The objective of this article is to inform Citrix customers and partners about the best practices when creating a Platform Layer in Citrix App Layering 4.x.  The Platform Layer is used to install drivers and software specific to a particular platform like PVS or MCS.  The Platform Layer enables App Layering 4.x to support many platforms at the same time.

Instructions

•  The Platform Layer is the highest priority layer in a published image
  • A setting or file stored in the Platform Layer will be the last applied when the file system and registry are merged during image creation
  • Any data that is removed or altered in the Platform Layer will not be present in the published image, unless provided as an Elastic or User Layer. (See https://docs.citrix.com/en-us/citrix-app-layering/4/layer.html#layers-enabled-on-the-base-image)
• Any changes made to the local SAM database will not be captured in the Platform Layer or Application Layer.

The general flow for creating a Platform Layer is as follows . PVS, MCS, and Horizon View are covered in more specific details near the end of this article.

1. Install Special Drivers like NVIDIA
2. Install the Broker Agent
3. Join the Domain
   1. This is done to configure the registry as a domain joined machine would be.  Each broker is actually responsible for joining the desktops/Xenapp servers to the domain.
4. Install any SSO software you may use
   1. This is done because both the broker agents and SSO software modify Windows Logon Providers and this prevent the data in Platform Layer from overwriting the SSO settings from another layer.
5. If the Platform Layer will be used cross platform, meaning for example that you package on vSphere but you will be deploying to XenServer, then you install the cross platform hypervisor tools as well
   1. Note: Your primary hypervisor tools should be installed in the OS Layer.
6. If you are using PVS, make sure you install the PVS tools last, as required for PVS with or without App Layering

• Include Receiver and Workspace Environment Management in the Platform Layer if needed in your XenDesktop or XenApp environment
  • Receiver has an SSO component and WEM can be affected by the scrubbing done based on the target hypervisor, when not installed in the Platform Layer.
• There are some problems that also need to be handled via GPO/GPP because of a SAM database update issue with the layering process. Since the Domain is joined in the Platform Layer you will not automatically have Domain Admins in the local Administrators group and Domain Users in the local Users group.  Create a Group Policy Preference (GPP) to fix this issue, using those groups or whatever groups you desire to assign administrators and users to your machines
  • In addition, the Citrix VDA also adds two services into local groups.  These can also be added via GPP
    • The NT Service\CitrixTelemetryService is added to the local Performance Log Users group
    • The NT Service\BrokerAgent is added to the local Performance Monitor Users group
• To allow direct access via RDP to VDA's add a Domain group to the local Direct Access Users group
• If you are using Citrix App-V integration, the VDA will create a local user (CtxAppVCOMAdmin), then give access for that local user to a DCOM object (Citrix.VirtApp.VDA.Com.AppVObject). To resolve this in App Layering do
  • Create the local user in your OS layer, before you create the Platform Layer
  • Assign the user a password and document the password
  • After the VDA installation open Component Services
  • Gooto DCOM Config
  • Open the properties of Citrix.VirtApp.VDA.Com.AppVObject
  • Click the Identify tab
  • Update the password with the one set in the OS layer
• How to handle optimizations?
  • In Windows 10 any optimization that removes "Windows Apps" will only work if ran in the OS layer, not the Platform Layer. This is because the apps are integrated with the Windows Store and the store can only be modified in the OS layer
  • Use of our Citrix Optimizer Tool is highly recommended for these optimizations as it applies them and it can also reverse most of them
• System file and other domain related updates during the first network user logon process. Completing the below steps will significantly speed up logons because the data will no longer need to be modified
  • Join the Domain
  • Reboot then login with a domain user
  • Reboot then login with the local administrator account
  • Remove the domain user

1. Optional, install the NVIDIA Drivers
   1. Configure the packaging machine with your NVIDIA profile before installing
2. Install the VDA
3. Join the Domain
4. Log on with a domain user account
5. Reboot
6. Logon with the local administrator
7. Delete the network user profile
8. Install hypervisor tools if using cross platform
9. Install any SSO Software, Citrix Receiver if it wasn't installed with the VDA and WEM if you are using it
10. Optionally run the App Layering Optimizer
11. Reboot
12. Install PVS Tools.  Unselect the option to Launch Imaging Wizard, and reboot
13. Optionally run the Provisioning Services Device Optimization Tools
14. Finalize

1. Optional, install the NVIDIA Drivers
   1. Configure the packaging machine with your NVIDIA profile before installing
2. Install the VDA
3. Join the Domain
4. Log on with a domain user account
5. Reboot
6. Log on with the local administrator
7. Delete the network user profile
8. Install hypervisor tools if using cross platform
9. Install any SSO Software, Citrix Receiver if it wasn't installed with the VDA and WEM if you are using it.
10. Reboot
11. Finalize

1. Optional, install the NVIDIA Drivers
   1. Configure the packaging machine with your NVIDIA profile before installing
2. Install the View Agent
3. Join the Domain
4. Log on as a network user, reboot, logon as admin, delete network user profile
5. Install hypervisor tools if using cross platform
6. Install any SSO Software
7. Reboot
8. Finalize