May 30, 2018
The steps for updating the software in an OS, Platform, or App layer is virtually the same. You add a version to the layer, install the upgrade or patch on the packaging machine, verify, and then finalize the layer. Once updated, you deploy the new layer version, and this varies based on the type of layer, as described at the end of this article.
Add a version to the layer
- In the Citrix App Layering Management Console, select Layers > OS Layers
- Select an OS layer and click Add Version. This opens the Create OS Version wizard.
- In the Version Details tab:
- For Base Version, select the version to use as the base for the new layer version. The default is the latest version.
- Enter a name for the New Version. This can be the OS version or other identifying information.
- In the Connector tab, select a Connector configuration for the hypervisor where you’ll be publishing your layered images. You can also modify an existing configuration by selecting it and clicking Edit. If you have not yet created a connector configuration or if the configuration you need is not present, click New to create a new connector configuration and select it from this list.
- In the Packaging Disk tab, enter a file name for the Packaging Disk, and select the disk format. This disk will be used for the Packaging Machine (the VM) where you will install the application, as described in the next two sections.
- In the Confirm and Complete tab, verify your settings and click Create Version. This runs a task for creating a new OS version. When the task completes, it shows a status of Action Required. When you double-click the task to expand it, the task contains the following text (refer to the image in the next section):
“The Packaging Disk has been published. The virtual machine ‘<…>’ can be found in folder ‘<…>’ in datacenter ‘<…>’. Power on this virtual machine to install your application. When the installation is complete, power off the virtual machine before clicking Finalize on the Action bar.”
Next, you can deploy a packaging machine for this OS layer version.
Deploy a Packaging Machine to your hypervisor
The packaging machine is a virtual machine where you install any updates or applications you want to include in the OS layer. The packaging machine is a temporary virtual machine that will be deleted once the OS layer has been finalized.
The task description contains directions to navigate to the location in your hypervisor where the packaging machine for this layer has been created.
- To create the packaging machine in your hypervisor, begin with the expanded packaging disk task shown in step 2 below.
- Log into your hypervisor client.
- Back in the management console, use the instructions in the expanded packaging disk task to navigate to the packaging machine.
Install the OS update
- Remote log into the packaging machine. Be sure to log in to the User account you used to create the OS.
- Install any updates or applications you want to include in the new OS layer version, such as Windows Updates or anti-virus applications.
- If an application installation requires a system restart, restart it manually. The packaging machine does not restart automatically.
- Make sure the packaging machine is in the state you want it to be for the user:
- If the applications you install require any post-installation setup or application registration, complete those steps now.
- Remove any settings, configurations, files, mapped drives, or applications that you do not want to include on the packaging machine.
Next, you will shut down the packaging machine and verify that the layer is ready to finalize.
Verify the Layer and shut down the Packaging Machine
Once the application is installed on the Packaging Machine, the next step is to verify that the Layer is ready to be finalized. To be ready for finalization, any required post-installation processing needs to be completed. For example, a reboot may be required, or a Microsoft NGen process may need to complete.
To verify that any outstanding processes are complete, you can run the Shutdown For Finalize tool (icon below), which appears on the Packaging Machine’s desktop.
To use the Shutdown For Finalize tool:
- If you are not logged into the Packaging Machine, remote log in as the user who created the machine.
- Double-click the Shutdown For Finalize icon. A command line window displays messages detailing the layer verification process.
- If there is an outstanding operation that must be completed before the Layer can be finalized, you are prompted to complete the process. For example, if a Microsoft NGen operation needs to complete, you may be able to expedite the NGen operation, as detailed below.
- Once any pending operations are complete, double-click the Shutdown For Finalize icon again. This shuts down the Packaging Machine.
The Layer is now ready to finalize.
Layer integrity messages Layer integrity messages let you know what queued tasks must be completed before a Layer is finalized.
The new Layer or Version can only be finalized when the following conditions have been addressed:
- A reboot is pending to update drivers on the boot disk - please check and reboot the Packaging Machine.
- A post-installation reboot is pending - please check and reboot the Packaging Machine.
- An MSI install operation is in progress - please check the Packaging Machine.
- A Microsoft NGen operation is in progress in the background.
Note: If a Microsoft NGen operation is in progress, you may be able to expedite it, as described in the next section.
Expediting a Microsoft NGen operation NGen is the Microsoft Native Image Generator. It is part of the .NET system, and basically re-compiles .NET byte code into native images and constructs the registry entries to manage them. Windows will decide when to run NGen, based on what is being installed and what Windows detects in the configuration. When NGen is running, you must let it complete. An interrupted NGen operation can leave you with non-functioning .NET assemblies or other problems in the .NET system.
You have the choice of waiting for the NGen to complete in the background, or you can force the NGen to the foreground. You can also check the status of the NGen operation, as described below. However, every time you check the queue status, you are creating foreground activity, which might cause the background processing to temporarily pause.
Forcing the NGen to the foreground will allow you to view the progress and once the output has completed, you should be able to finalize the layer.
- Force an NGen operation to the foreground.
Normally, NGen is a background operation and will pause if there is foreground activity. Bringing the task into the foreground can help the task to complete as quickly as possible. To do this
- Open a command prompt as Administrator.
- Go to the Microsoft .NET Framework directory for the version currently in use: cd C:\Windows\Microsoft.NET\FrameworkNN\vX.X.XXXXX
- Enter the NGen command to execute the queued items: ngen update /force This brings the NGen task to the foreground in the command prompt, and lists the assemblies being compiled. Note: It’s okay if you see several compilation failed messages!
- Look in the Task Manager to see if an instance of MSCORSVW.EXE is running. If it is, you must allow it to complete, or re-run ngen update /force. Do not reboot to stop the task. You must allow it to complete.
- Check the status of an NGen operation
- Open a command prompt as Administrator.
- Check status by running this command: ngen queue status
- When you receive the following status, the NGen is complete, and you can finalize the Layer. The .NET Runtime Optimization Service is stopped
Finalize the OS layer
Once the packaging machine is created and any apps or updates installed, you’ll need to finalize the layer.
Note: When you finalize a new version of an OS layer, the system deletes the packaging machine so as not to incur more costs.
When a layer is ready to finalize:
- Return to the management console.
- In the Layers module, select the layer.
- Select Finalize in the Action bar.
- Monitor the Taskbar to verify that the action completes successfully and that the layer is deployable.