The steps for updating the software in an OS, platform, or app layer are virtually the same. You add a version to the layer, install the upgrade or patch on the packaging machine, verify, and then finalize the layer. Once updated, you deploy the new layer version, which varies based on the type of layer.
The platform layer is the highest priority layer and critical for the deployment of images, especially with regards to devices, such as your networks. Whenever you update the infrastructure software, you must add a new version to the platform layer.
You add a version to the platform layer using the new OS layer as the base. Once the packaging machine has started, shut down the machine for finalization. The platform layer gathers the critical components from the new OS layer version, and updates them in the platform so that they match the OS version.
Add a version to the layer
For example, to add a version to an OS layer:
- In the Citrix App Layering Management Console, select Layers > OS Layers
- Select an OS layer and click Add Version. This opens the Create OS Version wizard.
- In the Version Details tab:
- For Base Version, select the version to use as the base for the new layer version. The default is the latest version.
- Enter a name for the New Version. This can be the OS version or other identifying information.
- In the Connector tab, select a Connector configuration for the hypervisor where you create your layer. You can also modify an existing configuration by selecting it and clicking Edit. If you have not yet created a connector configuration or if the configuration you need is not present, click New to create a new connector configuration and select it from this list.
- In the Packaging Disk tab, enter a file name for the Packaging Disk, and select the disk format to use if you are using the appliance’s File Share, instead of a connector configuration. This disk is used for the packaging machine (the virtual machine) where you install the application.
- In the Confirm and Complete tab, verify your settings and click Add Version. This runs a task to create an OS version. When the task completes, it shows a status of Action Required. When you double-click the task to expand it, the task contains the following text (refer to the image in the next section):
“The Packaging Disk has been published. The virtual machine ‘<…>’ can be found in folder ‘<…>’ in data center ‘<…>’. Power on this virtual machine to install your application. When the installation is complete, power off the virtual machine before clicking Finalize on the Action bar.”
Next, you can deploy a packaging machine for this OS layer version.
Deploy a packaging machine to your hypervisor
The packaging machine is a virtual machine where you install the updates or applications to include in the layer. The packaging machine is a temporary virtual machine that is deleted once the OS layer has been finalized.
The task description contains directions to navigate to the location in your hypervisor where the packaging machine for this layer has been created.
- To create the packaging machine in your hypervisor, begin with the expanded packaging disk task shown in step 2.
- Log into your hypervisor client.
- Back in the management console, use the instructions in the expanded packaging disk task to navigate to the packaging machine.
Install the OS update
- Remote log into the packaging machine. Be sure to log in to the User account you used to create the OS.
- Install any updates or applications you want to include in the new OS layer version, such as Windows Updates or antivirus applications.
- If an application installation requires a system restart, restart it manually. The packaging machine does not restart automatically.
- Make sure the packaging machine is in the state you want it to be for the user:
- If the applications you install require any post-installation setup or application registration, complete those steps now.
- Remove any settings, configurations, files, mapped drives, or applications that you do not want to include on the packaging machine.
Next, you shut down the packaging machine and verify that the layer is ready to finalize.
Verify the Layer and shut down the packaging machine
The next step is to verify that the layer is ready to be finalized. To be ready for finalization, any required post-installation processing, for example, a reboot or a Microsoft
ngen process, must complete.
To verify that any outstanding processes are complete, you can run the Shutdown For Finalize tool (icon below), which appears on the Packaging Machine’s desktop.
To use the Shutdown For Finalize tool:
- If you are not logged into the packaging machine, remote login as the user who created the machine.
- Double-click the Shutdown For Finalize icon. A command line window displays messages detailing the layer verification process.
- If there is an outstanding operation that must be completed before the layer can be finalized, you are prompted to complete it. For example, if a Microsoft
ngenoperation must complete, you can try to expedite the
ngenoperation, as detailed below.
- Once any pending operations are complete, double-click the Shutdown For Finalize icon again. This shuts down the Packaging Machine.
The layer is ready to finalize.
If the connector configuration you selected is set to Offload Compositing, the layer is automatically finalized. Otherwise, the next step is to finalize the layer manually, as described in the next procedure.
Layer integrity messages
The following layer integrity messages tell you what queued operations must be completed before the layer is ready to finalize:
A RunOnce script is outstanding - please check and reboot the Packaging Machine.
A post-installation reboot is pending - please check and reboot the packaging machine.
A Microsoft ngen operation is in progress in the background.-
An MSI install operation is in progress - please check the packaging machine.
A reboot is pending to update drivers on the boot disk - please check and reboot the packaging machine.
A Microsoft ngen operation is needed.
Software Center Client is configured to run, but the SMSCFG.INI is still present. To learn more about deploying SCCM in a virtual environment, see the Microsoft TechNet article, [Implementing SCCM in a XenDesktop VDI environment](https://social.technet.microsoft.com/wiki/contents/articles/23923.implementing-sccm-in-a-xendesktop-vdi-environment.aspx).
For details about what the layer integrity messages mean and how to debug them, see Debugging Layer Integrity Problems in Citrix App Layering 4.x and later.
You cannot bypass layer integrity messages by shutting down the machine. The App Layering software stops and returns you to the packaging machine until the processes have completed.
If a Microsoft
ngen operation is in progress, you may be able to expedite it, as described in the next section.
Ngen.exe operations, if necessary
Once all software updates have been installed, you must allow
Ngen.exe to essentially recompile
.NET byte code into native images and construct the registry entries to manage them.
Ngen.exe is the Microsoft Native Image Generator, which is part of the
.NET system. Windows determines when to run
Ngen.exe based on what software is being installed and what Windows detects in the configuration.
Ngen.exeis running, you must let it complete. An interrupted
Ngen.exeoperation can leave you with non-functioning
.NETassemblies or other problems in the
Ngen.exe is a background operation that pauses when there is foreground activity. If you want to expedite an
Ngen.exe operation, you can bring the task into the foreground to complete it as quickly as possible.
To bring the task into the foreground:
- Open a command prompt as Administrator.
Go to the
Microsoft.NET\Frameworkdirectory for the version currently in use:
If using .NET Framework 3 or later, enter the following
Ngen.execommand to run all queued items. This command processes queued component installs before building assemblies.
ngen eqi 3
Ngen.exetask moves to the foreground in the command prompt, and lists the assemblies being compiled. It is OK if you see compilation messages.
Ensure that all
Ngen.exeprocesses have run to completion. You can use the Task Manager to see if an instance of
MSCORSVW.EXEis running. If it is, allow it to complete, or run
ngen eqi 3.
Caution: Do not reboot to stop the task. Allow the task to complete!
If using .NET Framework 2 or earlier, enter the following
Ngen.execommand to run the queued items.
ngen update /force
This brings the ngen task to the foreground in the command prompt, and lists the assemblies being compiled.
Note: It’s okay if you see compilation failed messages. Look in the Task Manager to see if an instance of MSWORD.EXE is running. If it is, you must allow it to complete, or rerun ‘ngen update /force`. Do not reboot to stop the task. Allow it to complete.
Check the status of an
Ngen.exeoperation by opening a command prompt as Administrator and running this command:
ngen queue status
Caution: Do not reboot to stop the task. Allow the task to complete!
- When all operations are complete, shut down the virtual machine using the Shutdown For Finalize shortcut available on your desktop.
Finalize the layer manually
Once the packaging machine is created and any apps or updates installed, you can finalize the layer.
Note: When you finalize a new version of an OS layer, the system deletes the packaging machine so as not to incur more costs.
When a layer is ready to finalize:
- Return to the management console.
- In the Layers module, select the layer.
- Select Finalize in the Action bar.
- Monitor the Taskbar to verify that the action completes successfully and that the layer is deployable.