Design Decision: Image Layering
Use App Layering inside Azure for the same use cases that you would use it in your on-premises data center:
- Manage a significant number of Machine Creation Service (MCS) images
- Provide persistent desktops for users using non-persistent VDA hosts with MCS
- Limit the rebooting of the Virtual Delivery Agent (VDA) hosts
NOTE: App Layering requires Gen 1 VMs and Provisioning Services (PVS) requires Gen 2 VMs so the two services are currently incompatible.
App Layering works almost the same way in Azure as on-premises. Here are some of the questions that you may have about App Layering.
What are the differences between using Citrix App Layering on-premises and using it in the Azure cloud?
Each application along with its related software should be installed in its own layer. These guidelines help you plan the layers.
Base Operating System (OS) Layer
Start with a new OS image and use only a single OS layer and choose Resource Manager from the listed deployment models
Do not select the “Use managed disks” option. In Azure, Layering requires a storage account.
Verify that the OS is set to use DHCP for IP addressing.
If using an Azure VM that has the Page file on the D: drive, move it back to the C: drive before capturing the OS layer. With this change, the image will still deploy correctly in production. The requirement is just temporary during the single disk OS image capture process.
Do not use or include an UNATTEND.TXT file, since the Layering process removes it automatically.
Use ngen.exe to pre-compile .NET executables.
Set Built-in Administrator to “Password Never Expires”.
For server OS builds, set the PowerShell Execution policy to unrestricted and enable PSRemoting.
Install the App Layering Services on the OS Layer.
Install App Layer OS Machine Tools and follow the instructions for KMS scripts if using KMS Licensing. The Citrix App Layering OS Machine Tools include special scripts to automatically handle the complexities of Microsoft Licensing and prevent any misconfigurations.
The platform layer consists primarily of software not included in the base OS layer that connects to other infrastructure.
Join the Active Directory domain and verify that the user name is in the format DOMAIN\Username. Ignore the default request for just the user name.
Install the provisioning software, Citrix VDA, and Citrix Workspace Environment Manager into this layer.
Publishing the Image
Create an image template and use that to publish an image for MCS.
The new image appears as a VHD in the Storage account’s container citrix-al-images.
If your App Layering version is earlier than 4.15, attach the image to an Azure VM and boot the VM to let Sysprep complete its tasks.
If your App Layering version is 4.15 or later, use the Azure Connector for MCS, since it does not Sysprep the image.
Choose the disk file in the storage account as the Golden image when creating or updating the machine catalogs.
What permissions are required for using App Layering in Azure?
Use Accelerated networking for your Enterprise Layer Manager (ELM) virtual appliance to improve performance.
The ELM appliance uses the Azure Service Principal to access Azure resources. Both the service principal and the user installing ELM must have at least contributor permissions on the resource groups used by App Layering.
Use Azure premium storage for packaging machines and image layers to reduce packaging time.
How do I support Microsoft 365 and KMS licensing with App Layering in the Azure cloud?
- Place Microsoft Office in its own layer with all the Office Add-ons
- Install Office into the default location.
- Do not open any Office applications during the installation and packaging process.
- In the Optimize script, be sure to enable “Activate MS Office via KMS” and select ONLY the versions of your installed Office products. The script will only run successfully if Microsoft Office is installed in the default location.
- Run the Office2013Windows81_PREP.cmd for all versions of Microsoft Office starting with Office 2013, this includes Microsoft 365.
- Use larger layer sizes if users can store large files in the application layer. Increasing layer sizes later to support large PST and OST files is difficult.
Where are the Elastic Layers stored in the cloud?
Elastic layers are mounted dynamically when a user logs on and provide access for applications. Elastic layers are normally stored on network file shares.
Elastic layers must be available 100% of the time. If the elastic layer is unavailable, even for a short time, all connection layers fail and the VDA host must be rebooted to fix the issue. Options for storing elastic layer files on always available storage include:
- Scale Out File Server for Application Data
- Azure Files (premium storage recommended)