locked
Switch streaming protocol from RSTPS to HTTPS RRS feed

  • Question

  • I remember reading that one of the deployment options was to stream application over HTTPS, which will make it much easier to support remote users. I am currently using RSTPS on the App-V management server I recently setup, and I would like to compare the speed of the application delivery over HTTPS. However when I open up the console and go to myappvserver, Server Groups, Default Server Group, myappvserver, properties, and view ther ports tab the only protocols available are RTSP and RTSPS.

    Is there something specific I have to do during the installation in order to be able to stream over HTTPS?
    Thursday, June 25, 2009 5:01 PM

Answers

  • Hi,

    using the IIS installed on the App-V Management Server for HTTP/S streaming is quite easy:
    - Create a Virtual Directory on IIS that points to the content folder (you also should name it "content". You probably already have done this if you deploy Icons and OSDs via HTTP/S)
    - Add the mime type "SFT" to the HTTP Header of either that Virtual Directroy or the WebSite
    - Add a Server Certificate to the IIS (well, in fact it is: add a Server Certificate to the Machine that will be used by IIS)

    When you create new packages, you could use the new URL in the Sequencer. As znack wrote, consider using ASR to "redirect" older package's streaming



    IMPORTANT: When using the Secured way of communication protocols, nver only use hostnames. Do use "appv-server.mycompany.intra" instead of "appv-server" for
    - Publishing Server URL on the Client
    - ASR/OSR/ISR overwrites on the Client
    - System Options Default Path on the App-V Management Console
    - Server URL fields during Sequencing (if you want to have the right URL already in your OSDs and to overcome ASR/OSR usage)

    Client Machine of course have to have to trust the CA that issued the Server Certificate.


    Falko
    • Proposed as answer by znack Tuesday, June 30, 2009 8:24 PM
    • Marked as answer by Aaron.ParkerModerator Monday, June 6, 2011 9:30 AM
    Friday, June 26, 2009 6:24 AM
    Moderator

All replies

  • Hello,

    The Streaming / Management server will probably only stream RTSP/RTSPS  since HTTP/HTTPS would only be used if a pure IIS-installation would deliver the apps.

    If the case is a so the ASR/ISR/OSR client registry keys could be setup to point to an alternative source.
    (ASR can be configured during installation of the client).

    If you want to deliver the apps in a control environment there are two whitepapers regarding best practice for secure environments.
    I would assume that RTSPS would be the way togo with streaming / management server...
    Whitepapers;
    http://technet.microsoft.com/en-us/appvirtualization/cc843994.aspx

    /Znack
    Thursday, June 25, 2009 5:51 PM
  • I spoke to the App-V team at TechEd and they seemed to indicate that the streaming was faster through HTTPS. Is this something you have observed?
    Thursday, June 25, 2009 8:33 PM
  • Hello,

    I have never utilized HTTP/HTTPS, but then again I am usually seeing something like 80-90% utilization on a 100mbit NIC when using RTSP... so how much faster would be fast enough?

    /Znack
    Thursday, June 25, 2009 9:46 PM
  • I would review the Server Sizing Guide avaialble at:

    http://go.microsoft.com/fwlink/?LinkId=127120

    I think the term faster is an interesting choice as the network is always the limiting faster when loading applications.  The answer is that it is faster than RTSP although not necessarily tons faster and that is if looking at individual loads.   Also remember that at some point even if IIS is faster it will eventually saturate the link and have to either slow down each connection or not allow additional connections.  We can assume it will not drop additional connections.  So if you have 1000 users all attempting to load packages at the same time and you have a server using HTTP(s) and another using RTSP(s), individual loads per client should perform fairly similar since there is only a maximum amount of water that can go thru the pipe.

    Where IIS is much faster is on application launch.  That is an area where it is drastrically different.

    hope this helps

    mattmcdermott

    Thursday, June 25, 2009 10:49 PM
    Moderator
  • Good Info. Could I stream over HTTPS in a single server deployment (actually the SQL DB is on another server), using the IIS installed on the bow rather than connecting to AN IIS Farm? If so how could I do so?
    Thursday, June 25, 2009 10:55 PM
  • Hi,

    using the IIS installed on the App-V Management Server for HTTP/S streaming is quite easy:
    - Create a Virtual Directory on IIS that points to the content folder (you also should name it "content". You probably already have done this if you deploy Icons and OSDs via HTTP/S)
    - Add the mime type "SFT" to the HTTP Header of either that Virtual Directroy or the WebSite
    - Add a Server Certificate to the IIS (well, in fact it is: add a Server Certificate to the Machine that will be used by IIS)

    When you create new packages, you could use the new URL in the Sequencer. As znack wrote, consider using ASR to "redirect" older package's streaming



    IMPORTANT: When using the Secured way of communication protocols, nver only use hostnames. Do use "appv-server.mycompany.intra" instead of "appv-server" for
    - Publishing Server URL on the Client
    - ASR/OSR/ISR overwrites on the Client
    - System Options Default Path on the App-V Management Console
    - Server URL fields during Sequencing (if you want to have the right URL already in your OSDs and to overcome ASR/OSR usage)

    Client Machine of course have to have to trust the CA that issued the Server Certificate.


    Falko
    • Proposed as answer by znack Tuesday, June 30, 2009 8:24 PM
    • Marked as answer by Aaron.ParkerModerator Monday, June 6, 2011 9:30 AM
    Friday, June 26, 2009 6:24 AM
    Moderator
  • Also remember that OSD and ICO files are never steamed over RSTPS and are downloaded from the content share, these files van only be secured over HTTPS. So even if you use RSTPS it is still wise to install a HTTPS server just for these files ( if you want full security).

     

    Monday, June 6, 2011 8:38 AM