Resources

Arrow Image

Blog & News

Arrow Image

How to Simplify Centralized Image Management in Nutanix Frame with Microsoft Application Masking

How to Simplify Centralized Image Management in Nutanix Frame with Microsoft Application Masking

Microsoft® (FSLogix) Application Masking is a great product to use with Nutanix® Frame Desktop-as-a-Service (DaaS) solution. Application masking makes centralized image management even easier by hiding the applications based on conditions. With Application Masking, you can install all the applications into a single Frame™ sandbox and then provide access to these applications based on conditions such as group membership and many other options. The benefits are fewer master images, the ability to hide applications when publishing full desktops, and the ability to control application license usage.

News & Blog

WRITTEN BY

Ruben Spruijt

Field CTO, Dizzion

April 29, 2021

TABLE OF CONTENT

You can see all of this in action in a demo video I've embedded below. It showcases the configuration of Microsoft Application Masking and the user experience both for users accessing “designer” applications running NVIDIA-powered GPU virtual machines, and users leveraging “sales” applications running on CPU-only virtual machines--all from a single managed image.

Imagine

What if you could install all Windows® applications into a single Frame sandbox, thereby limiting the number of master images. Imagine you can hide applications and their components based on conditions, such as Identity Provider group membership or environment variables, all within the same Frame-powered Windows desktop solution.

What if you could grant or deny access to applications, just by modifying the users' Identity Provider group membership? This provides options of integrating your application delivery into self-service portals or (automatic) approval processes - users get the right set of apps without even touching the Frame environment! Or what if you could provide GPU-powered instances to “Designers” only and “NoGPU” instances to Sales, to accommodate their specific sales tools, all within the single Frame account?

You can do this and more without using complex solutions, such as the free Microsoft Applocker or paid 3rd party User Environment Management solutions. How? Just use Microsoft (FSLogix) Application Masking and Frame together.

Value of Application Masking + Nutanix Frame

  • Single image management made simple. Install 10s-100s of applications into the same Frame “Gold Master” aka SandBox and hide applications based on rules.
  • Fast logon times - no need to copy, install, or stream apps at user logon.
  • Dynamic access to applications based on rules or conditions such as IdP group membership, Windows variables, or Frame environment variables. The FSLogix filter driver hides the applications or components, such as fonts, folders, registry keys, Java RunTime with ease.
  • Deliver a full Windows Desktop interface to users while dynamically providing access with granular access control to applications based on conditions.
  • Free of charge for many, if not all, who are using VDI and DaaS. You are most likely eligible to access FSLogix Application Masking if you have one of the following Microsoft licenses.
  • Application license control, define rules and control who (device + users) can access, for example, Microsoft Visio or Microsoft Project while the application is installed into the sandbox.
  • Application performance at native speed. No additional system resources are required by the Workload VMs when using the Application Masking rules.
  • Not dependent on Microsoft Active Directory. Application masking and Frame work in a Microsoft “Classic” Active Directory (AD) Domain Joined and also in non-domain joined environments. It is great to be able to have a choice and support a diverse set of customer use-cases. Nutanix Frame is a born in the cloud Desktop-as-a-Service solution and unlike many other VDI/DaaS solutions it doesn't require classic AD to operate.
  • No (complex) 3rd party application layering solution needed to provide instant access to applications based on conditions.

Good to know!

  • Microsoft FSLogix Application Masking isn't a replacement for “Application Isolation” solutions. When applications or components conflict with each other both Application Masking and Application Layering very often don't help here. Solutions like Microsoft App-V or VMware ThinApp are primarily designed to isolate Windows applications and components.
  • Microsoft Application Masking isn't a replacement of “Application Layering” solutions--there is overlap for sure, but also clear differences. While Application Masking has many great benefits and use-cases, the actual applications still need to be installed and updated into the SandBox “GoldMaster.” One very common way is to manually or automatically install the applications into the “GoldMaster” (aka, Sandbox). Customers often are using existing processes and tools such as Microsoft SCCM, Automation Machine, Packer, Chocolatey, Scoop, and many others. These tools are responsible for installing, updating, and maintaining the operating system and Windows applications within the SandBox.
  • Another way to dynamically deliver applications to the Windows desktop environment without affecting the underlying Windows image or OS is to use application layering solutions such as Liquidware™ FlexApp application delivery.

And Action!™

It is great to see the combined Application Masking and Frame solution in action.

The demo video shows what the actual end-user and administrator experience are.

Two separate Frame sessions will be started; one user is “Sales” and the other user is “Designer.”

Microsoft Application masking rules and associated conditions make sure that “Designer” only has access to the “designer applications,” such as Adobe and Autodesk Software, while the user “Sales” can only see and access Microsoft Office applications.

Also, using Nutanix Frame's easy account and image management the designers are able to run all these applications in an NVIDIA GPU-powered machine, while the sales user runs the Microsoft Office productivity applications on a NoGPU, CPU-only machine. This is all running and managed from a single Frame account with a single Sandbox image.

Also, the administrator created different rules to hide “Sales” and “Designer” applications using Microsoft Application Masking FSLogix rule editor. In this example, the Frame Account is configured to use “Domain Joined Instances” and various Active Directory security groups are configured to use the AppMasking rules.

Try Nutanix Frame for Yourself

The great news is that it's fast, easy, and free to give Nutanix Frame a test drive yourself. You will get a great overview of both the user experience and admin experience. If you want to evaluate Frame and start a 30-day trial check out this page for more information.

About the Author

Dizzion

Dizzion was founded in 2011 with a visionary mission to redefine the way the world works.

In an era of legacy Virtual Desktop Infrastructure (VDI), Dizzion set out to challenge the status quo by making it simple for all customers to transform their workspace experience. By building a powerful automation and services platform on top of the VMware stack, Dizzion delivered virtual desktops as a service before Desktop as a Service (DaaS) even existed.

Ruben Spruijt

Field CTO, Dizzion

Ruben Spruijt is an accomplished Field Chief Technology Officer (CTO) specializing in End User Computing (EUC). In this influential role, Ruben contributes to company and product strategy, alliances, analyzes EUC technology trends, provides product and industry insights to fellow (executive) colleagues, and establishes and leads vibrant communities of customers, partners, and ecosystem partners. Ruben is a Microsoft Most Valuable Professional (MVP), NVIDIA GRID Community Advisor, and was in the Citrix Technical Professional (CTP) program and VMware vExpert for many years. He is based in the Netherlands where he lives with his wife and three kids. This tough mudder travels the world spreading tokens of knowledge hidden in stroopwafel from the land of nether. Everywhere he travels, he shares information and sprouts understanding. He frames his experience in End User Computing so that others can learn the root of the technology, and what is most important in life.

More about the author

Subscribe to our newsletter

Register for our newsletter now to unlock the full potential of Dizzion's Resource Library. Don't miss out on the latest industry insights – sign up today!