Golden image management next level

< Terug naar blog overzicht

In this blog, I would like to show you what you can achieve with Citrix AppLayering to manage your golden images.

It’s not all gold that glitters. Some things might not work the way you would expect or like.

(source:still from Citrix Synergy TV )

The Case

During one off my latest Citrix infrastructure builds at a customer site, one of the requirements was Citrix Applayering.

The deployment was based on XenDesktop 7.15 LTSR and they wanted to use it to publish applications.


In most XenDesktop deployments PVS is used to deploy a golden image to many VDI Desktops or Remote Desktop Services Servers.

As an IT admin you take great care over your precious golden image. Especially in larger environments where other colleagues also have the need to make changes to the imagelike the application packagers (usually in the other room) or the team responsible for patching.

In traditional golden image management versioning is used to manage changes in your golden image. A version can be seen as a snapshot of your golden image. This way you can easily provision changes and rollback is a breeze. Simply go down one version, reboot your VDI Desktops/ RDS servers and you’re good to go

If you have a single golden image to manage and a strict change process, the above method works great.

If however you need to manage more than one golden image (which is typically the case ?) ,keeping up with the changes and needs of your business, can be challenging. I know from personal experience that there are organizations where a Microsoft security patch can take over a week to deploy to all golden images they use.

For every vdisk the process is the same. Create new version > boot in private mode (read/write) > apply patch > run your scripts & shutdown > set version to test > replicate to other pvs server > Check > deploy to test environment.

Create, Edit, Seal, Repeat!

What If?

What if there was a way you could split up that golden image in multiple layers that are individually reusable?
In that case:

  • You could install Microsoft security patch in a layer without affecting the other layers and you would only have to install it once.
  • You could reuse installed applications in other golden images.
  • You can merge several golden images to lesser images.

With Citrix Applayering you can accomplish the above (well almost)

How Does It Work?

Citrix acquirered Unidesk in january 2017 and rebranded it to Citrix Applayering.

Citrix Applayering provides a way to layer your golden images

With Applayering you can layer all parts of a system and devide it into the OS, Drivers & applications.

This gives the admin new possibilities in managing their golden images.

It has to be said that layering introduces another component in your environment that has to be managed.
Citrix Applayering has to be installed as a virtual appliance for al the popular Hypervisor brands.

You import the appliance and at boot you configure a few variables like network, password and shares and it’s up and running.
It’s an important part of your infrastructure but only when you build and change your layers.  If you want you can even shutdown the appliance when you’re done editing your image layers.

The appliance connects to your hypervisor and pvs servers to manage your layers & images

At the finish line it spits out a vdisk tailor made to your needs and sends it to your pvs server of choice.


The Steps to Build your Layered Image

A simplified description on how a layered image is build

OS Layer

The build of a layered image starts with the build of a reference build on your hypervisor.

Create a vm with the specs you want to use on your production vm’s. Install the operating system (Requirements) update it with the latest patches. Install the applayering imageprep utility and shutdown the vm.

In the appliance (Enterprise Layer Manager) you can now connect to your hypervisor and import the vm as your OS Layer.

Platform Layer

Platform layers are used to install drivers and software specific to a particular platform like PVS or MCS.  Platform layers enable App Layering 4.x to be able to support many platforms at the same time.
From the appliance you start the build of the platform layer. The OS layer is used to deploy a sequence vm on your hypervisor.
Install the drivers and other of choice like special display drivers (NVDIA), broker agent, SSON software and pvs drivers. Join the domain.
Double click “ Shutdown for Finalize” on the desktop.
Click finalize in the appliance and you’re done creating the platform layer

Application Layer

By now you can probably guess how this one has to be build ?
The OS and platform layer are the base for the sequence machine where the application layer is build.
Again do your magic “install your things” and push the button “Shutdown for Finalize”. Click finish in the appliance.
Repeat if you want several application layers or group applications of choice together into one layer.

Elastic Layering

Elastic Layering in Citrix App Layering is a method to dynamically deploy applications to a Virtual Machine at the time the users logs onto the VM. The Citrix Layering Services running in the target VM are configured to use an SMB network share as the Citrix App Layer Repository. The repository contains both the layers and configuration files required for deployment. The Layering Services will read the configuration files then mount the layers assigned to the users. This process is designed to work entirely within the guest operating system using native Windows VHD file mounts over the network.

This creates a scalable environment that is also easy to manage. One where IT Administrators can provide recovery or disaster recovery simply by replicating the file share within the same site, secondary site, or the cloud. App Layering is leveraging software in the native windows OS, eliminates dependencies on the hypervisor and removes the need to replicate databases and management servers in multi-site.



It’s layering not isolation
In the image above it looks like there is some sort of isolation/containerization but there isn’t.
So it’s not like App-V or ThinApp. The layers are merged from top to bottom, higher wins if files are the same in lower layers.
In the Citrix knowledgebase is described what to put in which layers as best practice. (also see the end of my blog ‘Things to read’)

Lab Features

New features are added frequently. The one I personally like the most is “App layers can be assigned as Elastic layers on layered images that use a different OS layer” Normally App layers can only be used with the OS layer it was built upon.

It would be great if this feature becomes general available because it makes the management of your vdisks even more flexible. Some applications work best if they are placed in the OS layer so it would be great if you could mix and match that OS layer. And to complement this, Citrix should make it possible to clone that OS layer as a new Layer! #feature-request
Lab features must be enabled first on the Appliance before you can use them.


Am I Licensed to Use AppLayering?

Some options, like user layering are only available for specific licenses. Please check the Citrix Feature matrix to check what features you’re allowed to use within Applayering.


I would definitely recommend checking Citrix Applayering in you’re Lab or test environment.
Keep in mind that Applayering adds an extra step in the process of creating and managing vdisks. Re-evaluate your workflow of building and maintaining golden images when you start using AppLayering. If used wisely it can help reduce the amount of vdisks to manage.

Things to Read/Watch

Citrix Application Layering Technical overview –

The magic of citrix app layering –

Elastic layering explained::

Citrix Synergy TV – SYN103 – Citrix App Layering

Citrix Synergy TV – SYN138 – Citrix App Layering Best Practices and Troubleshooting

I can highly recommend the brilliant website of Carl Stalhood. “filling the gaps in documentation of EUC Vendors”

Edwin ten Haaf (Consultant IT)

Meer nieuws

Meer weten?

Laat uw gegevens achter en wij zullen zo snel mogelijk contact met u opnemen om uw vragen te beantwoorden.

Ik geef toestemming om mijn gegevens te verwerken op de manier zoals omschreven in de privacy verklaringIk geef toestemming om mijn gegevens te verwerken op de manier zoals omschreven in de privacy verklaring