Contact Support
  • Open or view cases
  • Chat live
  • Site feedback
Sign in
Contact Support
  • Open or view cases
  • Chat live
  • Site feedback

Customers who viewed this article also viewed

{{item.title}}
banner
CTX225952 {{tooltipText}}

Citrix App Layering 4.x: Best Practices

Article | How do IOther | {{likeCount}} found this helpful| Created: {{articleFormattedCreatedDate}} | Modified: {{articleFormattedModifiedDate}}
downloadWhy can't I download this file? Log in to Verify Download Permissions

Applicable Products

  • Citrix App Layering 4.x

Information

Table of Contents

Operating System Layer

  • Have one Operating System layer per Operating System (Windows 7 32-bit, Windows 7 64-bit, etc)
  • Application and Platform layers are tied to the Operating System layer they were created on.
  • Before a version or layer can be deleted, it must not be in use by a template.
    • You can highlight in the delete pane to see how many templates are using it.
  • After performing an App Layering upgrade, the App Layering drivers, including Elastic, will automatically be updated upon the next publish of a layered image. There is no need to version the Operating System.
    • 的scripts that come with each version may be updated. These should be added to the next version you create for your OS layer to patch it.
  • 的Operating System layer is always the lowest priority layer. It is always at the bottom of the layer stack no matter what the version date and time is.
  • Hypervisor tools of your main hypervisor should be installed into the Operating System layer.
    • For example, if your main hypervisor is vSphere, you must put the vSphere tools in the OS layer. If you then plan to deploy to XenServer, then those tools are put into the Platform layer.
  • .NET and other Operating System components are best delivered using the Operating System layer.
    • If software has Microsoft components, install those in the OS layer first (for example, the Citrix VDA has Microsoft runtimes as prereq’s. Put those in the OS layer before installing the VDA in the Platform layer).
    • This way you only need to run Windows Updates against one layer.
    • Microsoft Office or other major software from Microsoft is an exception to this rule. Those are best put into Application Layers.
  • Disable Windows Updates using a local GPO as this will work in all Windows Operating Systems
    • Run gpedit.msc change Computer Configuration > Administrative Settings > Windows Components > Windows Update > Configure Automatic Updates > Disable
  • 不要将应用程序安装到操作系统层。的OS layer should be as generic as possible. You cannot swap out the OS layer like you can with App Layers and Platform Layers.
  • Always use KMS for Windows Activation. Run SetKMSVersion.exe when creating your OS layer to configure the startup scripts to activate the correct version of Windows.
  • Any extra user accounts or groups need to be created in the OS layer. Any domain group membership changes need to be done through Group Policy.

Operating System Patching

  • Updating the Operating System should be done by adding a version to the OS layer not a separate layer.
  • If you use any MS products that are updated by Windows Update but don't have a separate section like Office does, include those in the OS layer as well. For example, Windows Defender, Silverlight, runtimes, etc.
  • If in your OS layer the OS says it's not activated then you must reactivate. We provide activation scripts in the c:\windows\setup\scritps\kmsdir folder.
  • Always reboot one more time than the software asks for just to be sure. Should be after disabling updates.
  • If you have hypervisor tools in the OS layer and need to update them, add a version to the OS layer.
    • You may also have to recreate your Platform layer due to portions of the hypervisor tools being pulled into the Platform layer.
  • Create a new layered image and TEST

Platform Layers

  • A Platform layer is typically comprised of the provisioning tools, broker tools and domain join. Hypervisor tools may be part of the Platform layer IF it is your secondary hypervisor.
  • 的Platform layer has the highest priority when creating the layered image. This means it is applied last so it’s settings will override all other layers.
  • Sometimes an application must be put into the Platform layer. If an application requires interaction with the Single Sign On feature of the broker agent, then that would necessitate putting the application into the Platform layer. For example, Imprivata typically requires this.
  • 的Windows security database that holds users and groups is encrypted. Due to this encryption, the database cannot be layered, therefore, domain users or groups added to local security groups are not honored when the layered image is built. For example, domain admins are not in the local administrator group.
    • It is best to use Group Policy to populate local groups.
  • If you need to attach extra disks to your Platform Layer for your Provisioning System - for instance, Cache disks or a BDM in PVS - attach them and let Windows detect them and reboot as necessary. When you are ready to Finalize the layer, double-click on the Shutdown for Finalize icon. When the machine is off, remove the extra disks. The Finalize operation from the ELM will fail if there are extra disks on the VM. But don't remove them until Windows is completely shutdown and you are ready to finalize the layer.

Application Layers - Before Install

  • Only use pre-reqs when absolutely necessary for proper application installation
    • To see if an application was installed with a pre-req, click the info box of the application.
  • Per user settings captured in a layer will not be applied to your end users. For example, anything put into the user profile is only captured for the user you logged in as (most cases local administrator)
  • 可以几乎任何应用程序层。他们can be files/folders/registry settings that you want delivered to virtual machines, they can be single or multiple applications. There is a lot of flexibility in how you use layers.
  • When creating a new layer, never adjust the “Layer Size” down from the default of 10GB. You can increase the setting if you are packaging a large application.
    • All layers are thin provisioned when stored on the ELM, so even if you are planning on a layer that is very small, never adjust down.
  • Many customers have a utility layer or enterprise application layer that holds the most common components to be delivered to desktops. For example, if Flash, Adobe Reader, and Java are going to be delivered to all/most desktops, then they are put into the same layer.
    • 经常更新的应用程序也可以be put in the same layer as well
  • Citrix recommends including the OS Type and OS bit level in the name, for Example Microsoft Office Pro 2010 Win7x32. For versions remember that when choosing a layer, you can see the version name but not the version description. Use naming that will allow you to differentiate versions appropriately. For example, while still in development/testing “1.0 12-12-14-2012 QA ONLY”, but when ready for production “1.0 12-12-2012”.

Installation

  • Turn off automatic updates for applications. If automatic updates are left on, updates may cause issues with the layered image. For example, if an update requires a reboot, this could cause a reboot loop on the virtual machine.
  • When installing an application that requires being part of a domain, it is ok to add the packaging machine to the domain.
    • After installing the application, remove the packaging machine from the domain.
    • Clean up the left-over computer object in active directory

Applications

  • Anti-Virus can be delivered in an application layer or the operating system layer.
    • Citrix Documentation -Deploy anti-virus softwarehas more information on how to configure popular anti-virus solutions with App Layering.
  • Printer drivers can be layered but must be included in the layered image.
    • Local printers are defined in HKLM and will be captured in the layer.
    • Network printers are defined in HKCU and are not captured. Use Group Policy Preferences or login scripts to assign network printers to users.
  • Office can be layered but not elastically delivered. Please see CTX224566 -How to Setup Office with App Layering (Recipe)for information on how to layer Office
    • For additional Office applications (Project, Visio, etc), the base Office layer must be a prerequisite.
    • To keep Office licensing happy, it may be best to create layers for the different combinations of Office plus additional Office applications. For example, a layer with Base + Project, a layer with Base + Project + Visio, etc.
  • We recommend deploying all office applications as part of the layered image, not elastically. This may require several images.
  • .NET is best delivered using the Operating System layer.
  • After a .NET application is installed it is normally required to run the ngen process.
    • Run ‘ngen.exe update’. Do use the ‘force’ switch.

Application Patching

  • Always patch applications as a new version of the application layer
  • Use your latest production OS version with the application patch
  • For Microsoft products like Office, make sure you update the OS layer first to avoid seeing the OS updates when you update Office
  • You will have to enable their update process. If you need to uninstall and reinstall an application or if updating to a new major version of an application, it might be better to create a new application layer. Remember to test this thoroughly because it might affect licensing.
  • Remember to disable the automatic update process before finalizing
  • Remember to clean up any installers or temp directories before finalizing
  • Always reboot one more time than the software says to
  • Always TEST before deploying

Elastic Layers

  • An application can be applied to the layered image and elastically
    • Do not elastically deliver an application if it’s part of the layered image. For example, if Firefox is part of the layered image, do not deliver it elastically to that image.
  • Consult the Elastic layer log at c:\programdata\unidesk\logs\ulayersvc.log to troubleshoot Elastic layers and to find the amount of time it took for Elastic layers to be mounted.
  • 的re is a login hit when attaching an Elastic layer. The amount of time it takes to mount a layer can be seen in the log file.
    • If testing individual Elastic layers, the log in hit is not cumulative. For example, if you test 5 apps individually and it takes each application 2 seconds to mount a layer, that does not mean that it would it take 10 seconds of time to mount all 5 at the same time.
    • 的re are many portions of the Elastic layer login process that happen only once or are done in parallel.
    • Layers with services will add more time to the logon as the services must be started before the logon is allowed.
  • For virtual desktops, the user will always see the login hit. For Session Host, only the first user mounting the layer will see the login hit. All other users with access to that Elastic layer will log in at regular speeds.
  • Citrix App Layering will help determine if an application can be Elastically delivered. This is called Elastic Fit. Click the ‘i’ on an application and then the ‘+’ next to a version. You will see either a green check or red X. If it’s green, then the application can be delivered Elastically. If it is red, then App Layering has determined that the application may not be a good fit for delivering Elastically. You can then click the ‘+’ sign next to Elastic Fit details to find out why App Layering believes this.
    • This is strictly advisory or best guess. Always TEST a layer before pushing into production.
  • 4k sectors are not supported with Elastic layers.
  • A Highly Available share is highly recommended.
  • It is the USER not the system that is making a connection to an Elastic layer. Setup permissions appropriately.
  • If apps are combined into larger layers there will be less connections to the file server.
  • If Elastic layers are enabled, it will add 20GB to the size of your image for a writable partition.

Maintenance

  • Before a version or layer can be deleted, it must not be in use.
  • Layer priority is based on creation date and time of the layer. Newer versions will not have an effect on layer priority.
    • Layer priority can be adjusted by using a tool developed by Citrix. This is currently not in the management interface.
  • 的re is a maximum of 200 layers per layered image.
    • This means there is a limit of 198 Application layers per layered image. -1 for Operating System, -1 for the Platform layer.
  • 的ELM storage can be expanded from its initial size. Shutdown the ELM, from the hypervisor expand the disk to desired size, turn on the ELM, from the App Layering management console under System Expand Storage
  • 的ELM can be updated without impacting production users. Desktops and Session Hosts connect directly to the share to access Elastic Layers, never the ELM.
  • 的ELM requires all tasks to be completed before upgrades can be performed.
You rated this page as
You rated this page as
Name is required
Submit

Featured Products

Failed to load featured products content, Pleasetry again.

{{ getHeading('digitalWorkspaces') }}

{{ getHeading('networking') }}
View support numbers
Share this page