Enable User layers
May 30, 2018
User Layers let you persist user profile settings, data, and user-installed applications in non-persistent VDI environments.
User Layers are created when:
- You set Elastic Layering on an image template to Application and Full User Layers or Application and Office 365 User Layers. This ensures that the layered image supports User layers
- A user logs in to their desktop for the first time, and a User layer is created for them. From then on, the user’s data and settings are saved in the User layer, along with any applications that the user installs locally on their desktops.
Before you start
- You can have either a Full User layer or an Office 365 User layer, but not both on the same image. The full user layer will also save everything that the Office 365 User layer saves.
- Adequate network bandwidth. Bandwidth and latency have a significant effect on the User layer. Every write goes across the network.
- Allocate storage space for users’ locally installed apps and the data and configuration settings for them. (This leaves the main storage location solely for packaging layers, publishing layered images, and serving up Elastic Layers.)
Full Uer layers. Full User layers are supported for the following platforms:
- Operating systems:
- Windows 7, 64-bit
- Windows 10, 64-bit
- Publishing platforms: VMware Horizon View and Citrix XenDesktop.
Office 365 User layers. When enabling User layers for Office 365:
- You need to use the Citrix User Profile Manager (UPM) as the user profile manager.
- The Office layer must be included in the image template and deployed in the layered image.
- Microsoft Office is supported as an App layer in a published image only, not as an Elastic Layer.
User Layer creation process
This is how User layers are created.
- You enable User layers in your Image template:
- Set Elastic Layering in the image template wizard on the Image Disk tab to Application and User Layers or Application and Office 365 User Layer.
- Publish layered images using the above image template.
- When a user logs on to their desktop for the first time, a User layer is created for them.
You can turn on User layers for Office 365 by changing the image template’s Elastic Layering setting to Application Layering, and the User Layer setting to Office 365. The following user directory is redirected to the Office 365 layer:
The Outlook layer defaults to 10 GB, but may use less space if there is not enough on the image. Outlook may also use more space if appropriate. Outlook sets the volume size based on the amount of free disk space, and the size reported is based on the image.
User Layer size and location
User Layer Size You can define a quota for the User layer share. If a quota is defined, the User layer will be configured to be a maximum of that size. If no quota is defined and no over-ride is defined then the User layer will be set to a max size of 10GB.
Quotas In order to have quota affect User Layer sizing it must be a hard quota. We have tested Microsoft’s quota tools; File Server Resource Manager (FSRM) and Quota Manager.
The quota must be set on the User Layer directory meaning the one named “Users”.
Note: Changing the quota (increasing or decreasing) only impacts new User Layers. The maximum size of existing User Layers was previously set and will remain unchanged when the quota is updated.
Registry Overrides It is possible to over-ride the default User Layer max size using the registry on Managed Machines. The following keys are optional and do not need to be configured for normal operation. If needed they must be added manually using a layer or a GPO/GPP.
Registry Root: HKLM\Software\Unidesk\Ulayer
|UseQuotaIfAvailable||String||True; False||True to enable discovery and use of quotas. False to disable.|
|DefaultUserLayerSizeInGb||DWord||User defined||The size of the user layer in GB (E.g. 5, 10, 23, etc.) When not specified the default is 10.|
|QuotaQuerySleepMS||DWord||User defined||The number of milliseconds to wait after creating the directory for the user layer before checking to see if it has a quota. This is necessary to give some quota systems time to apply the quota to the new directory (FSRM requires this). When not specified the default is 1000|
User layer location User Layers are created in the Users folder on the appliance’s network file share, for example:
The default size of a User Layer is 10 GB, and each user has his/her own directory within the Users directory, named as follows:
- User’s login name: jdoe
- User’s Domain: testdomain1
- OS layer: MyOSLayer (ID is in hexidecimal format: 123456)
- User Layer would be created in:
Before deploying User layers, please consider the following guidelines and limitations.
- The User layer is delivered via the appliance’s file share, therefore:
- If the host is disconnected from the User layer storage, the user will have to log out and log in again to re-establish the disk mount. The user will have to wait approximately 5 minutes because the user layer will be inaccessible.
- Certain enterprise applications, such as MS Office and Visual Studio should be installed in App layers, not as user-installed applications in the User layer. User layers are based on the same technology as Elastic layers, and therefore share the same limitations.
- Windows updates must be disabled on the User layer.
- VMware Horizon View:
View must be configured for non-persistent desktops, and the desktop must be set to Refresh at log off. Delete or refresh the machine on log off. Example:
After logging off with View set to Refresh Immediately, the desktop goes into maintenance mode. If there is only one machine in the pool, the pool will not be available until that machine has completed the refresh.
- The first time a user logs into his/her desktop, a User layer is created for the him/her.
- If there is problem loading the elastically assigned layers for the user, they will still receive their User layer.
- If you rename the user in AD, a new directory and User layer will be created for the new name. To avoid this, rename the directory on the file share and the VHD file in the directory structure to the new AD user name.
Add storage locations for User Layers
When you enable User layers on a layered image, the data and settings for each user are persisted between sessions.
When deploying with User layers enabled, you must add storage locations for those layers, rather than allowing user data to be saved on the appliance’s main file share.
The main file share is used to:
- Package layers using the network file share, rather than a connector for your hypervisor.
- Publish layered images to the network file share, rather than a connector for your publishing platform.
- Serve Elastic layers.
- Upgrade the App Layering software.
When configuring storage locations:
- You can assign Groups of users to each location.
- The first storage location added to the appliance becomes the default location for User layers not associated with any other storage location.
- Storage locations are listed in priority order.
- If a user belongs to more than one group and those groups are assigned to different storage locations, the person’s User layer will be stored in the highest priority storage location. Once the person’s User layer is saved to the highest priority location, if you change the priority order of the storage locations that the user is assigned to, data saved up until that point will remain in the previously highest priority location. To preserve the person’s User layer, you must copy the their User layer to the new highest priority location.
Create Storage Locations
To add a storage location:
Log into the management console.
Select System > Storage Locations.
Select Add Storage Location. A list is displayed of file shares, except for the appliance’s main file share.
Select Add Storage Location, and enter a Name and Network Path for the new location.
On the User Layer Assignments tab, expand the directory tree and select the check box(es) for one or more groups to add to the new storage location.
On the Confirm and Complete tab, click Add Storage Location.
Once the storage locations are added, you must set security on the User layer fFolders.
Configure security on User layer folders
Storage locations allow you to have more than one location specified for your User layers. For each storage location (including the default location) you need to create a /Users subfolder and secure that location.
The security on each User layer folder must be set to the following values by a domain administrator:
|Setting name||Value||Apply to|
|Creator Owner||Modify||Subfolders and Files only|
|Owner Rights||Modify||Subfolders and Files only|
|Users or group:||Create Folder/Append Data; Traverse Folder/Execute File;List Folder/Read Data; Read Attributes||Selected Folder Only|
|System||Full Control||Selected Folder, Subfolders and Files|
|Domain Admins, and selected Admin group||Full Control||Selected Folder, Subfolders and Files|
Set security on the User layer folders
Log into the management console.
Select System > Storage Locations. The file shares displayed are the storage locations defined for User Layers. For example, say you’ve defined three Storage Locations so that you can more easily manage storage for Group1 and Group2 separate from everyone else in the organization:
- Default location - \\MyDefaultShare\UserLayerFolder\
- Group1 - \\MyGroup1\Share\UserLayerFolder\
- Group2 - \\MyGroup2\Share\UserLayerFolder\
Note: The appliance’s main file share, which is used for storing OS, App, and Platform Layers, is not listed as a User Layer Storage Location.
Create a \Users subdirectory under each file share:
Apply the security settings listed above to each /Users subdirectory.
Customize User layer messages for users
You can customize notification messages sent to users when their User Layer is not available. The message is displayed to the user upon login.
The App Layering software displays messages for end users when the software is unable to:
- Read configuration (json) files from the configuration file share.
- Attach a User Layer because it is in use.
- Attach a User Layer for any other reason.
The messages are displayed as needed in the App Layering Management Console when you add a new storage location or modify an existing one.
User Layer In Use (customizable message)
We were unable to attach your User Layer because it is in use. Any changes you make to application settings or data will not be saved. Be sure to save any work to a shared network location.
User Layer Unavailable (customizable message)
We were unable to attach your User Layer. Any changes you make to application settings or data will not be saved. Be sure to save any work to a shared network location.
Unable to read json files from the config share
We were unable to load the required configuration files. You may not be able to access some of your applications. And, any changes you make to application settings or data will not be saved. Be sure to save any work to a shared network location.
When logged into the appliance as Administrator, you can customize the first two of the above messages. To do so:
- Log into the Management Console as Administrator.
- Select Add Storage Location if creating a new location, or Edit Storage Location if customizing messages for an existing location.
- In the Add/Edit Storage Location wizard, select the User Layer Messages tab and the Override check box.
- Enter the messages exactly as you want them to be displayed. The message can be in any language.
- Use the Confirm and Complete tab to save your changes.
Move existing User layers to the new location
Copy each User layer storage location to its new location:
Make sure the User Layer is not in use.
If a user logs in before you move his/her User Layer, a new User Layer will be created. No data will be lost, but you will need to delete the newly created User Layer, and copy it to the new directory, ensuring that the user’s ACLs are preserved.
Browse to the directory containing the User Layer VHD file.
Using the following command, copy each of the User Layer VHD files from the previous location to the new one
xcopy Domain1\User1 Domain1_User1\ /O /X /E /H /K
Verify that all permissions are correct on the following directories, and files within them:
Let users create new User Layers and remove the previous ones
If you choose to let users create new User Layers, you must manually clean up the original directories and files from your share.