|
AppSense Management Suite: A curse or a blessing? |
|
|
|
Written by Richard Thompson,
Monday, 08 January 2007
|
Recently I've posted a few comments on various web forums commenting on the AppSense Management Suite and whether or not it can actually be of any benefit to a Citrix / Terminal Server Administrator.
At the time of some of the initial posts I was having endless problems with the product. Page Swaps were spiking at 100% and never dropping, Environment Manager just seemed like a more difficult to use version of Active Directory group policies and Application manager nothing more than a Microsoft accepted method of locking down Office licenses.
Now I've worked with the software for a few weeks and feel now the time is right to write a software review.
The AppSense Management Suite is a very comprehensive suite of tools which when implemented correctly can not only lock down your Terminal or Citrix servers but also help squeeze more users on to each box and control your applications which are run.
The suite as discussed before is broken down into three main management consoles namely Application Manager Console, Environment Manager Console and the Performance Manager console. Previously I have written more details about what can be configured, the article can be found under the reviews section and is titled AppSense Management Suite: First touches.
So whats changed? What have I learnt from using this product? Is it actually worth the money you pay for it?
My opinion of the software over the past month or so has swayed from in favour to very anti and is once again back in favour of the software. My initial thoughts after the sales presentation were wow, this software is going to go a long way in helping us solve not only our performance problems but also our licensing issues.
Initial installation is simple and initial configuration is simple as well. The most difficult part was figuring out that System needs to be added as a user. After thinking about it for around 20 seconds it is simple to understand why. The services run under the system account.
My opinion swayed from this quickly when my servers suddenly jumped from having an average page swap of between 30 and 50 percent up to 100%. Obviously this is a problem for anyone making use of the advanced load evaluator in a Citrix farm as this will put your server at a full load and will mean no new connections to your farm would be allowed. After a few posts on Brianmadden.com, a call from AppSense and a visit from an AppSense consultant we determined that AppSense Physical Memory control in conjunction with Lotus Notes was causing this problem. Although this is a rather large piece of AppSense which you would rather not turn off it doesn't mean the end of the world, as long as Memory Optimizer is still running. AppSense says that Memory Optimizer is where you "pull back" your memory. Memory optimizer is what rebases dll's and it does this by making a copy DLL's which launch multiple times in the AppSenseCache directory and names these .dll.reloc. I've witnessed a physical memory gain of over 60mb per user session. Perhaps this is an insignificant amount but when you mutliply it by 20 users per server we are saving over 1GB worth of memory. That for me is a big plus.
I also mentioned in my BrianMadden article that I felt Environment manager was useless unless you were a new site building up from scratch with no ad policies at all. Hmmmm, this opinion has changed as well. Think about your ad policies and how it hides menus. Basically you hide the whole menu or you show the whole menu. With AppSense you have the ability of hiding controls within a menu. Also when you hide a drive, you cannot hide Windows and Program files folder but show the temp and documents and settings folders, with AppSense you can hide the folders or drives you want to. On top of this you can run standard logon scripts, map network drives, load registry hives, etc.
AppSense Application Manager comes with a standard template with a host of execultables which are locked by default. These include applications like command.com, format.exe, etc. The purpose of these is to help secure your environment by blocking commands a user would need to damage your system. These are all specified on the Everyone group, and can be easily overridden if needed by adding the executable to a group or user rule. AppSense applies its rules by comparing user group membership to the group rules, if it find a match the rules specified apply, if no match is found it moves on to the user rules. Again if no match is found the everyone rules apply. By default I would recommend leaving the everyone group with nothing in the allowed list and the denied list populated with as many executables as you deem necessary. Another good thing about Application Manager is that Microsoft recognises this as an acceptable method of controlling Office licenses. Office licenses work on a per device basis. Meaning if you have office installed on 3 servers and 20 users per server you need 60 licenses for office. Now what if only 10 out of the 60 users need to use office. Before you would have had to make a seperate server with Office and create a seperate published application for the Office servers and connect the users to these. With AppSense you can setup a rule saying that only people whose client names/ip addresses are in this list can access the office applications. This is great because now you can truly make a single image and roll it out to all your servers.
If you would like details on how to configure this I do have an official whitepaper which I will gladly email to you. Post a question on the datacrash forum requesting this and I will email it to you!
All in all I believe AppSense is a very useful product. It has some disadvantages as do most software products but it also has some great advantages. If you would like to further discuss AppSense and any of its features post a comment on our forum and i will gladly assist.
Rt
|
