Office 365 ProPlus Administrator Series: Office 365 ProPlus Service Components – a look at Identity, Click-to-Run delivery, Roaming Settings and…

Author: Jeremy_MSFT Originally published to the Office 365 Preview blog. Office 365 ProPlus comprises of multiple service components. John Jendrazak hit on many of these topics with his post on the Office Next blog , but I will try to frame this for the IT admin for managed environments. The user is at the center of the service and is empowered to experience Office across all of the devices they use. Office 365 ProPlus enables its users to install Office on up to five computers and even access rich Office experiences on computers used temporarily when combined with SharePoint Online. So whether at home, in the office or on the go, Office 365 ProPlus users are productive and connected. Their application settings, links to recent files and folders, custom dictionaries and even bookmarks to the last position they were in a document roam with them from device to device. At the same time, IT administrators can manage these experiences, access to services, deploy Office on behalf of their users and quickly add or remove user accounts – even for seasonal or temporary workers. This section explains the architecture and anatomy of the services and technologies to enable the Office 365 ProPlus experience Identity At the core of the Office 365 ProPlus service is the concept of identity. An active user account in Office 365 provides the key for the rest of the Office 365 services. Every Office 365 user has an Online Services ID which both provides access to services and also stores a key list of personalization settings and links to most recently used documents for Office 15 applications. Microsoft Online Services IDs and corresponding personalization information are stored centrally in Windows Azure and loaded by the Office application during application launch, or when switching between accounts while running Office programs or when logging into Office365.com. Office 365 ProPlus software installations will require the user to sign in with this identity to activate Office 365 software. IT administrators can also provision or de-provision user accounts along with their rights to access services as needed; status changes are quickly reflected in user applications and services. Below are architectures of the three primary identity options for organizations using Office 365.      Microsoft Online Services ID           This option does not require on premises infrastructure or directory services. Administrators can manually import users from a local directory, but as new users join or others leave the local directory service, the administrator will need to manually provision or de-provision accounts. Passwords, authentication and authorization are managed in the cloud.   Microsoft Online Services ID with Directory Synchronization     This option is used with on premises Active Directory directory services and will synchronize user accounts from a directory service. In this case, User Principle Names and relevant user attributes are synchronized every three hours with the online directory store. Passwords, authentication and authorization are managed in the cloud. Single Sign On with Active Directory Federation Services     This option is used when organizations want to share the same sign on information as used with their local domains for users accessing Office 365 services. This option retains the same sign on for Office 365 services and local directory services. On premises infrastructure is used to manage passwords, authentication and authorization for Office 365 services. Passwords are not stored or managed in the cloud.  Click-to-Run Delivery Click-to-Run delivery is new to Office 365 ProPlus and enables Office applications to be delivered using application streaming technology. The time needed from initiating an installation of Office Click-to-Run to first use can be as little as one minute, whereas traditional Office installations can easily take more than 20 minutes. There are several additional advantages for using Click-to-Run, including: -           Side-by-side support to run the new Office with previous versions of Office -           Discrete software updating without interrupting end users -           Easily customizable with Office Add-ins, dependent applications and Office Apps -           Faster installation and faster first run experiences compared to traditional Office installations -           Flexible deployment and installation options from self-installation to enterprise “push” deployments Click-to-Run is rooted in multi-year investments with Microsoft’s application virtualization technologies and Office 2010 Click-to-Run. Based on customer feedback and continuous improvements of these deliveries, Click-to-Run in the new Office enables local applications and add-ins to interact with Office installations – something not possible with other forms of application virtualization delivering Office or Office 2010’s Click-to-Run implementation. Click-to-Run also uses virtual file system (VFS) as opposed to a mount point installation (MNT) to avoid creation of a Q: or similar drive.   Comparison of Office 365 ProPlus Click-to-Run with Microsoft Application Virtualization 4.6 and Office 2010 One of the biggest differences with this model compared to other variations of application virtualization are that Office features are loaded at a component level instead of waiting for a large feature block. In the old model 5-10% of the application is typically loaded as the first feature block and that allows the application to launch and perform a few basic tasks. The rest of the application is then loaded and cached while you work within the boundaries of the first feature block. This model works extremely well with smaller applications, but a standalone Office application is several hundred MB with many components shared across the Office suite of applications. So the larger feature block had to be broken up into a component level to aid the first launch experience. The components are all loaded according to a pre-defined queue and if a user attempts to load a feature lower in the queue before it is there, that feature is loaded dynamically to get those portions of the application working. Cache continues to come in in the background via intergratedoffice.exe processes running to cache the entire Office suite – even while applications are in use. I often get the question, “Do I need to use all of the application functions for them all to load into cache?” No, while your usage can manipulate what features are prioritized, eventually all features are cached in the background. The next major difference is that in the past, virtual applications were completely isolated from each other. That was quite beneficial in the Windows XP and earlier days when DLL conflicts were common. The DLL conflict issues were largely solved in Windows Vista with file and registry virtualization and for many business users first experienced in Windows 7 when IT admins began to realize that file and registry virtualization (renamed User Account Control Virtualization) solved most of the application-to-application conflict issues natively in Windows. For Office, the isolation model was a challenge because Office is by nature an extensible platform with other applications calling into it and those of you using Office Starter or the trial experiences of Office 2010 (aka Click-to-Run v1) will remember that Office add-ins could not talk to the installed versions of Office. Likewise if App-V 4.6 was used to deliver Office 2010, it meant I had to sequence add-ins into the Office sequence and if I tried to do something like install Power Pivot as a local executable atop an App-V-delivered copy of Excel 2010, it would not work by design and your application packaging team would need to re-sequence the Office package to include Power Pivot. All of these events, updates to the Windows platform and challenges meant we needed to open up the isolation model and allow for local customizations, applications and add-ins to integrate with Office Click-to-Run. Despite Office 365 P
roPlus using application virtualization, other objects on the system can interact with it. One of the easiest examples to see this is with the installation of language packs – once I have a base install of Office using Click-to-Run, I can install a language pack to modify how Office runs. The same is true for add-ins and other local customization. While we added the ability to integrate with local applications, we kept the ability to install side-by-side with other versions of Office. This was possible in the old days with MSI-based installation, but there were always a number of issues with having two versions of Office installed. Many of these issues go away with application virtualization, but some remain like which application should own default file associations. In Windows 7, the last installed application wins and in Windows 8, users are asked to determine the default program. Despite some of the challenges with side-by-side, it dramatically reduces the risk of rolling out the new Office, because users can revert to an older version in the rare cases when they detect a file incompatibility or other customization that does not work as intended.  In the real world and despite best intentions, admins can’t always test every file and every add-in out there before rolling a new version of Office into production, so the side-by-side support helps. The challenge then becomes how to establish a plan for removing the older Office version and determining those policies and practices because you don’t want to be stuck in the future with two or more versions on Office in support – especially when they are on the same machines. In other words, side-by-side should be used to ease the transition and move some of the testing back to the user, but shouldn’t be relied on as a permanent configuration.     Office 365 ProPlus running side-by-side with Microsoft Office 2003 Now that I am on the topic of support, let’s talk about software updating. Many people think that updates are forced upon users and while some will like the “always up-to-date” phrase and let automatic updates happen (or just approve update files as they come in), others may not – especially those who have seen updates cause major issues. IT administrators using Click-to-Run have full control of the software update experience and can opt to receive automatic updates or roll out specific Office builds based on organizational testing and validation. A range of the most recent Office Click-to-Run builds will be provided to Office 365 administrators to help them remain current, while providing the flexibility to allow for testing prior to deploying new builds into production. Do users need to install Office 365 ProPlus themselves? No. While it might sound like freedom to some people to be able to install their own applications, for some of the companies I worked with when I was in Windows with 200,000 applications or even more reasonable numbers like 10,000 applications, it probably isn’t a good idea to ask every new hire to go ahead and manually install the 50-100 apps they might need to be productive. So we as IT admins need a way to install applications on a user’s behalf – what I like to call “push deployment” versus self-service scenarios where I would call it a “pull deployment.” Click-to-Run is designed to integrate with existing IT service management tools and processes to enable push and pull deployments in a managed way with products like Microsoft’s System Center Configuration Manager or other enterprise software distribution tools. A Click-to-Run installation is installed on the local PC and available to other users of the PC as with MSI-based software installation, so it works similar to how we would deploy an MSI or any other EXE-based package today and in fact Click-to-Run uses EXE files to initiate an installation. Once the installation is fully-cached, Office is available for use offline, without connecting to the Internet or the Office 365 service.   Roaming settings Roaming settings has been updated and extended to enable users to easily switch between devices and see the documents and files they were last working on. There were limited roaming settings capabilities in the past when Office was paired with Windows Live services, but the new Office extends roaming capabilities as a core part of the sign-in experience. When a user is logged in and launches an application, the following core settings are loaded into their respective Office apps: -           Links to recently used documents (http file paths) -           Links to recent places (http file paths) -           Last reading position in Word document -           Last viewed slide in PowerPoint -           Custom dictionary (all apps) -           Office theme and user picture (all apps)   John O’Sub is signed in to Word 2013 Preview automatically and his recent files and folders are displayed as well as Office theme These settings are loaded into the Office applications as the applications launch. Because the files (documents, spreadsheets, presentations, notes, etc.) themselves are not roaming, there isn’t a measurable impact on application launch performance. Consumer experiences in Office.com will also enable relevant settings to roam with the user portal experience, such as recently used documents and recent places. Office on Demand Office on Demand is a new delivery option for Office and uses a variation of Click-to-Run to enable Office application streaming delivery on demand to any Windows 7 or newer PC with a connection to the Office 365 service. A user accesses Office on Demand via SkyDrive Pro in Office 365. In this case, the Office application – such as Word, PowerPoint or Excel – is streamed and usable in as little as 30 seconds. Office on Demand does not require administrator privileges on the PC, so it can be used on any Windows 7 or newer PC with an Internet connection – even PCs used temporarily. Office 365 ProPlus subscription users are not limited by the number of PCs they can access Office on Demand with. All application processes run from within the user profile and files by default will be opened from and saved to a SkyDrive Pro location associated with the user account. Office on Demand applications are delivered using the application virtualization isolation model, so it is not possible to customize Office on Demand applications with add-ins, customizations or dependent applications unless they are already present in existing Office installs. In this case the application is also not registering itself in the system or taking control of file type associations in Windows. Once the user has left the Office on Demand application session, subsequent users cannot access the Office applications or the previous user’s remotely stored files. Office on Demand is available for the following applications: -           Word -           Excel -           PowerPoint -           Access -           Publisher -           InfoPath Lync, OneNote, and Outlook are not available via Office on Demand delivery. Delivery of Office on Demand always consists of the most up-to-date build of Office 365 ProPlus programs and Office on Demand programs are always provisioned via Office 365 public cloud services, so unlike Click-to-Run delivery on premises described earlier, Office on Demand cannot be delivered via on premises infrastructure. When first launching Office on Demand from a PC, you will need to allow for an ActiveX Control called “Microsoft Office (Roaming)” to be installed. Once that Add-on is in place, users can launch Office on Demand. For organizations looking to use this approach for delivering Office to shared computers or other desktop service architectures, you can preinstall the ActiveX Control on PCs targeted for this delivery model in your organization. Office on Demand is also an excellent way to train users on the new Office user interface and features without requiring a broad deployment using software distribution infrastructure and be
cause users with Standard User account privileges can use Office on Demand, you will not need to grant users Administrator account rights.   Office on Demand programs are accessed via an active SkyDrive Pro account. The reason for this is that if a user is only temporarily on a PC and needs to access his or her files, then the entry point comes from opening a file and the save location will be back to the online location from where the file was opened. Office on Demand disables long term local cache to help ensure that when the program is closed and the user is signed out, files will be stored back up to the online location from which they were opened.   By clicking on a document, you will first launch the Office Web App associated with the file and in many cases, the Office Web App will provide sufficient functionality for both viewing and editing the file. If you want to use functionality not available in the Office Web App, you can choose to edit the file in a pre-existing Office or launch a new Office program using Office on Demand.   To launch the Office on Demand program from the Office Web App, you can click EDIT DOCUMENT in the Web App’s viewer mode (above) or EDIT IN WORD in the Web App’s edit mode. Similar processes are used with other Office programs like PowerPoint and Excel.   The Office on Demand program data is stored in the %userprofile% root folder. After Office on Demand is launched for the first time on a PC and Office is fully-cached in the %userprofile% directory subsequent launches of Office on Demand programs are nearly instantaneous, because they are executing from local cache. Once the Office builds are updated on the Office CDN, then launching Office on Demand will stream the Office programs again with the updated build. Bringing the Pieces Together The identity aspects light up many pieces of the service and having an anchor ID in place for the user makes multi-device installation, managed user de-provisioning, roaming settings, Office on Demand and many service-side capabilities possible.  Just as directory services have been the backbone to making traditional on-premise/private cloud services, systems management, collaboration and other workloads function, the online ID is vital to enabling the service model. Identity enables content and application delivery experiences with Office 365 ProPlus and extends further into other workloads when you move past the corporate network's DMZ and begin mixing managed and personal devices. If you really want to go deep on identity management options, check out the Office 365 Deployment Guide for Enterprises .  For more information about Click-to-Run, I'll go deeper in the next couple of posts, but you can also check out the Click-to-Run overview  and the Click-to-Run for Office 365 setup architecture overview on TechNet. 

See the original post here:
Office 365 ProPlus Administrator Series: Office 365 ProPlus Service Components – a look at Identity, Click-to-Run delivery, Roaming Settings and...


Leave a comment!

You must be logged in to post a comment.