App Layering

Prepare your OS image for layering in Nutanix

This topic explains how to prepare a clean OS image for import into a new OS layer. Before you start, make sure that you meet the requirements. While preparing the image, you can Expedite a Microsoft Ngen.exe operation, if necessary, if you think it is taking too long.

If using Windows 10 and not running PVS, machine creation, or View, you can speed up desktop start times by removing Windows 10 built-in applications. However, we recommend removing the apps on a new version of the OS layer, not in the OS image itself.

Note:

Do not use an unattend file in Nutanix. The App Layering software removes the unattend file if it is present, because it is not necessary or recommended in Nutanix.

Install the OS on a virtual machine

As part of this procedure, you can set up Key Management Service (KMS) activation.

Note: Publishing images into environments where both KMS and Active Directory-based activation(ADBA) are being used at the same time causes problems with activation.

  1. Log into the Prism Console.
  2. Select Task > VM, and switch to Table View to see the existing virtual machines.
  3. Click +Create VM in the upper right corner, and enter the specifics about the new virtual machine:
    1. Enter a Name and add a Description.
    2. Select the number of VCPUs.
    3. Set the Cores per CPU.
    4. Set Memory.
    5. Select Disks, and create a virtual machine with three disks. The first CD-ROM is the ISO for the OS. The second CD-ROM is for the Nutanix VIRTIO drivers that allow the Nutanix virtual machine to access the disk where you install the OS. One CD-ROM is assigned in the beginning.
      1. Edit the values for the assigned CD-ROM:
      2. For Operation, select Clone from ADSF file.
      3. For Bus Type, select IDE.
      4. Enter the path to your Windows ISO. The path is the combination of the Storage Container and the ISO Name. For example:

        /ISOStore/en_windows_10_enterprise_version_1511_x64_dvd_7224901.iso

      5. Click Update.
    6. Add another disk by clicking the +Add New Disk button:
      1. Set the Type to CDROM.
      2. Set the Operation to Clone from ADSF file.
      3. Set the Bus Type to IDE
      4. Enter the path to the Windows VIRTIO Drivers. For example:

        /ISOStore/virtio-win-0.1.102.iso

      5. Click Add.
    7. Click the +Add New Disk button.
      1. Set the Type to Disk.
      2. Set the Operation to Allocate on Container.
      3. Set the Bus Type to SCSI.
      4. Select the Container you want to use.
      5. Enter the Size.
      6. Click Add.
    8. Click +Add new Nic, and enter the VLAN Name.
    9. Click Save.
  4. Power on the virtual machine.
    1. Select Tasks > VM.
    2. Switch to the Table View to see existing virtual machines.
    3. Select the virtual machine in the Table, and click Power On.
  5. Launch the console by selecting the VM and clicking Launch Console. When the VM boots it begins to install the Windows OS from the ISO disk. When the VM boots, it begins to install the Windows OS from the ISO disk.
    1. When asked, “Where do you want to install Windows?” notice that even though you added a disk in the VM creation wizard, there is no disk.
    2. Select the Load Driver option, and select Browse.
    3. Select the CD with the virtio-win-0.1.1 drivers.
    4. Select the vioscsi folder, and choose the folder for your Windows OS.
  6. After the OS is installed manually install the VirtIO drivers:
    1. Launch Device Manager.
    2. Select Other Devices, right-click Ethernet Controller and choose Update Driver Software.
    3. Browse My Computer, and choose the VirtIO CD. The Ethernet drivers are stored in the NetKVM folder.
  7. Server OS: If you need a session host feature:
    1. Select Add roles and features.
    2. For the Installation Type select Feature-based installation.
    3. For the Server Role, select Remote Desktop Services > Remote Desktop Session Host.
    4. Complete the process of adding server roles.
  8. Install all important updates. Restart the system and check for more updates. Some updates only become available after others are installed.
  9. Install all required service packs.
  10. Disable Windows System Restore and Windows Automatic Updates.
  11. Enable built-in administrator and check Password never expires.
  12. If using Key Management Service (KMS) licensing, run a command window as Administrator, and enter these commands:

    slmgr /skms <kmsserverhost>
    slmgr /rearm
    reboot
    slmgr /ipk XXXX-YOUR-KMS-KEY-XXXX
    slmgr /ato
    <!--NeedCopy-->
    
  13. Server OS: Add Domain Users to Remote setting for server OS.
  14. Check for dead (ghost) NICs and delete if any exist. Enter the commands:

    set devmgr_show_nonpresent_devices=1
    devmgmt.msc
    <!--NeedCopy-->
    
  15. Uninstall any dead (ghost) NICs.
  16. If this is a server OS, run the following commands in PowerShell:

    Set-ExecutionPolicy Unrestricted
    Enable-PSRemoting
    <!--NeedCopy-->
    

Run the OS Machine Tools on the OS image

To prepare the OS image to run in a layer, you run the OS Machine Tools file on the image. This executable runs a GPO setup script (gposetup.cmd), and a Set KMS Version script (SetKMSVersion.hta).

  1. Download the following executable file onto the OS image:

    Citrix_App_Layering_OS_Machine_Tools_20.x.x.exe

  2. Run the executable. Files are saved to:

    c:\windows\setup\scripts

    Note:

    The file must be extracted to the c:\windows\setup\scripts directory. Do not change the directory.

If using Key Management Service (KMS), configure license activation

Once the scripts are extracted, the SetKMSVersion utility asks you to choose whether to use KMS licensing.

Note: Publishing images into environments where both KMS and Active Directory-based activation (ADBA) are being used at the same time causes problems with activation.

  1. In the following dialog box, select whether to use Key Management Service (KMS) licensing.

    Set KMS version image

To configure scripts for KMS, do the following.

  1. Navigate to:

    c:\windows\setup\scripts

  2. Run SetKMSVersion.exe as Administrator. This creates a script file in the c:\windows\setup\scripts\kmsdir folder.

When the operating system starts, the appropriate KMS activation script is run.

Make sure the correct versions of .NET Framework are installed (Windows 10 and Windows Server 2016)

The .NET Framework is a software framework provided by Microsoft, and it is required for many third party applications to run. Any installations of the .NET Framework must be included in the OS layer. This includes .NET 3.5 and .NET 4.0 or later.

Note:

.NET 4.8 is required by Citrix Virtual Apps and Desktops (CVAD) 2303 to add VDAs.

Be sure to install the .NET Framework and any updates on your OS layer.

Install the App Layering services

  1. In the c:\windows\setup\scripts folder, run the setup_x86.exe (32-bit) or setup_x64.exe (64-bit).

  2. The installation prompts for the location of the unattend file. Do NOT use the unattend file in Nutanix.

Run the Optimization script, if using MS Office

The Optimization script included in the App Layering installation package is required to layer Microsoft Office. This script allows you to save memory and CPU by disabling services you don’t need, enabling services you do need, and removing installation-specific drivers and settings.

You can run the Optimization script on the OS layer, and if needed, supersede it with a new version of the script in an App layer included in your image template. Since App layers are applied to the image after the OS layer, the script in the App layer overrides the original version in the OS layer.

  1. In the c:\windows\setup\scripts folder, run the optimizations.cmd file to create a file to run when the image is created.

  2. Follow the instructions to run optimizations.cmd on the OS image.

Expedite a Microsoft Ngen.exe operation, if necessary

Once all software updates have been installed, you must allow Ngen.exe to essentially recompile .NET byte code into native images and construct the registry entries to manage them.

Ngen.exe is the Microsoft Native Image Generator, which is part of the .NET system. Windows determines when to run Ngen.exe based on what software is being installed and what Windows detects in the configuration.

Important: When Ngen.exe is running, you must let it complete. An interrupted Ngen.exe operation can leave you with non-functioning .NET assemblies or other problems in the .NET system.

Normally, Ngen.exe is a background operation that pauses when there is foreground activity. If you want to expedite an Ngen.exe operation, you can bring the task into the foreground to complete it as quickly as possible.

To bring the task into the foreground:

  1. Open a command prompt as Administrator.
  2. Go to the Microsoft.NET\Framework directory for the version currently in use:

    cd C:\Windows\Microsoft.NET\FrameworkNN\vX.X.XXXXX <!--NeedCopy-->

  3. Enter the following Ngen.exe command to run all queued items. This command processes queued component installs before building assemblies.

    ngen eqi 3 <!--NeedCopy-->

    The Ngen.exe task moves to the foreground in the command prompt, and lists the assemblies being compiled. It is OK if you see compilation messages.

    You can use the Task Manager to see if an instance of MSCORSVW.EXE is running. If it is, allow it to complete, or run ngen update eqi 3.

    Caution: Do not reboot to stop the task. Allow the task to complete!

  4. Ensure that all Ngen.exe processes have run to completion.