Jump to content
Updated Privacy Statement

PoC Guide: Learn how to use Citrix App Layering and the Azure Deployment Connector to create and deploy an image with Citrix Machine Creation Services(MCS) in Microsoft Azure

  • Contributed By: Steve Beals Special Thanks To: Tyler Benoit, Daniel Lazar


Citrix App Layering is a process to create and a technology that allows you to simplify the management of virtual images. App Layering enables you to create a virtual desktop for users, a complete virtual machine for Citrix Machine Creation Services (MCS), or an entire virtual disk to use with Citrix Provisioning (PVS). Citrix App Layering creates layers that are containers for the file system objects and registry entries unique to that layer. These layers are virtual disks, created and updated independently of each other, and are compiled into an image. There are five different types of layers:

  • OS Layer: The Windows OS is installed in the OS layer. You can reuse the same OS layer with all compatible platforms and app layers.
  • Platform Layer: All software and tools are installed into this layer. For example, specific on-premises or cloud tools or antivirus software. A platform layer for each part of your infrastructure can be created if you use more than one hypervisor.
  • App Layer: Applications get installed in the App Layers. Typically a single application is installed on each App Layer, though you can include more.

This Proof of Concept guide is designed to help you get started with Citrix App Layering within a Microsoft Azure environment. The guide walks you through the following to begin using Citrix App Layering:

  1. Install the Citrix App Layering appliance in Microsoft Azure.
  2. Access the Citrix App Layering management interface.
  3. Set up an SMB file share.
  4. Configure Azure Deployment Connector Configuration.
  5. Create an OS Layer.
  6. Create a Platform Layer.
  7. Create an App Layer.
  8. Publish the layered image.
  9. Create a machine catalog and delivery group from the new image.

Architecture Overview


The Citrix App Layering appliance, also known as the Enterprise Layer Manager (ELM), creates and manages layers which can be assigned to users or machines. With the Citrix App Layering appliances, administrators can create different layers such as application layers, OS layers, and platform layers, which will be kept in a repository managed by the Citrix App Layering appliance. Administrators can create a layer image with the combination of a specific OS layer and a few application layers as per the requirement of the end users. During the layered image creation process, the different layers are merged to form a single master image, which can be used by Citrix Machine Creation Services. Once the machine catalog is created administrators can create or provision machines which can be assigned to the users through the delivery group. Users then can launch the desktops when logged into Citrix Workspace.

For additional information on Citrix App Layering, review the Citrix App Layering Reference Architecture.


  • Microsoft Azure Subscription
    • A Resource Group setup for the POC. Visit here for more information on creating an Azure Resource Group.
    • Resource Group Shared Image Gallery
    • Resource Group Disk Access
    • Disk Access Private Endpoint connection
  • Azure PowerShell Module
  • An SMB File Share
  • Microsoft Active Directory
  • Supported internet browser for management console access (Edge, Chrome, Firefox)
  • Windows 11 21H2 OS
  • A Citrix DaaS or Citrix Virtual Apps and Desktops entitlement
  • Current Citrix Virtual Delivery Agent (VDA) installer for Windows
  • Citrix account to download all software

Deployment Steps

Install App Layering Appliance

  1. Log in to Citrix downloads and download the latest version of the App Layering installation package for your hypervisor. We are using Microsoft Azure for our deployment, so we download the Microsoft Azure Appliance Installation Package.



    The Azure App Layering download package requires 31 GB of space when uncompressed.

  2. Extract the zip file to a folder on your local drive.


  3. Open Windows PowerShell and confirm that the Azure PowerShell module is installed by running the Get-InstalledModule -Name Az command.



    To install the Azure PowerShell module, follow the instructions here.

  4. Open PowerShell, browse to the folder where the App Layering file was extracted and run the installation script: AzureELMDeploymentV7.ps1


  5. Enter R to choose Run Once.


  6. Enter the hostname for the appliance at the DeploymentName prompt.


  7. Choose your available Azure environment to install the appliance. By default, AzureCloud is selected.


  8. When prompted, sign into your Azure subscription.


  9. Follow the prompts to enter the subscription name.


  10. Enter the resource group name where the appliance is installed, and hit Enter.


  11. Enter the storage account name if one exists. A storage account is created if one does not exist by default.


  12. Enter the Azure location where the appliance is hosted, such as East US.


  13. Choose the virtual network to be used. In this setup, we are choosing our existing virtual network.


  14. Choose a subnet. In our case default.


  15. Provide an IP Address if using Static IP. In our case, we are using Dynamic, so hit Enter.


  16. Provide a VM size for the appliance. For our example, we are using the Standard DS4_v2.


  17. Enter the user name for the appliance.


  18. Enter the password for the appliance.


  19. You are prompted to provide the location of the VHD file for the ELM appliance. Browse to the location and select the unidesk_azure_system VHD file and click Open.


  20. The ELM appliance will now be created in Azure. Depending on your local connection, this process can take up to 60 minutes.


  21. When completed, the script output is as seen in the following screenshot:


Configure App Layering Appliance

Access App Layering Appliance

  1. Connect to the App Layering appliance from a machine in your Azure subscription by entering the IP address that you assigned earlier in a web browser. Enter the user name administrator and password Unidesk1, then click Login.


  2. Accept the EULA, then click Continue.


  3. Enter a new default password and confirm the new password, then click Save.


  4. The Getting Started with App Layering page loads.


Create SMB File Share

  1. Connect to the virtual machine via RDP, where the SMB share is created.


  2. Create a file folder and open the folder properties.


  3. Click Sharing, then select Share.


  4. Add an administrator account for App Layering to the Share and give Read/Write permission level, then click Share.


Configure SMB Share on Appliance

  1. Return to the App Layering management screen, and select Connect hyperlink on step 1.


  2. Click Edit on the Network File Share screen.


  3. Enter the SMB file share path, Username, and Password to access. Select Confirm and Complete.


  4. Click Save.


Configure Azure Resource Manager (ARM) Templates

As of App Layering v2211 all Azure resources created by App Layering Azure Deployments Connector are created using the deployment of a user specified ARM template. For more information on ARM templates refer to the Azure documentation here and the Citrix App Layering Azure Deployment documentation here.

Create Azure Template Spec

For our POC, we use the Citrix provided Starter Templates that can be used with the Azure Deployments connector.

  1. Within your Azure Resource Group you have created for the POC, create a Template Spec.

  2. Enter the template name (CacheDisk), confirm the Subscription and Resource Group details, enter a version number, then click Next: Edit Template.


  3. Copy the Cache Disk Starter Template code from here

  4. Paste the copied code into the Edit Template screen, then click Review + create.


  5. Click Create.


  6. Repeat these steps for each of the remaining Starter Templates (Boot Image, Machine, and Layered Image).

Configure Azure Connector Configuration

The new Azure Deployment connector does not prompt for credentials within the Citrix App Layering management console and also no longer requires an Azure App Registration/Service Principal. Instead, the ELM must be assigned a managed identity within Microsoft Azure.

Create User Assigned Managed Identity

  1. Sign in to your Azure portal. Search for then go to Managed Identities.


  2. Click + Create.


  3. Select your Subscription, Resource Group, Region, and Name for your Managed Identity then click Review + create.


  4. Click Create.


  5. Your Managed Identity has now been created. Click Go to Resource.


  6. Select Access Control (IAM).


  7. Click + Add and Add role assignment.


  8. Select Contributor, then click Next.


  9. Choose User, group, or service principal, then Select Members. Select the Resource Group created for the POC. Click Select, then Review + assign.


  10. Select Review + assign.


  11. Go to your App Layering appliance in Azure Portal, then click Identity.


  12. Select the User assigned tab, then click + Add.


  13. Choose your App Layering managed identity, then click Add.


  14. Your managed identity has been added to the appliance.


  15. Click System assigned tab, then toggle Status to On, then click Azure role assignments.


  16. Click + Add role assignment, choose your Resource Group, and select Contributor for role. Click Save.


Create Azure Compute Gallery

  1. In Azure portal, go to Azure compute galleries, then click + Create.


  2. Choose your Resource Group, Name, Region, then click Review + Create.


  3. Click Create.


  4. The Azure compute gallery is now active.


Azure Deployment Connector Configuration

  1. Return to Getting Started with App Layering and click Create a connector configuration.


  2. Click Add Connector Configuration.


  3. Choose Azure Deployments from the drop-down list, then click New.


  4. Provide a Name for the connector.


  5. Copy the following into the Custom Data field.

{ "location": "eastus", "gallery": "yourGalleryName", "generation": "V2", "vMSize": "Standard_D4s_v3", "subnetId": "/subscriptions/yourSubscriptionID/resourceGroups/yourResourceGroupName/providers/Microsoft.Network/virtualNetworks/MyVnet/subnets/yourSubNetName" }



Replace the subscription, resource group, VNet, and subnet information with the appropriate information from your Azure Subscription and setup for this POC.

  1. Select your Machine Template by clicking Browse.


  2. Select the Machine template spec that you created earlier in Azure, then click Save.


  3. Select Browse to select your Resource Group.


  4. Choose your Resource Group, then click Save.


  5. In Cache Disk, click Browse.


  6. Select the CacheDisk template spec, then click Save.


  7. Select Browse to select your Resource Group.


  8. Choose your Resource Group, then click Save.


  9. In Layered Image, click Browse.


  10. Select the LayeredImage template spec, then click Save.


  11. Select Browse to select your Resource Group.


  12. Choose your Resource Group, then click Save.


  13. Click Add Boot Image Deployment.


  14. Select Browse, then choose your BootImage template spec, then click Save.


  15. Select Browse to select your Resource Group and select your Resource Group, then click Save.


  16. Click Confirm and Complete.


  17. Review the Configuration Summary, then click Save.


Prepare the OS Layer

You must meet all requirements so that the OS layer works correctly in your environment. Before proceeding, ensure that you have reviewed the following: Requirements and Recommendations.

  1. Open Microsoft Azure Portal and select Create a resource.


  2. Create a new Virtual Machine.


  3. Complete the Basics tab of the Create a virtual machine wizard, then select Next: Disks.


  4. Select OS Disk Type, then click Next: Networking.


  5. Select the Virtual Networkand Subnet, then click Next: Management.


  6. Select the options required for your configuration on the Management tab, then select Review+Create.


  7. If Validation passes, Click Create.


  8. When the Azure virtual machine deployment has been completed, connect to the virtual machine via RDP.


  9. Install all important updates, then reboot the machine. Once rebooted, reconnect to the virtual machine.

  10. Open File Explorer and browse to C:\Windows\OEM. Rename the Unattend script file to UnattendOld.


  11. Turn off Automatic Windows Updates by disabling the Windows Update service.


  12. Open an elevated PowerShell session and run the following command: Set-LocalUser -Name "youradminnamehere" -PasswordNeverExpires 1.


  13. Open Citrix Downloads and download the Citrix App Layering OS Machine Tools.


  14. Run the citrix_app_laerying_os_machine_tools_22.11.0.exe.


  15. Click Yes at the extraction prompt.


  16. Click the appropriate response if you are using KMS for your OS. For our purposes, we select Do not use KMS.


  17. The virtual machine prompts for a reboot. Click Close.


  18. Reconnect to the virtual machine after reboot. Open File Explorer and browse to C:\Windows\Setup\Scripts\. Run setup_x64.exe.


  19. Click Next.


  20. On the Specify your answer file, verify C:\windows\panterh\unattend.xml is selected, then click Next.


  21. Once completed, click Finish.


  22. Open the command prompt as administrator, and browse the Microsoft .NET Framework directory currently in use.


  23. Type in the following command: ngen eqi 3 and hit enter.


Run Citrix Optimizer

  1. Download the Citrix Optimizer Tool.


  2. Once downloaded, unzip the package and then open the Citrix Optimizer Tool.


  3. Select the appropriate Citrix-prepared template to run. For our setup, we choose the recommended template for Windows 11, then click Analyze.


  4. Once the analysis process is completed, review the status, then click Done.


  5. Click Select All, then click Optimize.


  6. Once optimization completes, close the Citrix Optimizer Tool.

Import the OS Layer to ELM

  1. Open an elevated PowerShell window.

  2. Run the command in the screenshot below. Enter the IP address of your ELM appliance.


  3. Provide the user name and password for the App Layering appliance when prompted.


  4. Enter the LayerName, VersionName, LayerSizeGib, LayerDescription, VersionDescription, and Comment.


The virtual machine will disconnect and reboot.

  1. Connect to your admin virtual machine and open the Citrix App Layering Management console. Select Tasks to view the status of the import process.


  2. Your OS Layer is complete once the import process completes.


  3. Select Layers, then OS Layers. Your new OS Layer is now Deployable.


Create Platform Layer

  1. In the Citrix App Layering Management Console, select Layers, Platform Layers, then click Create Platform Layer.


  2. Provide the information for the following, then click Confirm and Complete:

    • Layer Name = Windows 11 Platform Layer
    • Initial Version Name = Initial Platform
    • Max Layer Size = 10 GB
    • OS Layer = Windows11OSLayer and Initial version
    • Select This platform layer will be used for publishing Layered images
    • Hypervisor = “Microsoft Azure”
    • Provisioning Service = **Machine Creation"
    • Connection Broker = Citrix Virtual Desktops
    • Connector Configuration = Azure Deployments-AppLayerAzure
    • Packaging Disk file name = Windows 11 Platform Layer


  3. Review Summary, then click Create Layer.


  4. Review the Platform Layer creation process by clicking Tasks.


  5. The task status changes to Action Required. Highlight the task, then click the View Details icon.


  6. Take note of the Packaging Machine name and connect to the virtual machine via RDP. Use your credentials to log in to the OS Layer virtual machine you created earlier.


Note: To access the virtual machine you may need to run the DisableNLA script. This can done within the Azure Portal > Operations > Run Command and select the DisableNLA script to Run.

  1. Join the Platform Layer virtual machine to your domain.

  2. Once the virtual machine has rebooted from the domain join, reconnect via RDP with the local administrator account.

  3. Install the latest Citrix Virtual Delivery Agent (VDA) to the Platform Layer machine. Once the VDA has been installed, move on to the next step.

  4. Double-click the Shutdown for Finalize icon on the desktop.


    This process may show errors and not be complete. If you receive an error, visit CTX222099 for assistance.


  5. The virtual machine shuts down if successful.

  6. Open the Citrix App Layering Management Console, browse to Layersand Platform Layers, and select the Platform Layer you created.


  7. Select the Initial Platform version, select Version Information. The layer is in the status of Finalizing.


  8. When completed, the Platform Layer status shows Deployable.


Create App Layer

  1. In the Citrix App Layering Management Console, select Layers > App Layers, then click Create App Layer.


  2. Provide the information for the following, then click Confirm and Complete:

    • Layer Name = Adobe Reader
    • Initial Version Name = AR Initial
    • Max Layer Size = 30
    • Select the Windows 11 OS Layer and the Initial version
    • Connector Configuration = Azure Deployments -AppLayerAzure


  3. Click Create Layer on the Layer Summary blade.


  4. Select Tasks to review the app layer task process.


  5. The task status changes to Action Required. Highlight the task, then click the View Details icon.


  6. Connect to the virtual machine via RDP. Use your credentials to log in to the OS Layer virtual machine you created earlier.

  7. Once connected to the virtual machine, download and install Adobe Acrobat Reader.

  8. Upon completing the Adobe Acrobat Reader install, click the Shutdown to Finalize icon on the desktop.


    This process may show errors and not be complete. If you receive an error, visit CTX222099 for assistance.


  9. The virtual machine shuts down if successful.

  10. Open the Citrix App Layering Management Console, browse to Layersand App Layers, and select the App Layer you created.


  11. Click Version Information version, select AR Initial. After a few moments, the layer begins to finalize.


  12. When completed, the App Layer status shows Deployable.


Create an Image Template

  1. Login into the Citrix App Layering management console.


  2. Select Images from the left navigation menu, then select Create Template.


  3. Provide the following information in the Create Template blade, then click Confirm and Complete.

    • Name: Win11Template
    • Description: Windows 11 App Layering POC Template
    • Select the Windows11OSLayer
    • Click Edit Selection under App Layers, select Adobe Reader
    • Select the Windows 11 Platform Layer
    • Select the correct connector in Connector Configuration
    • Leave all other selections to default


  4. Review the Template Summary, click Create Template.


  5. The Windows 11 template is now publishable.


  6. Select the Win11Template, then click Publish Layered Image.


  7. Click Publish.


  8. Select Tasks to review the status of the image build process.


  9. The Published Layered Image task shows as Done when completed.


The virtual machine template is now ready to be used to create your Machine Catalog and Delivery Group.

Create Machine Catalog

  1. Login into Citrix DaaS and click Manage in the DaaS tile.


  2. Click Machine Catalogs, then Create Machine Catalog.


  3. Click the appropriate machine type, then click Next.


  4. Select Machines that are power managed, and Deploy machines using Citrix Machine Creation Services](MCS), then click Next.


  5. Click Master Image.


  6. Select the template created earlier from the Image Gallery folder, then click Done.


  7. Select the minimum functional level for the catalog, then click Next.


  8. Select the appropriate Storage and License Types, then click Next.


  9. Provide the number of virtual machines to create, select the Machine size, then click Next.


  10. Select NICs, then click Next.


  11. Click Next on the Disk Settings page.


  12. Choose to create a Resource Group to provision the machines or an existing resource group. We select our existing resource group for our deployment, then click Next.


  13. Select the appropriate Active Directory, provide the OU location for the computer accounts, and provide the machine name, then click Next.


  14. Enter your domain credentials, then click Done.


  15. Click Next.


  16. Click Next on the Scopes blade.


  17. Click Next on the WEM blade.


  18. Provide a name and description for the Machine Catalog, then click Finish.


  19. The catalog will now be created.


  20. The new machine catalog is now available.


Create a Delivery Group

  1. Navigate to Delivery Groups, and select Create Delivery Group.


  2. Select the correct machine catalog and the number of machines for the delivery group, then click Next.


  3. On the Users blade, select how you assign your users. We select Allow any authenticated users to use this delivery group for our purposes, then click Next.


  4. Click Next on the Applications blade.


  5. On the Desktops blade, click Add.


  6. Provide a Display name, Description, and click OK.


  7. Click Next.


  8. Click Next.


  9. Select the appropriate license for your Citrix DaaS deployment, then click Next.


  10. Provide a Delivery Group name and click Finish.


  11. The Delivery Group is now available.


Launch Windows 11 Desktop

Launch the newly created Windows 11 Desktop by accessing your Workspace URL. The process can be seen below:



This guide walked you through installing and configuring Citrix App Layering in Microsoft Azure to simply the image management of your virtual machines. You learned how to install and configure the Citrix App Layering Appliance and create OS, Platform, and App Layers. The process included how to publish a new virtual machine template in Azure from the layers you created, creating a machine catalog from the template machine, and then a delivery group. Lastly, the process walked you through assigning users to machines and allowing them to connect to the desktop using the Citrix Workspace app. To learn more about Citrix App Layering, visit the Citrix App Layering product documentation.

User Feedback

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...