Wilco van Bragt - LinkeIn Wilco van Bragt - Twitter rssa 

Appsense 6

A few months ago Appsense released their latest version of their Management Suite. In comparison with the previous version Appsense has redesigned the performance suite and added a lot of new features. Beside the improvements and additions to the already well-know CPU, Memory and Application parts, Appsense introduced in this version Environment Manager. With Environment Manager the computer and user configuration can be made, controlled and managed. This part of the suite moves Appsense also in the market of managing the desktop environment. More then enough changes and additions in this suite to take a look to this product again.

Installation

If you already have installed the previous version you will notice that the installation process is based on the same steps. The suite can be installed in two ways. In a stand-alone configuration the suite is installed on one server, where you can configure all settings which will be applied to the server. The second option is to install a deployment system. With the deployment system all configurations are saved in a datastore. Out of this datastore both the agents and configuration of the agents for the performance suite parts are installed via the deployment centre. This deployment centre exists of one primary deployment server and optional one or more proxy deployment servers. These proxy deployment servers caches the datastore and can also deploy the agents and the configuration to the target servers. The name of datastore may imply it is a database, but it is actually just a folder with files on one of the local disk of the primary deployment server.

Image

The installation of the deployment server or the stand alone machine are pretty forwarded. The first important screen display the choice between a stand alone installation or the deployment system installation, follows by selecting the needed installation components. Within this screen via the option "Advanced customization of product and deployment options" all available options becomes available. This need to used to install additional proxy servers or a separate license servers.

On all the servers where the configurations need to be applied require an agent for that specific part on the machine. These agents can be applied via the deployment console or installing the MSI separately to the target servers. For the deployment of these agents (and also the configuration for this parts) Appsense provided a separate management console for these tasks. Within this console several deployment groups can be configured. For each deployment group you can assign the agents (and later also the configuration settings), which will be installed automatically.

Configuration

The Appsense performance suite exist of  three components. The Performance Manager, Application Manager and the Environment Manager, which all have their own console. Each console also include the overall components, Appsense Audition, Deployment Manager and License Manager (all also have their own separate console). I prefer having all components in one console, but Appsense still divides them.

Performance Manager
Within the Performance Manager console all configurations can concerning controlling and tuning the processor and memory of the controlled servers. The first step to make is to create Application Groups. In this group you can add one or more application by selecting a file or folder. These groups will be used by configuring the most of the other options.
- Bandwidth Management
Within Bandwidth Management you can set limits per application how much kilobytes per second may be used by the application group where can be filtering on user/group and/or TCP port level. Also advanced settings can be made for the available bandwidth dependent of the status of the process, session or desktop. Also a quota can be configured per application group. If a user exceeds that quota no more traffic is allowed across the network.

Image




- CPU Affinity Control
Within this option you can assign an application group to a dedicated processor on the server. With this option you can put CPU intensive application on one or more CPU's and the other applications on the remaining servers.
- CPU Application Control
If you would like to limit the CPU usage a specific application(group) this can be done via CPU Application Control. Also this limiting can be done per application group based on user and/or group. The same advanced settings are available as in bandwidth management.
- Smart scheduling
Smart scheduling can be used to give processes a different standard share factor with the possibilities when a definite situation occurs.

- Thread Throttling
This is the component where Appsense become famous with. Thread throttling controls the usage of the CPU. You set a maximum usage of the CPU and if that value is reached Thread Throttling clamps the CPU to the second value you specified as an allowed value. You can also specify  a minimum value for threads and processes. Threads or processes below these values are not clamped normally if the clamp value is reached. Only if the allowed value can not be reached by clamping thread or processes above the minimum value these threads will be clamped to reach the allowed CPU usage value. (See above picture)
- Application Memory Limits
With this option you can assign a limitation to the usage of memory per application(group). When the limit is reached settings can be made that the application will be terminated in a configured time. The user will be getting a message with the information that the application has reached his memory limit and (if configured) in which timeframe the application will be closed down.
-  User Memory Limits
If you want to configure memory limits on a user base this is the place to do so. You can configure two values. A warning level and a block level. If needed some executables can be listed in the exception list, so these memory usage does not count for this applications.
- Physical Memory Control
With this options you can control the physical memory usage of the applications. Normally the standard rule is sufficient for most environments.
- Memory Optimizer
In the previous version this was a separated component, but now it is integrated in the Performance Manager component. Memory Optimizer checks the system every 60 minutes (adjustable) which applications (processes) are running and if memory usage of this applications (processes) can be optimal zed.
Via the Optimizer Monitor the optimizations of the memory can be viewed via several views. 

For above described options, where be applicable, message can be edited easily within this tool and user and groups must be assigned to the rules.

Application Manager
With application manager you can easily taking care that users only start applications or executables, which they are allowed to start. By default Application Manager is blocking all files which are not installed by the so called trusted owners (system and local administrator by default, but optional trusted owners can be added) on the local drives. All files on network drives are also blocked by default. Further on you can specify your configuration based on the group rules to allow or deny specific files bases on group membership. This settings are overruling the default rules. If necessary some additional rules can be setup based on user name, client level or a combination of user/group name and client level. All messages are adjustable via the configuration options tab, where you can also specify which events should be configuration for filtering and archiving. In comparison with the previous version Application Manager did not change dramatically, but one new option should be mentioned definitely. With this so called Appsense Rules Analyzer. Within this analyzer you can view how all settings are working out, in other words you can easily which files.

Image

Environment Manager

This part is completely new in the Appsense Performance Suite. Some components of the old Server Based Toolkit, but the Consoles are combined and set-up totally different. Environment Manager can be compared with RES Powerfuse or Provision Manage-IT. Only these tools are based on user settings only, while Environment Manager also can handle settings on machine level (but cannot install applications with it).

Computer settings are made when the server is started or at the shutdown of the machine. You can set up nodes within these two options. Every subnode will be provided with one or more rules. This rule(s) determine of the action(s) defined in the sub node need to be applied. 
The following actions are available within the computer part:
- Registry actions, this action can be used to created, change or delete registry keys or values in the HKey_Local_Machine settings;
- Folder actions, folders can be created, copied or deleted;
- File actions, this action can move, copy, delete or rename a file. Also the options is there to change the attributes of a file;
- Execute actions, a executable file can be started, with configured parameters and working directory;
- Shortcut actions, shortcut to applications can be made with this one (based on machine) in the start menu of the user (of other location);
- Environment variables actions, (system) environment variables can be created with this option;
- ODBC Connection actions, system DNS ODBC settings can be created using this action;
- ADM Policy actions, here ADM templates can be imported (Local Machine settings) and these settings can be configured (just like in GPO editing).

Besides the Start-up and Shutdown actions, Environment Manager has a Self Healing component. Within this component you can take care that a service is always running (or never runs), processes are always available or not, a file is always present or never present or/and a registry key is available or is never created.

The user settings are also applied on two moments. When the user logs in or the user logs off the system. The concept is identical to the computer part creating sub nodes with rules.. Within the user sub nodes the following options are available:
- Registry actions,  this action can be used to created, change or delete registry keys or values in the HKey_Current_User settings;
- Hive Registry, Importing or exporting a complete hives in or out of the registry;
- Folder actions, folders can be created, copied or deleted;
- File actions, this action can move, copy, delete or rename a file. Also the options is there to change the attributes of a file;
- Execute actions, a executable file can be started, with configured parameters and working directory;
- Shortcut actions, shortcut to applications can be made with this one (based on machine) in the start menu of the user (of other location);
- Folder redirection, almost every folder available in the user profile can be directed to another place;
- Drive action wizard, with these wizards drives can be mapped or unmapped. Local disks can be unmapped so they are not visible to the users;
- Printer action wizard, Network printers can be mapped or unmapped. Also the default (network) printer can be configured here;
- Environment variables actions, (user) environment variables can be created with this option;
- ODBC Connection actions, user DNS ODBC settings can be created using this action;
- ADM Policy actions, here ADM templates can be imported (user settings) and these settings can be configured (just like in GPO editing).

Fortunately Appsense build in the superior the former Lockdown Manager within the Environment Manager. Now just called Lockdown, you can disable menu options and key combinations in every application. With a wonderful tool called target you point to the menu part you want to disable for your user. Lockdown lets you decide if want to disable the complete menu part of the options within that menu. With this tool you can secure your environment even better, because you can disable some backdoors applications sometimes have.

It is pity that Appsense did not build an analyzer in this environment manager (like Powerfuse or Appsense analyzer within Application Manager) which is showing which settings are applied via which node to the user or computer.

 Image

Managing the Appsense environment

In every console (but also in a separated consoles) two other managers available. The first one is only available if you installed the deployment system. We discussed the Deployment Manager already in installation part of this Appsense Management Suite. Besides deploying the agents (which installed the necassry services on these servers) with this tool also the configuration made in the other components will be deployed to the servers. This works exactly the same way (actually these are also MSI files) as deploying the agents.

Image

The last manager within Appsense, the auditing manager, is being used to control and manage your environment. Via five components (Proxy auditing, SNMP, Logfile, Eventlog and/or Mail)  Audit Manager can let you know which events are taking place in your environment. Per component can configured which events should be monitored and mentioned if this event is occurring. This events are logically listed per product, clearly explained what the events will display if it occurs.

Conclusion

The greatest change within this suite is the addition of the Environment Manager. Combining and extending the formerly know Server Based Toolkit Appsense is controlling the whole configuration of the server and the user settings on that servers. With this environment Appsense is getting in the same market as RES Powerfuse and Provision's Manage-IT. But Appsense is still approaching from a technical view, where Powerfuse is more how can be make the job as easy as possible. With the Lockdown manager Appsense still haves a wonderful tool in the suite to make your environment more secure.
In comparison with the previous version Performance Manager and Application Manager are not changed dramatically. I like the new interface of Performance manager against the old one, unlike Application Manager which looks more difficult in the this version. 

Together with the still superior Throttling Manager within Performance Manager and the easy and robust Application Manager Appsense delivers a complete and usable suite. If your IT Department is looking with a technical view to administrating the environment Appsense Management Suite is definitely a good choice.

Advantages:
- Superior Throttling Manager for controlling CPU usage
- Lockdown tool is easy to use and extremely active
- The approach in Application Manager with trusted owners is excellent
- Rule analyzer within the Application Manager

Disadvantages:
- No analyzer available within the Environment Manager
- The documentations describes all kind of examples for testing the options, but is not describing the content of those settings
- The consoles are less obvious than the competitors and still not combined in one console

Appsense