App Layering

Citrix Provisioning (Citrix Hypervisor, VMware, Hyper-V, Nutanix)

The Citrix Provisioning connector configuration requires an account that the App Layering appliance can use to access the virtual machine where you are creating a layer or publishing layered images.

When using vSphere as the hypervisor for Citrix Provisioning, we recommend using the same vSphere VM template, in the vSphere connector settings, for creating layers as you do for creating the Target Devices in Citrix Provisioning. This practice ensures the published image and the target devices have the same baseline VM specs.


If you plan to publish layered images to your Citrix Provisioning environment, add a Citrix Provisioning connector configuration for that Citrix Provisioning location.

Citrix Provisioning requirements

  • Domain accounts have permissions to access the Citrix Provisioning store and the local system account does not. If your Citrix Provisioning server is configured to use the local system account, which is the default setting, you can change the account by running the Citrix Provisioning configuration wizard. The wizard gives you an option to run as the local system or use a domain account. Choose a domain account.
  • The domain user account in the connector configuration must be in the local Administrators group on the Citrix Provisioning server.
  • Citrix Provisioning server and account information - For App Layering to access the location in your Citrix Provisioning environment where you want to publish a layered image, you supply the credentials and location in a Citrix Provisioning connector configuration.
  • The App Layering agent must be installed on each of your Citrix Provisioning servers. For details, see the agent installation instructions.

Citrix Provisioning connector configuration

The information you need for the Citrix Provisioning connector configuration includes.

  • Config Name: A useful name for identifying and keeping track of this connector configuration.

Citrix Provisioning Server Configuration

  • Console: The name of the Citrix Provisioning server on which the App Layering agent is deployed. This is the server to which the Personal vDisk is published.


    The host name is required, rather than the FQDN so that the Citrix Provisioning server can access the App Layering appliance if it is on a different domain.

  • Domain User: User name of a domain account that has permission to manage Citrix Provisioning. This account is used by the agent to run Provisioning Services PowerShell commands. This account must have Read/Write access to the Citrix Provisioning store for writing the published Personal vDisk.

  • Password: The password for the domain user account.

vDisk Settings

  • Site Name: Name of the Site this Personal vDisk is to be a member of.

  • Store Name: Name of the Store that this Personal vDisk is a member of.

  • Write Cache: When a new Disk is being created, this value sets the Write Cache type of the new Disk. Possible values include:

    • Cache on Server
    • Cache on Server, Persistent
    • Cache in Device RAM
    • Cache in Device RAM with Overflow on Hard Disk
    • Cache on Device Hard Drive


    When choosing a Write Cache option, see Selecting the write cache destination for standard Personal vDisk images to ensure that the Citrix Provisioning servers and target devices that use this Personal vDisk are properly configured for the type you select.

  • License Mode: Sets the Windows License Mode to:

    • KMS - Key Management Service
    • MAK - Multiple Activation Keys
    • None
  • Enable Active Directory machine account password management: Enables Active Directory password management. The default value is Enabled.

  • Enable Load Balancing: Enables load balancing. for the streaming of the Personal vDisk.

  • Enable Printer Management: When enabled, invalid printers are deleted from the Device.

Compositing Settings

Offload Connector Configuration: A hypervisor connector configuration with Offload compositing enabled. This connector configuration composits layers on behalf of the Citrix Provisioning connector. The virtual machine settings used by the offload compositing engine are from this connector configuration. For example, if the Offload Connector Configuration is set up to create UEFI machines, the resulting vDisk is in UEFI format.

Disk Format: The Disk Format of the Citrix Provisioning vDisk on the Citrix Provisioning Server. The format specified here overrides the format in the associated Offload Connector Configuration.

File Share Path: The UNC path corresponding to the Citrix Provisioning Store selected in the vDisk Settings. Requirements include:

  • If the Citrix Provisioning Store does not point to a UNC File share, configure the local path as an SMB share.

  • The File Share Path is accessible to the compositing engine and selected Citrix Provisioning Store.

If you change the Store selection when Offload Compositing is selected, the connector attempts to resolve the File Share Path. If the File Share Path cannot be resolved automatically, it remains blank.

Script configuration (Optional, advanced feature)

When creating a connector configuration, you can configure an optional PowerShell script on any Windows machine running an App Layering agent, the same agent used on the Citrix Provisioning server. Store these scripts on the machine where the App Layering agent is installed. Only run the scripts after a successful deployment of a layered image. Some preset variables are available to enable scripts to be reusable with different template images and different connector configurations. These variables also contain information needed to identify the virtual machine created as part of the published layered image in Citrix Provisioning.

Running the scripts does not affect the outcome of the publish job, and progress of commands run in the script aren’t visible. The Citrix Provisioning connector logs contain the output of the script that ran.

Configure a script

Remember that this procedure is optional. If you want a script to run each time a layered image is published, complete these steps using the values described in the sections that follow.

  1. Complete and save the connector configuration.


    Before selecting Script configuration page, you must save (or discard) any edits to the connector configuration settings,

  2. If the Navigation menu on the left is not open, select it and click Script Configuration to open the Script Path page.

  3. Complete the required fields, and click Save. Field descriptions follow.

Script Configuration fields

  • Enable script: Select this check box to enable the remaining fields. This allows you to enter a script that runs each time a Layered Image is published.
  • Script Agent: The agent machine where the scripts are located and run from.
  • Username (optional): The user name to impersonate when running the script. This name can be used to ensure the script runs in the context of a user that has the needed rights/permissions to perform the operations in the script.
  • Password (optional): The password for the specified user name.
  • Script Path: A full path and file name on the agent machine where the script file resides.

Other Script Configuration values

PowerShell variables

Use any of these Variables in the PowerShell script:

Value Applies to connector types Value determined by which code Description
connectorCfgName All Common code The name of the connector configuration with which the script configuration is associated.
imageName All Common code The name of the layered image template that is used to build/publish the layered image.
osType All Common code The OS type of the published layered image. It can be one of the following values: Windows7; Windows764; Windows200864; Windows201264; Windows10; Windows1064
diskLocatorId All Provisioning Services The internal ID for the Personal vDisk.

User Impersonation

The App Layering Agent, which runs as a service on a Windows machine, runs under either the local system account or the network account. Either of these accounts can have some special privileges, but they often are restricted when running specific commands or seeing files in the file system. Therefore, App Layering gives you the option of adding a domain user and password that can be used to “impersonate” a user. This means that the script can be run as if that user had logged on to the system so that any commands or data are accessible subject to those user rights and permissions. If a user name or password is not entered, the script runs using the account under which the service is configured to run.

Script Execution Policy

Script execution policy requirements are up to you. If you intend to run unsigned scripts, you must configure the execution policy to one of the more lenient policies. However, if you sign your own scripts, you can choose to use a more restrictive execution policy.

Citrix Provisioning (Citrix Hypervisor, VMware, Hyper-V, Nutanix)