Product Documentation

User layer

Jan 11, 2018

User Layers let you persist user profile settings, data, and user-installed applications in non-persistent VDI environments.

User Layers are created when:

  • You set Elastic Layering on an Image Template to Application and User Layers, so that the Layered Image supports User Layers.
  • A user logs in to their desktop for the first time, and a User Layer is created for them. From then on, the user's data and settings are saved in the User Layer, along with any applications that the user installs locally on their desktops.

Before you start

Prerequisites

  • Create the OS Layer
  • Create a Platform Layer
  • Create App Layers
  • Adequate network bandwidth. Bandwidth and latency have a significant effect on the User Layer. Every write goes across the network.
  • Allocate storage space for users' locally installed apps and the data and configuration settings for them. (This leaves the main storage location solely for packaging layers, publishing Layered Images, and serving up Elastic Layers.)

Compatibility

Currently, User Layers are supported for the following platforms:

  • Operating systems:
    • Windows 7, 64-bit
    • Windows 10, 64-bit
  • Publishing platforms: VMware Horizon View and Citrix XenDesktop.

User Layer creation process

  • Enable User Layers in your Image Template:
    • Set Elastic Layering in the Image Template wizard on the Image Disk tab) to Application and User Layers.
    • Publish Layered Images using the above Image Template.
  • When a user logs on to their desktop for the first time, a User Layer is created for them.

User Layer size and location

The default size of a User Layer is 10 GB.

User Layers are created in the Users folder on the appliance's network file share, for example:

\\MyServer\MyShare\Users

Each user will have his/her own directory within the Users directory, and it will be named as follows:

Users\domainIname\username\OS-Layer-ID-in-hex_OS-Layer-name\username.vhd

For example:

  • User's login name: jdoe
  • User's Domain: testdomain1
  • OS layer: MyOSLayer (ID is in hexidecimal format: 123456)
  • User Layer would be created in:

\\MyServer\MyShare\Users\testdomain1\jdoe\123456_MyOSLayer\jdoe.vhd

Upgrading existing User Layers to this Release

Once you upgrade the appliance to Release 4.2.0, if you want to continue using existing User Layers, you'll need to move them to new locations as described below in Upgrade User Layers created using a previous release.

Other Considerations

Before deploying User Layers, please consider the following guidelines and limitations.

  • The User Layer is delivered via the appliance's file share, therefore:
    • If the host is disconnected from the User Layer storage, the user will have to log out and log in again to re-establish the disk mount. The user will have to wait approximately 5 minutes because the user layer will be inaccessible.
  • Certain enterprise applications, such as MS Office and Visual Studio should be installed in App Layers, not as user-installed applications in the User Layer. User Layers are based on the same technology as Elastic Layers, and therefore share the same limitations.
  • Windows updates must be disabled on the User Layer.
  • VMware Horizon View:
    • View must be configured for non-persistent desktops, and the desktop must be set to Refresh at log off. Delete or refresh the machine on log off. Example:

    • After logging off with View set to Refresh Immediately, the desktop goes into maintenance mode. If there is only one machine in the pool, the pool will not be available until that machine has completed the refresh.
  • The first time a user logs into his/her desktop, a User Layer is created for the him/her.
  • If there is problem loading the elastically assigned Layers for the user, they will still receive their User Layer.
  • If you rename the user in AD, a new directory and User Layer will be created for the new name. To avoid this, rename the directory on the file share and the VHD file in the directory structure to the new AD user name.

Add storage locations for User Layers

When you enable User Layers on a Layered Image, the data and settings for each user are persisted between sessions.

When deploying with User Layers enabled, you must add storage locations for those Layers, rather than allowing user data to be saved on the appliance's main file share.

The main file share is used to:

  • Package Layers using the NFS connector, rather than a connector for your hypervisor.
  • Publish Layered Images to the NFS file share, rather than a connector for your publishing platform.
  • Serve Elastic Layers.
  • Upgrade the App Layering software.

When configuring storage locations:

  • You can assign Groups of users to each location.
  • The first storage location added to the appliance becomes the default location for User Layers not associated with any other storage location.
  • Storage locations are listed in priority order.
  • If a user belongs to more than one group and those groups are assigned to different storage locations, the person's User Layer will be stored in the highest priority storage location. Once the person's User Layer is saved to the highest priority location, if you change the priority order of the storage locations that the user is assigned to, data saved up until that point will remain in the previously highest priority location. To preserve the person's User Layer, you must copy the their User Layer to the new highest priority location.

Create Storage Locations

To add a storage location:

  1. Log into the management console.

  2. Select System > Storage Locations.

  3. Select Add Storage Location. A list is displayed of file shares, except for the appliance's main file share.

  4. Select Add Storage Location, and enter a Name and Network Path for the new location.

  5. On the User Layer Assignments tab, expand the directory tree and select the check box(es) for one or more groups to add to the new storage location.

  6. On the Confirm and Complete tab, click Add Storage Location.

Once the Storage Locations are added, you must set security on the User Layer Folders.

Configure Security on User Layer folders

Storage locations allow you to have more than one location specified for your User Layers. For each Storage Location (including the default location) you need to create a /Users subfolder and secure that location.

The security on each User Layer folder must be set to the following values by a domain administrator:

Setting name Value Apply to
Creator Owner Modify Subfolders and Files only
Owner Rights Modify Subfolders and Files only

Group to receive User layers

  • Create Folder/Append Data
  • Traverse Folder/Execute File
  • List Folder/Read Data
  • Read Attributes
Selected Folder Only
System Full Control

Selected Folder, Subfolders and Files

Domain Admins, and selected Admin group Full Control Selected Folder, Subfolders and Files

Set security on the User Layer folders

  1. Log into the management console.

  2. Select System > Storage Locations. The file shares displayed are the storage locations defined for User Layers. For example, say you've defined three Storage Locations so that you can more easily manage storage for Group1 and Group2 separate from everyone else in the organization:

    • Default location - \\MyDefaultShare\UserLayerFolder\
    • Group1 - \\MyGroup1\Share\UserLayerFolder\
    • Group2 - \\MyGroup2\Share\UserLayerFolder\

    Note: The appliance's main file share, which is used for storing OS, App, and Platform Layers, is not listed as a User Layer Storage Location.

  3. Create a \Users subdirectory under each file share:

    \\MyDefaultShare\UserLayerFolder\Users\

    \\MyGroup1Share\UserLayerFolder\Users\

    \\MyGroup2Share\UserLayerFolder\Users\

  4. Apply the security settings listed above to each /Users subdirectory.

Customize User Layer messages for users

You can customize notification messages sent to users when their User Layer is not available. The message is displayed to the user upon login.

The App Layering software displays messages for end users when the software is unable to:

  • Read configuration (json) files from the configuration file share.
  • Attach a User Layer because it is in use.
  • Attach a User Layer for any other reason.

The messages are displayed as needed in the App Layering Management Console when you add a new storage location or modify an existing one.

  • User Layer In Use (customizable message)

    We were unable to attach your User Layer because it is in use. Any changes you make to application settings or data will not be saved. Be sure to save any work to a shared network location.

  • User Layer Unavailable (customizable message)

    We were unable to attach your User Layer. Any changes you make to application settings or data will not be saved. Be sure to save any work to a shared network location.

  • Review Permissions on Users folder, all subfolders and files

  • Unable to read json files from the config share

    We were unable to load the required configuration files. You may not be able to access some of your applications. And, any changes you make to application settings or data will not be saved. Be sure to save any work to a shared network location.

When logged into the appliance as Administrator, you can customize the first two of the above messages. To do so:

  1. Log into the Management Console as Administrator.
  2. Select Add Storage Location if creating a new location, or Edit Storage Location if customizing messages for an existing location.
  3. In the Add/Edit Storage Location wizard, select the User Layer Messages tab and the Override check box.
  4. Enter the messages exactly as you want them to be displayed. The message can be in any language.
  5. Use the Confirm and Complete tab to save your changes.

Disable Store Apps (Optional)

On Windows 10 Enterprise editions (not Windows Professional), you can disable the Windows Store by creating an OS Version specifically for that purpose. A script is provided that uninstalls all Store Apps for all users. Once complete, users will have access to Edge and Cortana only.

To disable Store Apps, add a new OS Version, and:

  1. From an administrator prompt, run this command:

    C:\Windows\Setup\Scripts\RemoveStoreApps.cmd

  2. Finalize and deploy the image based on this new version of the OS Layer. For new users, the Start menu will look like this:

Enable User Layers in the Layered Image

  1. Log into the Management Console as an Admin user.
  2. Select Images.
  3. Select the Image Template from which you will publish the Layered Image(s), and click Edit Template. This opens the Edit Image Template wizard.
  4. On the Layered Image Disk tab, set Elastic Layering to Application and User Layers.
  5. On the Confirm and Complete tab, click Save Template Changes.
  6. Publish your Layered Images.

Upgrade User Layers created using a previous release

Once you upgrade the appliance to Release 4.2.0, if you want to continue using existing User Layers, you'll need to move them to new locations as described below.

In this release, the User Layer directory structure has been collapsed by one level, as shown below:

Previous: ...\Users\DomainUser\LayerId_OsName\User.vhd

New: ..\Users\Domain_User\LayerId_OsName\User.vhd

For example, move the following User Layer VHD file.

From:

\\Root\Engineering\Users\Domain1\User1\32_Win7\User1.vhd

To:

\\Root\Engineering\Users\Domain1_User1\32_Win7\User1.vhd

If you want to continue using the current User Layers, you must move each Storage Location and the main file share to the new location.

Important: All of these steps must be completed while all users are logged out. Although no data will be lost if a user logs in during this procedure, failure to finish all steps will result in existing users not being able to access their previously created user layers. No data will be lost, but users will be confused.

To upgrade the User Layers:

  1. Using your Image Templates, republish each of your Layered Images that uses Elastic Layering and/or User Layers.
  2. Move existing User Layers to the new location, as explained below.
  3. Verify the security settings on each renamed folder and on the /User folder, as described above.

Move existing User Layers to the new location

Copy each User Layer Storage Location to its new location:

  1. Make sure the User Layer is not in use.

    If a user logs in before you move his/her User Layer, a new User Layer will be created. No data will be lost, but you will need to delete the newly created User Layer, and copy it to the new directory, ensuring that the user's ACLs are preserved.

  2. Browse to the directory containing the User Layer VHD file.

  3. Using the following command, copy each of the User Layer VHD files from the previous location to the new one

    xcopy Domain1\User1 Domain1_User1\ /O /X /E /H /K

  4. Verify that all permissions are correct on the following directories, and files within them:

    \\Root\Engineering\Users

    \\Root\Engineering\Users\Domain1_User1\...

    \\Root\Engineering\Users\Domain2_User2\...

Let users create new User Layers and remove the previous ones

If you choose to let users create new User Layers, you must manually clean up the original directories and files from your share.