Deploy App layers as elastic layers
You can reduce the number of layered images you have to manage by omitting narrowly targeted apps from the base image and instead delivering them to users and groups on demand, outside of the base image. With the Elastic layer setting, you can assign layers to specific users above and beyond the base layered image.
About elastic layers
An elastic layer is an app layer that you assign to individual users and groups for delivery on demand when their App Layering desktops do not include the app in the base image. Elastic layers are delivered to users’ desktops when they log in. Elastic layers are based on user entitlements and can be used on both session hosts and standalone desktops published as layered images.
You cannot assign elastic layers to users on desktops created using Citrix Virtual Apps and Desktops. Nor, can you assign a Citrix virtual app as an elastic layer. Elastic layers are a feature of App Layering, and you can only assign a layered app to users who log into a published layered image.
Elastic layers allow you to give each user a unique set of applications in addition to the applications delivered in the base layered image. On session hosts, an elastic layer is used across sessions. On standalone desktops, elastic layers are used across floating pools/shared groups.
Elastic layer assignments
You can deliver an app layer to members of a group each time they log into their desktops. You assign the app layer as an elastic layer. A copy of the layer is then stored in the appliance’s Network File Share, and delivered on-demand to the assigned AD users and groups, in addition to the layers that they receive via the base image.
To use this feature, you add Elastic Assignments specifying which users and groups should receive each of the app layers. You then publish your base image with the Elastic Layering setting enabled.
How users access elastic layers assigned to them
When users log into their session or desktop, icons for their elastic layers appear as shortcuts on the desktop.
A user receives an elastic layer in the following cases:
- The user (an AD user in the management console) is assigned the layer.
- An AD group that the user belongs to is assigned the layer.
- A machine that the user logs into is a member of an AD Group that receives the elastic layer.
- A machine that the user logs into is associated with an AD Group that is assigned to the layer via the management console.
If more than one version of the same layer is assigned to a user
If a layer is assigned directly to the user and indirectly to one or more of the user’s groups, the user receives the most recent version of the layer assigned directly to them. For example, if a user is assigned Version 2, and a group that the user belongs to is assigned Version 3, the user gets Version 2.
If the user is assigned a layer via one or more group assignments, the user receives the most recent version of the layer.
If a user receives an app layer both in the layered image, and as an elastic layer
Do not assign an app layer to a user as an elastic layer, if the same layer is included in the user’s base image. If the user does end up with the same layer assigned both ways, the user receives the elastic layer, even if the layer version in the base image is more recent.
- .NET Framework 4.5 is required on any layered Image where elastic layers are enabled.
- The app layers you want to assign as elastic layers.
App layers with the same OS layer as the layered image
For best results when assigning app layers as elastic layers, only assign app layers that have the same OS layer as the one used in the layered image.
OS layer switching for elastic layers
You can try assigning app layers as elastic layers on layered images that use a different OS layer. There is no guarantee that an app layer will work on a different OS layer, but you can try. If the layers works, feel free to use it.
When adding versions to an app layer, you must use the OS layer included in the original app layer.
Elastic Layering Limitations
You cannot elastically layer the following:
- Microsoft Office, Office 365, Visual Studio.
- Applications with drivers that use the driver store. Example: a printer driver.
- Applications that modify the network stack or hardware. Example: a VPN client.
- Applications that have boot level drivers. Example: a virus scanner.
An app layer does not preserve a local user or administrator that you add for an app that requires it, but the OS layer does. Therefore, add the local user or administrator to the OS layer before installing the application. Once the app layer is working, you can assign it as an elastic layer.
Elastic layer compatibility mode
When a user logs on to a desktop provisioned using a layered image, the elastic layer is composited into the image after the user logs in. If you have a specific elastic layer that doesn’t load correctly, you can try enabling Elastic Layer Compatibility Mode so that the layer starts loading before login is complete.
We recommend disabling Compatibility Mode, unless an elastic layer doesn’t work as expected. Enabling this setting on too many layers slows login times.
Enable Elastic Layering in the base image
When you publish the layered image that the users will log into to get the elastic app layers:
In the management console, select the image template used to generate the layered image.
Select the Images tab, and then the image template on which you want to enable elastic layering.
Select Edit Template from the Action bar. The Edit Template wizard opens.
Select the Layered Image Disk tab.
In the Elastic layering field, select Application Layering.
Select the Confirm and Complete tab, and click Save Template and Publish.
Use your provisioning system to distribute the virtual machines.
When the users log in, the desktop includes an icon for each of their elastic app layers.
Run the Elastic Fit analyzer on app layers
Before assigning an app layer elastically, use the Elastic Fit Analyzer to determine the likelihood that the layer assignment will be successful.
Elastic Fit analysis
In the Layer Details, the Elastic Fit rating indicates how likely it is that the layer works when elastically assigned.
Good Elastic Fit. This layer should work when deployed elastically.
Poor Elastic Fit. Delivering the layer elastically is not likely to work when deployed elastically. The layer may behave differently than it does when it is deployed in a layered image.
Elastic Fit details
You can learn more about an app layer’s Elastic Fit rating by expanding the Elastic Fit Analysis. If the Elastic Fit is less than ideal, the list of violated rules is displayed.
Low Severity Warning. Delivering the layer elastically is unlikely to cause any change in behavior or functionality for most applications.
Medium Severity Warning. Delivering the layer elastically can cause minor changes in behavior or functionality for some applications.
High Severity Warning. Delivering the layer elastically is likely to cause significant changes in behavior or functionality for many applications.
Analyze an app layer’s Elastic Fit
All new versions of a layer version are analyzed for elastic layering compatibility when they are finalized. To analyze existing app layers for Elastic Fit:
- Log into the management console.
- Select Layers > App Layers.
- Select the layer to analyze, and click Analyze Layer.
- On the Select Versions tab, choose the Layer Versions to analyze.
- On the Confirm and Complete tab, click Analyze Layer Versions. The analysis takes seconds.
- To see the Elastic Fit Analysis, select the app layers module, move the mouse pointer over the layer icon and click the Info icon.
- Expand the Version Information for each layer version, and look for the Elastic Fit rating.
- For a detailed report, expand the Elastic Fit Details. If the Elastic Fit is less than ideal, the list of violated rules will be displayed.
- You can display the AD tree and hide the violated rules by clicking a button acknowledging that the layer is unlikely to work as expected.
Upgrading from earlier releases
After upgrading from a early App Layering release, the Elastic Fit Detail shows that any existing layer versions have not been analyzed. Until you run the analysis on existing layer versions, the versions have a single High severity Elastic Fit Detail, and a Poor Elastic Fit.
Elastically assign an app layer to AD users and groups
The first time you assign an app layer elastically, we recommend starting with a simple app like Notepad++ or GIMP.
- Log into the management console as an Admin user, and select Layers > App Layers.
- Select an app layer that you do not plan to include in the base image, and select Add Assignments.
- In the wizard that opens, select the version of the app layer that you want to assign users.
- Skip the Image Template Assignment tab. This tab is for assigning the layer to an image template.
- In the Elastic Assignment tab, select the users and groups you want to receive this app layer.
- In the Confirm and Complete tab, review your selections, and click Assign Layers.
When the users log in, there is an icon for each elastic layer they’ve been assigned.
Elastically assign an app layer to users via machine assignments and associations
You can assign layers to a machine by adding the machine to, or associating the machine with, the AD Group. Then elastically assign the app layers to the AD Group.
The layers assigned to the machine are available to every user who successfully logs into that machine. The App Layering Service scans for changes to the machine’s AD group memberships and associations every 10 minutes. When the users log in, they should see an icon for each elastic app layer they’ve been assigned.
Use Active Directory to add the machine to the AD Group
Assuming you have a published layered image booted in your environment, you can add the machine to an AD Group, and assign elastic layers to the AD Group.
Use Active Directory (AD) to add the machine to an AD Group.
Select an app layer that you do not plan to include in the base image, and elastically assign the layer to an AD Group.
You can wait for AD to propagate the changes and for the App Layering Service, or you can force the App Layering Service to update its list of machine groups by doing one of the following:
Wait for the App Layering Service to detect the changes (within 10 minutes by default).
Restart the App Layering Service.
Reboot the App Layering Service Machine.
Execute the refresh.groups command:
C:\Program Files\Unidesk\Layering Services\ulayer.exe refresh.groups
You start with an AD User, and AD Group, and a machine that you provisioned using a layered image.
- AD User: Kenya
- Kenya has no elastic assignments.
- AD Group: Marketing
- The Marketing group includes the member Kenya.
- Machine: ElasticTestMachine
- The ElasticTestMachine base image includes the MS Office App Layer.
In this example, you elastically assign the Chrome App layer to ElasticTestMachine:
- In AD, you add the machine ElasticTestMachine to the Marketing AD Group.
- In the management console you elastically assign the Chrome App Layer to the Marketing Group.
- When Kenya, who is part of the Marketing group, logs into ElasticTestMachine, she receives both the MS Office App layer, which is in the base image, and the Chrome App layer.
- When any user who is not in the Marketing group logs into ElasticTestMachine, they also receive both Layers: MS Office because it is in the base image, and Chrome because the ElasticTestMachine is a member of the Marketing AD Group.
Use the management console to associate the machine with an AD Group
Associating a set of machines with an AD Group allows any machine running the App Layering Service to have layers elastically assigned to it via AD group membership.
Elastic layers granted via Machine association can be thought of as extending the layers assigned to a user. For example, if a machine matches multiple Machine Associations, only the unique layers are added to the ones the user already has.
In the management console, you use asterisk (*) wildcards in a machine name pattern to specify a set of machine names. For example:
|Machine name pattern||Matches these names||Does not match these names|
|machine*||machine01; machineindetroit||amachine; localtestmachine|
|*machine||amachine; localtestmachine||machine01; machineindetroit|
|ky*eng||ky02359eng; kytesteng||01ky_eng; testky01eng|
|eng||eng01; 1eng; 1eng01||en01; 1en; 1en01|
You can create Machine Associations before or after elastically assigning App layers to the AD Group. Also, the machines do not need to exist when you add the associations, as the associations exist within App Layering only, and AD is not aware of them.
Associate a set of machines with an AD Group
Log into the management console as an Admin user, and select Users > Tree.
Expand the Tree, select the appropriate Group and click Edit Properties in the Action bar. This opens the Edit Group Wizard.
- Select the check box, Associate machines with this AD Group. This reveals the Machine Name Pattern field:
Specify a set of machines to associate with the AD group by entering a machine name pattern. For examples, see the above table of Machine name patterns.
On the Confirm and Complete tab, select Update Group. Notice the shape of a computer monitor superimposed over the group icon. This indicates that machines are associated with the group.
When you click the group’s icon, the Detail view includes a field called, Associate With Machines.
You start with the machine, Mach1, the AD Group, MachineGroup, and the App Layers for Firefox and MS Office.
- Machine: Mach1
- AD Group: MachineGroup
- App Layers: Firefox, MS Office
Further, you have elastically assigned the Firefox and MS Office Layers to the AD Group.
If you add a Machine Association to MachineGroup with a name pattern of “Mach”, when any domain user logs into Mach1, they receive the Firefox and MS Office Elastic app layers.
Manage elastic assignments
- View a user’s elastic layer assignments.
- Add an elastic assignment.
- Update an app layer and elastically assign the new version of the layer.
- Remove elastic assignments.
- Debug an elastic assignment.
View a user’s elastic layer assignments
- Log into the management console and select Users > Tree.
- Select an AD User or Group, and click the “i” icon to the right of the name. If the user or group is assigned elastic layers, the layers are listed below the profile information in the Details window.
Update an app layer and its elastic assignments
You’ve added elastic assignments to an app layer, and users are accessing the app as expected. A new version of the application is released, so you update it with a new version to the layer. Now you need to assign the new version to the users who have the layer.
Log into the management console and select Layers > App Layers.
Select the elastically assigned app layer that you updated.
Right-click the layer icon and select Update Assignments.
In the wizard that opens, select the new version.
Skip the Image Template Assignment tab.
In the Elastic Assignment tab, there’s a list of Users and Groups who have been assigned a different version of the selected layer. Select the users and groups to whom you want to assign the new version of the layer.
- If the list is long, use the Search field to filter the results.
- If the list is empty, click the check box called, Show AD users and groups already at this version. A list of grayed out names appears. These users have already been assigned the version.
On the Confirm and Complete tab, verify the Users and Groups that you want to receive the new version.
Click Update Assignments.
Remove a layer’s elastic assignments
Log into the management console and select Layers > App Layers.
Select the app layer for which you want to remove assignments, and select Remove Assignments.
In the wizard that opens, select the assigned templates from which you want to remove the layer. All of the assignments for that layer are listed.
If the list is long, use the Search field to filter the results.
On the Confirm and Complete tab, verify that the correct image templates are selected to receive the new version.
Click Remove Assignments.
Troubleshooting elastic layer issues
You can diagnose the source of an elastic layering issue by finding out whether the layer is being delivered, and whether the layer is working correctly. If needed, collect data for support, as described here.
Is the issue with layer delivery?
Are the things you’d expect to see when this app is installed there?
- Do you see the files and registry entries for the layer?
- If the app is supposed to be in the Start menu, is it there?
- If you expect there to be a shortcut for the app on the user’s desktop, is there one?
If you discover that app delivery is an issue, you can collect the following data, open a case, and send the data to support.
Collect the data from these logs:
- Windows App Event log – In the Windows Event Viewer under Windows Logs, export the application event log as an EVTX file.
- App Layering Service log (ulayersvc.log) – C:\ProgramData\Unidesk\Logs\ulayersvc.log
Collect the values of these Registry keys:
Collect the contents of the assignment (ElasticLayerAssignments.json) and Layers (Layers.json) files from the Repository Path.
Is the issue an operational one?
Any of these behaviors can indicate an elastic layering issue:
- The app is being delivered but doesn’t launch correctly.
- An operation within the app doesn’t work correctly.
- A licensing problem or a security issue.
- The app launches, but then misbehaves, for example, it crashes on startup, or starts up but doesn’t work right.
If the problem with the layer is operational, test the app layer in the base image to rule out general layering issues:
- Add the app layer to an image template, and publish a layered image that includes the app layer.
- Log in as a user who is not assigned the layer elastically, and make sure that the application is operational in the base image.
- Contact Support with your findings.
Deploy App layers as elastic layers
In this article
- About elastic layers
- Enable Elastic Layering in the base image
- Run the Elastic Fit analyzer on app layers
- Elastic Fit details
- Elastically assign an app layer to AD users and groups
- Elastically assign an app layer to users via machine assignments and associations
- Associate a set of machines with an AD Group
- Manage elastic assignments
- Remove a layer’s elastic assignments