Create or clone an app layer
An app layer is a virtual disk that includes one or more applications. Typically, an app layer includes one application. If you include more than one application in a layer, limit it to things that you normally update at the same time.
Create an app layer from scratch
This section walks you through app layer creation, including:
- Requirements and considerations
- App layer options
- Start a new app layer
- Deploy the packaging machine
- Install the application
- Finalize the layer
Requirements and considerations
An app layer includes one or more applications and related settings. Always install MS Office in an app layer, and never in the OS layer.
- Anti virus applications: Always put your antivirus application in an App layer using the instructions provided here. Be strategic with your virus definition file updates. Also, be aware of file marking features, for example, Symantec’s Virtual Image Exception Tool. Consider host-based scanning engines, and keep in mind the delay at user logon. Be sure to scan the published layered image, not the layer. Scanning is only done on user access on Citrix Virtual Apps and Citrix Virtual Desktops.
- MS Office: Use this recipe to install Office. For VDI deployments of Office 2010 and later, consider KMS a requirement. For Office 2007 and earlier, consider Volume licensing a requirement. Using other licensing structures is not as convenient, because they require each license to be activated on each desktop. To persist user settings and data, enable Office 365 User layer stores.OST and streaming files. The search indexes are not stored.
- Recipes for layering certain applications: Virtually any application can be layered, but some are easier to layer if you start with the tips we’ve assembled in our App Layering Recipes forum. Before you start, consult the forum for tips and procedures about the specific applications you are layering.
- Applications that require you to add a local user or administrator. A local user or administrator that you add or change while installing an application on an app layer does not persist. The OS layer preserves any local users or groups that you add, but your app layers do not. Either add the local user or administrator to the OS layer before installing the application, or consider installing the application on the OS layer.
Start a new app layer
To create a packaging machine where you can install the application:
- Log into the management console and select Layers > App Layers.
- Click Create Layer in the Action bar.
- In the wizard’s Layer Details tab, enter a Layer Name and Version, both required values. You can also enter other values.
- On the OS Layer tab, select the OS Layer you want to associate with this app layer.
- (Optional) The Prerequisite layers tab gives you the option to specify other app layers that must be present while installing the apps on this layer. Only use this when the required apps cannot be included in the same layer. For more information about this advanced feature, see Prerequisite layers below. Note: When adding a new version to an existing app layer, you must specify the Prerequisite layers you need. They are not carried over from version to version.
- In the Connector tab, choose a connector configuration that includes the credentials for the platform where you plan to build the layer and the storage location. If the configuration you need isn’t listed, click New to add one.
- On the Packaging Disk tab, type a file name for the packaging disk, and choose the disk format. This disk is used for the packaging machine, the virtual machine where you install the application.
- On the Icon Assignment tab, choose an icon to assign to the layer. This icon represents the layer in the Layers Module.
- To use an existing image, select an image in the image dialog box.
- To import a new image, click Browse and select an image in PNG or JPG format.
- If you are using a connector with Offload Compositing selected, and you choose one of the icons that came with App Layering, the packaging machine attempts to assign an icon based on the layer’s contents when the layer is finalized.
- On the Confirm and Complete tab, review the details of the app layer and then click Create Layer. You can type an optional comment before creating the layer. Your comments appear in the Information view Audit History. After creating the packaging disk, the Tasks bar displays a link to the packaging disk in your hypervisor where you can deploy the packaging machine.
- Expand the Tasks bar at the bottom of the page and double-click the Packaging Disk task. The task expands to show the full task description, including a link to the location where the packaging machine for this layer is published.
Next, you can deploy the packaging machine for your layer.
Deploy the packaging machine
Select your hypervisor:
- Citrix Hypervisor, Hyper-V, Nutanix, or vSphere
- Other hypervisor (Network File Share)
Citrix Hypervisor, Hyper-V, Nutanix, vSphere
- Log into your hypervisor client (Citrix Hypervisor, Hyper-V Manager, Nutanix Prism, or vSphere).
- Log into the App Layering management console, and expand the tasks bar at the bottom of the console so you can see the current tasks.
- Double-click the Create App layer task to see the full task description.
- Use the URL provided in the task description to navigate to the packaging machine in your hypervisor client.
- The packaging machine is powered on.
You can now install the applications for this layer on the packaging machine.
The appliance opens the Azure Custom deployment template, where you can create the packaging machine.
- Log into the Azure portal (https://portal.azure.com). Note: You must log in before attempting the next step.
- Go to the App Layering management console, expand the Tasks bar at the bottom of the console. Open the Create App layer task details.
- Use the link in the task details to navigate to the packaging machine in Azure. The Custom deployment panel opens.
- Set the Azure parameters.
- Packaging Machine Name - must conform to Azure virtual machine name requirements.
- Size – virtual machine size.
- Virtual Network and Subnet - for deploying the packaging machine. IMPORTANT: Make sure the value of the Resource group location matches the Storage account location that you configured in the connector configuration. If these locations are not the same, the packaging machine fails to deploy. If your deployment does fail, you can paste the link into the browser again and start over.
- Once your packaging machine is powered on, you can install the application you want to include in the layer.
Other hypervisor (by way of the appliance’s Network File Share)
Locate the packaging disk in the following directory on the Network File Share: \Unidesk\Packaging Disks
Copy the packaging disk to a separate location on your hypervisor. This allows space for the files generated by your hypervisor when you use the disk to create a new virtual machine.
Important: Do not copy the disk to the Finalize folder until it is ready to finalize. A disk in the Finalize folder cannot be attached to the new virtual machine that you are going to create next.
Create a virtual machine using the packaging disk as the boot disk.
Power on the packaging machine.
Once your packaging machine is powered on, you can install the application you want to include in the layer.
Install the application
When installing your application on the packaging machine, leave the application as you want users to see them when they log in. The application’s state is what users experience every time they access the app.
- Remote log into the packaging machine with the User account used to create the operating system.
- Install the application, along with any drivers, boot-level applications, or files required for the app.
- If a system restart is required, restart it manually. The packaging machine does not restart automatically. If the application you install affects boot-level components, restart the packaging machine as part of finalizing the layer.
- Make sure the packaging machine is in the state you want it to be in for the user:
- If the application requires any post-installation setup or registration, complete those steps now.
- Remove any settings, configurations, files, mapped drives, or applications that you do not want to include on the packaging machine.
Verify the layer and shut down the machine
Once the application is installed on the packaging machine, verify that the layer is ready to be finalized. A layer is ready to be finalized when all post-installation processing is complete.
To verify that all outstanding processes are complete, you can run the Shutdown For Finalize tool on the packaging machine’s desktop.
To use the Shutdown For Finalize tool:
- If you are not logged into the packaging machine, remote login as the user who created the machine.
- Double-click the Shutdown For Finalize icon. A command line window displays messages detailing the layer verification process.
- If there is an outstanding operation to be completed before the layer can be finalized, you are prompted to complete the process. If a Microsoft Ngen.exe operation must complete, you may be able to expedite the Ngen.exe operation, as detailed later in this article.
- Once any pending operations are complete, double-click the Shutdown For Finalize icon again. This shuts down the packaging machine, and the layer is ready to finalize.
Layer integrity messages you may see during the finalization process
The following layer integrity messages tell you what queued operations must be completed before the layer is ready to finalize:
- A RunOnce script is outstanding - Check and reboot the Packaging Machine.
- A post-installation reboot is pending - Check and reboot the packaging machine.
- A Microsoft Ngen.exe operation is in progress in the background.
- An MSI install operation is in progress - Check the packaging machine.
- A reboot is pending to update drivers on the boot disk - Check and reboot the packaging machine.
- A Microsoft Ngen.exe operation is needed.
- Software Center Client is configured to run, but the SMSCFG.INI is still present. To learn more about deploying SCCM in a layer, see the article, App Layering Recipe: How to deploy Microsoft SCCM in a layer.
For details about what the layer integrity messages mean and how to debug them, see Debugging Layer Integrity Problems in Citrix App Layering.
You cannot bypass layer integrity messages by shutting down the machine, because the App Layering software stops and returns you to the packaging machine until all of the processes have completed.
If a Microsoft Ngen.exe operation is in progress, you may be able to expedite it, as described in the next section.
Expediting a Microsoft Ngen.exe operation
Ngen.exe is the Microsoft Native Image Generator. It is part of the .NET system, and basically recompiles .NET byte code into native images and constructs the registry entries to manage them. Windows determines when to run Ngen.exe based on what is being installed and what Windows detects in the configuration. When Ngen.exe is running, you must let it complete. An interrupted Ngen.exe operation can leave you with non-functioning .NET assemblies or other problems in the .NET system. You have the choice of waiting for the Ngen.exe to complete in the background, or you can force the Ngen.exe to the foreground. You can also check the status of the Ngen.exe operation, as described below. However, every time you check the queue status, you are creating foreground activity, which might cause the background processing to temporarily pause. Forcing the Ngen.exe to the foreground allows you to view the progress and once the output has completed, you should be able to finalize the layer.
- Force an Ngen.exe operation to the foreground. Normally, Ngen.exe is a background operation and pauses if there is foreground activity. Bringing the task into the foreground can help the task to complete as quickly as possible. To do this:
- Open a command prompt as Administrator.
- Go to the Microsoft .NET Framework directory for the version currently in use:
- cd C:\Windows\Microsoft.NET\FrameworkNN\vX.X.XXXXX
- Enter the Ngen.exe command to run the queued items:
- ngen update /force
- This brings the Ngen.exe task to the foreground in the command prompt, and lists the assemblies being compiled.
- Note: It’s OK if you see several compilations failed messages! Look in the Task Manager to see if an instance of MSCORSVW.EXE is running. If it is, you must allow it to complete, or rerun ngen update /force. Do not reboot to stop the task. Allow it to complete.
- Check the status of an Ngen.exe operation
- Open a command prompt as Administrator.
- Check status by running this command: ngen queue status
- When you receive the following status, the Ngen.exe is complete, and you can finalize the layer. The .NET Runtime Optimization Service is stopped
Finalize the Layer
Once the software has been installed and the packaging machine has been verified and shut down, you are ready to finalize the layer.
If Offload Compositing is selected in your connector configuration, finalization happens automatically as part of the compositing process.
Citrix Hypervisor, Azure, Hyper-V, Nutanix AHV, VMware vSphere
Now that the Layer has been verified and shut down, it is ready to finalize.
If you are using a connector with Offload Compositing selected, this finalization process is automated and you do not have to do these manual steps.
- Return to the management console.
- Select Layers > App layers, and the layer you prepared.
- Select Finalize in the Action bar. The Finalize wizard opens.
- (Optional) On the Script Path wizard tab, you can enter the path to a Run Once Script on a server on your network. If the app layer is:
- Elastically assigned - The Run Once script is run the first time the app is used.
- Included in a layered image - The Run Once script is run the first time the layered image is booted.
- Click Finalize to finish creating the layer.
- Monitor the task bar to verify that the action completes successfully.
Once the layer is verified, the packaging machine is removed to minimize the storage space used.
Other hypervisor (Network File Share)
Now that the Layer has been verified and shut down, it is ready to finalize.
Copy the Packaging Disk from the folder containing the Packaging Machine files to the Finalize folder on the Network File Share: \Unidesk\Finalize
Return to the Management Console.
Select Layers > App Layers.
Select Finalize in the Action bar.
Monitor the Task bar to verify that the action completes successfully and that the layer is deployable.
Clone an app layer
You can create an app layer that is the same as an existing layer by cloning a specific version of the layer. During the cloning process, you are prompted for information specific to the layer. You can update the app layer by adding versions to it. Since only one version of a layer is cloned, the new layer has just one version to start, even if the layer it was cloned from had many.
To clone a layer:
- Select the app layer you want to copy and click Clone Layer in the Action bar. The Clone App Layer wizard opens to the Layer Details tab.
- Select the Source Layer Version to clone. You can choose the version you want from the drop-down menu.
- Enter a name for the layer, and a description, if the extra information is helpful. Descriptions are optional.
- Enter the version, and a description of the version, if the extra information is helpful.
- On the Icon Assignment tab, select the icon for the new layer.
- On the Confirm and Clone tab, verify the settings and click the Clone Layer button.
A new layer is created with the same layer properties as the source, except for the icon. The layer priority is higher than that of the source layer, because every new App layer has a higher priority than the last app layer created. The new layer size may be smaller than the original, but this just indicates that empty space was removed during cloning. The layer functions the same as the source.
You can use the new layer like any other layer, and it is not associated in any way with the original layer.
Advanced app layer options
When creating and updating app layers, keep in mind the following advanced features.
- Run Once script
- Layer caching
- Prerequisite layers
Run Once Script
You can include a script in an app layer that runs once, upon system startup. The script runs the first time any layered image that includes the app layer starts. If the app layer is elastically layered, the Run Once script runs when mounting the app layer disk. Run Once scripts are typically used for apps, such as MS Office, that requires license activation the first time it starts.
Layer Caching for faster app layer creation
You may be able to use layer caching to speed up layer creation times.
How caching works
The first time you create an app layer, if the cache size is set to a large enough value, a template consisting of the boot disk and the empty packaging disk is saved in cache. The boot disk includes the OS layer, Platform layer, and Prerequisite layer (if any) that are specified in the app layer settings.
Whenever you create an app layer that uses the same OS layer, Prerequisite layer, and Platform layer combination, the App Layering software reuses the template, significantly reducing creation time.
If you then create an app layer that uses a different OS layer, Prerequisite layer, and Platform layer combination, the App Layering software creates a template and adds it to the cache.
Recommended cache size
The recommended cache size depends upon how many OS, Platform, and Prerequisite layer combinations you require for your app layers. The number of combinations determines the number of templates saved in the cache.
To estimate the space required for each template:
- Select the i icon for each OS, Platform, and Prerequisite layer, and look up the Maximum Layer Size.
- Add the Maximum Disk Sizes. The total is the Cache size you need for that template.
To estimate the space required for the cache, add the size you determined for each of your templates.
Rarely recommended, Prerequisite layers let you include one or more existing app layers on the packaging disk when creating a layer or adding a version to it.
Use prerequisite layers only if they are required, because they can add something into the layer that is not required to deploy the current application. This behavior can cause conflict in the future.
When to use Prerequisite layers
Prerequisite layers can be required for several reasons:
- When installing the application on the current layer requires the presence of another application. For example, when you install an application that requires Java, and Java is located in a separate layer.
- When the installation of the software adds settings to an existing application. For example, when you install an Office add-in, you must install Microsoft Office first.
- When two applications change the same registry key, and the second application must add to a key and not replace it. For example, two applications that both change login keys in Windows, such as Citrix Agent and Imprivata.
Some of these issues can also be handled by putting the two applications in the same layer rather than using prerequisite layers.
Prerequisite layer characteristics
Prerequisite layers have the following characteristics:
- Prerequisite layers are not included in the app layer that they are used to create.
- The app layer you create and each of its Prerequisite layers must use the same OS Layer.
- When adding a version to an app layer, Prerequisite layers are not included by default. Each time you add a version to a layer, you must select one or more Prerequisite layers.