Quest's ChangeBASE solution reveals the impact of migration to leading UK retailer

Over the past few weeks the Professional Services team at ChangeBASE, now part of Quest Software, has been working with a leading UK retailer looking to migrate around 2000 applications to Windows 7 and  a virtual environment. The team tested 805 packages against compatibility checks for Windows 7, 64-bit, Microsoft App-V and VMware ThinApp, and found that, in total, nearly 40% of those tested contained at least one serious compatibility issue (highlighted as Red) against at least one of the platforms. Migrating applications without this knowledge could mean critical applications are compromised or simply do not function, which is a risk that organisations cannot afford to take.

Here's the breakdown by platform, showing both the results of the initial testing and the results after automated fixing provided by Quest's ChangeBASE solution set has been applied (where applicable).

Windows 7: Initial Testing

Windows 7: After Automated Fixing

Windows 7 64-bit: Testing (no automated fixing available)

As you can see, the automated remediation provided by Quest's ChangeBASE solution set allowed the majority of applications to proceed directly to UAT for Windows 7, allowing skilled resource to focus on the remaining 24% that require attention. Analysis also revealed the impact that selecting the 64-bit platform version would have, allowing an informed decision to be made before purchase.

Microsoft App-V: Initial Testing

Microsoft App-V: After Automated Fixing

VMware ThinApp: Initial Testing

VMware ThinApp: After Automated Fixing

Assessing the suitability of an application estate for virtualisation is essential before making the move to such an environment. After initial testing, just 32% and 27% of applications were identified as Green against the chosen platforms (i.e. no compatibility issues were identified). Fortunately for the client, not only does the automated remediation provided by the tool dramatically increase these totals, but the analysis also details the reasons for the incompatibilities that can't be automatically solved.

Does your organisation, or your client's, know how migration to a new environment would impact its application estate? Are you looking to make the most of new technologies, but are fearful of the risks involved? Get in contact with our Sales team here for more information, or visit the website.

Troublesome application holding up your packaging team?

No problem!

Ben Nel, Technical Specialist, has been working with two very different organisations in the past few weeks with one very similar problem - an application that they simply couldn't get to the bottom of.

In Detroit, the IT team of a leading global automotive supplier had spent weeks trying to get Hyperion Essbase working on Citrix ZenApp v6, to no avail. With Quest's ChangeBASE solution set, this application was automatically tested against thousands of  compatibility checks and, within 15 minutes, the offending 16-bit files were identified as the problem.

Next it was over to the east coast, where a not-for-profit integrated health care delivery system had spent a fortnight trying to get Numara Track-It! to work on the target platform. Once again, the automated application compatibility testing offered by the ChangeBASE solution revealed the exact detail of the problem in minutes.

The cost, time and effort savings of Quest's ChangeBASE solution set when compared to manual testing are often remarked upon by our clients and partners. In these recent cases, however, manual testing not only took longer but ultimately could not pinpoint the problem with anything like the accuracy of of the ChangeBASE solution. In some cases the manual option is not just inconvenient, but inadequate.

For more information on how Quest's ChangeBASE solution set simplifies and accelerates the application testing, fixing and conversion process, please take a look round the website. More specifically, an overview of our testing module is available here.


Is an app holding you back? We'd love to here about your application compatibility testing experiences, so please do share your comments.


Thanks for reading!

Q&A with Jon Rolls of Quest Software #5

Jon Rolls talks to Virtual Strategy Magazine about the future of ChangeBASE.

VSM: What is the future for ChangeBASE?

JR: With the usual warning about forward-looking statements, I can hope to give some general indication of direction.

The first thing to change is the perception that tools like ChangeBASE are only for one-time projects such as Windows 7 migration. The reality is that there is a continual stream of updates in the Windows platform, all of which have compatibility considerations, and capturing the application installer portfolio in a database that can be continually assessed against the moving platform target is a vital ongoing investment. After Windows 7, there will be Windows 8, and monthly updates to both of them, not to mention Service Packs. Terminal Server/Session Virtualization is hosted in Windows Server, which also has regular updates and Service Packs. App-V and the other application virtualization solutions are continually changing and improving, and many organizations already have Internet Explorer 6, 7, 8 and 9 on their networks, with 10 already in preview. With this constant flow of updates, it is essential to have a process for identifying compatibility problems as soon as possible.

An obvious second step in the roadmap is to add support for Windows 8 and the next wave of all the platforms it supports. Windows 8 promises full support for all applications that worked on Windows 7, but, there probably will be corner cases, especially for apps that only worked marginally on Windows 7. Windows 8 also offers support for ARM processors, new devices (tablets), a new UI and app paradigm (Metro) and Internet Explorer 10, all of which will bring their own challenges. Application compatibility is a growing – not shrinking – problem!

Beyond that, there is always more that can be automatically remediated, new application types and rules that can be added to the framework, and further automation in terms of repackaging applications for virtualization technologies.

Now that ChangeBASE is part of Quest Software, there will be further integration with other Quest products, especially in the areas of desktop management, desktop virtualization and user workspace management. Quest’s formidable presence and experience with Windows migrations provides excellent pedigree as the company expands into desktop and user workspace management. Expect to see closer integration with other products in the Quest portfolio as we leverage our strengths and build on our unique assets.

To read the full article, CLICK HERE.

Automatic Internet Explorer updates coming soon - are you ready?

Microsoft has recently announced that, as of 2012, Windows PC users will start being automatically upgraded to the most up-to-date versions of Internet Explorer available to them; Windows XP users who are still on IE6 or IE7 will be updated to IE8, whilst Windows Vista or Windows 7 users running IE7 or IE8 will be pushed to IE9. 

After years of trying to wean the world off IE6, it looks like Microsoft will finally be able to ensure that as many users as possible are benefiting from the increased security and enhanced functionality offered by later versions, without them having to make the move themselves.

Microsoft watcher Mary-Jo Foley has pointed out, however, that an opt-out has had to be put in place for those people, primarily IT admins and business users, who wish to remain on IE6. And why is it that these organisations can't keep up with the pace of change, while the world around them does? Largely, web application incompatibility. 

As Chris Jackson, The App Compat Guy, mentioned to Greg Lambert, CTA of ChangeBASE, now part of Quest Software, many organisations are finding themselves tied to an out-dated and inadequate IE6 environment by critical websites & web-based applications which may not be incompatible with a newer browser. Many companies simply don't know the impact that such an update would have, and testing them all is a costly and time-consuming job for even the most advanced of teams - one ChangeBASE client estimated that testing their 1200 web applications spread over nine countries would have taken a whopping 3000 man days, and approximately 1.5 million euros. Making such a move blind is simply not an option.

Organisations in this position have two options. The first is to remain on IE6 - your organisation's internal functionality remains intact, as it always has been, and business continues as normal. Normal, that is, for everyone apart from all your customers who want to engage with your website using their shiny new IE8/9 updates; those who are met with ill-presented, unprofessional-looking web pages, and those who want to buy online but can't complete transactions. 

Option two is to find out exactly how an upgrade to IE8/9 will affect your organisation, identify the problems you're likely to face, and deal with them. This is where the award-winning ChangeBASE Browse-It solution comes in, automatically testing the compatibility of websites, intranets, extranets, portals and web-based applications for compatibility with IE7, 8 & 9, and quickly reporting back on the problems that will need to be resolved. No more stagnating in IE6, no more compromised functionality in newer versions. Simple.

For more information on Quest's ChangeBASE browser solution, and video demonstrations, and please visit the product page.

Q&A with Jon Rolls of Quest Software #4

Jon Rolls talks to Virtual Strategy Magazine about how ChangeBASE accelerates Virtual adoption. 

VSM: How does this accelerate adoption of virtualization technology?

JR: Terminal Server/Session Virtualization is an extremely cost-effective Windows application deployment method that allows for high security and flexibility in device choice. However, a major barrier to its wider adoption has been application compatibility. Many older Windows applications exhibit a number of issues that prevent them from working in a multi-user, server-hosted environment. Many of these issues are easy to fix or work around, but require a skilled administrator or consultant to pinpoint the issues and suggest a fix. ChangeBASE provides a lot of that intelligence, and even the ability to remediate some of those problems and enable greater use of Terminal Server/Session Virtualization, providing for a more dynamic and cost-effective desktop deployment.

VDI has had fewer application compatibility problems historically, but there are still some “gotchas” that ChangeBASE can identify. After the initial wave of excitement about VDI, the enthusiasm for using very simple VDI platforms has been tempered with the realization that a more sophisticated desktop virtualization platform is required, with the ability to solve common application behavior problems in a hosted world. Again, ChangeBASE can help highlight these issues and identify how to get the most benefit from a desktop virtualization platform like Quest vWorkspace.

Application virtualization is a very different technology that also has not quite lived up to its promise. The theory is that by capturing applications in containers, they can be more easily deployed, updated and removed than by using a traditional application installer. The challenge has been that older and badly-behaved applications are not always easily captured inside the virtualization container. ChangeBASE supports four major application virtualization solutions, and can analyze an application for compatibility with all of them, providing the IT department with the information needed to make a successful choice and increase adoption of application virtualization.

To read the full article, CLICK HERE.

Microsoft Patch Tuesday Report December 13th

Application Compatibility Update

By: Greg Lambert

Executive Summary

With this December Microsoft Patch Tuesday update, we see a relatively large set of updates. In total there are 13 Microsoft Security Updates; 3 with the rating of Critical and 10 with the rating of Important. This is a relatively large update from Microsoft and the potential impact for the updates is likely to be moderate.

As part of the Patch Tuesday Security Update analysis performed by the ChangeBASE team, we have seen moderate cause for potential compatibility issues.

Given the nature of the changes and updates included in each of these patches, most systems will require a reboot to successfully implement any and all of the patches and updates released in this December Patch Tuesday release cycle.

 Sample Results

Here is a sample of the results for one application and a summary of the Patch Tuesday results for one of our AOK Sample databases:

MS11-091: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution.

MS11-093: Vulnerabilities in OLE Could Allow Remote Code Execution.

And here is a sample AOK Summary report for a sample database where the AOK Patch Impact team has run the latest Microsoft Updates against a small application portfolio:

A RED issue is generally one that pertains to how the code or actual program works. In this case we will flag as Red issues where a package tries to use objects or functions that have been deprecated from the OS or where their use has been restricted. In this case there are no changes that a packager (or AOK Workbench) can make to the install routine to fix the problem. The problem needs to be dealt with at the program code level by the programmer that wrote it or by providing a more up to date driver. However it is reasonably straightforward once a programmer has the information provided by AOK Workbench to make these changes. For vendor MSIs an upgrade may be required.

An AMBER issue is one that pertains to the installation routine. A packager can change things in the installation routine and so can AOK Workbench. Anywhere an issue is found and a change can be made to the installation routine to get rid of it we will flag it as amber. AOK Workbench fixes almost all of the issues it flags as amber. For the few issues that require a decision to be made, a packager can manually remediate these using the issue data provided by AOK Workbench.

Applications flagged as GREEN have no issues identified against them.

Testing Summary

MS11-087	Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417)
MS11-088	Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege
MS11-089	Vulnerability in Microsoft Office Could Allow Remote Code Execution (2590602)
MS11-090	Cumulative Security Update of ActiveX Kill Bits (2618451)
MS11-091	Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2607702)
MS11-092	Vulnerability in Windows Media Could Allow Remote Code Execution (2648048)
MS11-093	Vulnerability in OLE Could Allow Remote Code Execution (2624667)
MS11-094	Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2639142)
MS11-095	Vulnerability in Active Directory Could Allow Remote Code Execution (2640045)
MS11-096	Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
MS11-097	Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2620712)
MS11-098	Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171)
MS11-099	Cumulative Security

Security Update Detailed Summary

MS11-087	Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417)
Description	This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits a malicious Web page that embeds TrueType font files.
Payload	Win32k.sys
Impact	Critical - Remote Code Execution

MS11-088	Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege
Description	This security update resolves a privately reported vulnerability in Microsoft Office IME (Chinese). The vulnerability could allow elevation of privilege if a logged-on user performed specific actions on a system where an affected version of the Microsoft Pinyin (MSPY) Input Method Editor (IME) for Simplified Chinese is installed. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. Only implementations of Microsoft Pinyin IME 2010 are affected by this vulnerability. Other versions of Simplified Chinese IME and other implementations of IME are not affected.
Payload	Not Defined
Impact	Important - Elevation of Privilege

MS11-089	Vulnerability in Microsoft Office Could Allow Remote Code Execution (2590602)
Description	This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload	Not Defined
Impact	Important - Remote Code Execution

MS11-090	Cumulative Security Update of ActiveX Kill Bits (2618451)
Description	This security update resolves a privately reported vulnerability in Microsoft software. The vulnerability could allow remote code execution if a user views a specially crafted Web page that uses a specific binary behavior in Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for four third-party ActiveX controls.
Payload	Not Defined
Impact	Critical - Remote Code Execution

MS11-091	Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2607702)
Description	This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload	Mspub.exe, Prtf9.dll, Ptxt9.dll, Pubconv.dll
Impact	Important - Remote Code Execution

MS11-092	Vulnerability in Windows Media Could Allow Remote Code Execution (2648048)
Description	This security update resolves a privately reported vulnerability in Windows Media Player and Windows Media Center. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Digital Video Recording (.dvr-ms) file. In all cases, a user cannot be forced to open the file; for an attack to be successful, a user must be convinced to do so.
Payload	Encdec.dll
Impact	Critical - Remote Code Execution

MS11-093	Vulnerability in OLE Could Allow Remote Code Execution (2624667)
Description	The vulnerability could allow remote code execution if a user opens a file that contains a specially crafted OLE object. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload	Ole32.dll
Impact	Important - Remote Code Execution

MS11-094	Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2639142)
Description	This security update resolves privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited either of the vulnerabilities could take complete control of an affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload	Not Defined
Impact	Important - Remote Code Execution

MS11-095	Vulnerability in Active Directory Could Allow Remote Code Execution (2640045)
Description	This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow remote code execution if an attacker logs on to an Active Directory domain and runs a specially crafted application. To exploit this vulnerability, an attacker would first need to acquire credentials to log on to an Active Directory domain.
Payload	Adamdsa.dll
Impact	Important - Remote Code Execution

MS11-096	Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
Description	This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-3403.
Payload	Excel.exe
Impact	Important - Remote Code Execution

MS11-097	Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2620712)
Description	This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to send a device event message to a higher-integrity process. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Payload	Csrsrv.dll
Impact	Important - Elevation of Privilege

MS11-098	Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171)
Description	This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to exploit the vulnerability. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Payload	Ntkrnlmp.exe, Ntkrnlpa.exe, Ntkrpamp.exe, Ntoskrnl.exe, Mpsyschk.dll
Impact	Important - Elevation of Privilege

MS11-099	Cumulative Security
Description	This security update resolves three privately reported vulnerabilities in Internet Explorer. The most severe vulnerability could allow remote code execution if a user opens a legitimate HyperText Markup Language (HTML) file that is located in the same directory as a specially crafted dynamic link library (DLL) file.
Payload	Not Defined
Impact	Important - Remote Code Execution

*All results are based on a ChangeBASE Application Compatibility Lab’s test portfolio of over 1,000 applications.