A consolidation of the various layering best practices to apply in the OS and App layers.

For App Layering 4.x Best Practices, please refer here: https://support.citrix.com/article/CTX225952 Operating System Layer 

• Have one Operating System layer per Operating System (Windows 7 32-bit, Windows 7 64-bit, etc)
• Application layers are now tied to the Operating System layer they were created on.  If you remove and add a new Operating System layer to a desktop, all application layers will be removed as well.
• Before a version or layer can be deleted, it must not be in use.  This includes templates as well.
  • Only the Oldest or Newest versions can be deleted
• After performing a Unidesk upgrade, the Unidesk drivers will automatically be updated. There is no need to version the Operating System.
• The Operating System layer is always the lowest priority layer.  It is always at the bottom of the layer stack no matter what the version date and time is.
• .NET is best delivered using the Operating System layer.

• Updating the Operating System should be done by adding a version to the layer not a separate layer
• Ensure you have at least 2 GB of RAM in the Installation Machine, 4 GB would be better
• You will have to enable Windows update and BITS should already be enable.  If not, enable that too.
• Remember to disable Windows Update at the end
• If you use any MS products that are updated by Windows Update but don't have a separate section like Office does, include those in the OS layer as well.  For example, Windows Defender.
• Install updates in smallish batches say 15-20.  Sometimes these will fail.  Just keep trying them.  If you can't get them all to go, finalize the layer then edit latest and try again.  Not sure why but this is sometimes necessary.  Eventually they should all work.
• If in your OS layer the OS says it's not activated then you must reactivate.  If using KMS, run the appropriate script in the c:\windows\setup\scripts\kmsdir folder.  The scripts are labelled runipkwin*.cmd.  For example, enterprise is runipkwin7e.cmd.  This will run an slmgr /ipk then slmgr /ato and reactivate Windows.  If using MAK you can activate in the normal way.
• Make sure to reset the background color if it changes.
• Always reboot one more time then the software asks for just to be sure.  Should be after disabling updates.
• If you need to update Vmware tools do this in the OS layer as well
• Deploy the new OS layer to an existing desktop and test with no other layer updates.  If you plan on rolling out other updates first, create the new OS layer then create the new app versions using the new OS layer.  Test the app updates after the OS layer testing.
• Create a new desktop and TEST

• Only use dependencies when absolutely necessary for proper application installation
  • To see if an application was installed with a dependency, click the info box of the application.
• Per user settings are not captured in a layer.  For example, anything put into the user profile is only captured for the user you logged in as (most cases local administrator)
• Application layers can be almost anything.  They can be files/folders/registry settings that you want delivered to desktops, they can be single or multiple applications.  There is a lot of flexibility in how you use layers.
  • For instance, if you need desktops added to multiple OU’s.  You could create an application layer that consists of a new Unattend.xml.  This new file would then point to the OU that you wish the particular desktops to be added too.
• When creating a new layer, never adjust the “Layer Size” down from the default of 10GB.  You can increase the setting if you are packaging a large application.
  • All layers are thin provisioned, so even if you are planning on a layer that is very small, never adjust down.
• Many customers have a utility layer or enterprise application layer that holds the most common components to be delivered to desktops.  For example, if Flash, Adobe Reader, and Java are going to be delivered to all/most desktops, then they are put into the same layer.
  • Applications that are updated frequently can also be put in the same layer as well

• Unidesk recommends including the OS Type and OS bit level in the name, for Example Microsoft Office Pro 2010 Win7x32.  For versions remember that when choosing a layer you can see the version name but not the version description.  Use naming that will allow you to differentiate versions appropriately.  For example while still in development/testing “1.0 12-12-14-2012 QA ONLY”, but when ready for production “1.0 12-12-2012”.

Installation

• Install apps from a share or an ISO versus downloading them to the desktop to keep layer size to a minimum
• Turn off automatic updates for applications.  If automatic updates are left on, the updates will be put into the personalization layer.
  • If this happens, you can use the “reinstall” feature to take back control of the application, and clearing the personalization layer of these conflicts/updates.
• When installing an application that requires being part of a domain, it is ok to add the installation machine to the domain.
  • After installing the application, remove the installation machine from the domain.
  • Clean up the left over computer object in active directory
• Installation machines can be added to View pools.  Remember to remove them before finalizing the layer.  This will prevent View certificate information from being saved in the layer.

• Anti-Virus can be delivered in an application layer or the operating system layer.
  • See https://docs.citrix.com/en-us/unidesk/2-10-vsphere/deploy/create-application-layers/deploy-anti-virus-software.html for more information on how to configure popular anti-virus solutions with Unidesk.
  • Typically, definition updates are allowed to go into the personalization layer.  When an update occurs to the layer itself, update the definition files in the layer at that time and then push out the layer with the reinstall check box selected.
• Printer drivers can be layered
  • Local printers are defined in HKLM and will be captured in the layer.
  • Network printers are defined in HKCU and are not captured.  Use Group Policy Preferences or login scripts to assign network printers to users.
• Office can be layered.  Please see https://support.citrix.com/article/CTX224566 for information on how to layer Office
  • For additional Office applications (Project, Visio, etc), the base Office layer must be a prerequisite.
  • To keep Office licensing happy, it may be best to create layers for the different combinations of Office plus additional Office applications.  For example, a layer with Base + Project, a layer with Base + Project + Visio, etc.
• .NET is best delivered using the Operating System layer.
• Check out our layer recipes at https://docs.citrix.com/en-us/citrix-app-layering/4/layer/app-layering-recipes.html

• Always patch applications as a new version of the application layer
• Use your latest OS layer with the application patch
• For Microsoft products like Office, make sure you update the OS layer first to avoid seeing the OS updates when you update Office
• You will have to enable their update process.  If you need to uninstall and reinstall, it might be better to create a new application layer.  It will be much smaller in size.  Remember to test this though because it might affect licensing.
• Remember to disable the update process before finalizing
• Always reboot one more time than the software says to
• Always TEST before deploying

• Before a version or layer can be deleted, it must not be in use.  This includes templates as well.
  • Only the oldest and newest versions can be deleted
• Removing an application layer from a desktop removes all traces of that application that were part of the original layer, EXCEPT for any personalization that may have been done.
• Layer priority is based on creation date and time of the version.  Newer versions will have a higher priority in the layer stack than older versions.
  • Do NOT adjust layer priorities unless you have spoken with Unidesk support first.
• Every application layer has the ability to be “reinstalled”.  Use this feature to repair a broken application.
  • Reinstall compares what’s in the application layer to what’s in the personalization layer.  If there are any conflicts, then the file/registry entry in the personalization layer is thrown out.  This allows the original files/registry entries to be used again by the desktop.

• Performance
  • There is a maximum of 50 layers per desktop.
  • Less layers offers better initial application launch performance because the Unidesk filter driver needs to look through the layers for files.  Once the file(s) are found, they are then indexed for faster performance.  This index is held until the next reboot.
  • This time is often measured in milliseconds and may not even be noticed by the user.
• After a layer or version is created, the layer actually resides on the Master CachePoint.  When a desktop is created or edited on a secondary CachePoint and the new layer/version is assigned to a desktop, it is then replicated to the secondary CachePoint’s Layer storage datastore.
  • This can cause a delay in the creation of the initial desktop(s) as the replication happens.
  • Larger layers take longer to replicate, be patient. You can see the progress of the layer replication as a copy file task in vCenter. The speed of replication is determined by the infrastructure and vCenter, not Unidesk.