Configure Citrix Cloud – App Layering 4.x to deliver virtualized apps and Office 365 caching – User Layers for Virtual Apps and Desktops – XenApp and XenDesktop Service Cloud Workspaces in Microsoft Azure

When you think about optimizing your Digital Workspace, you’ll probably think about several things. One of the most time-consuming parts of managing and maintaining a Citrix Virtual Apps and Desktops – XenApp and XenDesktop – whether it’s a Provisioning Services or Machine Creation Services on-premise Hybrid and/or Full Cloud environment is definitely the application maintenance of the golden image.

Citrix showed a nice example how all the processes come together in the new Digital Workspace, at last year’s SynergyTaking advantage of new innovative solutions will optimize the maintenance process and save you a lot of time! In fact, you’ll have more time left to do something more fun– for instance, around innovation the end-user experience!

“Combining the strength of the App Layering product with the optimizations through Citrix Workspace Environment Management and the Citrix Optimizer tools put the new Digital Workspace on steroids” – Christiaan Brinkhoff

Using the layering technology combined with the Cloud, definitely simplifies the process around the Virtual Desktop. Therefore, you’ll keep the image clean and create the possibilty to instantly add virtual applications without rebooting the machines. In the Netherlands, we call that a WIN – WIN for both! And keep in mind, App Layering is the technology, not the product.

However, the ELM server can now be build-up in Azure Infrastructure-As-a-Service through Remote (Azure) PowerShell, and the different OS/App/Platform layers will be placed in the Azure storage account. The Office 365 User Layer are placed on the same separate SMB / UNC share as the elastic layers, therefore now for the user settings and folders. I’ll talk more (in-dept) about the technology later on in the article!

It’s for those several reasons, that I’d decided a blog on the App Layering product. Therefore, since it supports Microsoft Azure Resource Manager and Office 365 (Outlook Caching) User layers, I couldn’t wait any longer.  

In this article – I’ll walk you through on how you can install and configure the latest Citrix Cloud – Citrix App Layering 4.8 version with virtualized apps delivered to your XenApp and XenDesktop Service environment in Microsoft Azure.

I’ll also go through the new Office365 User Caching Layering different configuration concepts. Hopefully you’ll understand why App Layering is something you’ll need in your day-to-day work – to make life much easier as a Consultant in the Future Workspace! 

Note: The User Layering feature is currently only supported for Windows 7 and Windows 10, such as XenDesktop and VMware Horizon VDIs!

Enjoy reading!

Table of Contents

Click on the title to get forwarded in the article:

Did you know?

  • It now also supports the Caching of Office 365 – Exchange Online mailboxes, through the new Office 365 User Layer feature for Windows 7 and 10 (64 bits) non-persistant VDIs? 
  • You can use App Layering from inside the Citrix Cloud also to manage on-premise workloads
  • It also supports VMware view Composer as Provisioning method?
  • A Hybrid connection, such as an Azure ExpressRoute, NetScaler SD-WAN or site-to-site connection between your corporate and Azure networks is recommended for accessing the Management Console on the appliance
  • Using Premium Storage is strongly recommended for the ELM and Layering images to accelerate the speed
  • App Layering is free to use for Enterprise and Platinum customers for on-premise environments or Infrastructure-As-a-Service implementations?
  • It also supports XenServer, Microsoft Hyper-V, Nutanix and VMware vSphere hypervisors?
  • The direct link to the Citrix Cloud App Layering service is
  • It can layer any application, there is no need for applications to be installed on the OS image itself. This exceeds the number of supported virtualized applications when using App-V for example. Note: With the layering technology, you’ve got no possibility for isolation / bubble apps, which you can provide with Microsoft App-V –  Citrix App Layering merges the layers without isolation.
  • Underlying applications should be layered first, and then selected as prerequisite layers when you go to create a layer for the subsequent application
  • Citrix will deliver better support and performance when using applications like Office 365 in the near future
  • A file share server in Azure will perform significantly better than an on-premise file share. Even though the Azure file share feature is not supported, you can use an existing network file share or create a new file share in the Azure environment.
  • To deploy and configure the App Layering appliance, you will need the credentials for an account that has administrative access to your Azure subscription.
  • App Layering is designed to work with Azure’s new Resource Management (ARM) model. It does not support Azure’s Classic deployment model. All resources such as virtual network, file shares and OS machines that App Layering will work with must be created with Azure Resource Manager.
  • The App Layering appliance uses local storage for temporary files and finalized layers. The more layers you create, the more space you need. However, if you run low on space, you can expand the size of the current disk, or add other disks to the appliance when needed.
  • The file share connected to the appliance is used for upgrades, Elastic Layers, and cross-platform publishing. This space is easy to expand, if needed

What’s new in App Layering 4.10

This release includes the following improvements.

  • Windows 10 version 1709 support.  Windows 10 version 1709 is now supported when Store Apps are disabled. Use the script included in our OS Machine Tools package to turn off Store Apps. Because Store Apps must be disabled, we can only support Windows 10 editions where this is possible to do: Enterprise and Education, but not Professional.  If you have been using Store Apps on their 1607 setup, they will have to re-create their App and Platform layers from scratch after upgrading to 1709 and disabling Store Apps.
  • Improved support for PVS on Hyper-V and vSphere. This release includes stability improvements when using PVS to stream images on Hyper-V or vSphere systems peformance. (UNI-61938, UNI-65218)

VDILIKEAPRO results on Application Layering

You’ll will find interesting results on application virtualization, in the awesome VDILIKEAPRO Community survey of last year. I would like to share 3 results around application layering, which I found interesting, regarding this article.

It’s interesting to see that it’s still in the starting phase – discovery phase. Therefore, I think personally that people aren’t aware of the solution yet – or just haven’t got the knowledge around the Layering technology. I’ll think that this change in the near 1 or 2 years, which you also can see in the survey results of question number 3. Hope that this article will solve this a bit…

Interested in the complete survey? Download it for free here.

“Do you currently use an application layering solution in VDI/SBC?”

“How are Windows OS and applications installed, updated and managed?”

“We are pleased to see that IT Admins are steering clear from making manual changes to their Master images. This labor intensive and error prone way of working can seriously impact the performance and uptime of your environment, while plenty of alternatives already exist that can automate these tasks.”

“What are your most important Workspace/EUC initiatives for 2017/2018? (Multiple choice)”

Quite interesting numbers if you ask me. I surely expect that this number will grow even further in 2018 – 2019. I see App Layering as one of the essentials parts of the new Digital Workspace – or also called Workspace 2020 – 2022Migrating to the Cloud doesn’t mean lifting-and-lifting on-premise workloads to the Cloud. It also includes optimization – taking full advantage of all the new services that the Cloud can deliverwith the main goal to optimize processes. That’s where the profit can be reached on long term! 

So, what it Citrix App Layering?

Citrix App Layering puts the applications separate from the OS and splits it into three main layers. Each layer is stored as a virtual disk. The base (OS) layer contains the OS. The App layer is where the application files and registry keys are stored. An at last, the User layer where the user data, including profiles, resides. Continue reading to learn more about the technology…

The Layered images hold the following 4 layers: 

Enterprise Layering Manager

The Enterprise Layer Manager or (short name) ELM, is a virtual appliance that coordinates communication in the App Layering environment and manages copies of your layers and Image Templates. Based on CentOS, the ELM hosts the App Layering Management Console.

This machine will be created in Microsoft Azure Infrastructure-as-a-Service and centrally managed from the Citrix Cloud through the Citrix Cloud Connectors.

Note: It’s also possible to managed directly through the Private IP Address of the ELM server in Azure without using the Citrix Cloud.

Image templates

With image templates, (or also known as layered images) you have multiple images, like for example, Windows 2016, XenApp, Office 2016 Professional and Adobe Reader, which you can bring together in one template image. Just see it as a “golden” disk. The XenApp and XenDesktop golden MCS / PVS images can be clean after all, so no application needs to be installed in the images (the left-overs from App-V). You can use the layered images for the creation of the Machine Catalog, by applying the Machine Creation Service imaging technology from inside the Citrix Cloud.

Note: Application Layers are limited and are a dependency per Operating System. It might work, therefore it is not possible through the ELM console to apply apps between different Operating Systems.

Platform Layers

Citrix Application Layering uses a Platform Connector, which you can use to communicate with different hypervisors and different provisioning mechanisms in order to put the appropriate drivers in the image and copy this to the target platform. It makes it also possible to easily and efficiently move apps between on-premise and the Cloud and vice versa!

OS Layers

The OS layer is the Operating System image (golden image), the fundament. Which is used as default starting point for your image template. Prepare for example, a Windows Server 2016 image with updating the OS and install the VDA and Workspace Environment Agent software. From that point – App Layers will be created, so the OS Layer will stay clean.

App Layers

An application layer contains the registry and filesystem information for one or more applications. An application layer can contains single or multiple applications within it. It could also simply be a file or registry changes with no application installed.

User Layers

This layer will be user specific and contain changes made to the user environment. These changes include everything from user profile changes to user installed applications. This is a new feature which can include the user profile in non-persistent scenarios, such as on Pooled VDIs or XenApp read-only disk deployments. The files will be mounted to a VHD file, which also holds the Local Outlook folder, what makes it possible to cache and Roam the Office 365 – Exchange Online OST file to a User Layer! More about that at the end of this article!

Elastic Layers

Elastic layers are layers (images) that become active when users log in. This means the layers are accessed based on access rights, like being a member of a domain group for example. The layers are accessible from a simple network share and can instantly be added to Desktop environment – Image Template Layer.

Note: For more in-dept information about the different components and concepts, please check the new comprehensive Application Layering whitepaper of Citrix!

Register for a Citrix Cloud trial account

Assuming that you already have an Azure tenant / subscription, you only need to register for a Citrix Cloud account. If you already have one, please skip these steps ..

When u first want to build an PoC or test environment first, just to get more confident with Azure or Application Layering, Citrix also provides the possibility to try the software from inside the Citrix Cloud for 30 days. You can extend this afterwards with a “purchased” version of you are satisfied with the product for your business…

To get started, you first need to create a Citrix Cloud account, this can be doing through the following url:

Enter in all the information – and confirm your email address

When the account is activated, please go to and log in with your credentials

Request the – Citrix App Layering – service in dashboard landing screen.

Click on – Request Trial


Click on view trial status

You’ll will receive an email when the trial is approved and ready to configure


How to get started with App Layering in Citrix Cloud

Go to

Click on Manage in the Citrix Cloud portal

Click on Get Started

Click on Azure

Start with Step one – Deploy a Cloud Connector inside your network (Azure)

Deploy the Cloud Connector(s) inside Microsoft Azure

Before we start with the installation of the Citrix Cloud Connectors, we need to deploy 1 or 2 (recommended) basic VM’s in Microsoft Azure.

Note: I assume that u already have an Azure account and have a Virtual Network, storage account and (optional) a resource group. This is required for all the upcoming steps in Microsoft Azure!

Just logon into your Azure account and deploy a Windows Server 2016 machine from the marketplace. Follow the next steps…

Note: There is no need for SSD premium storage for this type of machine. Just to save out costs, make use of a Basic Resource size, such as A2_v2.


Note: Make sure to place (when u install 2) the Citrix Cloud servers in the same Availability Set. Finish the deployment in Azure, join the Citrix Cloud Servers to the domain and

go to the next step

Note: Make sure to disable IE Enhanced Security Configuration before you start the cwconnector.exe installation



Switch back to the Citrix Cloud and click on + Connector to download the Citrix Cloud Connector(s).

Click on download and save the file (cwcconnector.exe) somewhere on the Citrix Cloud servers in Azure, the installation needs (of course) to be run from inside that machine.

 Install the Citrix Cloud Connector software on the Servers in Azure, first sign in with your Citrix Cloud Account.

The installation process will start directly afterwards…

 Testing the Connection…

Note: Troubles with the connection? Please check out this troubleshoot article.


Connection successfully verified, click on Close

 Click on refresh All


 The new resource location must now be added to the list. Perform the same steps for the other Cloud Connectors.

 Note: The yellow / orange mark is active because there is only one Citrix Cloud Connector active. When you install another Citrix Cloud server in Azure, the warning will disappear. And remember: place them in the same Availability Set!

Now open the Hamburger menu – click on Resource Locations

Rename the resource location to Azure – DC location.

Save the new Resource Location name and check if it’s changed in the menu.

Deploy the ELM Appliance in Azure IaaS

Switch back to the Getting Started menu in Citrix Cloud 

Download the Appliance for Microsoft Azure

Extract the download package, named; and the Azure_4.8.x zip file to a folder on your local drive, C:\tmp for example.

Open an Azure Powershell prompt from that specific machine.

Run the Import-Module AzureRM cmdlet

Perform the pre-login command to your Azure tenant environment. Enter your Global / Full Administrator account



Note: Download the Microsoft Azure PowerShell v3 cmdlets here.

Execute the AzureELMDeploymentV4.ps1 script and enter in a Deployment Name, such as you’re Companyname.

Note: The maximum number of character is 15 and use an (unique) organization AppLayering deployment name, such as CBrinkhoff. This is required for the creation of the diagnostic storage account later on. The storage account uses the deployment name as prefix – which’ll need to have a unique DNS entry in Azure storage blob.

Note: The script copies the VHD to the Azure location of your choice, and attaches the repository disk. It then boots the appliance. If the script fails, check the values to make sure that the values are correct for your environment.

Give in the Subscription name, where to deploy the ELM Appliance into.

Enter the Resource Group name, or the name of the existing one that you want to deploy the ELM Appliance in.

Enter in the Azure Storage Account name to place the VHD file in. I recommend Premium Storage account for performance acceleration.

Select a Datacenter Location


Give in the Azure Virtual Network name

Choose a subnet

Now we have the option to assign a Static IP Address to the ELM Appliance. I recommend you doing this.

Select the SKU size of the Appliance.

I’ll choose the default – Standard DS3 v2 machine. This is a Premium machine with SSD Storage

Give in a username to access the ELM Management portal.

Press enter to use the default suggested CitrixAdmin.


Give in the password


Now we need to select the ELM VHD file from the ZIP folder, to perform the upload process to Azure IaaS and to start the machine creation process.

Browse to the location and open the Azure_4.8.x folder and select the VHD file.

The ELM Virtual Machine is now being created in Azure…

(And for the sharp people – yes, I have a pretty fast (fiber) internet connection at home J. Please wait for 10 – 30 minutes, depending on your internet upload speed)

The ELM Machine is now being created in Azure IaaS, based on the JSON template file.

The ELM machine is now deployed and running in Azure!


Connect to the ELM Appliance in Azure through the Citrix Cloud

When the deployment is done – switch back to the Citrix Cloud, under Step 4 – Click the Log into Appliance button.

Enter in the Resource Location Name (Citrix Cloud Connectors) and give in the Static (or dynamic) IP of the ELM Appliance in Azure.

The App Layering Management Console will now go through the Citrix Cloud Connectors to setup the connection to the ELM Virtual Machine in Azure.

If you see the following screen, then we’re ready to rock and start with the fun part.

Enter in the following administrator credentials

username: administrator password: Unidesk1

Problems with the authentication? Please check this article.

Accept the license terms

Click on the arrow

Click on – Change Credentials

Enter in a new password

The passwords were changed

Change the ELM Portal Time out setting

This default setting can be very annoying – the timeout is standard on 15 minutes. Sometimes you’ll need more time to finish the configuration of something – and without changing this setting, you’ll have to start over again.

Open the System tab – click on Settings and Configuration

Click on Edit

Change it to the value you want – I’ll pick 60 minutes. Click on Save

Note: You need logoff and back on to activate the setting

Configure a Directory Junction – Connect to Active Directory

A Directory Junction is a connection to your Active Directory domain. It is a read-only connection that is used to read users and groups. The users and groups are used for things such assigning users as Administrators in the console and also assigning users and groups to Elastic Layers.

Click on Users -> Directory Service

Click on – Create Directory Junction – in the right menu

Give in a random name, Enter in the IP of the Active Directory server and select the protocol. Click on Test Connection to check the connection

When the connection is succeeded – Click on the down arrow

Enter the DN name of the AD serviceaccount and password. Click on the arrow to continue

TIP: Use the HTML Receiver Clipboard to inject the copy/paste

Click on Test Authentication. Click on the arrow if it says succeeded.

Select a base to query your groups and users. Click on test and click on the arrow

We have enough on the default attributes. Click on the Arrow

Click on Create Directory Junction

The Active Directory domain is now listed in the Directory Service

We now can create layers based on Active Directory Objects!

Click on the Directory tab

Select a user or group

Click on Edit Properties

Assign the Administrator Role (or something else). Click on the Arrow

Click on – Update user – to apply the rights

Add a SMB file share for Elastic and User Layering

The following setting is needed to activate the Elastic and User Layers in App Layering. Please use a fast (SSD) and reliable UNC connection to store the Elastic Layers on.

Go to System – Settings and Configuration

Click on Close

Click on Edit – next to Network File Shares


Check this article for the setup of the user rights that are required for User Layers.

Add the (fast) file share to store your Elastic Layer. Test the SMB File Share and click on Save

Note: I’ll recommend using Azure Storage Spaces Direct for this setup in Azure. Interested? Please take a look at this article – or just use a UNC path or Storage Blob Account.

Create the Base – OS Layer – Virtual Machine in Azure

Search for the Windows Server 2016 VM in the Marketplace.

Enter in the requested information.

I’ll recommend using a SSD disk type to increase the performance of capturing a Layering image

Choose the sizing of the machine

Select / enter all the requested information

Confirm the settings and start the deployment process

Setup a remote Desktop connection to the machine and perform the following steps.

Update the OS with all Windows Update hotfixes

Do NOT join the domain

Do not optimize the OS

Disable Automatic Updates in gpedit.msc

Confirm that Protection is turned off

Connect to the UNC location of the .zip file to locate the MCS agent software. Unrar the – citrix_pp_layering_os_machine_tools_4.8.0 – file

Go through the setup – click on Install

Open a command prompt and install .NET Framework 4 by entering the following command.

C:\Windows\Microsoft.Net\framework\v4.0.30319\ngen.exe update

Go to the C:\windows\setup\scripts location and open the – SetKMSVersion – application

Click on Save Script

Confirmed and saved the script

Now we need to install the Machine Preparation Utility. Click on setup_x64.exe

Go through the setup, click Next

Click next

Click on Finish

Extra: Citrix Optimizer Supplement for App Layering

As you may know, Citrix just released the Citrix Optimizer tool to tune and tweak Operating Systems to eventually taking full advantage of the resources. The great part of this tool is that you can create own custom .xml templates to run specific optimizations. This resulted in one great Supplement template for Citrix App Layering, for optimizing the OS Layer for example. The template is created by Rob Zylowski.

The template and script included in this article extend the optimizations provided by the optimizer for settings that apply to App Layering, which are not found in the included templates.

To use these just put them in the templates folder when you set up the Citrix Optimizer. The settings to disable IPV6 have to be run in the OS layer and you can certainly add all your optimizations there if you wish. The removal of the Windows Universal Applications must be performed in the OS layer. Remember to always keep a non-optimized initial version of the OS layer to fall back to just in case something you set using the tool becomes a problem.

Note: Run the steps before finalizing the OS Layer!

The Citrix Optimizer App Layering Template can be downloaded here

Citrix Optimizer can be downloaded here

Open the Template

Search for the XML file

And optimize the OS Layer by clicking on the Optimize button!

Shutdown the Base (golden image) Machine in Azure

Create an Azure Connector configuration

A Connector Configuration is a stored set of values for connecting to a storage location in your environment. A configuration typically includes credentials for authentication, a storage location, and any other information required to interface with the environment where you will be creating layers or publishing images. You can create multiple Connector Configurations, each configured to access a unique location in your environment.

When you create an OS Layer, you need a Connector Configuration to give the appliance access to the location of the OS image that you want to use for your OS Layer.

This is definitely different from the on-premise version of App Layering. Please follow the next steps to perform the configuration.

Note: For more information about the Azure Connector, please check this Citrix article.

Firstly, we need to create a App Registration in Azure Active Directory

Open the Azure portal

Go to Azure Active Directory and open the App Registrations menu. Click on – New Application registration

Give in a
random name – and take over the following settings. Click on Create

Create the Server 2016 OS Layer

Switch back to the ELM Web portal and open the Layers tab – followed by OS Layers

Click on – Create OS Layer

Enter in a Layer Name, version and Size (C:\ drive). Click on the arrow down

Click on new



Select – Azure RDSH

Click on New

Please wait – this can take up to 1 – 5 minutes…

And done loading…

Now we need to enter all the information from the App Registration, including some more.

To collect all the information – open the CitrixAppLayeringApp Registration and open the Properties menu.

Name it the same as the App Registration name, such as CitrixAppLayering

The Subscription ID is the Azure Subscription that u use for the deployment, which can be found at the Subscription menu in the Azure portal

App ID URI is the Tenant ID

The Tenant ID you need is in the middle of the App ID URI. The Tenant ID is everything after the https:// portion of the App ID URI, up until the next slash. For example, if your App ID URI is this: – Then your Tenant ID is this:

Paste the Application ID from the previous step at the Client ID field

Use the Clipboard feature in the top menu to paste the information. Saves a lot of time…

Open the Keys menu of the App Registration.

Click on the Key description field and type in a description, such as App Layering Key – set the Expires to Never and click on Save

The Value field is now filled in. This is the Client Secret – paste it in the Connector Configuration.

Note: This key does not appear again after you close this window. This key is sensitive information. Treat the key like a password. If someone gets access to this value, they can potentially gain administrative access to your Azure subscription.Now we need to assign RBACContributor Rights on the App Layering – App Registration, for the Azure Subscription we are using.

Open the Subscriptions option in Azure

Select the Subscription. Click on Access Control (IAM)

Click on Add

Select the Contributor Role, assign access to Azure AD user, group, or application and give in the App Registration name in the Select field.

Select the member and click on Save

And the last one – enter in a storage account name.

This can be an existing one or a new one. It needs to be a Basic storage account for Azure ARM with Storage service encryption Disabled. So you cannot use the same Premium SA as from the previous steps.

Paste all the required information in the screen and test the connector configuration

Click on Save


Select the new created Azure RDSH – CitrixAppLayering Connector. Click on the down arrow

Enter an Existing or new Azure Resource Group and the VM Base VM name, which we created earlier. Click on the Down Arrow

Select an icon. Click on the Down Arrow

Confirm all the settings – Click on Create Layer

The new OS layer is now listed in the OS Layers section, therefore it’s still busy with the creation process. This can take up to 30 minutes…

The process is finished when the status is Deployable

Create an Azure ARM – RDSH platform layer

The Platform Layer is a special layer where Azure (if they are not part of the OS layer), broker and provisioning tools reside. The Platform layer is only used when creating a Layered Image.

If they were to later decide to move to another provisioning mechanism, they would create a new Platform Layer for that platform. The operating system and applications would stay the same.

Open the Layers tab and go to Platform Layers

Click in the right menu on – Create Platform Layer

Enter a name for the Platform Layer.

Note: Max Layer Size is the maximum size of the disk used for the layer. This typically does not need to be lowered since all layers are thin provisioned. You may want to bump it up for large applications. This setting can also be adjusted whenever you create a new version of a layer.

Select the OS Layer

Select the Azure RDSH – CitrixAppLayering Configuration

Select one of the 2 options. For this article, I’ll use the second option, select Microsoft AzureCitrix MCS and Citrix XenApp and click on the down arrow

Platform Layers for packaging Layers (Required in some cases) – These Layers include the hypervisor software and settings you need to easily install the software for your other layers on a VM in your hypervisor environment.

Platform Layers for publishing Layered Images (Required) – These Layers include the software and settings required for a Layered Image to run flawlessly in your environment.

Click on the down arrow

Select an icon, click on the down arrow


Confirm the settings. Click on Create Layer

Again, check the status in the Tasks menu. Task completion may take 5 – 10 minutes to complete so please be patient.

The task is complete, double click on the task

The task is completed – click on – Click here – to finalize the platform layer

A Virtual Machine with the Layer name will be created in Microsoft Azure

Select the Azure subscription, Resource Group, Machine name, SKU Machine sizing and Virtual Network.

Accept the terms and conditions and click on Purchase

Note: When u click on Edit template, you’ll see the JSON template file, which created the OS platform Layer in Azure IaaS.

Click on the notification

The JSON template deployment took 1 minute and 44 seconds!

Check Virtual Machines and open the Machine

Detect the Private network address – setup a Remote RDP Connection to finalize the layer.

Join the Layer – Virtual Machine to the domain

Give in the domain name, authenticate and click Ok

(It’s also possible to change the computer name)

Note: Problems with the domain join? Make sure that the Primary DNS of the Azure Virtual Network points to the Active Directory server!

Click Ok

Reboot the Virtual Machine

When the machine is back online – open again a RDP as local administrator

Note: After joining the domain, move the computer account to your OU, to make sure the GPO computer settings are applied to the Platform Layer.

Now we need to install the Citrix Virtual Desktop Agent (VDA) in the platform layer. I’ll use the latest 7.16 version.

Click Next

Click Next

Click Next

Add the Citrix Cloud Connectors FQDN and click Next

Note: I’m going to use the platform layer as base image, so for this reason I’ll add the Delivery Controllers to my Citrix Cloud XD XA Service environment.

Don’t select the optimize performance feature. Click Next

Note: George Spiers also created a great Citrix App Layering Preparation Script. Which can be used to optimize the Platform Layer before Finalizing the App and OS Layer !

Go through the other settings, confirm the summary and click on install

Reboot the machine

Choose – I do not.. – Click next

Remove the VDA setup files from the machine – Reboot (again) the machine

Add authenticated users to the Direct Access Users / perform the same steps for the Remote Desktop Users Group

Finalize the image – click on the Shutdown For Finalize shortcut

Note: If you also use Citrix Workspace Environment Management – then also install the Citrix Workspace Environment Management Agent in the platform layer!

Switch back to the ELM Portal and Finalize the Platform Layer

Note: When you finalize a Platform Layer, App Layering software deletes the Packaging Machine.

Click on Finalize

Confirm the process – click on Finalize


And the finalizing process is ongoing…

Click on the task to get a more detailed explanation of the process

And done!

Creating Application Layers – Adobe Reader

Application Layers may contain a single application or multiple applications. Citrix App Layering gives the administrator the flexibility needed to deliver their applications.

I’m going to demonstrate Adobe Reader and Microsoft Office in this article. I’ll use Outlook later on for the Office365 User Layering support for the Outlook OST caching!

Creating an Application Layer is a three-step process:

  • Run the Create App Layer wizard
  • Install the application
  • Finalize

Click in the ELM Portal on Layers -> App Layers

Click on – Create App Layer

I’ll use Adobe Reader as example. Give in a version and a maximum layering size. Click on the arrow

Note: The maximum layering size is dynamically expanding, so the image won’t allocate the maximum value of space.

Select the OS

We don’t include other layers – Click on the Arrow

Select the Azure Connector

We can skip this – Click on the arrow

I use the default name for the package – Click on the arrow

Select an icon

Check the settings – Click on Create Layer

The job is running…

A new version of the OS Layer is being created for the application.

Open the following JSON file to create the Layering Image Machine in Azure. Again logon with your Azure Administrator credentials.

Note: I’m experienced some troubles with opening this link inside the Citrix Cloud – Published environment. Seems that internet and traffic to is blocked. Please copy the URL and open it anywhere else.

Use the same settings as for the Platform Layer JSON deployment. Click on Purchase


The virtual machine is finished…

Start a Remote Desktop Connection to the Layering Machine

Logon with the local administrator account

Install the Application that you want to virtualize.

I’ll use Adobe Reader as example. Perform the installation just the same as normal.

The setup is finished

Remove the shortcuts from the public desktop folder

Finalize the image – Click on – Shutdown For Finalize

Note: George Spiers also created a great Citrix App Layering Preparation Script. Which can be used to optimize the Platform Layer before Finalizing the App and OS Layer !

Switch back to the ELM Portal. Click on Layers -> App Layers. Click on Adobe Reader

Click on Finalize

Click on the Arrow

Confirm the settings – click on Finalize

Check the tasks bar for the status


Detailed status…

And done!

Creating Application Layers – Microsoft Office Professional 2016

Repeat the same steps for Microsoft Office Professional

Click in the ELM Portal on Layers -> App Layers

Click on – Create App Layer

I’ll use Microsoft Office 2016 as example. Give in a version and a maximum layering size. Click on the arrow

Note: The maximum layering size is dynamically expanding, so the image won’t allocate the maximum value of space.

Select the OS

We don’t include other layers – Click on the Arrow

Select the Azure Connector

We can skip this – Click on the arrow

I use the default name for the package – Click on the arrow

Select an icon

Check the settings – Click on Create Layer

The job is running…

A new version of the OS Layer is being created for the application.

Open the following JSON file to create the Layering Image Machine in Azure. Again, logon with your Azure Administrator credentials.

Note: I’m experienced some troubles with opening this link inside the Citrix Cloud – Published environment. Seems that internet and traffic to is blocked. Please copy the URL and open it anywhere else.

Use the same settings as for the Platform Layer JSON deployment. Click on Purchase


The virtual machine is finished…

Start a Remote Desktop Connection to the Layering Machine

Logon with the local administrator account

Install Microsoft Office 2016 (or 2013).

Perform the installation just the same as usual.

Install Now

The setup is finished

Before we finalizeopen the (as administrator) following C:\Windows\Setup\Scripts\RunOptimizer.cmd

Select – Activate MS Office via KMS

Note: If you use a MAK key, skip this setting and select the Active MS Office via MAK option

Use this option (instead of KMS) when u install Office through Office365 (Online activation). Please check this article from Marius Sandbu for more information

Click on – Save Settings A-K

The script ran successfully

Note: You should run C:\Program Files\Microsoft Office\Office16\OSPPREAM.exe as an administrator to make sure the layer is properly prepped. This is only necessary if you opened up Office during the packaging/layering process.

More problems with the activation process? Please check this Citrix support article.

Click on – Shutdown For Finalize

Reboot the machine

Finalize the image – Click on – Shutdown For Finalize

Switch back to the ELM Portal. Click on Layers -> App Layers. Click on Adobe Reader

Click on Finalize

Click on the Arrow

Confirm the settings – click on Finalize

Check the tasks bar for the status

Detailed status…

And done!

Repeat the same steps for all the other applications that you’ll need to virtualize with the App Layering technology.

Create the Server 2016 Image Template

Image templates are a bill of materials. It specifies what OS, Platform, and Application Layers will be delivered as a Layered Image.Once you have created the Image template, the OS can then be published from the Citrix Cloud. It is the publishing process that turns the various layers into a single disk that is then delivered to the connector specified.

Return back to the ELM Web Portal Console and click on Images

Click on – Create Template

Give in a random name and icon

Select the OS Layer

Select the Applications (layers) that you need assigned to the Desktop

Select the Azure RDSH Connector

Select the Platform Image

Give in a name and a size of the C:\ OS disk.

Choose for Application Layering.

Note: The User Layers (are not yet) supported for Windows Server (SBC / Multi-Session) Operating Systems. Select the User Layer on – none

Confirm thesettings– click on Create Template


Click on the Layered Image

Click on – Publish the Layered Image

Click on(again) on – Publish Layered Image

The deployment status of the new image…

Open the JSON template link (the same as the others) in a browser to start the Virtual Machine deployment.

Give in all the requested information.

Tip: When u deploying multiple machines – the JSON file automatically created follow up numbers after the Host Name prefix, for example Template-2016 will be: Template-20160 second will be Template-20162

Use the following measurements to make a good decision on the sizing.

Note: Session_Host_Count means the number of XenApp Workers.

When all the information is filled in and checked, click on Purchase to deploy the new master Template

 Deployment is finished successfully

We now need to use this Template Machine for the Machine Catalog setup for the XenApp and XenDesktop Service Desktops

Stop the Machine in Microsoft Azure


Create the XenApp and XenDesktop Service Machine Catalog

Note: I’m assuming that you already have a fully functioning Citrix Cloud XenApp and XenDesktop Service environment with a Host Connection configured to your Azure tenant environment. If you need any help with this, I already wrote a complete article on the initial configuration steps. Please take a look at the following articleHow to configure the Citrix Cloud XenApp and XenDesktop Service using Azure Managed Disks and Citrix Optimizer”.

To use the new App Layering – template layer as basis for our Machine Creation Services deployment in Microsoft Azure, using the Citrix Cloud XenApp and XenDesktop Service. We’ll need to detect the location of the VHD drive of the template on the Azure storageaccount.

Open the template Virtual Machine in Azure, and go to Disks

Copy or remember the VHD URI / path, we need this for the next steps, during the Machine catalog creation

Switch to the Citrix Cloud XenApp and XenDesktop Service Manage portal.

Open Machine Catalogs – Create Machine Catalog

Select the OS type – for me that will be Server OS

Select the (only available for Azure) Machine Creation Services

We now need the VHD URI location, which we’d captured in the previous step. Search through the Resource Group for the Storage Account and Path of the (App Layering) Template Image.

Select the VHD

Note: Before you continue to the next step, please check if the Template Virtual Machines has the status Stopped (de-allocated) in Microsoft Azure, the creation process otherwise will fail!

Make good decisions on this screen. Always use Premium (SSD) storage for the highest user density and user experience!

Activate the HUB program if you have an Enterprise Agreement and Software Assurance for the Operating System that you’re using.

Select Managed disks only for lab and/or testing purposes.

Use the diagram below to make a good decision on the sizing of the XenApp Workers, to avoid oversizing of resource costs.


Choose to use existing Resource Groups or create a new one for the deployment

Let this be default – or add extra network interfaces if you need them

Select the Active Directory OU location and naming convention

Add the credentials to provide the Domain join

Check the summary and provide a Machine Catalog name. Click on Finish to start the deployment in Microsoft Azure

This process can take up to 30 minutes

Create a delivery Group and assign the Desktop to you’re users and/or groups.

Select the authentication method – select the users and groups

Publish the (Layered) Apps from the image, I’ll use Adobe Reader and Office

Give in a name for the App Layering Desktop

Give in a name for the Delivery Group

Note: Make sure that the machines are running in Azure / the machines will be created as Virtual Machine in Azure at the moment you start them from the Machine Catalog – Delivery Group Management Console – or search for Published Application, during the Delivey Group setup!

And the desktops are registered – before we go to the next step!

Perform a (App Layering) Citrix Cloud Session

Click on Workspace Configuration – to check the Citrix Workspace URL

Or open the Manage welcome splash screen, you can see the link below.

Open the Citrix Workspace url and logon with your credentials

The Published Apps are visible!

Start – Logon to the New Citrix Cloud Desktop.

The Layering Service is doing his background tasks…

And the Desktop starts…


And all the Layered Apps can be used as local Applications!

Note: Do you receive this error after the logon process? You’re Elastic Layering share rights are not setup properly. For more info, check this discussion:

Activate the Office365 (caching) User Layer for VDI

User Layers let you persist user profile settings, data, and user-installed applications in non-persistent VDI environments. User Layers are created when – You set Elastic Layering on an Image Template to Application and User Layers, so that the Layered Image supports User Layers.

A user logs in to their desktop for the first time, and a User Layer is created for them. From then on, the user’s data and settings are saved in the User Layer, along with any applications that the user installs locally on their desktops.

Note: App Layering 4.10 now also supports Office365 layers for Windows 7 (64 bit) and 10 (64 bit) VDIs, such as for XenDesktop and VMware Horizon!

Some extra notes around Office 365 layers:

    • Office layer must be included in the image template and deployed in the layered image.
    • It only redirects the local Microsoft Outlook folder “%USERPROFILE%\AppData\Local\Microsoft\Outlook” not Search and/or OneDrive and Skype for Business.
    • Citrix User Profile Manager (UPM) is required to use Office 365 User Layer.
    • Make sure that %USERPROFILE%\AppData\Local\Microsoft\Outlook is in the exclusion list.

Give in a name and a size of the C:\ OS disk. Choose for Application Layering and Office 365 as User layer to activate the New Persistent Outlook Caching functionality!

You first need to create a new Windows 10 OS Layer before you can proceed to the next steps. The steps are almost the same as for Server 2016, so I don’t go through everything in detail.

These following steps are optional, and only needed when u want to use the Office 365 User Layering technology.

You’ll need an Enterprise Agreement within Azure in order to use Windows 10 VDIs.

Go through the setup, just the same that I mentioned for Server 2016. Therefore now with the User Layer – Office 365 activated.

Click on – Publish the Layered Image

Follow the same JSON Procedure in Azure for the imaging deployment.

Create the Machine Catalog and Delivery Group, based on the new Windows 10 Template Virtual Machine, in the Citrix Cloud XenApp and XenDesktop Service Manage portal.

Office 365 User Layering – background insights

You can check and see the background process around the User Layers – when a user logs on to the new Desktop environment by opening Disk Management (diskmgmt.msc).

The User Layer will automatically be attached to the Desktop to storage the Office 365 – Outlook caching files.

Note: You can assign a drive letter to the Virtual Disk to check what’s inside the Virtual Hard Disk.

The files will be played on the Elastic Layering SMB Storage. The VHD will standard be named as, <USERNAME>_O365.vhd

You can mount the file and see that only the %USERPROFILE%\AppData\Local\Microsoft\Outlook folder is redirected.

The User Layer will be de-mounted while logoff the Citrix Session and re-attached when you log back on – which makes the Outlook Profile and Caching Outlook files persistent!

Also make sure to setup the Outlook 2016 Slider policy to avoid overloads of caching storage!

The policy can be found here:

User Configuration -> expand Administrative Templates -> Microsoft Outlook 2016 or 2013 -> Account Settings -> Exchange Double -> Cached Exchange Mode

Please start optimizing the Digital Workspace further with Citrix Profile Management (UPM).Make sure that %USERPROFILE%\AppData\Local\Microsoft\Outlook is in the exclusion list. This resides in the VHD Mounting directory!

Visit the comprehensive article from Carl Stalhood for configuring Citrix UPM.

Extra: Create an Elastic Layer

Elastic Layers are published to Active Directory users and groups. Once the wizard is complete, a task kicks off that copies the layer to the file share and updates the JSON files located on that share. The user, if already logged in, must log off and then back in to get access to their new application.


Go to Layers -> App Layers and Select an Application

I’ll use Adobe Reader

Click on Add Assignment

Select the version

Click on the Arrow

Select the AD User or Group to assign the application to.

I’ll use the Group Other Apps

Finalize the process – Click on Assign Layer

The elastic layer is now copying to the SMB share location. Always use a fast share location to speed up this process!

The files are placed in the following location

Extra: Enable Labs Features

Want to experiment with cool new features that are under development? Through the Management Console, you can now see which features are available in Unidesk Labs in any given release. You can enable features you’re interested in, try them out, and let us know what you think. The only caveat? Best not use Labs features in your production environment, as they are likely to evolve with the feedback we receive from users like you!

Throughout this documentation, features that are available through App Layering Labs are marked (Labs) in the title. Most Labs features require enabling.

To find out which Labs features are available in this release, seeWhat’s New.

Go to System > Settings and Configuration


Select the Labs that u want to test / activate. Click on Save



More on Digital Workspaces in Azure?

This blog is part of a Citrix Cloud blog series about the different Citrix Cloud Digital Workspaces possibilities. Previous articles that I wrote around the Citrix Cloud, that you might find interesting to read:

That’s it for now. I’ll hope to see you back soon.


Christiaan Brinkhoff