The steps for updating the software in an OS, platform, or app layer are virtually the same. You add a version to the layer, install the upgrade or patch on the packaging machine, verify, and then finalize the layer. Once updated, you deploy the new layer version, which varies based on the type of layer.
The platform layer is the highest priority layer and critical for the deployment of images, especially with regards to devices, such as your networks. Whenever you update the infrastructure software, you must add a new version to the platform layer.
You add a version to the platform layer using the new OS layer as the base. Once the packaging machine has started, shut down the machine for finalization. The platform layer gathers the critical components from the new OS layer version, and updates them in the platform so that they match the OS version.
Add a version to the layer
For example, to add a version to an OS layer:
- In the Citrix App Layering Management Console, select Layers > OS Layers
- Select an OS layer and click Add Version. This opens the Create OS Version wizard.
- In the Version Details tab:
- For Base Version, select the version to use as the base for the new layer version. The default is the latest version.
- Enter a name for the New Version. This can be the OS version or other identifying information.
- In the Connector tab, select a Connector configuration for the hypervisor where you create your layer. You can also modify an existing configuration by selecting it and clicking Edit. If you have not yet created a connector configuration or if the configuration you need is not present, click New to create a new connector configuration and select it from this list.
- In the Packaging Disk tab, enter a file name for the Packaging Disk, and select the disk format to use if you are using the appliance’s File Share, instead of a connector configuration. This disk is used for the packaging machine (the virtual machine) where you install the application.
- In the Confirm and Complete tab, verify your settings and click Add Version. This runs a task to create an OS version. When the task completes, it shows a status of Action Required. When you double-click the task to expand it, the task contains the following text (refer to the image in the next section):
“The Packaging Disk has been published. The virtual machine ‘<…>’ can be found in folder ‘<…>’ in data center ‘<…>’. Power on this virtual machine to install your application. When the installation is complete, power off the virtual machine before clicking Finalize on the Action bar.”
Next, you can deploy a packaging machine for this OS layer version.
Deploy a packaging machine to your hypervisor
The packaging machine is a virtual machine where you install the updates or applications to include in the layer. The packaging machine is a temporary virtual machine that is deleted once the OS layer has been finalized.
The task description contains directions to navigate to the location in your hypervisor where the packaging machine for this layer has been created.
- To create the packaging machine in your hypervisor, begin with the expanded packaging disk task shown in step 2.
- Log into your hypervisor client.
- Back in the management console, use the instructions in the expanded packaging disk task to navigate to the packaging machine.
Install the OS update
- Remote log into the packaging machine. Be sure to log in to the User account you used to create the OS.
- Install any updates or applications you want to include in the new OS layer version, such as Windows Updates or antivirus applications.
- If an application installation requires a system restart, restart it manually. The packaging machine does not restart automatically.
- Make sure the packaging machine is in the state you want it to be for the user:
- If the applications you install require any post-installation setup or application registration, complete those steps now.
- Remove any settings, configurations, files, mapped drives, or applications that you do not want to include on the packaging machine.
Next, you shut down the packaging machine and verify that the layer is ready to finalize.
Verify the Layer and shut down the packaging machine
The next step is to verify that the layer is ready to be finalized. To be ready for finalization, any required post-installation processing, for example, a reboot or a Microsoft
ngen process, must complete.
To verify that any outstanding processes are complete, you can run the Shutdown For Finalize tool (icon below), which appears on the Packaging Machine’s desktop.
To use the Shutdown For Finalize tool:
- If you are not logged into the packaging machine, remote login as the user who created the machine.
- Double-click the Shutdown For Finalize icon. A command line window displays messages detailing the layer verification process.
- If there is an outstanding operation that must be completed before the layer can be finalized, you are prompted to complete it. For example, if a Microsoft
ngenoperation must complete, you can try to expedite the
ngenoperation, as detailed below.
- Once any pending operations are complete, double-click the Shutdown For Finalize icon again. This shuts down the Packaging Machine.
The layer is ready to finalize.
If the connector configuration you selected is set to Offload Compositing, the layer is automatically finalized. Otherwise, the next step is to finalize the layer manually, as described in the next procedure.
Layer integrity messages
The following layer integrity messages tell you what queued operations must be completed before the layer is ready to finalize:
A RunOnce script is outstanding - please check and reboot the Packaging Machine.
A post-installation reboot is pending - please check and reboot the packaging machine.
A Microsoft ngen operation is in progress in the background.-
An MSI install operation is in progress - please check the packaging machine.
A reboot is pending to update drivers on the boot disk - please check and reboot the packaging machine.
A Microsoft ngen operation is needed.
Software Center Client is configured to run, but the SMSCFG.INI is still present. To learn more about deploying SCCM in a virtual environment, see the Microsoft TechNet article, [Implementing SCCM in a XenDesktop VDI environment](https://social.technet.microsoft.com/wiki/contents/articles/23923.implementing-sccm-in-a-xendesktop-vdi-environment.aspx).
For details about what the layer integrity messages mean and how to debug them, see Debugging Layer Integrity Problems in Citrix App Layering 4.x and later.
You cannot bypass layer integrity messages by shutting down the machine. The App Layering software stops and returns you to the packaging machine until the processes have completed.
If a Microsoft
ngen operation is in progress, you may be able to expedite it, as described in the next section.
Expediting a Microsoft
ngen operation is the Microsoft Native Image Generator. It is part of the .NET system, and basically recompiles .NET byte code into native images and constructs the registry entries to manage them. Windows decides when to run
ngen based on what is being installed and what Windows detects in the configuration. When
ngen is running, you must let it complete. An interrupted
ngen operation can leave you with non-functioning .NET assemblies or other problems in the .NET system.
You have the choice of waiting for the
ngen to complete in the background, or you can force the
ngen to the foreground. You can also check the status of the
ngen operation, as described below. However, every time you check the queue status, you are creating foreground activity, which might cause the background processing to temporarily pause.
ngen to the foreground allows you to view the progress. Once the output has completed, you can finalize the layer.
- Force an
ngenoperation to the foreground. Normally,
ngenis a background operation. It pauses if there is foreground activity. Bringing the task into the foreground can help the task to complete as quickly as possible. To bring the task to the foreground:
- Open a command prompt as Administrator.
- Go to the Microsoft .NET Framework directory for the version currently in use:
- Enter the
ngencommand to run the queued items: ngen update /force This brings the
ngentask to the foreground in the command prompt, and lists the assemblies being compiled.
Note: It’s OK if you see
- Look in the Task Manager to see if an instance of MSCORSVW.EXE is running. If it is, you must allow it to complete, or rerun
ngen update /force. Do not reboot to stop the task. Allow it to complete.
- Check the status of an
- Open a command prompt as Administrator.
- Check status by running this command:
ngen queue status
- When you receive the following status, the
ngenis complete, and you can finalize the Layer. The .NET Runtime Optimization Service is stopped
Finalize the layer manually
Once the packaging machine is created and any apps or updates installed, you can finalize the layer.
Note: When you finalize a new version of an OS layer, the system deletes the packaging machine so as not to incur more costs.
When a layer is ready to finalize:
- Return to the management console.
- In the Layers module, select the layer.
- Select Finalize in the Action bar.
- Monitor the Taskbar to verify that the action completes successfully and that the layer is deployable.