VMware Thinapp – An Introduction To Application Virtualization

VMware Thinapp is a suite of components that work together to virtualize applications. In basic terms Thinapp abstracts the file system and registry of a given application into a single executable file – decoupling it from the host Operating System (OS).

The Thinapp 'Suite' of Applications

This independence from the host OS has many benefits and a few drawbacks (depending on how you look at things).

Obviously isolating applications from the OS has security benefits, especially when something like a virus or malware is confined to a sandbox. The fact that applications can be configured before deployment is another great benefit from a standard installation. Probably the greatest benefit of application virtualization is conflict free application delivery. Need to run multiple applications with different versions of Java Runtime Environment? Not a problem!

The downside is that there are simply applications that Thinapp cannot virtualize – examples include Antivirus software, firewalls and device drivers. Other applications with shell integration might suffer from reduced functionality, for example an application that integrates its own menus into Windows Explorer. This is not an exhaustive list by any means so consult the Thinapp User Guide if you need more clarification.

Thinapp has a wizard driven interface that belies the potential complexity that you might encounter virtualizing something like Office 2007. Best practise is to run Thinapp on a “clean” virtual machine – which basically means a virtual machine with just the OS. You can install Thinapp on your virtual machine or run it from an available file share. I would recommend using VMware Workstation or vSphere for hosting the clean virtual machine as these products support multiple snapshots (which means that you will be able to revert your virtual machine to its original state to virtualize another application).

So how does Thinapp work? Well, Thinapp first performs a prescan of the clean virtual machine. Then you install your chosen application. Thinapp will then perform a postscan which identifies the changes made to the prescan baseline. After this you configure various settings and (optionally) build your virtual application.

Showing you each step of the process through the Thinapp wizard would be a little tedious so I am going to show you the most important screenshots with a brief discussion of each. At this point in the Thinapp wizard I have completed the prescan, installed Firefox and completed the postscan.

Application entry points are basically the executables that you want to be available in your virtualized application. So for Firefox we would obviously need Firefox.exe and probably want the safe mode executable too. The entry points for debugging will give you shortcuts to a command prompt, regedit and Internet Explorer that can all be used to debug your virtual application.

Entry Points

Isolation modes effect how much access the virtual application has to the host OS file system. As you can see the WriteCopy isolation mode is the most tightly sandboxed mode having access to only the Desktop and My Documents folders on the host.

Isolation Modes

After this you choose where the virtual application’s sandbox will exist (but that is not very exciting) so we’ll move on to package settings. Here we select the primary entry point – essentially this is the main executable that Thinapp will produce. If the application is large it will be split between this executable and a separate .dat file. For Firefox we would want the primary entry point to be Firefox.exe or Mozilla Firefox.exe. The next option is to produce an .msi package – this is an installer for your virtualized application that will register file associations and shortcuts to the application. You will want to compress the final build of your Thinapp applications.

Package Settings

The final screen in the wizard is the Ready to Build screen. Here we can access the project folder that contains the virtualized file system and registry of our target application. We can also configure more advanced Thinapp options if we need to in the package.ini file.

Ready to build

This is what the project folder for Firefox 3.6.3 looks like:

As you can clearly see there is a virtual file system that includes (amongst other things) a Program Files directory – and a virtual registry that includes windows registry hives in plain text (.txt) form.

Conceptually we end up with something like this once we have built our Thinapp application:

Inside a Thinapp package is a small Virtual Operating System (VOS) that is roughly 400k on disk and about 2Mb in RAM. Thinapp virtualizes the registry and file system of the target application and links it to the VOS within a single compressed .exe file.

Well that’s it for my introduction to Thinapp – for reference I used Thinapp 4.5, Windows 7 and vSphere.

The current version of Thinapp, version 4.5 supports Windows 7 and a 60 day trial is available from VMware: http://www.vmware.com/products/thinapp/.


2 thoughts on “VMware Thinapp – An Introduction To Application Virtualization

  1. Great review! ThinApp is a great application delivery tool and as you stated has a few drawbacks, my biggest concern is application security. VMware needs to improve its capability to secure the application once placed in a ThinApp package. For example what is most often overlooked, once bundled by ThinApp the application has no embedded security preventing the application from execution and use on unauthorized systems. In short, if the user has access to copy the ThinApp package to portable or removable storage devices the user then can then post the application on the internet for anyone to use. I have been told by VMware there is work been done to include application “entitlements” with their soon to be released (delayed) View Manager 4.5 or perhaps a follow on release update.

    Thanks again!

    Jim Lathan

  2. Him Jim, thanks for taking the time to comment. I had not yet heard of application entitlements, so this is an intriguing topic. I was reading today that View 4.5 was scheduled for release in July but was postponed at the last minute …


    So we will have to wait and see if VMware releases View with a client hypervisor to compete with (the expected) XenClient.

    Getting back to your main point – I would also be very interested to understand the mechanism by which application entitlement would work in securing the spread of corporate Thinapps outside of the domain … it also makes me wonder how widespread this problem is (if anyone has any means of tracking it even).



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s