Unpacking MSIX: What the MSIX journey will bring in 2021

Two years after Microsoft debuted its next generation app deployment package, MSIX continues to gain acceptance and adoption because of the benefits it brings in terms of security, ease of use and reliability in application installations. Some 75% of those surveyed in a recent Revenera poll plan to bundle software as MSIX in the next 9-12 months, driven in large part by the migrations to Windows 10, the ability to now work it into major release cycles and enhancements to the technology itself.

Revenera and Microsoft have been close partners on the MSIX journey, with Revenera’s InstallShield now fully supporting MSIX. To that end, Microsoft’s John Vintzel, who is the Principal Program Manager of MSIX, and Venkat Ram Donga, who leads Revenera’s Installation Solutions as Senior Technical Product Manager, shared candid conversation on what they’re seeing from customers and how the technology has and will evolve on a recent webcast, “The MSIX Journey: What Have We Learned?”

Unpacking that conversation on packaging technologies, here are some of the highlights.

What are examples of apps going the MSIX route?

The majority of the apps preinstalled as part of Windows 10 leverage MSIX, Vintzel said. This includes the Weather App, Mail App, etc. PowerBI has an MSIX package available in the Microsoft store. 

Why should enterprises adopt MSIX?

The No. 1 reason is reliability. MSIX provides a reliable install with a 99.96% success rate over millions of installs, as well as a guaranteed clean uninstall. The other part of the reliability equation is security. MSIX is ensuring that only trusted apps are being deployed on the devices and that updates are really easy to manage, according to Vintzel. 

How is MSIX different (and better) with respect to security? 

A lot of installers aren’t signed and there isn’t enforcement on the packages, according to Vintzel. But MSIX requires that all applications be signed with a valid code signing certificate. The package must be trusted on the device to successfully install, meaning the certificate has to chain to one of the trusted roots on the device.

There’s also package block map files that work to ensure that only files intended to be part of the deployment are in the package. If something else slips in, the deployment won’t be completed, according to Vintzel. The block map file is an XML document that contains a list of the app’s files along with indexes and hashes for each block of data stored in the package.

How easy is it to create a package?

One of the things Venkat likes best about MSIX is that everything in the package is one single manifest file and there is no need to go through complex scripts. The declarative nature of the installation manifest simplifies deployment. But one friction point, he said, is that all existing apps using other packaging technologies have to be repackaged in MSIX.

Vintzel said improvements in the Package Support Framework (PSF) are intended to help with that. PSF is a toolkit from Microsoft targeted at fixing up traditional Win32 apps that have limitations running in the modern MSIX container. One of its benefits is rules that keep the integrity of the app and help the apps run without making code changes using techniques similar to detours which will intercept specific calls and do redirects, as needed.

Another area to point to here is MSIX Core, which brings MSIX support to versions of Windows earlier than Windows 10, version 1709. The open source project on GitHub has a great role as a stop gap, Vintzel said, but not a primary adoption method. Most customers have encouraged Microsoft to focus on new features in MSIX, as customers intend to announce EOL for their apps for older operating systems, sooner or later.

Can you talk about Microsoft’s commitment to open source with MSIX?

With the MSIX SDK, Microsoft is moving more and more of the tooling outside of the Windows SDK and platform and embracing more cross platform development, with the big goal being to “do more open” Vintzel said, and make it easy to adopt MSIX as a developer regardless of the platform.

What’s coming down the pipeline in terms of MSIX roadmap?

Microsoft has been improving the update features for apps shipping outside the Microsoft store, according to Vintzel. Developers and enterprise IT want to ship via their own channel, and a centralized platform will make updatability from their own distribution networks as easy as possible. Microsoft is also creating the concept of a shared container to make it easier to create a boundary around apps so they can all interact.

Does MSIX stand for anything?

Naming is always kind of fun, Vintzel said, and MSIX “doesn’t really stand for anything. If you follow the Microsoft technology pattern and throw an X on it, it makes it better.”

Leave a Reply

Your email address will not be published. Required fields are marked *