Application Layers and Elastic Layering – Citrix App Layering

This post describes the method’s involved in creating Application Layers and Elastic Layers to be used in a Unidesk (Citrix App Layering) environment running on Hyper-V with XenDesktop and Citrix PVS. This post assumes you have the Unidesk Enterprise Layer Manager appliance installed, configured and an OS Layer in place.

To install and configure the ELM in Hyper-V –

To install and configure an OS Layer, including Platform Layer and Image Template –

As mentioned, this guide runs Unidesk on Hyper-V. To see how to layer applications in VMware, see Carl Stalhood’s guide Unidesk App Layers, Image Templates, and Reporting.

Application Layers can contain any type of application from Google Chrome, to Microsoft Office or antivirus. It could even include just registry keys or files if there was a need. Applications with drivers, services or other system level objects are in most cases supported by Citrix and should be included in an Application Layer. One or more Application Layers are then merged together with an OS Layer to create VDI or Session Host desktops, the published image is handed off to PVS or MCS for distribution. Another method of assigning Application Layer’s that is new to Unidesk 4 is elastically using Elastic Layers. Using this technology, layers are assigned to users on logon based on their Active Directory group membership. Note that not all applications are suitable for Elastic Layering, especially those that do have system drivers and services. Such applications should be merged with the OS Layer during the publishing of an image.

An Application Layer is made up of the file system and registry entires than an application install makes. When creating an Application Layer, you select which OS Layer you want to use as the base for creating an Application Layer. A Packaging Virtual machine is created with 2 volumes attached. The first volume is the boot volume which contains the OS Layer and any other pre-requisite Application Layer if selected. This volume is read-only so cannot be modified. The second volume is writable and is where the application will be installed. As you install an application, the App Layering filter driver directs these system changes to the writable layer so that they are captured.

Note: Application Layers have priorities to overcome conflicts at a file or registry level. Say for example you create two Application Layers named AppLayer1 and AppLayer2. Each layer created a program.exe file within C:\. When the layers are merged using the Unidesk Composite File System which program.exe is used? The layer you created last (for example AppLayer2) wins. Also keep in mind that Application Layers have a higher priority over the OS Layer. Priorities can be overridden by the administrator.

Layer priorities (1 is lowest, 5 is highest priority):

  1. OS Layer
  2. AppLayer1
  3. AppLayer2
  4. User Layer (not yet generally available)
  5. Platform Layer

♣ Creating an Application Layer
♣ Publishing Elastic Layers

Creating an Application Layer

This guide assumes that you already have an OS Layer in place. If not, read the above posts. An Application Layer is tied to one OS Layer. That means, you can’t assign an Application Layer to both a Windows 10 OS Layer and Windows 7 OS Layer. The Application Layer remains tied to the OS Layer that was used during the packaging of that layer. This post shows how to package and deploy Adobe Reader DC as an Application Layer, and then later on in the post assigning Google Chrome as an Elastic Layer.

Note: You cannot install applications on any drive other than the system C:\ drive. This is the only supported method at this time.

Log on to the UMC and navigate to Layers -> App Layers -> Create App Layer.

Specify a name, version, descriptions and layer size in GB. The layer will be thin provisioned. Make the layer size large enough to host the application.

Choose the OS Layer you want to use to create this layer. This layer will then later become deployable only with this selected OS Layer.

If your layer needs prerequisite layers, you would specify them here. Those layers would then be available to you on the Packaging Machine.

Since we are using Hyper-V, choose the ELM Share connector. Virtual boot and package disks will be available on this share, and then we will attach those disks to a Packaging Machine to perform the application installation.

If you are installing the application on a different hypervisor than what was used to create the OS Layer, you would include a Platform Layer for packaging which includes the necessary hypervisor tools to support your application install. I do not need this, so will continue on.

Keep the default values and click the down arrow.

Upload an image icon that represents the application you are installing. To do so, click the Browse button.

Click Create Layer.

Expand the Application Layer creation task. You will be notified that a boot and packaging disk is available within the ELM Share.

Browse to the ELM Share and you will see the required disks in the Packaging Disks folder. Attach these disks to a virtual machine which will be used as your Packaging Machine. Unlike the OS Layer and Platform Layer, it is not required that you add a Legacy NIC to the Packaging VM. You can stick to using a Synthetic NIC. Attach the disks and boot the VM.

Boot disk -This disk contains the OS Layer and any prerequisite layers if selected.

Package disk – This disk is writable and is where you will install the application onto.

Install the application, making any necessary modifications to block automatic updates or other user prompts. The Internet is a good place to start for looking up such modifications.

Once the application install is complete run Shutdown For Finalize. If an NGEN operation or reboot is required you will be notified to complete such tasks before the machine can be finalized.

Move the boot and package disks to the Finalize Disks folder within the ELM Share.

Navigate back to the UMC and click on the Adobe Reader layer -> Finalize.

Here you have the option to specify a Script Path. Scripts are useful for applications that need post-install configuration tasks such as licensing the product. Click the down arrow.

Click Finalize.

A new task appears in the UMC.

Now the layer has been created and is ready to use. To publish an application out you need to add it to an Image Template. You can also elastically assign it to users or groups which I will show later. Edit your existing Image Template which contains the correct OS Layer, click on the Application Assignment tab and then check the Application Layer.

Click Save Template Changes.

Now click Publish Layered Image to publish the image to PVS, for example.

Note: You can highlight and publish multiple Image Templates at once. Unidesk will publish up to 4 concurrently.

Once the image has been published, attach it to a Target Device and boot. Test that the application shows and performs as expected. The application appears in Add/Remove Programs.

It also appears in Program Files, looking just like a local install.

You can also add Application Layers to Image Templates by selecting an Application Layer and then clicking on Add Assignments.

Now select an available Image Template to attach this Application Layer to. Likewise you can use the Update Assignments and Remove Assignments buttons to perform update and remove tasks.

You are done. You have now successfully created and published an Application Layer.

Assigning layers elastically using Elastic Layering

As the name suggests, you can dynamically assign layers to groups of users/computers or individual computers/users right as they log on. You should already have an OS Layer published which is configured for Elastic Layering. Not all applications are suitable for Elastic Layering. Some applications require loading low-level drivers which makes them a bad candidate for Elastic Layering. You can to the best of Unidesk’s knowledge analyze a layer to see if it would work with elastically. Keep in mind that you do need to perform your own testing of the application, do not take Unidesk’s word for it. Click on an Application Layer, in my example Google Chrome and click Analyze Layer.

Click the down arrow.

Click Analyze Layer Versions.

A new task completes once the analysis is done.

Select the application again and click Add Assignments.

Click on the Elastic Assignment tab. You can see that a message appears saying This layer should work when deployed elastically. Whilst you are here, this is the page you can use to assign a layer elastically to groups or individual users. For this example, I am assigning Google Chrome as an Elastic Layer to the EL – Google Chrome group. Unidesk recommend creating a group in Active Directory for each Elastic Layer.

Click Assign Layer.

At this stage the layer will be copied to the ELM Share.

Browse to the ELM Share and you will find two new .json files.

The ElasticLayerAssignments.json file shows the group assignment name EL – Google Chrome, the Chrome Security Groups SID and the layer ID 3866628.

The Layers.json file shows the same layer ID 3866628 and the name of the Application Layer Google Chrome.

Inside the Unidesk\Layers\ folder is a newly created App folder containing the Google Chrome layer disk. Notice it also has the layer ID mentioned in the file name.

As a user logs on to a desktop, the Citrix Layering Service looks within HKLM\SOFTWARE\Unidesk\ULayer to find the SMB share location that holds any potential Elastic Layer. Within the share resides the two Layers.json and ElasticLayerAssignments.json files. The assignments file is read first followed by Layers.json.

Logging on to the OS Layer as a user who is a member of the EL – Google Chrome group prompts the Citrix Elastic Layer service to layer in Google Chrome.

Event Viewer also shows an event showing the user who logged on and which layer was attached.

When I log on as a user not in the group, Event Viewer reports that no layer was attached.

Google Chrome does not show in Add/Remove programs, even though another user is using that layer on the same server.

Google Chrome folders do exist in C:\ however this is a known bug. All folders are actually empty so you won’t find any files in them.

Elastic Layering troubleshooting log file can be found in %ProgramData%\Unidesk\Logs\ulayersvc.txt

You can published Elastic Layer applications as a Published Application within Citrix Studio. Just point Studio to the executable location on the VDA which will mount your Elastic Layer.

If a user is a member of a Security Group that is elastically assigned to Version 1 of a Chrome layer and another Security Group that is elastically assigned to Version 2 of the same Chrome layer, the highest version (Version 2) is layered elastically into the users session.

If a XenApp RDSH host is used and User A logs on, he/she may receive Firefox elastically, and User B with the same Elastic Layer logs on, but Firefox is already available so does not need to be layered again. If User A and B both log off, the Elastic Layer is kept on the VDA until that VDA is restarted. This is to support any user or User A/B logging back on to the VDA again and preventing the need for the layer to be re-attached to the VDA. The support of XenApp and Session Hosts also means that some businesses may be able to reduce their persistent desktop farms saving on the extra compute needed to power persistent desktops. Many times a persistent desktop is required because users need a different set of applications and customisations than the rest of us. Now with Unidesk Elastic Layering and Citrix Workspace Environment Management XenApp shared desktops have more room to grow in the datacentre because of the way we can configure sessions to be more unique than ever before based on the user logging on.



    May 4, 2017

    Hi, does Citrix layering support Windows installed on D:\ or another drive letter aside from C:\.
    Have imported a 2008R2 vhdx into a OSLayer but updating it with a platform layer seems to have issues seeing D:\
    great work by the way

    • George Spiers

      May 4, 2017

      All documents reference C:\ but there is nothing to say it isn’t supported. You should post the question to


        May 5, 2017

        Thanks. Have done.

        • George Spiers

          May 8, 2017

          For anyone else wondering, it is not possible. You have to use the letter C:\.

  • JAS

    July 18, 2017

    Does anyone know , or know where any official docs exist that explain, the difference between application and user elastic layers in the drop down in the Image template? It seems this page changes verbiage in the last couple versions. My guess is that if you select Applications Only(vs Application and User Layers) it is designed for machine accounts and load during boot vs. during logon but am having trouble finding info specifying this specifically.

    • George Spiers

      July 18, 2017

      If you choose Applications Only, only Application Layers are elastically added to a machine during user logon. If you select both Application and User Layers, both Application and User layers are attached to machines on user logon. User Layers are only supported for Desktop OS and are currently in labs. Applications Layers will only be elastically assigned to users whom you have granted with access.

      • JAS

        July 18, 2017

        Interesting… we have lab features enabled but do not see “User” layers anywhere in the Layers tab. We successfully attach application layers to assigned user and/or machine objects… so what then is a User Layer and how is it different than an application layer?

  • JAS

    July 18, 2017

    NM my last… I found the info I needed in the 4.3 release notes…


Leave a Reply