19 Apr 2011

Windows User State Virtualization - Part 1

User state virtualization or USV refers to the process of virtualizing (decoupling) user state information from the user's computer and storing this information elsewhere, usually on a server in the datacenter. User state information is anything stored on the computer that pertains to the user, such as:

  • User data such as documents, pictures, music files, video files, spreadsheets, PowerPoint presentations, and other types of files that belong to the user.

  • User settings such as operating system settings (e.g. wallpapers, screensavers, keyboard layouts etc.) and application settings (e.g. toolbar selections, custom dictionaries, autosave settings, default page layout etc.) that can be customized on a per-user basis.


Figure 1: Windows user state information comprises user data and user settings

The goals of USV are essentially the same as those of any other type of virtualization: lower TCO, increased availability, improved business agility, and easier manageability.

Windows USV refers to a collection of features and technologies that can be used to implement a USV solution for client computers running some version of Microsoft Windows. The key features and technologies of Windows USV are these:

  • User profiles which are file system structures (folders and files) that contain the user state information for each user on a Windows-based computer. Some folders and files in a user profile are normally hidden from view to keep users from messing with their contents.

  • Folder Redirection which is a Windows technology that lets administrators redirect certain folders within user profiles to shared folders on the network so that when users save files they are working on these files are saved onto the network instead of on their own machines.
  • Offline Files which is a Windows technology that lets users work with local copies of files stored in shared folders on the network even when the network itself is unavailable.

  • Roaming User Profiles which is a technology that lets you store user profiles in shared folders on the network. When the user logs on to his computer, his profile is downloaded from the network and loaded to display his desktop. When the user logs off, his profile is uploaded back to the network.


Figure 2: Windows USV technologies

As a WindowsNetworking.com reader, you are probably already familiar to some degree with these different technologies, but let's review them really fast anyways. And while the focus of this series of articles will be on virtualizing user state information on Windows 7 computers, we'll also examine how USV technologies have changed from Windows XP to Windows Vista to Windows 7 since understanding these changes is important when implementing USV strategies in mixed environments.

User Profiles

There are a bunch of different types of user profiles you need to know about:

  • Local profiles which are user profiles stored on the user's computer. Even when RUP is used to virtualize (decouple) a user's data and settings from the user's computer, there is still a locally stored copy of the user's profile on the user's computer.

  • Roaming profiles which are user profiles stored on the network. Note that Roaming User Profiles (capitalized) or RUP refers to the procedures and technologies involved while roaming profiles (Iowercase) refers to the actual profiles themselves.

  • Mandatory profiles which are roaming profiles that are ACL'd as read-only. Mandatory profiles are frequently used in Remote Desktop Services (a.k.a. Terminal Services) environments when you don't want your users to be able to make any changes to the configuration of their session-based desktops or RemoteApp programs.

  • Temporary profiles which are used when the user's local profile can't be loaded and there is no roaming profile to download. A typical scenario where you might find yourself logged on with a temporary profile would be when your antivirus software locks files during the logon process thus preventing your local profile from loading. The result is that all your personal files suddenly seem to have vanished—My Documents is empty!! Fortunately, logging off and then on again usually causes your profile to load and your documents to be restored—whew!

  • Default profile refers to a special user profile that is used as a template for creating a user's local profile the first time he logs on to his computer. By customizing the default profile prior to deploying Windows, you can ensure a customized, uniform experience for your users. For example, you could prepopulate desktops with shortcuts to network shares, ensure that a corporate wallpaper is being used, and so on. Group Policy can be used to do some of these things as well.

User profiles changed significantly from Windows XP to Windows Vista (or Windows 7) as you can see by comparing Figures 1 and 2 below. Some of the important changes include the following:

  • Windows XP stores local profiles in the C:\Documents and Settings folder; Windows Vista and Windows 7 store them in the C:\Users folder.

  • In Windows XP the root folder of your user profile can be accessed using Windows Explorer. In Windows Vista and Windows 7 however, you can access your root profile folder directly from the Start menu and this is not necessarily a good thing since it means you can create additional folders in your user profile and these folders can't be redirected (though they can be roamed).

  • Windows Vista and Windows 7 profiles have more subfolders (and some different subfolders) than Windows XP profiles have.

  • In Windows XP the folders My Pictures, My Music and My Videos were subfolders of My Documents; in Windows Vista and Windows 7 the user profile structure was flattened so that all of these folders are now peers.

The bottom line here is that the changes in the user profile structure starting with Windows Vista are so significant that these new profiles are called "v.2" profiles to distinguish them from the earlier Windows XP profile structure. This has significance, particular when trying to implement Roaming User Profiles in an environment (more about that in another article of this series).

We'll dig deeper into certain portions of user profiles later in this series, but meanwhile if you're interested in more detailed information concerning user profile changes in Windows Vista and Windows 7 you should read Chapter 15 of the Windows 7 Resource Kit (Microsoft Press, 2010). You can also find good information in the Managing Roaming User Data Deployment Guide (for Vista) here and What's New in Folder Redirection and User Profiles (for Windows 7) here.


Figure 3: User profile structure in Windows XP. Other profile folders may be present depending on Windows features enabled and applications installed


Figure 4: The new "v.2" user profile structure in Windows 7 (and Windows Vista). Other profile folders may be present depending on Windows features enabled and applications installed

Roaming User Profiles

Roaming User Profiles (RUP) was actually developed way back in the Windows NT 4.0 timeframe and was intended to allow users to change seats and access their personalized desktop from any Windows computer on the network. In other words, RUP provides the ability for users to roam between computers. RUP as it was initially implemented had some problems however:

  • RUP roams the entire user profile including settings for applications that aren't specifically intended to be roamed (in other words, RUP has no granularity in what you can roam—it just roams everything in the profile). This isn't a problem however for applications that are "well-designed" that is for apps that store their settings in the proper places—we'll talk more about this later in this series.

  • RUP syncs the local copy of the profile on the user's computer with the copy stored on the server only at logoff. This is still the default behavior in Windows 7 though you can now choose to sync periodically in the background if you desire—more on this as well in a later article.

  • RUP doesn't work well in scenarios where users need to log on to multiple computers at the same time. The least that can happen might be data loss or settings that don't apply the way you expect them to; the worst can be profile corruption, which necessitates rebuilding the user's profile from scratch and losing all the data and settings that were previously present. And generally speaking in Active Directory environments there's no easy way to prevent users from logging on to multiple computers concurrently except by educating them not to do this.

  • RUP doesn't work well if you have a mixed environment of Windows XP and Windows 7 (or Windows Vista) computers. RUP also doesn't work well if your environment has a mix of computers running x86 and x64 versions of Windows. We'll talk more about mixed environments later in this series.

  • Because the profiles RUP creates (roaming user profiles) contain all of the user's data and settings, they can grow very large, especially if the user has lots of pictures, music and videos on their computer. The result is that RUP as it was originally designed could result in terribly long logon/logoff times for users as their profile was downloaded to or uploaded from their computer.

That last issue led Microsoft to introduce a second USV technology to complement RUP and that's what we'll look at next. But meanwhile if you're interested in learning more about RUP you can check out the chapter of the Windows 7 Resource Kit mentioned earlier in this article.

Folder Redirection

Folder Redirection (FR) was introduced in Windows 2000 as a way of mitigating the slow logon/logoff issue associated with large roaming profiles in NT. The idea is that FR lets you redirect certain profile folders such as My Documents out of the user's profile and store the contents of these folders on a separate network share than the one where the user's profile is stored. Then when the user's computer downloads (or uploads) the user's roaming profile from the network, the contents of My Documents and other redirected folders won't need to be downloaded, making logon (and logoff) times faster.

FR was also introduced for several other reasons:

  • So that users could roam between computers and access their data from the network even when RUP has not been implemented in the organization's environment. FR in this case can be seen as a kind of "poor man's RUP" that roams only user data but not user settings, but we'll see below that you can also use FR to roam user settings (sort of).

  • So that administrators could more easily back up user data by having such data stored on the network (in the redirected My Documents folders located on a file server) instead of on client computers (in each user's local My Documents folder).

  • So that any application settings (specifically, files associated with applications and certain Windows features) stored in the Application Data subfolder could also be redirected and hence roamed. More on this in a moment.

  • So that RUP could work more effectively in a Terminal Services environment. More on this too in a moment.

FR was updated a bit in Windows XP and Windows Server 2003 and let you redirect the following profile folders:

  • My Documents - This is usually the biggest profile folder by far, so redirecting this folder is always a best practice whenever you implement RUP. And since My Pictures, My Music and My Videos are subfolders of My Documents, the contents of these folders also get redirected to the network. Finally, as mentioned above redirecting My Documents lets administrators back up your data more easily so you don't lose your work if your machine crashes.

  • Desktop - Some (if not most) users tend to store important documents on their desktop so they can access them easily, and if you store a lot of files on your desktop then you may experience logon/logoff delays if RUP has been implemented in your environment. Redirecting the Desktop folder also ensures that anything you save to your desktop also gets backed up.

  • Application Data - This profile folder stores configuration settings for Windows features and installed applications. In other words, by redirecting the Application Data folder you can roam user settings (in addition to roaming user data by redirecting My Documents and Desktop). The trouble is, redirecting the Application Data folder redirects all settings stored in this folder, even for applications that weren't designed to be roamed. In fact, it turns out that roaming per-user settings applications is a thorny problem, so we'll devote an entire article in this series to discussing it later.

  • Start Menu - Redirection of this folder was intended mainly for Terminal Services environments where everyone is supposed to get the same Start Menu and be able to run a common set of applications. Because of this, redirection of Start Menu is a specialized topic that we'll look at later in this series.

Anyways, in Windows XP and Windows Server 2003 you can use Group Policy to implement FR as shown in Figure 5 below. Beginning with Windows Vista however, you now have the option of redirecting additional profile folders (up to 13 folders in total) and Figure 6 illustrates this new situation. There are a few other improvements to FR in Windows Vista and Windows 7 that we'll talk about later in this series.


Figure 5: Folder Redirection policy in Windows XP and Windows Server 2003


Figure 6: Folder Redirection policy in Windows Vista, Windows 7 and Windows Server 2008

Offline Files

When FR was introduced in Windows 2000 there was another feature introduced alongside it called Offline Files (OF) that was intended to complement FR. The reason is because if FR redirects user data (and possibly user settings) to a network server but the network (or the server) suddenly becomes unavailable, the user won't be able to access their data files (and some application customization files) resulting in confusion, frustration and lost productivity. Offline Files is designed to mitigate this problem by synchronizing folders and files on the user's machine with their copies on the network. OF thus goes hand-in-hand with FR and OF is almost always implemented when FR is implemented. We'll dig deeper into OF later on in this series, but for now you can think of OF as a given whenever FR is being used.

Issues to Consider

What then are the major issues you need to consider when designing and planning a USV strategy for your organization? Here is a list of some key issues we'll be looking at in this series of articles:

  • What business scenarios can benefit from USV?
  • What issues can arise when trying to virtualize application state?
  • What considerations are there for mixed environments, for example when some of your users have Windows 7 running on their computers while others still have Windows XP?
  • What do you need to be aware of when planning migration of a Windows XP environment that has FR/OF/RUP to Windows 7?
  • Are there any security considerations for implementing FR/OF/RUP?
  • Are there any other limitations you should be aware of concerning what one can do with FR/OF/RUP?
  • And finally, how should you actually go about implementing a USV solution? What steps do you need to take in what order?

No comments:

Post a Comment