT investment. To that end, the MDOP includes Microsoft Asset Inventory Service (AIS).
AIS helps you develop a comprehensive view of your IT environment. It collects detailed information about software assets deployed throughout your organization. Because AIS is a hosted service, there’s no need to manage and maintain additional on-premises servers.
The inventory data is stored securely on Microsoft servers, so you can collect that data whenever one of your client machines connects to the Internet, regardless of whether it’s connected to your own corporate network. All privacy and security measures are audited by an independent third-party agency (or more details on this, see the report on Microsoft AIS).
AIS lets you quickly create and export browser-based reports (see Figure 2). These reports can help your IT staff manage software assets and forecast future needs. They’re also tremendously valuable—and big time-savers—when planning a large-scale software upgrade. You can quickly and accurately determine the applications running in your environment.
Figure 2 A software inventory report from Microsoft Asset Inventory Service
Control with Confidence
Group Policy has been a crucial component of managing and securing Windows desktop environments for more than a decade. Group Policy lets you centrally manage the configuration and behavior of all your desktops. It’s a powerful tool, but has some risks.
Traditional Group Policy doesn’t give you any explicit change-control system or role-based delegation model. You run the risk of deploying changes before properly testing or approving them. The Advanced Group Policy Management (AGPM) component of the MDOP helps alleviate that risk.
The offline editing and workflow delegation capabilities of AGPM help you configure, test and approve changes before they go live. You can also quickly roll back changes if needed. AGPM also helps you recover deleted Group Policy Objects (GPOs) and repair live GPOs, which greatly reduces the risk of widespread failures.
AGPM includes rich difference reporting and audit logging. These features help you quickly diagnose and prevent problems with GPOs. Because AGPM is an extension of the existing Group Policy Management Console, it delivers more granular policy control within a familiar interface.
Doing more with less is the mantra of today’s IT industry. The suite of technologies included in the MDOP can help you bring that mantra to life in your own organization. You can realize greater value and cost savings by making the most out of your IT investments.
Joshua Hoffman is the former editor in chief of TechNet Magazine. He’s now an independent author and consultant, advising clients on technology and audience-oriented marketing. Hoffman also serves as editor in chief of ResearchAccess.com, a site devoted to growing and enriching the market research community. He lives in New York City.