Application layering has a lot of potential, but it can be complicated; managing all the different layers can quickly become unwieldy.
The value of app layering is that it separates the application from the operating system itself, but the app still behaves as if it's installed locally. This allows you to update and manage the apps separately from the OS, which can leave you with fewer OS images to manage. You can even deliver the apps based on different criteria, such as where a user is or what department he or she works in.
The dark side of app layering is that it introduces multiple layers that you must keep track of, including the OS layer, the platform layer and the app layers themselves.
In a session at Citrix Synergy last week, senior architect Rob Zylowski and enterprise architect Dan Morgan, both of Citrix Consulting Solutions, shared some advice for working with Citrix App Layering.
Start with Enterprise Layer Manager
Enterprise Layer Manager (ELM) is the primary infrastructure component behind Citrix App Layering. ELM is a virtual appliance that hosts Citrix App Layering's management console and houses the layers and image templates.
You must decide how many ELMs you actually need. You should have one ELM for every location where you plan to package apps. Packaging is the process of adding all the different components, including files, to the apps.
It's much easier to manage everything if you only have one ELM, however, so only add more ELMs if it's absolutely necessary, according to Morgan.
Manage the OS layer
To make working with the OS layer easier, use an isolated Windows installation and add hypervisor tools to it rather than trying to work with the image your existing server or desktop operating system uses. Be sure to save a copy of this isolated version of Windows so you can go back to it when you need it.
You must also understand the components that make up the isolated Windows installation so you can add the applications to it as layers and configure everything correctly, Morgan said.
Only use one OS layer per OS type. For example, if you have more than one version of Windows, create a single layer for Windows 10 and a single layer for Windows 7. The same goes for Linux. You only want one image per OS type because the app layers are pinned to the OS layer you create them on, Morgan said. This means that if you create two OS layers for the same OS, you have to create a new app layer for each of them, which just adds more work.
Deal with Windows updates
Windows updates can add complexity to the OS layer. To update the OS layer, you must temporarily enable Windows Update. You can also use Windows Server Update Service or offline, stand-alone update packages, but you cannot use Microsoft System Center Configuration Manager because it's very difficult to deploy as a layer, Morgan said.
Always apply Windows Update to the OS layer before making any updates to the platform layer; the platform layer serves the Remote Desktop Services (RDS) role. The same goes for the Microsoft Office layer; it also uses Windows Update, and if you update Office first, portions of the update can get trapped in the wrong layer.
Make sure you have at least 30 GBs of RAM available when you implement a Windows feature update. Once you complete the update, always do a regression test on all the layers to make sure everything still works properly. Focus particularly on what's integrated with the operating system, such as areas with filter drivers, Zylowski said.
Know what goes into the platform layer
The platform layer is the king of all the layers. It takes precedence over every other layer. So, if a file exists in both the platform layer and another layer, the version in the platform layer takes precedence.
As a result, you should only put software in the platform layer if you absolutely have to, according to Morgan. That list includes graphics processing unit drivers, the RDS role, the domain join, the Citrix Provisioning Services target device software, Virtual Desktop Access (VDA) and Citrix Receiver.
Put antivirus software in the right layer
You can put antivirus software in the OS layer, but it's a real timesaver to put it in an app layer instead. Putting antivirus software in an app layer makes it much easier to switch antivirus vendors or perform a clean install of the software when you do a major version upgrade, Morgan said.
Citrix offers guidelines for many of the major antivirus products on the market. Even if the company doesn't include one of these guidelines for a product, that doesn't mean Citrix App Layering doesn't support it.
When you actually use the antivirus software to scan your deployment, you must be sure to scan for completed images rather than the individual layers.
Address the challenges of Microsoft Office
Microsoft Office is one of the most important and difficult layers to work with. It's problematic, according to Morgan and Zylowski, because of the licensing Microsoft uses for any version of Windows that includes the Windows Store, which is OSes later than Windows 7. The licenses exist in Office itself, as well as in the Windows Store, which complicates matters.
There is command-line scripting available that you can run to activate Office and it helps in two ways, Morgan said. First, when you create the package, it backs up the store in an alternate location in the layer. Second, when the VDAs launch, the script swaps the stores so when a user launches Office, it automatically has that license in it without having to reconfigure anything.
It's important to note that store swapping makes using Office elastically very unreliable.