Wilco van Bragt - LinkeIn Wilco van Bragt - Twitter rssa 

Immidio AppScriber

Introduction

One of the daily tasks of service desk employees and/or system administrators is assigning applications to end-users.  A fairly simple technical task that could be automated easily. However before assigning the application someone should approve the request of the end user first. To accomplish the approving process still much hard copy forms are used for such requests. Mainly because most workflow based software is too rogue, really expensive or suitable for only one deployment solution.

Immidio noticed such demands and the current gap between those demands and available products and started developing AppScriber. Immidio AppScriber allows users to select the applications they want to use via a web-based portal. Thanks to the Immidio AppScriber Workflow Engine, AppScriber allows users to activate, deactivate directly or request applications. These activities require no IT intervention and give users a sense of independence when selecting the applications they need, all while enabling your IT department to retain control.




AppScriber is platform independent, because it's based on assigning users to group memberships. A clever thought because (mostly) all solution use groups to assign applications. Immidio officially supports Microsoft System Center Configuration Manager (SCCM), Active Directory Group Policy Software Distribution, App-V, Citrix Published Applications, Windows 2008 R2 RemoteApps, but actually the software can be used for all kind of deployment- or virtualization products. You can go also go one step further for using the product for assigning rights to file shares and/or printers.

With the release of a new version (2.0) it's time to take a detailed view of this product.

Installation

 

 

Appscriber is a web-based application so on the server side it requires Internet Information Server (IIS). It's running on Windows 2003 (R2) and Windows 2008 (R2) so actually IIS6 or higher is required. Within IIS ASP.Net should be enabled. Other prerequisites are .Net Framework 2.0 SP1 and ASP.NET 2.0 AJAX Extensions on the web server side. To store the configuration Appscriber is using a database running on SQL 2005 or 2008, where the Express version is sufficient. The database can be stored on the web server or on a separate server.  Logically you need to have an Active Directory available because (as mentioned before) Group Membership is used to assign applications.

Immidio delivers both a 32bit as a 64bit version of the server component using the MSI distributable methodology. The installation is a pretty forward. First you need to select the components that need to be installed, which depends if the web- and database component are hosted on the same server or separated on two servers. On the webserver you need to select which web site should be used (the site is not created by the installer). For the database component you need to select the SQL server (including the authentication type), followed by the database name(s). You can use one database or use two databases which separate the main component and the logging part each in an own database.

Image
Figure 1: Installation Window AppScriber

On the client side the following browsers are supported Internet Explorer 7, Internet Explorer 8 and Firefox 3 for AppScriber. Logically a client tool or software used for publishing the application should be available; AppScriber only arranges that the user will be added to the corresponding group.

Initial Configuration

After the server installation the initial configuration component will automatically start. In this component you can install your licenses. At this moment AppScriber is using named licenses based on the amount of users in the AppScriber user group. Also you can reconfigure the database settings in this component. An important part of the configuration component is the settings for Active Directory. In this tab you need to configure an account for AppScriber that can query Active Directory and has permission to change memberships of the security groups, a security group which holds the administrators for the application and a security group specifying which users are allowed to use AppScriber as a normal user to request applications. The last tab Notification can be used to configure SMTP settings. Within this tab you can configure the SMTP server and the templates used the e-mails send within the workflow. This part is optional and using notification can be configured on a per application basis.

Image
Figure 2: Initial Configuration AppScriber

Administrator View

After the initial configuration you can start configure the AppScriber environment using an account which is member of the just configured AppScriber Administrators group. The daily administrator tasks are all performed using an Internet Browser. When using an administrator account, which is also member of the AppScriber Users Group, you will get a question if you would like to start the application as an administrator or as a normal user.

On the first tab you configure the applications (or other resources) which can be requested using AppScriber.

Image
Figure 3: The AppScriber Administrator console

AppScriber has three types of applications.

  • General Application: Such an application can be activated or deactivated by all users (which have access to AppScriber). General applications can be used for applications that may be used by all users, but the user can decide itself if the application is available in their Start Menu (or other Windows Component).
  • Managed Application: A managed application can be requested by the end-user, but the request needs to be approved by a person assigned by the administrator (when configuring the application). Managed applications are also only visible for the users which are authorized to request the application. Summarized access to a managed application is based on two authorization levels, first the administrator configures which users can request the application and secondly the configured approver when a users request the application.
  • Mandatory Application: A mandatory application is actually an application which is not managed by AppScriber. Such an application is always available for the end user, think of a set of default applications. The application is added as mandatory application for the user perspective (to prevent confusion at the end user why the application is not shown within AppScriber).

Dependent of the type of application you create you need to provide less or more information. The configuration process has actually two phases, because some options are shown after the initial creation process.  I will use the managed application as an example, because (logically) this one has the most configurable options available.

Image
Figure 4: Edit Managed Application

After the initial configuration the application type and security group cannot be edited anymore, those are only configurable during the creation of the application. The security group is the group the user will be added to (or removed from) when the application is activated. Most options are pretty logical like the Icon and Description components. You can add optional Tags to an application. Tags can be used to find an application easier by the end user.

Also optional messages can be provided to an application. These messages can be used to provide the user with more information to really use the application. For example that the user needs to refresh the App-V client to show the application in the start menu or that the application will be available at Next Logon. The option "Require request information" arranges that a user needs to fill in a reason (within the request message component) why he would like to have access to the application. The Activation/Deactivation messages are only available when the application type is general or managed. The request message is only available for managed applications.

Also only available for managed application are the other options as shown in the above shown figure:

  • Users: Displays the number of users, which already are member of the corresponding security group (thus can use the application). It's possible to manually add or remove users via the manage button.
  • Authorized Groups: The users member of the groups selected as authorized groups will have the application displayed within AppScriber and can request access for this application. This is the first layer of security for using managed applications. If this layer is not really necessary you can select a default group (for example the AppScriber Users Group), so actually all users can request the application.
  • Approvers: Here you configure which persons are allowed to approve or reject the request of the end user. Only users can select here (groups cannot be chosen). It's possible to add more approvers.
  • Max numbers of users in security group: Here you can configure how many users are allowed within the security group. This can be used to enforce a maximum amount of users that can use the application (based on named users only at this moment). When the option "Enforce User Limit" is activated the approver cannot approve any additional request, when the user limit is reached. Without this option enabled the approver will get a warning message that the threshold is reached, but he can still approve the request.
  • Request Expires in (seconds): If wanted a request can expire after the specified time frame. After that time frame it's not possible to approve or reject the request anymore; the user should request the application once again.

As mentioned during the configuration you can add tags or messages to each application. Both the tags as the messages needs to be predefined before those can be assigned to an application configuration. This is done on the tabs and messages tabs.

Image
Figure 5: Messages tab

User View

Also the end user will access AppScriber using a web browser visiting the same website. The user interface will display all applications the user can use (mandatory application), activate (general application) or request activation (managed application). Via the buttons at the end of the application line the users can activate or deactivate an application.

Image
Figure 6: User View

As stated general applications do not require an approval, so when a user activates such an application the optional activation message can be displayed and the application will be available for the user. When a user does not need the application anymore, he selects the minus symbol and the application will be removed (optional a deactivating message can be displayed). When activating a managed application a request will be send to the persons assigned as approvers.

When the option "Require request information" is selected the user needs to provide a reason why he would like to use the application within the displayed request message window.

Image
Figure 7: Providing a reason for requesting PowerPoint 2003

As mentioned before the product arranges the correct group membership, so the application deployment product needs to arrange that the application actually is available (or deployed) for the end user.

Approver View

As mentioned earlier the administrator assigns approvers to the managed application. A user which has assigned for at least one application the approver role will be have some additional tabs in his user interface.

The first tab Applications is the normal user view, where an approver can request or activate his own applications. The second tab shows the applications where the user has been assigned the approval role. When selecting the applications showed on this tab the approver can check the membership of this application and manually add/remove users to this application.

Image
Figure 8: Approver View

Within the last tab Request the requests are displayed made by the end users for the application(s). When the state is pending the approver can approve or reject the request. As soon as the state is changed to "approved" or "rejected" the approver cannot change the state anymore. When more approvers for an application are assigned only one approver needs to approve or reject the request. The current version of AppScriber does not support more complex scenarios like an approval of all approvers or a double hop authorization request. Within the administrator role the same requests tab is available where the administrator(s) can approve/reject every request made.

Management

Within the administrator view several management options are available. The first one is the tab User Apps. In this User Apps component the administrator can select a specific user (optional with additional search options) and see the user configuration within AppScriber. Within this view the administrator can activate/deactivate or request application for the user.

The other management component can be found at the log tab. Here all actions are logged performed within AppScriber from administrators, approvers and users. Happily also this part has a good search option (just like all other components), so you can find pretty easily the notification you are searching for.

Image
Figure 9: Log view within the administrator console

In the initial configuration I already mentioned about the possibility to use e-mail notification to report that a request have been made or the application is approved/rejected. You can edit those files to adjust the messages. At this moment the AppScriber product is delivered in English. Of course you can adjust the e-mail component and the messages to be shown in another language, if needed.  

Image
Figure 10: Example e-mail of requesting an application.

Conclusion

AppScriber is an easy to use application which fulfills much of the needs for automated application requests. Because it's based on group membership you can easily use the product within several deployment product and scenarios. Therefore AppScriber is ideal for heterogeneous environment where several deployment solutions are available, while with AppScriber one front-end can be offered for application provisioning.

With a bit of scripting behind it (or a user management product) you could extend the usability to other resources like file shares or printers. The interface is logical and easy to understand and would perfectly fit within a company's intranet infrastructure. With several types of applications it will fulfill the needs for application request in most organizations. Also using tags and messages the user will be well informed about the process of the request. 

For some markets full Multilanguage support would be beneficial. Also wish list features are a more complex approval process (for example all approver should accept or two layer authorization) and the possibility to enhance the approval step itself (for example approve a specified time frame).

Advantages:

  • Easy to use product with most necessary features for automated workflow application assignments.
  • Product can be used for all kind of deployment products and scenarios (platform independent) as long AD group membership is being used.
  • With a few adjustments in your infrastructure the product can be used for requesting other resources like file shares or printers.

Disadvantages:

  • No full multi-language support in current version.
  • Complex approval processes are not supported.
  • Approver can only approve or reject, without advanced options like setting a time frame.

 

About the Author

Wilco van Bragt is an independent consultant and author based in the Netherlands. He is the owner of the Server Based Computing and Virtualization website called VanBragt.Net Virtualization, where he is publishing several articles related to Terminal Services and Virtualization topics and product reviews. Besides Wilco van Bragt presents on several independent conferences and also writes articles for several other websites. Wilco van Bragt is self employed (VanBragt.Net Consultancy) providing consultancy services in the Netherlands and Belgium.  Wilco van Bragt is a MVP on Terminal Server, a RES Valuable Professional, a Provsion Networks VIP and a Citrix Technology Professional.

About Immidio

Immidio provides point solutions to help organizations solve challenges encountered with virtualization technologies in Microsoft Windows environments. The benefits of using Immidio products include increased IT productivity and a significant reduction of costs. The spectrum of supported virtualization technologies includes presentation virtualization, application virtualization, desktop virtualization, user workspace virtualization and server virtualization.

Founded in 2008 and based in Amsterdam, the Netherlands, Immidio develops products in close relationship with its customers, affiliated virtualization experts and the international virtualization community organized in the Microsoft MVP and Citrix CTP programs. More than 10,000 IT professionals have downloaded Immidio products and established them in their organizations. Immidio solutions are exclusively delivered through the Immidio website, with an international network of technology peers and partners.

Immidio AppScriber

PDF Product Review Immidio AppScriber