Wilco van Bragt - LinkeIn Wilco van Bragt - Twitter rssa 

Immidio Flex Profiles 7.5

Introduction

Profiles are still one of the biggest challenges within Front-End infrastructures. Almost every system administrator has experienced problems with any of the profile types made available by Microsoft.

Roaming Profiles get corrupted or contain faulty settings, which can only be solved by removing the complete profile and (let the user) reconfigure the user environment from scratch consuming a lot of time and causing frustration. Also roaming profiles are often causing long logon times, because the whole profile needs to be copied from the network to the desktop (and vice versa).




Mandatory profiles were the popular alternative, but nowadays users do not accept that personal configured settings are not retained when the user logs on the next time. Also Microsoft is not a "fan" of this profile type and has been discouraging the use of the mandatory profile for a while. Actually they are right in that, because several more complex settings can not be used in combination with mandatory profiles, a good example is SSL/certificate related topics.

A local profile does not have the disadvantages of the roaming and mandatory profiles, however as the name implies the profile is for one desktop only. So when users log on to another desktop they have to reconfigure the settings again every time they use another desktop. With current flexible workplaces and working anytime from anyplace users are moving between desktops a lot, so a local profile is also not an option.

Taking a look back none of the Microsoft profile solutions fully fits the current requirements for the users keeping the user settings while not having the challenges with long logon times and profile corruption. Therefore the so called flex or hybrid profiles were developed starting with the freeware tool Flex Profile Kit. The first versions were based on the concept that the IT department defines which registry information and user profile folders and files should be retained for the user and were saved at logoff and restored when the user logs on.

The concept was great thinking, because the set of keys and files were limited so logon times were already quicker and profile corruption were reduced a lot (while configure set-up per application, only that application settings that are corrupted should be cleaned up). Still all the settings were applied during logon. Secondly the scenarios that users are using different desktop platform is getting a commodity and more and more those different platform are used at once the profile management becomes more complex where settings should be saved and loaded for the users.

 

 

These evolving steps in user settings lead to the Immidio Company with developing the well-known Flex Profile Kit into Flex Profiles with all the features currently needed to manage the user settings in flexible, manageable and advanced scenarios.

Immidio provides point solutions to help organizations solve challenges encountered with virtualization technologies in Microsoft Windows environments. The benefits of using Immidio products include increased IT productivity, significant cost reduction and almost immediate ROI. The spectrum of supported virtualization technologies includes presentation virtualization, application virtualization, desktop virtualization, user workspace virtualization and server virtualization.

Immidio Flex Profiles 7.5 decouples and segments user-specific desktop and application settings from the traditional Windows user profile and underlying operating system, making them available across multiple devices, Windows versions and application instances. With properly managed granular user profile settings, IT organizations are able to troubleshoot and restore user settings on an application level rather than having to delete the complete user profile.

Immidio Flex Profiles 7.5 brings a truly dynamic desktop closer, whether provided through physical workstations or from a virtual infrastructure. With decoupled user profiles it is easy to introduce virtualization technologies and new application delivery mechanisms. Additionally, this enables painless upgrades, like migrating from Windows XP to Windows 7. Immidio Flex Profiles 7.5 is fully compatible with Windows 7 and integrates seamlessly with Microsoft, Citrix and VMWare solutions.

Immidio is focused on providing a point solution where most other profile management solutions provide a complete suite, which in turn is too much functionality for a majority of customers and prospects. Immidio products offer positive impact on the end-user experience and productivity, while the impact on the existing infrastructure remains limited, resulting in a very attractive ROI.

On the 28th of September 2011, Immidio released the 7.5 version of Flex Profiles product, again providing many enhancements and new features which we will take a look at it in this review.

Installation

One of the strengths of the Flex Profiles product is the minimal requirements on the back-end side. You only need to have a file share storing the central configuration files (called Flex Config Files) and a user based location to store the application settings the users' configuration, called profile archives. This is a big advantage because no additional servers or products are required like a database or web server.

In comparison with other products the installation is quick and easy, with just a few questions when using the manual installation option. The product exists of two MSI files, one is for 32 bit (x86) systems and the other one is build for 64 bit (x64) systems, where both versions can be used in one infrastructure using the same central configuration and profile archives. On every machine where you would like to maintain the user settings you need to install the main Flex Profile component (FlexEngine), which is installed when using the typical option. When using the custom option the other installation components become available. 

Image
Figure 1: Installation options Flex Profiles

The first component is optional on the client and is called Flex Profiles Self Support. With this feature installed and configured later on, users can in a case user settings of an application are corrupt or misconfigured restore their settings back to the default (later on this article more about this) or restore a back-up of their own previous settings.

The other components are typically not installed on the client machines, but on specific machines. The Flex Profiles Management Console is being used by the administrator(s) to configure and setup the product. The Flex Profiles Assistant will be installed on a reference machine, so Flex Config files can be created which can be imported into the Flex Profiles Management Console. I will come back to this later in this review as well.

The only prerequisite the software has is .Net Framework 2.0 SP1, but nowadays that will be standard installed on any client.

In the case of large Citrix/RDS Farms and Desktop infrastructures preferably software needs to be installed unattended. Because Flex Profiles is based on a MSI almost every installation product can be used to deploy Flex Profiles unattended using MSI based properties, which are well documented in the administrator guide.

As the installation is kept easy and simple there is no question included to create the share for the Flex Config Files. So you need to create that on your own, but that is a basic administrator task. Don't forget that every client needs the license file locally on the system, when using the unattended option the installer requires the parameter of the license file location and will copy it to the local system during the installation phase. During the manual installation the selection of the license file is one of steps during the installation.

It is also important to understand that Flex Profiles uses regedit.exe or reg.exe in case User Account Control is enabled (Windows Vista or higher operating systems) for adding user settings based on the registry. So these executables need to be started within the user context, so consider this when configure specific NTFS rights or Group Policy Objects.

Configuration

Configuration of the Flex Profiles product is done via two methods. Via the Management Console the real configuration for the application settings is done, while using Group Policy Object the behavior of the product and client configuration is set-up.

Let's start with the configuration of application settings using the Flex Profile Management Console.The first time you start the console you need to specify the share being used for the Flex Config Files, followed by specifying which components of the Flex Profiles product should be shown in the Management Console. You can choose profile clean-up, predefined settings, Backups, DirectFlex and Advanced. Flex Profiles can also be used to maintain user settings within App-V virtualized applications. If you want to use that feature, you should configure the advanced tab of this initial configuration with the location of the flexengine executable, the profiles archive path, (optional the archive backup path) and the location of the OSD files of the App-V virtualized applications. Also on the advanced tab you can specify if you would like to use silo support. This will be useful in RDS/Citrix environments where you would like to load different settings on several silo's you have created, however you can now control the actions of Config Files with advanced process criteria as well, as described later on.

After the initial configuration you are ready to start setting up your configuration via the button Create Config File. This shows a Windows with four options: Create an empty config file, use one or more Windows common settings, use an application template, import a .flex file (created with the profile assistant).

Immidio is providing several application templates for the most common applications like Office, Adobe Reader, WinZip, Notepad, MS Paint and Live Messenger. If you choose the option use an application template you can choose which application template(s) you would like to use for this config file and the configuration is set-up automatically. Just like application templates Flex Profiles also provides predefined configuration for the most important Windows settings (think of wallpaper, keyboard, mouse, certificates, regional settings, internet explorer, windows view settings and much more), which are available under use one or more Windows common settings. The last option is to import a configuration created with Profile Assistant. The Profile Assistant became available in Flex Profiles 6 and was the solution to find out where the applications stores it's settings based on Process Monitor including logic of Flex Profiles. On a reference machine you start the monitor process and configure settings within the application. These locations are captured and stored in a .flex file. This file can be imported; actually you are creating your own application template. As you can see, you can choose to add one application per config file or use an application set in the config file. I personally prefer to separate the applications per config file to allow more granular control and in the case an application configuration get corrupted the user only loses those specific application settings. However there are scenarios for example two applications sharing configuration settings that more applications per config file is a logical decision.

After chosen the basis of your config file by starting clean or use one of the application templates we can start setting up the configuration of the config file. The basis of the configuration is based on the Import/Export function. Here you configure which folders, files and registry information should be imported and exported for the config file. In previous versions you add a section via the Section button and then manually add the location. In this version this behavior is enhanced a lot. You can now use the Browse Local Profile or Browse Other Profile.

Image
Figure 2: Adding a registry tree to the Notepad Config File

With this option enabled you can type in a part of the file or registry location and the product will autofill the available configuration settings out of the selected profile.

On the second tab you configure a feature introduced in version 7 of the product. The Profile Cleanup is a feature than can be used when you are still using Roaming Profiles and are implementing Flex Profiles in a phased approach. The settings defined on this tab will be removed out of the profile when it's copied back to the profile share during logoff. Using this mechanism you can actually shrink and improve the performance of existing roaming profiles. However it would be nice if you could re-use the import/export configuration in an easy way, because it would be logical to remove that part out of the roaming profile during the transition.

On the third tab you will find another new feature called predefined settings. This is the next step into the Flex Profiles product and in my opinion a real added value. In previous versions you should define a standard profile (in the past based on a mandatory profile, nowadays a local profile) with the standard settings you would provide to the end-users. Now with predefined settings this part can be taken out of the local profile and fully managed centrally from within the Flex Profiles Management Console. This makes it more flexible and assignable than configured in a kind of default profile. You can completely start from scratch or import a Flex Profiles archive from a user or create with the Flex Profile Assistant. The import can be added to your needs where necessary, with the manual configuration a user profile will be shown to you where you can add files and directories to it. Only the configured part will be added to the Predefined Settings configuration. Predefined settings make it possible to pre-configure any registry information, files and folders, like application INI files and shortcuts. Adding registry information is a bit old style by editing a registry file manually, hopefully the GUI around this part will be improved in the future releases. Within those configurations you can use so called Placeholders. A Placeholder can be used to define variables (standard windows variables or own define environment variables) to personalize settings, for example using a username, a computer name or an own defined value. Please read the manual how to use those placeholders, because only using the variable is not enough (Flex uses the placeholder to know that part should be processed for speeding up the load of the settings). You could define that the predefined settings should be used only once or should be processed every time (mandatory).

On the back-up tab you can define when you would like to use back-ups and how many back-up of this config file should be retained. This will be configured using the GPO by default, but you can create exceptions here, for example not to create back-ups or a different amount of back-ups before the oldest will be removed. I will discuss this back-up a bit more during the Self Support feature.

The Direct Flex is another major improvement within the product and configurable on the next tab.

Image
Figure 3: Configuring DirectFlex

In the beginning of hybrid profiles the action was done at the logon of the users' session for putting the settings back and during logoff saving the settings. However infrastructures are changing in quick way and nowadays users are logged on multiple systems at once and changing to applications should propagate directly over those sessions. Also although Hybrid Profiles speed up the logon and logoff process already a lot it is not logical to load all application setting during logon while the application is not used directly. Directflex is the answer of Immidio of these two aspects. Within DirectFlex you configure which executable(s) is/are using the setting defined at Import/Export and stores those settings when the executable is started and saved when the application is closed. As mentioned you can define more executables for example when one application is started via several executables. DirectFlex is built in such way that it will notice when the executable (or another executable defined at the executables) is started another time and loading of settings is not desirable, because they are already loaded and could overwrite already changed settings. Also the DirectFlex is built in such a way that it will store the settings only when the last executable is closed. You could define the whole path or only the executable name. When only using an executable name it does not matter where the application is started from, for example different version of the executable where you would like to share the settings. The other way around you can define the exact path and configure more Config Files. With this implementation Flex Profiles stick to their starting-point, but create the current wished flexibility.

On the advanced tab another big new feature can be found called advanced process criteria. With this feature you can create an advanced configuration that a config file while only processed (partly) when the criteria are met. This can be useful in scenarios using RDS/Citrix Silo concept or during a migration phase where you only want to save the settings.

Image
Figure 4: Advanced Process Criteria where settings are applied different.

The criteria that can be used are Environment Variable, Exit Code, File Version, Operating System, Path, Registry Key or Registry Value. For each criterion you can define how it should respond and when the criteria are matched what should be performed. In the case the criteria are not matched you can perform another behavior. For both options the following options are available: Import/Export, Import only, Export only or Do nothing. There are several scenarios where this new feature adds value and provides lots of possibilities for next releases to extend the product even more.

With hybrid profiles it is big plus that application setting can be roamed across multiple operating systems for example Windows XP and Windows 7. However in specific circumstances settings cannot be cross platform and should be stored and saved per operating system. This can be accomplished by the OS specific setting configurable also on the advanced tab.

The last tab was already introduced in version 7 of the product, but is however again an added value to the application virtualization market. With App-V the user based settings of a virtualized application are stored in configurable folder in the pkg format. Just like a roaming profile all settings are added into that file when using the virtualized application. Dependent of the used application this file can grow large, causing longer logon times. Actually just as with the normal profiles settings Flex Profiles will help you with this issue. By specifying at the import/export configuration component which parts should be saved and enabling the integration on the App-V tab. This is done by specify the App-V OSD file used for starting the virtualized application.

Image
Figure 5:  Enabling the App-V integration within Flex Profiles

The App-V integration part is using the App-V settings defined on the global settings within the product, so you cannot create different settings for another silo for example. This is a bit of a limitation, since the default App-V integration can only work with one App-V management infrastructure. You can also only specify one OSD file per configuration, while you could have an application with more OSD files where you would like to share one configuration set.

Logically not all configuration files need to be applied to all users. Only the users who are using/have access to the application should be storing/saving the settings. This can be accomplished by configuring NTFS security on the configuration files. Within the console you can right click the configuration file and when choosing properties a normal windows folder properties window will be shown. Just as normal Windows files you can configure security on the folder, so it's only accessible (and thus active) for the group of users, which will be using the application.

When you have configured the application configurations within the console the second step is to configure the client to use the created Flex Config files. This is accomplished using the earlier mentioned Microsoft GPOs. Immidio is offering both an ADM as an ADMX file. In the manual is exactly described how both files should be used within the Microsoft Group Policy Management console.

The template should be added to a GPO (or create a new GPO) and linked to an OU where the users are located (or use the Group Policy Loopback feature). By specifying multiple OUs and corresponding GPOs you can create different settings per user group.

Image
Figure 6: Configure the Flex Profiles ADM template

Via the template you configure the central configuration file location; the location where the profile archives should be stored (including the backup folder). Also some GPO settings should be configured in combination with settings created in the management console. Examples here are Password support for Internet Explorer 6, Certificate support for mandatory profiles and FlexEngine refresh settings for mouse, keyboards and windows settings (not needed anymore if you use the Run Flexengine as Group Policy Extension is used). Also configurable via the template is the behavior of DirectFlex. When an application managed by DirectFlex is started, it's possible that it start a bit slower via WAN links (because the settings are loaded at that moment). Within the GPO you can configure a notification delay, which could be useful when the users' profile archives are stored over a WAN connection. This arranges that within the configured time interval the application is not started a message will be shown in the notification area that the settings are loaded. When the application started before the configured time is reached, no message is displayed at all.

Within the GPO a setting is available called Run FlexEngine as Group Policy Extension. This settings arranges that Flex Profiles will be started as early as possible when a user logs on. In previous version you should arrange this yourself with a logon script via the GPO Windows Settings or on a Windows 2003 server in Terminal Server mode using the AppSetup key. This way of configuration is still possible and supported if you don't want to use the GPO setting. Independent you are using the GPO setting or the Logon script the Flex Profiles logoff command need to be configured using a Windows Logoff script (preferable configured using the Logoff script feature within Microsoft GPOs). 

Management

One of biggest challenging is troubleshooting user settings, even with a product like Flex Profiles. Within the ADM template you can configure a log file on a per user basis with a specific logging level. This log file is the basis for troubleshooting user experiences within the product.

Image
Figure 7: Logfile of Flex Profiles

With the predefined settings and advanced process criteria available within the product it would be nice if you could create a kind of resultant set of the configuration, which could help to determine which configuration set is deployed to the user based on which criteria.

User Experience

One of the most asked question about Flex Profiles is about the effects shown to the end user. When everything is in place and fully tested the user will not really notice that such a product is being used and that's exactly the intention of such a product. When the user had slow logon times and corrupt profiles indirect they will notice the use of Flex Profile, because those problems disappeared.

In one way the user really sees that Flex Profiles is being used to maintain their user settings and that is the Self Support. As mentioned earlier Flex Profiles offers the possibilities to save backups of the profile archives. This can be configured within the management console on the back-up tab or using the ADM template. Preferable the ADM template should be used for the general settings, where for a specific application an exception can be configured when needed. However which one is used you can specify the amount of backups that should be retained.

When a user misconfigured an application or something else went wrong the user can start the Flex Profiles Self-Support feature. This can be loaded into the system tray or started from the executable directly.

Image
Figure 8: User Interface Self-Support

Within the self-support the user sees all his applications and can choose per application (config file) to reset or restore the settings. A reset will bring back the settings back to default (when configured to pre-defined settings) or restore the settings from a previous back-up. The self-support tool at this point supports three languages, German, Dutch and English. Immidio informed me they are capable to easily add other languages as well.

Conclusion

With this new version Immidio made a big step with the Flex Profiles product. With DirectFlex application settings are loaded when the application is started causing even quicker logon times and even more sharable configuration settings over silos. With Predefined settings Immidio is moving from a profile management system to a user environment manager product in other words the user environment can be fully preconfigured and managed with one product.

Also the advanced process criteria are a really useful add-on, which has even more potential to be used for much more use cases in upcoming releases. With the App-V integration Immidio has a pretty unique selling point, this is probably the next challenge companies will face when they use application virtualization as their main application roll-out mechanism. However it's a pity that the App-V integration is causing that flexibility is lost a bit by the static configuration of it.

It is also good to see that improvements are made to the Management Console like the auto filling of the import/export component and the possibility to import a predefined setting and make changes to the settings. However there are several possibilities to improve the management console even furthter, so it's easier to use and configure the settings. But the core ingredients are there now which they can easily extend in future releases.

Overall, Immidio keeps its position as an innovative player in the user state virtualization space with their Flex Profiles point solution. With the small overhead on the current infrastructure, proven robustness (the product is used by some real large customers), affordable price and new features, they are moving the product to a user environment manager and are a serious competitor in this market.

Advantages:

  • Useful and powerful new features like DirectFlex and Advanced Process Criteria.
  • Evolving from a profile management product to a user environment product with predefined settings, but keeping to the strengths and vision of the product.
  • Self-Support will help both the IT department as the users with application issues.

Disadvantages:

  • App-V integration is smooth, but limited to a single App-V management infrastructure.
  • Management Console can be improved for easier and better configuration of the product.

About the Author

Wilco van Bragt is an independent consultant and author based in the Netherlands. He is the owner of the Server Based Computing and Virtualization website called VanBragt.Net Virtualization, where he is publishing several articles related to virtualization topics and product reviews. Besides Wilco van Bragt presents on several (independent) conferences and also writes articles for several other websites. Wilco van Bragt is self-employed (VanBragt.Net Consultancy) providing consultancy services in the Netherlands and Belgium.  Wilco van Bragt is a MVP on Remote Desktop Services, a RES Valuable Professional and a Citrix Technology Professional.

About Immidio

Founded in 2008 and based in Amsterdam, the Netherlands, Immidio develops products in close relationship with its customers, affiliated virtualization experts and the international virtualization community. Their products have proven themselves at the sites of customers in more than 20 countries, many of which are Fortune Global 500 companies. Immidio solutions are exclusively delivered through an international network of technology peers and partners.

Immidio Flex Profiles

PDF Product Review Immidio Flex Profiles