List of Best Practices and Recommendations for Citrix App Layering. 

More from this Citrix App Layering series

General

  • Install your operating system, platform tools, and applications in separate layers.
  • Deploy User (personalization) layer to save user settings in Pooled virtual machines (Only Windows 7 and 10).
  • Keep Packaging Cache option enabled for better performances.
  • Never browse internet in your layers

Installation / Upgrade

  • App Layering is a new OS build process and must be carefully studied. Check out Citrix documentation about App Layering.
  • Only standalone ELM appliance can be deployed
  • 4vCPU for the appliance (default)
  • No built-in HA in Citrix App Layering.
  • Backup the appliance and the repository
  • 10 Gpbs connection between the appliance and the file share
  • Hyper-V: Generation 1 for Network Adapter
  • Expand ELM work disk (default size 300GB)
  • Upgrade the appliance frequently as Citrix often releases updates that include fixes
  • Upgrading the appliance has no impact on users
  • All layering tasks must be processed before starting the upgrade

OS Layer

  • Have one OS layer per Operating System (Windows Server 2016, Windows 10 64-bit, etc)
  • Check Citrix documentation about supported OS
  • The Operating System layer is always the lowest priority layer. It is always at the bottom of the layer stack no matter what the version date and time is.
  • Start with a fresh image of a supported Windows OS from your hypervisor. Create a new base image based on latest .ISO downloaded from Microsoft website that includes latest Windows updates (Ex: Windows Server 2016 ISO download)
  • Legacy NIC for Hyper-V and VMXNET3 for VMware
  • Generation 2 virtual machine type is not supported with Hyper-V. Only Generation 1.
  • Configure DHCP to get an IP address in the template.
  • Clean up any installers or temp directories.
  • OS Layer must be as clean as possible. Only install required apps! And only install on C:\ drive.
  • If needed, install RDSH and Remote Assistance. If 2012 (R2), also install Desktop Experience.
  • Activate WindowsWindows is Activated
  • Rename the machine and leave it in WORKGROUP
  • Install pending Windows Updates and then stop and disable Windows Updates service and then REBOOT!
  • Install Microsoft .NET Framework and Visual C++ libraries in the OS layer
  • Install Microsoft .NET Core in the OS LayerEnable .NET Framework Core
  • Remove all Microsoft Store Apps and Disable related services
  • Disable Windows Defender and Windows Firewall
    Set-NetFirewallProfile -Profile Domain, Public, Private -Enabled False
    Set-Service MpsSvc -StartUpType Disabled
    Stop-Service MpsSvc -force
  • Disable IPV6 (PVS only)
     HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\
    Name:             DisabledComponents
    Type:             REG_DWORD
    Min Value:        0x00
    Max Value:        0xFF (IPv6 disabled)
  • Disable IE ESC
  • Force High Performance Power Scheme
    Powercfg /list
    Powercfg /s {UID}
  • Configure Page File
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
    Key: "PagingFiles" (reg_multi_sz)
    Value: "C:\pagefile.sys 4096 4096"
  • Set Time to display list of OS to 5s
    Bcdedit /timeout 5
  • Adjust performance for programs
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl
    Key: "Win32PriortySeparation" (dword)
    Value: "26"
  • Remove Legal notice
    (Remove. Causing delay in launching published applications)
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System;
    Legalnoticecaption
    Legalnoticetext
  • Run Citrix Optimizer with the appropriate template [caption id="attachment_262842" align="alignnone" width="1018"]Run Citrix Optimizer with 2016 template Run Citrix Optimizer with 2016 template[/caption]
  • Disable OS Rearm (MCS Only)
    Set-ProvServiceConfigurationData -Name ImageManagementPrep_Excluded_Steps -Value OsRearm
  • Hypervisor tools of your main hypervisor should be installed into the Operating System layer (Ex: VMware Tools or Hyper-V Integration Services). If you plan to deploy that image on a different hypervisor, you will need to add the tools on the platform layer.
  • Do not install applications (Antivirus, Monitoring agents, etc) in the OS Layer.
  • Create new local users and local groups in this layer. Domain users and groups can be added by GPO.
  • Always connect to the OS Layer with the same local account
  • Check this link for more best practices.
  • Run Preparation Script instead of Shutdown For Finalize (optional)

Platform Layer

  • Platform Layer has the highest priority of all layers. This layer will be applied last.
  • Install Citrix Virtual Desktop Agent (VDA), Receiver/Workspace App, Real-Time Optimization Pack (RTOP), WEM and PVS Target Device software in the Platform Layer
  • Do not install Windows Updates in this layer
  • Join the machine to the domain
  • Logon with a domain account to cache data in the layer. This will improve logon time.
  • The Platform layer has the highest priority when creating the layered image.  This means it is applied last so its settings will override all other layers.
  • Single Sign-on applications must be installed in this layer (Ex: Imprivata)
  • Video drivers (nVidia, AMD) can be installed in this layer
  • Do not disable iPV6 (for PVS). Do it in the OS Layer.
  • Changes made to local users and groups are not saved in this layer. Use GPOs instead.
  • You can add additional disks but you must remove them before finalizing the disk in the ELM console
  • If you want to deploy this image on a different hypervisor, install the hypervisor tools in this layer.
  • Check this link for more best practices
  • To have a Write Cache disk with PVS, you must attach the same disk to the Platform Layer. Install it in the layer. Then shutdown the layer and remove the disk before finalizing (See CTX232126).
  • Run Citrix Optimizer to apply Citrix optimizations. Windows optimizations were applied in the OS layer in the previous post.

App layers

  • You can install apps, copy files, modify registry in App layers
  • You can install Antivirus in App layers
  • Follow App Layering Recipes
  • Put all Office apps in the same App layer
  • You can adjust Application layers priorities to deal with conflicts
  • Disable Auto-update feature in the apps
  • Do not install requirements such as .NET and C++ libraries in App layers
  • Do not install Windows Updates (only in the OS Layer)
  • Join the machine to the domain if the application requires it. Remove the machine from the domain and reboot before finalizing the layer.
  • User settings will be captured but not applied to other users
  • Changes made to local users and groups are not saved in this layer. Use GPOs instead.
  • You can add additional disks but you must remove them before finalizing the disk in the ELM console
  • Remove binaries once apps have been installed
  • Clear install logs
  • App Layers are the only layers that can be cloned from the console
  • Check this link for more best practices

Create / Publish template

Elastic deployment

  • Do not deliver the same App Layers in the image and elastically
  • Elastic is a way to deploy applications that have been layered with the same OS Layer. Do not deploy App layers on different OS Layer elastically.
  • It is not recommended to deploy Microsoft Office and Office 365 elastically.
  • You can assign Elastic Application layers to users but also computers by adding the computer object in an AD group or by publishing the layers directly to the computer object.
  • Elastic Application Layers assigned to users are mapped after the logon and can increase the duration of this step.
  • Elastic deployment is not application virtualization. Applications are not isolated. Once mapped, the layers are visible by all users connected on the same machine.
  • Enable Compatibility Mode if a layer delivered elastically is not loading properly during logon.

User personalization layer

  • Deploy User Layers for Pooled Desktops only. The feature is not compatible with static desktops.
  • Configure auto-reboot after logoff.
  • Consider using User Profile Management (UPM) software to manage user profiles when implementing User Layers.
  • Do not allow users to install Microsoft Office, Offfice 365, Visual Studio, VPN Clients or applications that require boot level drivers.
  • Add specific storage locations for User layers, rather than allowing user data to be saved on the appliance’s main file share.
  • Apply NTFS permissions to the Users folder where the personal vDisks are stored.
  • Backup User Layers repository

Windows 10 & PVS

  • Legacy Network Adapter (Hyper-V) or VMXnet3 (VMware)
  • Install VDA with Run As an Administrator or it will fail to install requirements.
  • Then PVS Target Device client in the Platform layer.
  • Attach the Write Cache disk from the PVS template in the Platform layer. Install the disk in the layer and then detach the disk from the Platform layer virtual machine before finalizing.
  • Run JGPIERS Windows 10 Optimization Script: JGSpiers-W10-1803-Optimisations.
  • Disable IPV6.
  • Configure Service Account credentials in the PVS Connector configuration

Useful links and articles