Create or clone an app layer

An app layer is a virtual disk that includes one or more applications. Typically, an app layer includes one application. If you include more than one application in a layer, they should be things that you normally update at the same time.

Create an app layer from scratch

This section walks you through app layer creation, including:

  • Requirements and considerations
  • App layer options
  • Start a new app layer
  • Deploy the packaging machine
  • Install the application(s)
  • Finalize the layer

Requirements and considerations

An app layer includes one or more applications and related settings. MS Office should always be installed in an app layer, and never in the OS layer.

  • Anti virus applications: Always put your anti virus application in an App layer using the instructions provided here. Be strategic with your virus definition file updates. Also, be aware of file marking features, for example, Symantec’s Virtual Image Exception Tool. Consider host-based scanning engines, and keep in mind the delay at user logon. Be sure to scan the published layered image, not the layer. Scanning is only done on user access on Citrix Virtual Apps and Citrix Virtual Desktops.
  • MS Office: Use this recipe to install Office. For VDI deployments of Office 2010 and later, consider KMS a requirement. For Office 2007 and earlier, consider Volume licensing a requirement. Using other licensing structure is not as convenient, because they require each license to be activated on each desktop. To persist user settings and data, enable Office 365 User layer stores .OST and streaming files. Note that the search indexes are not stored.
  • Recipes for layering certain applications: Virtually any application can be layered, but some are easier to layer successfully on the first try if you use the tips we’ve assembled in our App Layering Recipes forum. Before you start, consult the forum for tips and procedures about the specific applications you are layering.

Start a new app layer

To create a packaging machine where you can install the application(s):

  1. Log into the management console and select Layers > App Layers.
  2. Click Create Layer in the Action bar.
  3. In the wizard’s Layer Details tab, enter a Layer Name and Version, both required values. You can also enter other values, but this is optional. For details, see more about these values below.
  4. On the OS Layer tab, select the OS Layer you want to associate with this app layer.
  5. (Optional) The Prerequisite layers tab gives you the option to specify other app layers that must be present while installing the apps on this layer. Only use this when the required apps cannot be included in the same layer. For more information about this advanced feature, see Prerequisite layers below. Note: When adding a new version to an existing app layer, you must specify the Prerequisite layers you need. They are not carried over from version to version.
  6. In the Connector tab, choose a connector configuration that includes the credentials for the platform where you plan to build the layer and the storage location. If the configuration you need isn’t listed, click New to add one.
  7. On the Packaging Disk tab, type a file name for the packaging disk, and choose the disk format. This disk is used for the packaging machine, the virtual machine where you install the application.
  8. On the Icon Assignment tab, choose an icon to assign to the layer. This icon represents the layer in the Layers Module.
    • To use an existing image, select an image in the image dialog box.
    • To import a new image, click Browse and select an image in PNG or JPG format.
    • If you are using a connector with Offload Compositing selected, and you choose one of the icons that came with App Layering, the packaging machine attempts to assign an icon based on the layer’s contents when the layer is finalized.
  9. On the Confirm and Complete tab, review the details of the app layer and then click Create Layer. You can type an optional comment before creating the layer. Your comments appear in the Information view Audit History. After creating the packaging disk, the Tasks bar displays a link to the packaging disk in your hypervisor where you can deploy the packaging machine.
  10. Expand the Tasks bar at the bottom of the page and double-click the Packaging Disk task. The task expands to show the full task description, including a link to the location where the packaging machine for this layer is published.

Next, you can deploy the packaging machine for your layer.

Deploy the packaging machine

Select your hypervisor:

  • Citrix Hypervisor, Hyper-V, Nutanix, or vSphere
  • Azure
  • Other hypervisor (Network File Share)

Citrix Hypervisor, Hyper-V, Nutanix, vSphere

  1. Log into your hypervisor client (Citrix Hypervisor, Hyper-V Manager, Nutanix Prism, or vSphere).
  2. Log into the App Layering management console, and expand the tasks bar at the bottom of the console so you can see the current tasks.
  3. Double-click the Create App layer task to see the full task description.
  4. Use the URL provided in the task description to navigate to the packaging machine in your hypervisor client.
  5. The packaging machine is powered on.

You can now install the applications for this layer on the packaging machine.


The appliance opens the Azure Custom deployment template, where you can create the packaging machine.

  1. Log into the Azure portal ( Note: You must log in before attempting the next step.
  2. Go to the App Layering management console, expand the Tasks bar at the bottom of the console. Open the Create App layer task details.
  3. Use the link in the task details to navigate to the packaging machine in Azure. The Custom deployment panel opens.
  4. Set the Azure parameters.
    • Packaging Machine Name - must conform to Azure virtual machine name requirements.
    • Size – virtual machine size.
    • Virtual Network and Subnet - for deploying the packaging machine. IMPORTANT: Make sure the value of the Resource group location matches the Storage account location that you configured in the connector configuration. If these locations are not the same, the packaging machine fails to deploy. If your deployment does fail, you can paste the link into the browser again and start over.
  5. Once your packaging machine is powered on, you can install the application(s) you want to include in the layer.

Other hypervisor (by way of the appliance’s Network File Share)

  1. Locate the packaging disk in the following directory on the Network File Share: \Unidesk\Packaging Disks

  2. Copy the packaging disk to a separate location on your hypervisor. This allows space for the files generated by your hypervisor when you use the disk to create a new virtual machine.

    Important: Do not copy the disk to the Finalize folder until it is ready to finalize. A disk in the Finalize folder cannot be attached to the new virtual machine that you are going to create next.

  3. Create a virtual machine using the packaging disk as the boot disk.

  4. Power on the packaging machine.

Once your packaging machine is powered on, you can install the application(s) you want to include in the layer.

Install the application(s)

When installing your application(s) on the packaging machine, leave the application(s) as you want users to see them when they log in. The application’s state is what users experience every time they access the app.

  1. Remote log into the packaging machine with the User account used to create the operating system.
  2. Install the application(s), along with any drivers, boot-level applications, or files required for the app.
  3. If a system restart is required, restart it manually. The packaging machine does not restart automatically. If the application you install affects boot-level components, you’ll need to restart the packaging machine as part of finalizing the layer or version.
  4. Make sure the packaging machine is in the state you want it to be in for the user:
    • If the application(s) require any post-installation setup or registration, complete those steps now.
    • Remove any settings, configurations, files, mapped drives, or applications that you do not want to include on the packaging machine.

Verify the layer and shut down the machine

Once the application is installed on the packaging machine, it is important to verify that the layer is ready to be finalized. To be ready for finalization, any required post-installation processing needs to be completed. For example, a reboot may be required, or a Microsoft NGen process may need to complete. To verify that any outstanding processes are complete, you can run the Shutdown For Finalize tool, which appears on the packaging machine’s desktop.

To use the Shutdown For Finalize tool:

  1. If you are not logged into the packaging machine, remote log in as the user who created the machine.
  2. Double-click the Shutdown For Finalize icon. A command line window displays messages detailing the layer verification process.
  3. If there is an outstanding operation to be completed before the layer can be finalized, you are prompted to complete the process. If a Microsoft NGen operation needs to complete, you may be able to expedite the NGen operation, as detailed below.
  4. Once any pending operations are complete, double-click the Shutdown For Finalize icon again. This shuts down the packaging machine, and the layer is ready to finalize.

Layer integrity messages you may see during the finalization process

Layer integrity messages let you know what queued tasks must be completed before a layer is finalized. The new layer or Version can only be finalized when the following conditions have been addressed:

  • A reboot is pending to update drivers on the boot disk - please check and reboot the packaging machine.
  • A post-installation reboot is pending - please check and reboot the packaging machine.
  • An MSI install operation is in progress - please check the packaging machine.
  • A Microsoft NGen operation is in progress in the background. Note: If a Microsoft NGen operation is in progress, you may be able to expedite it, as described in the next section.

Expediting a Microsoft NGen operation

NGen is the Microsoft Native Image Generator. It is part of the .NET system, and basically re-compiles .NET byte code into native images and constructs the registry entries to manage them. Windows will decide when to run NGen, based on what is being installed and what Windows detects in the configuration. When NGen is running, you must let it complete. An interrupted NGen operation can leave you with non-functioning .NET assemblies or other problems in the .NET system. You have the choice of waiting for the NGen to complete in the background, or you can force the NGen to the foreground. You can also check the status of the NGen operation, as described below. However, every time you check the queue status, you are creating foreground activity, which might cause the background processing to temporarily pause. Forcing the NGen to the foreground will allow you to view the progress and once the output has completed, you should be able to finalize the layer.

  1. Force an NGen operation to the foreground.Normally, NGen is a background operation and pauses if there is foreground activity. Bringing the task into the foreground can help the task to complete as quickly as possible. To do this:
    1. Open a command prompt as Administrator.
    2. Go to the Microsoft .NET Framework directory for the version currently in use:
    3. cd C:\Windows\Microsoft.NET\FrameworkNN\vX.X.XXXXX
    4. Enter the NGen command to execute the queued items:
    5. ngen update /force
    6. This brings the NGen task to the foreground in the command prompt, and lists the assemblies being compiled.
    7. Note: It’s okay if you see several compilation failed messages! Look in the Task Manager to see if an instance of MSCORSVW.EXE is running. If it is, you must allow it to complete, or re-run ngen update /force. Do not reboot to stop the task. You must allow it to complete.
  2. Check the status of an NGen operation
    1. Open a command prompt as Administrator.
    2. Check status by running this command: ngen queue status
    3. When you receive the following status, the NGen is complete, and you can finalize the layer.The .NET Runtime Optimization Service is stopped

Finalize the Layer

Once the software has been installed and the packaging machine has been verified and shut down, you are ready to finalize the layer.


If Offload Compositing is selected in your connector configuration, finalization happens automatically as part of the compositing process.

Citrix Hypervisor, Azure, Hyper-V, Nutanix AHV, VMware vSphere

Now that the Layer has been verified and shut down, it is ready to finalize.


If you are using a connector with Offload Compositing selected, this finalization process is automated and you do not have to do these manual steps.

  1. Return to the management console.
  2. Select Layers > App layers, and the layer you just prepared.
  3. Select Finalize in the Action bar. The Finalize wizard opens.
  4. (Optional) On the Script Path wizard tab, you can enter the path to a Run Once Script located on a server on your network. If the app layer is:
    • Elastically assigned - The Run Once script is executed the first time the app is used.
    • Included in a layered image - The Run Once script is executed the first time the layered image is booted.
  5. Click Finalize to finish creating the layer.
  6. Monitor the task bar to verify that the action completes successfully.

Once the layer is verified, the packaging machine is removed to minimize storage space used.

Other hypervisor (Network File Share)

Now that the Layer has been verified and shut down, it is ready to finalize.

  1. Copy the Packaging Disk from the folder containing the Packaging Machine files to the Finalize folder on the Network File Share: \Unidesk\Finalize

  2. Return to the Management Console.

  3. Select Layers > App Layers.

  4. Select Finalize in the Action bar.

  5. Monitor the Task bar to verify that the action completes successfully and that the layer is deployable.

Clone an app layer

You can create an app layer that is the same as an existing layer by cloning a specific version of the layer. During the cloning process, you are prompted for information specific to the new layer. From there, you can make changes to the new app layer by adding new versions to it. Since only one version of a layer is cloned, the new layer has just one version to start, even if the layer it was cloned from had many.

To clone a layer:

  1. Select the app layer you want to copy and click Clone Layer in the Action bar. The Clone App Layer wizard opens to the Layer Details tab.
  2. Select the Source Layer Version to clone. You can choose the version you want from the dropdown menu.
  3. Enter a name for the layer, and a description, if the extra information is helpful. Descriptions are optional.
  4. Enter the version, and a description of the version, if the extra information is helpful.
  5. On the Icon Assignment tab, select the icon for the new layer.
  6. On the Confirm and Clone tab, verify the settings and click the Clone Layer button.

A new layer is created with the same layer properties as the source, except for the icon. The layer priority is higher than that of the source layer, because every new App layer has a higher priority than the last app layer created. The new layer size may be smaller than the original, but this just indicates that empty space was removed during cloning. The layer functions exactly the same as the source.

You can use the new layer like any other layer, and it is not associated in any way with the original layer.

Advanced app layer options

When creating and updating app layers, keep in mind the following advanced features.

  • Run Once script
  • Layer caching
  • Prerequisite layers

Run Once Script

You can include a script in an app layer that runs once, upon system startup. The script runs the first time any layered image that includes the app layer starts. If the app layer is elastically layered, the Run Once script runs when mounting the app layer disk. Run Once scripts are typically used for apps, such as MS Office, that require license activation the first time it starts.

Layer Caching for faster app layer creation

You may be able to use layer caching to speed up layer creation times.

How caching works

The first time you create an app layer, if the cache size is set to a large enough value, a template consisting of the boot disk and the empty packaging disk is saved in cache. The boot disk includes the OS layer, Platform layer, and Prerequisite layer (if any) that are specified in the app layer settings.

Whenever you create an app layer that uses the same OS layer, Prerequisite layer, and Platform layer combination, the App Layering software re-uses the template, significantly reducing creation time.

If you then create an app layer that uses a different OS layer, Prerequisite layer, and Platform layer combination, the App Layering software creates a new template and adds it to the cache.

The recommended cache size depends upon how many OS, Platform, and Prerequisite layer combinations you require for your app layers. The number of combinations determines the number of templates saved in cache.

To estimate the space required for each template:

  1. Select the i icon for each OS, Platform, and Prerequisite layer, and look up the Maximum Layer Size.
  2. Add the Maximum Disk Sizes. The total is the Cache size you need for that template.

To estimate the space required for the cache, add the size you determined for each of your templates.

Prerequisite layers

Rarely recommended, Prerequisite layers let you include one or more existing app layers on the packaging disk when creating a layer or adding a new version to it.

Use prerequisite layers only if they are required, because they can, on occasion, add something into the layer that is not required for deploying the current application. This behavior can cause conflict in the future.

When to use Prerequisite layers

Prerequisite layers can be required for several reasons:

  • When installing the application on the current layer requires the presence of another application. For example, when you install an application that requires Java, and Java is located in a separate layer.
  • When the installation of the software adds settings toan existing application. For example, when you install an Office add-in, you must install Microsoft Office first.
  • When two applications change the same registry key, and the second application must add to a key and not replace it. For example, two applications that both change login keys in Windows, such as Citrix Agent and Imprivata.


Some of these issues can also be handled by putting the two applications in the same layer rather than using prerequisite layers.

Prerequisite layer characteristices

Prerequisite layers have the following characterisics:

  • Prerequisite layers are not included in the app layer that they are used to create.
  • The app layer you create and each of its Prerequisite layers must use the same OS Layer.
  • When adding a version to an app layer, Prerequisite layers are not included by default. Each time you add a version to a layer, you must select the Prerequisite layer(s).