Guide: Citrix Profile Management Options – 2021 Edition

citrix fslogix user layers profile management


The purpose of this blog is to begin an overarching conversation on Profile Management solutions and illustrate the various options that are available for Citrix environments. While engaging with customers in 2020, we realized many organizations were unaware of the existing entitlements they currently have to products that could modernize their existing profile management strategy to support Microsoft 365 products, or were aware of such entitlements but were very early into learning and understanding the use cases for implementation.

Target Audience

I am approaching this blog almost as a composite conversation based upon a number of profile management-related design conversations with customers over the course of 2020. Even though customers had been running a profile management solution in their environments for years, field experience indicated many customers need guidance on how to integrate Microsoft 365 apps into their CVAD(s) bits.

In a lot of situations, admins recognize the use case for FSLogix in their environments, but with business continuity challenges over 2020, they were not able to prioritize FSLogix activities and needed guidance on design and implementation.

Often overlooked, CVAD(s) Premium Edition licensing bundles App Layering advance features, including User Layers. A lot of admins are unaware of existing entitlements to this product and feature. Those who are aware of this entitlement may not appreciate the containerization available to them with User Layers or may be intimidated at the thought of deploying App Layering. For those without App Layering, a “light” version of User Layers known as User Personalization Layers (a feature built into the Virtual Delivery Agent)  was introduced in CVAD(s) 1912.


A lot of customers in 2020 recognized the need to modernize their approach to profile management within their Citrix environments, but needed a little direction before taking the first couple of steps. The need to modernize profile management is driven by the requirement to integrate Microsoft 365 products onto multi-user VDAs, but there are potentially overlooked opportunities to containerization that also apply to users with demanding personalization requirements as well.

For over a decade, conversations around profile management solutions were short and sweet… lead with Citrix Profile Management in non-persistent environments where users need to persist settings and data. This is an important differentiation, as not all use cases require user personalization persistency, and using CPM as a blanket approach is poor design when mandatory profiles or in some instances, local profiles are more appropriate to the need (full-clone persistent VDI specifically).

This article focuses on profile management for non-persistent environments requiring the retention of user personalization settings between sessions.

Updating your profile management strategy requires an understanding of the appropriateness of the products to which you are entitled. I would like to review three products that should be considered to feature prominently in any refreshes of your profile management strategies:

  • Citrix Profile Management
  • FSLogix
  • User Layers (App Layering) or standalone User Personalization layers (CVAD\s 1912 onward)

Each of these three products were created to address different technical issues common with profile management in non-persistent environments. It can be argued that each product performs great when used to manage their intended use case. Still, each one has consequences and considerations for implementation. Note the absence of Microsoft Roaming Profiles, which Ferroque considers to be a non-option due to its primitive architecture, propensity for corruption in multi-session scenarios, and lack of granular controls to manage profile bloat.

I will note that there are several other profile management platforms out there from the likes of Liquidware Labs and Ivanti among others, but we are focusing here on the three most common we see in the field as noted above.

Future-proofing your profile management solution in your respective environments may involve a mix of these three solutions in rare cases. The goal of this blog is not to encourage you to overcomplicate profile management in your environment, but rather to assist you in recognizing the use case appropriate for each respective solution. If you are running Citrix Virtual Apps and Desktops in your environment today, there is a good chance you have entitlements to all three of these products already from Citrix or Microsoft. With that in mind, let’s review:

  • The technical issue each product was built to address
  • Appropriate use cases for implementation in your environment
  • Ferroque experience from the field-specific to each product
  • The Pros and Cons of each product

Citrix Profile Management

First introduced with Presentation Server, Citrix Profile Management (CPM) has been the go-to profile management solution for Citrix admins for over a decade. Implementation of CPM has been one of the most significant tent poles to stand when deploying Citrix Virtual Apps and Desktops environments (formerly known as XenApp and XenDesktop). The functionality we provide to users with CPM ensures that user data and session-specific settings are stored in a central network location and roams with each user from session to session.

Citrix Admins/Engineers/Architects have used Citrix Profile Management (CPM) for over a decade to provide a persistent user experience for multi-user VDA environments. First introduced with Citrix Presentation Server, CPM addresses the following key challenges with basic solutions such as Microsoft Roaming Profiles:

  • “Last write wins” and roaming profile consistency issues. By ensuring ‘last write’ to a user profile, we ensure that all profile settings are saved. Without CPM, a Roaming Profile in use by multiple sessions may not retain the correct data if the same user has multiple sessions open across multiple machines (session hosts) and interim changes are made. In addition, settings might not be written correctly to the profiles due to network, storage, or other environmental issues.
  • Large profiles and logon speed. Profile bloat creates excessive growth in user profiles and results in storage and management issues. Typically, during logon Windows copies the user’s entire profile over the network to the session host. For bloated profiles, logon time is excessive due to the time it takes to transfer the whole profile over the network. The larger the profile, the longer the logon time. With file and folder exclusions to keep the profile size lean, and in worst-case scenarios enabling of profile streaming, we can dramatically improve login times as compared to Microsoft Roaming Profiles.

When CPM is deployed and properly tuned, users benefit from fast logins and a consistent experience across session hosts. Administrators benefit from detailed reporting in Director and are able to track granular events that constitute a single user’s overall session launch. When configured with Folder Redirection (a Citrix and Ferroque recommendation when using CPM), user-specific data is saved outside of the user profile in a suitable network location, further reducing profile size.

Out of the box, CPM is suitable for environments of all sizes. A single CPM store is capable of servicing environments with up to 10,000 users. Larger organizations with 10,000+ users or multiple geolocations can scale CPM via the use of multiple profile stores.

Where Citrix Profile Management begins to underperform is when we need to integrate Microsoft 365 applications (Outlook and OneDrive for Business most notably):

  • OST Redirect. In CPM 7.17 and earlier, OST files were explicitly included in the AppData folder. By their nature, OST files can grow to be large and negatively impact logon and logoff performance. From CPM 7.18 onward, OST files and the search index database are stored as separate VHD files which attach on logon with the “Large File Handling – Files to be created as symbolic links” setting. Concurrent sessions on multiple machines are not supported. VHD-based Outlook cache default size is 50 GB. Admins run the risk of greatly increasing the size of their profile store by implementing this feature without first conducting careful planning. From field experience, Ferroque does not recommend this setting, and FSLogix Office Containers is a better option, in conjunction with CPM.
  • OneDrive for Business. CPM does not offer any functionality to integrate OneDrive for Business (OD4B) into a multi-session VDA. FSLogix Office Containers in conjunction with CPM is ideal in scenarios with CPM.
    • NOTE: OneDrive does not support multiple simultaneous connections / multiple concurrent connections, using the same profile, under any circumstances (CPM & FSLogix).
  • User-Installed Applications. CPM provides encapsulation of application settings within user profiles but stops short of providing containerization for user-installed applications. CPM will not help deal with user-installed applications in non-persistent environments.

Ferroque Experience From the Field

A large number of use cases can be satisfied simply by configuring CPM with Mandatory Profiles and Folder Redirection. In fact, at Ferroque we believe part of the measurement of a great consultant is their ability to recognize when to use CPM with Mandatory Profiles rather than CPM with Roaming Profiles.

CPM’s limited containerization capabilities for Microsoft 365 apps create some challenges for customers who require OD4B; however, CPM in conjunction with FSLogix Office Containers (FSLogix is an entitlement to most Microsoft customers) is a winning combination.

Note that CPM is not optimally tuned out of the box. It requires tuning to perform well and keep profile sizes lean. Without configuring settings via GPO, WEM, or Citrix HDX policies, the deployment is not much further ahead than plain Microsoft Roaming Profiles, with exception of “last write wins” improvement. And as with managing file servers containing user data, CPM needs to be monitored regularly for new sources of profile bloat from new apps, etc. in order to keep profiles lean.

The consensus amongst the Digital Workspace consultants at Ferroque is that CPM for many use cases will continue to be displaced by solutions such as FSLogix Profile Containers (discussed later), as containerization scales well, has fewer restrictions on file server redundancy (DFS and SOFS were generally weak options for CPM), and has many of the same performance benefits for logon times as CPM.

CPM Summary

Citrix Profile Management STILL is a fantastic product, capable of accommodating a wide variety of use cases, but struggles to accommodate Microsoft 365 applications, especially OneDrive for Business and Outlook. CPM’s strengths have been well documented for almost two decades, ensuring a consistent user experience for domain accounts that are in use across multiple session hosts. The ability for users to personalize sessions is limited to printer, registry, and application settings within the profile folder.

Pros Cons
  • Included with CVAD\s products
  • Ease of implementation
  • Flexible to accommodate most use cases for mandatory profiles and roaming profiles
  • File/Folder exclusions configurable to ensure that only relevant user data is included in the user profile, reducing size
  • Provides a fast session launch, even for large roaming profiles
  • Detailed reporting breakdown available on session launches
  • Great for configuring mandatory profiles for use cases not requiring user personalization retention
  • Struggles to fully integrate Microsoft 365 applications
  • Concurrent usage not supported for Outlook OST and Search Index Database
  • Personalization does not allow for user-installed applications
  • Not optimally tuned out-of-box
  • Limited file server redundancy options
  • Arguably a legacy profile management solution as compared to containers


FSLogix is a set of solutions that enhance, enable, and simplify non-persistent Windows computing environments. The solutions of FSLogix include: Profile Container, Office Container, Application Masking and Java Version Control. The FSLogix Profile Container is a container-based profile solution that directly addresses the challenges with the integration of Microsoft 365 products in a non-persistent VDI environment. Acquired by Microsoft in 2019, FSLogix brought the EUC community a fully supported solution to address the challenges of supporting Microsoft 365 applications in multi-user VDAs. The good news is a broad set of Microsoft Licensing now provides FSLogix entitlements to customers at no additional cost.

If Microsoft 365 applications are within the scope of your profile management strategy, FSLogix will more than likely feature in your profile management solution. And even if they are not, you may very well find merits to using FSLogix if entitled to it. In our experience over the last couple of years, FSLogix has become the favored profile management approach for customers not requiring full personalization in non-persistent, multi-user environments.

Make no mistake, the introduction of FSLogix is an absolute game-changer in how we approach profile management in the EUC community. The performance and functionality that FSLogix brings environments are so successful, Ferroque anticipates that Citrix’s own consulting organization (of which Ferroque is a longstanding extension) will lead profile management discussions with FSLogix in the future. Not only does this solution allow us to efficiently integrate Microsoft 365 applications, but FSLogix also supports concurrent user sessions across multiple session hosts (by default only a single session will be writeable, however, although this can be overcome with a Citrix policy).

This functionality, as it relates to Outlook and OST files, is currently a key differentiator between how CPM and FSLogix support the integration of Outlook and could be a potential departure point in your decision to deploy FSLogix over CPM. FSLogix  Profile Containers also have broader OS support over CPM’s large file containerization functionality which is based on a similar design to FSLogix.

FSLogix addresses profile management from a ‘container’ perspective, rather than a ‘roaming profile’ approach offered by CPM (CPM large file handling excluded). There are numerous container types to choose from and added features such as Application Masking can be of real benefit to streamlining application access management on images. If deploying FSLogix Profile Containers and Office Containers, a user who logs into an FSLogix enabled host will have two VHDXs attached to their session; one VHD(X) contains user (profile) settings, the other VHD(X) is dedicated to Microsoft 365 application data. Each VHD(X) is then siloed in either a designated ‘User’ or ‘Application’ Container.

With this ‘container’ approach to profile management, the session launch process changes drastically as well. Instead of a user profile and folder redirection copying data from a store or NTFS share, FSLogix drives attach to the VM hosting the user session. In a footrace, FSLogix performs comparably to a tuned CPM solution in terms of login performance. The use of a mounted VHDX file to the OS at login also reduces the chattiness of the SMB protocol on the network which is what originally allowed FSLogix to save the day for large scale customers moving to Exchange Online (which typically required a fallback to Outlook caching vs. the Online Mode recommended approach for on-prem Exchange environments). Without it, file server platforms would often fall over under the sheer load.

As per Microsoft FSLogix product documentation, you are eligible to FSLogix if you have one of the following licenses (as of April 2021):

  • Microsoft 365 E3/E5
  • Microsoft 365 A3/A5/Student Use Benefits
  • Microsoft 365 F1/F3
  • Microsoft 365 Business
  • Windows 10 Enterprise E3/E5
  • Windows 10 Education A3/A5
  • Windows 10 VDA per user
  • Remote Desktop Services (RDS) Client Access License (CAL)
  • Remote Desktop Services (RDS) Subscriber Access License (SAL)

FSLogix operates on Microsoft Windows OS newer than and including the following:

  • Desktop – Windows 7
  • Server – 2008 R2

Note: Multi-User Search is only supported on Windows 8 and later (Desktop), Windows Server 2012 R2 and later (Server), both 32 and 64-bit.

FSLogix Office Containers support the following Office products:

  • Office 2010
  • Office 2013
  • Office 2016
  • Office 2019
  • Microsoft 365

Overall, the solution is quite straightforward to implement. Citrix VDAs (session hosts) require an agent installation on the host themselves to enable them for use with FSLogix. Profile management settings are managed by an ADMX template. Up to four shares are required on your network to implement the solution.

  • User Container: User profile-specific data. Contents are determined by the Redirections.XML file
  • Office Container: Microsoft 365 application data
  • FSLogix Logs: Location for storage of FSLogix files
  • Redirections XML file: Referenced by FSLogix as a definitive reference for files and folders to include/exclude inside a user profile, as well as the nature of the synchronization behaviour of each file/folder location specified between them. This can also be embedded locally in the image vs. storing on a share, if desirable

In addition to specifying the location of Profile and Office Containers, administrators have the ability to allow concurrent sessions, specify VHD(X) type, local profile behavior, and configure strategic inclusion/exclusions of application data to include in the profile.

To prepare the session hosts for use with FSLogix, a very modestly sized agent is installed onto the host.

Like CPM, the biggest enemy of FSLogix profiles is bloat. If we do not have intimate knowledge of how our users and application behaviour (Hello application cache locations!) impacts the size of our user profiles, we could find ourselves in a scenario wherein the VHD(X) disks, by their nature, accumulate an excessive amount of white space. For those unfamiliar with VHD(X) behaviour, white space is space on a VHD(X) that has been previously claimed for use and then released. VHD(X) disks cannot dynamically shrink and thus will always show their utilization as the all-time ‘high water mark’. The white space can be reclaimed, depending upon the physical location of the storage space, by manual intervention, most commonly by running a script in your environment.

As the question is bound to be asked regarding an optimal list of Redirections.xml configurations to load, you can find many sources online by searching. But definitely don’t leave it default and empty. Current as of April 2021, here is Ferroque’s reference Redirections.xml file that you can review and tune for your own use. This is a baseline file and not a fully optimized list. I recommend doing your own due diligence and adding in more exclusions or inclusions as necessary. Remember that as you load new applications it might be necessary to tune the XML file to accommodate its data (inclusions or exclusions) if necessary, not unlike for CPM.

<?xml version="1.0"?>

<FrxProfileFolderRedirection ExcludeCommonFolders="0">
 <Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\Cache</Exclude>
 <Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\Cached Theme Image</Exclude>
 <Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\JumpListIcons</Exclude>
 <Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld</Exclude>
 <Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\Storage</Exclude>
 <Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\Local Storage</Exclude>
 <Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\SessionStorage</Exclude>
 <Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\Media Cache</Exclude>
 <Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\GPUCache</Exclude>
 <Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\WebApplications</Exclude>
 <Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\SyncData</Exclude>
 <Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\SyncDataBackup</Exclude>
 <Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWriteableAdobeRoot</Exclude>
 <Exclude Copy="0">AppData\Local\Google\Chrome\User Data\WidevineCDM</Exclude>
 <Exclude Copy="0">AppData\Local\Google\Chrome\User Data\EVWhitelist</Exclude>
 <Exclude Copy="0">AppData\Local\Google\Chrome\User Data\pnacl</Exclude>
 <Exclude Copy="0">AppData\Local\Google\Chrome\User Data\recovery</Exclude>
 <Exclude Copy="0">AppData\Local\Google\Chrome\User Data\ShaderCache</Exclude>
 <Exclude Copy="0">AppData\Local\Google\Chrome\User Data\SwReporter</Exclude>
 <Exclude Copy="0">AppData\Local\Google\Chrome\User Data\SwiftShader</Exclude>
 <Exclude Copy="0">AppData\Local\Google\Chrome\User Data\PepperFlash</Exclude>
 <Exclude Copy="0">AppData\Local\Microsoft\Edge\User Data\Default\Cache</Exclude>
 <Exclude Copy="0">AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache</Exclude>
 <Exclude Copy="0">AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache</Exclude>
 <Exclude Copy="0">AppData\Local\Microsoft\Windows\WER</Exclude>
 <Exclude Copy="0">AppData\Local\Microsoft\Terminal Server Client\Cache</Exclude>
 <Exclude Copy="0">AppData\Roaming\Downloaded Installations</Exclude>
 <Exclude Copy="0">AppData\Local\Downloaded Installations</Exclude>
 <Exclude Copy="0">AppData\Local\Microsoft\Office\16.0\Lync\Tracing</Exclude>
 <Exclude Copy="0">AppData\Local\Microsoft\MSOIdentityCRL\Tracing</Exclude>
 <Exclude Copy="0">AppData\Local\Microsoft\OneNote\16.0\Backup</Exclude>
 <Exclude Copy="0">AppData\Local\CrashDumps</Exclude>
 <Exclude Copy="0">AppData\Local\SquirrelTemp</Exclude>
 <Exclude Copy="0">AppData\Local\Microsoft\Teams\Current\Locales</Exclude>
 <Exclude Copy="0">AppData\Local\Microsoft\Teams\Packages\SquirrelTemp</Exclude>
 <Exclude Copy="0">AppData\Local\Microsoft\Teams\current\resources\locales</Exclude>
 <Exclude Copy="0">AppData\Local\Microsoft\Teams\Current\Locales</Exclude>
 <Exclude Copy="0">AppData\Roaming\Microsoft\Teams\Service Worker\CacheStorage</Exclude>
 <Exclude Copy="0">AppData\Roaming\Microsoft\Teams\Application Cache</Exclude>
 <Exclude Copy="0">AppData\Roaming\Microsoft\Teams\Cache</Exclude>
 <Exclude Copy="0">AppData\Roaming\Microsoft Teams\Logs</Exclude>
 <Exclude Copy="0">AppData\Roaming\Microsoft\Teams\media-stack</Exclude>
 <Include Copy="3">AppData\LocalLow\Sun\Java\Deployment\security</Include>



Ferroque Experience From the Field

Experience from the field tells us that customers who implement FSLogix as a profile solution typically have the best success with their deployments when the solution features the use of:

  • Storage Filers. If you have storage filers available with your on-premise storage, you are in a particular sweet spot to ensure the performance and scalability of your FSLogix deployment.
  • ReFS Formatting. The storage that you designate for Profile and Office Containers should be formatted using ReFS. ReFS formatted storage is best suited for attaching and detaching drives from session hosts.
  • VHDX. With the administration versatility that VHDX disks provide, I strongly recommend leading with VHDX disks over VHD disks. Aside from providing additional virtual disk storage capacity and additional performance, the VHDX file format also provides protection against file corruption related to power failures by continuously keeping track of updates in the metadata, a feature not available with the VHD format.
  • Granular Exclusions. The more you understand how the behaviour of your users and applications affects the overall size of the AppData folder, the more efficient your storage use will be. Continued time dedicated to understanding what constitutes the size of your user profiles is a healthy exercise.
  • Cloud Storage for Cloud Workloads. For VDI workloads that reside in the public cloud, Profile Containers should be deployed in the same data centre location to ensure optimal performance. Cloud-based workloads that utilize an on-premises profile solution are not recommended.
  • Storage Load. I have to mention this, as I have seen it in the field. FSLogix containers will have a higher IO load than Roaming Profile solutions such as CPM. As a result, it is imperative that storage solutions hosting SMB shares for FSLogix containers are properly sized to handle the load; otherwise, you may encounter some serious performance and availability challenges with your solution. Each environment’s load might be different depending upon use case characteristics, but this Microsoft Storage Recommendations for FSLogix post is a popular and common starting point.
  • Consider Implementing Folder Redirection. File-based backups for FSLogix containers can be challenging considering a container cannot be backed up while it is in use. During usage, the container is in a lock state. Additionally, if a container becomes corrupt it becomes challenging to extract the critical data outside of the container. Also, reverting back to previous versions of files within the container is not possible. For this reason, Folder Redirection is recommended in conjunction with the FSLogix Profile Container to ensure any critical data is redirected outside of the Profile Container and can be backed up and restored at a file level.

One all too common scenario we see with FSLogix customers is not managing profile sizes. Much like CPM, to maintain control over your storage costs you’ll want to tune the Redirections.xml file in a similar manner as CPM recommended practices for file and folder exclusions. Failure to do so will allow profile bloat to amass throughout your deployment. I can say that on average one should expect FSLogix Profile Containers to be larger than CPM profiles, even when well managed. For Office Containers, managing how much mail Outlook will cache is also important to manage and estimate storage requirements.

If you are late to the party on managing your Profile Containers, there are community scripts available to help shrink them down.

At present, scripts designed to shrink FSLogix Profile Containers to their minimum possible size are not supported by Microsoft and ultimately run in your own environment at your own risk. With this in mind, if you are interested in learning about reclaiming storage space in your environment by shrinking FSLogix disks, I refer you to the following script from Microsoft Black Belt, Jim Moyle:

For the Invoke-FSslShrink Disk script to run, there are some important considerations:

  • VHDX clean-up is a CPU-intensive activity on the machine upon which you are running the clean-up script. By default, the script uses 8 threads, and you are recommended to assign 2 threads per core. It may be in your best interest to run this script from a VM with a bolstered vCPU count
  • VHD(X) clean-up can only run on disks that are NOT mounted
  • VHD(X) clean-up is not IO intensive
  • Clean-up can only be performed on on-premises storage (not cloud storage)*

* IMPORTANT UPDATE 04.25.2021: Jim Moyle’s Invoke-FSslShrink Disk Script can be used with Azure Files and Azure NetApp Files.

FSLogix Summary

If your business requirements include hosting Microsoft 365 applications, especially Outlook and OneDrive, FSLogix is the profile management solution for you. Even such requirements are not needed at the moment, FSLogix may very well be the right solution. Expect this solution to be significantly more storage-intensive than what you may be previously accustomed to if/when running CPM. Once deployed, environment maintenance should include systematic analysis of application and user performance. Best of all, you are probably already licensed for FSLogix!

Pros Cons
  • Fully supported integration with Microsoft 365
  • Included with most product Microsoft licensing
  • Supports concurrent usage scenarios for Microsoft 365 products
  • A broad range of Windows OS support
  • Good flexibility in redundant storage platform options
  • Supports Director reporting on FSLogix profile metrics (if CPM role is installed on VDA, even if not used)
  • Supports multiple writeable user sessions (if t
  • VHD disks, by their nature, will accumulate white space, with no supported method to reclaim this space
  • Storage intensive when compared to CPM
  • Default deployments without tuning will likely be prone to profile bloat unless redirections.xml file is tuned
  • Only a single session is writeable by default (other sessions using same profile on other VDAs concurrently will be read-only), unless the appropriate CPM \ HDX policy setting of “Enable multi-session write-back” is configured. So FSLogix must rely on a third-party configuration

User Layers

My final recommended product for your consideration is a profile management solution on steroids: User Layers, a Windows image and application management container. User Layers is a feature of Citrix App Layering, but a “light” version of it is included in CVAD(s) 1912 known as User Personalization Layers (UPL, which henceforth I will refer to collectively as User Layers), a feature built into the Virtual Delivery Agent (VDA) and does not require a Citrix App Layering ELM or App Layering entitlements. By light, I mean it is missing a couple of features, like the ability to repair User Layers if say, an app installed in a User Layer now becomes part of a master image and needs to be cleaned up. Note, if you already have App Layering, you must use User Layers. If you do not plan on using App Layering, User Personalization Layers should fit the bill.

User Layers offers administrators the ability to apply containerization to a user’s profile, Microsoft 365 data, installed applications, and plug-ins. Similar functionality was previously offered to Citrix customers via Personal vDisks, but due to inherent limitations in manageability in that product, it was short-lived. User Layers are the official replacement to Citrix’ Personal vDisk (PvD), which is now EOL and was removed from the CVAD(s) platform as of the 2006 release.

App Layering User Layers have three options for deployment (taken from Citrix Docs):

  • Full – All of a user’s data, settings, and locally installed apps are stored on their user layer.
  • Office 365 – (Desktop systems) Only the user’s Outlook data and settings are stored on their user layer.
  • Session Office 365 – (Session hosts) Only the user’s Outlook data and settings are stored on their user layer.

We are focusing primarily on Full in the context of this particular review.

Many organizations have defined user segments with extreme personalization requirements, which include the ability to install custom applications. These user groups are typically classified as developers, engineers, and architects. Traditionally, the easiest way to accommodate the personalization requirements for these users would be to assign a persistent Windows Desktop and grant admin rights.

Where do User Layers fit into the equation? Well, they’re ideal for transitioning away from persistent VDIs first and foremost. Users requiring maximum customization capability have historically needed to be provisioned a full-clone persistent VDI in order to install their own applications. These users are often given Local Profiles as well, since FSLogix and CPM would be of little value in a persistent use case. This robs organizations of the benefits of single image management and adds to the administrative burden. In addition, it is unlikely persistent VDIs would be backed up and recoverable in DR. Well, User Layers bring the best of both worlds by marrying the benefits of pooled VDIs with the need for full user personalization, including installing their own apps into an image.

The use case in your environment for User Layers is the ability to containerize user data on a single-session OS. Similar to FSLogix, User Layers encapsulates this data in a dedicated VHD file, which attaches to the Desktop OS at login. User Layers effectively eliminate the need to assign dedicated desktops to users with high personalization requirements. And as the containers are stored on a file share (whereas PvD was stored on hypervisor storage), there are broader options for replication and recoverability available.

If using App Layering today,  the availability of the User Layer and Advanced Configuration features is available in CVAD(s) Premium Edition. User Layers can only be deployed to single-session OS. As mentioned earlier, UPL does not require App Layering and has many of the same benefits.

Customers may elect to mix User Layers with CPM or FSLogix, but this often leads to the complexity that outweighs the benefits of say, attempting to keep User Layers smaller and more cost-effective if backing up (vs. perhaps using FSLogix Office Containers in conjunction and storing that data on non-backed up or DR replicated file services). Using User Layers with FSLogix is supported with some minor tweaks as Citrix has documented here, but again, it has some overhead being you now are managing two profile solutions in effect.

Ferroque Experience from the Field

If your environment features dedicated virtual desktops with users who have elevated rights to install applications, User Layers could benefit your administration experience.

Note that not all applications are suitable for User Layers, as Citrix outlines in their limitations documentation. In addition, core enterprise applications such as the Microsoft Office / Microsoft 365 suite should not be installed in User Layers; instead, they should be installed in the master image.

User Layers will also likely take up significantly more space than other solutions, especially if users will be installing their own applications. Be sure to estimate and manage storage capacity for User Layers accordingly. By default, the disk space allowed for a User Layer is 10 GB. Much like FSLogix containers, assume a higher IOPS load per user than a traditional user profile on an SMB share, to avoid performance and availability issues resulting from storage server bottlenecks.

Users who logon to a desktop that is User Layer-enabled will have a new Search index database created on each login. The search feature will only be available when the indexing of this database is complete.

When deploying Full User Layers into the environment, administrators must be aware of the following:

  • When used in conjunction with Citrix Profile Management, administrators must disable profile management settings that delete Local Profiles on logoff.
  • User Layers are supported on Windows Server and Windows Desktop OS’, configured for single-user mode only.

When deploying Office 365 and Session Office 365 User Layers, administrators are encouraged to appropriately configure a profile management solution to complement these User Layer types. Without a complementing profile management solution, Outlook will assume each logon is a new user and create new OS files for each logon.

User Layers Summary

In summary, the decision to enable your single-session VDAs with User Layers is a commitment. If you are currently running CVAD(s) bits in your environment, you will be entitled to Citrix App Layering already, but you will need CVAD Premium Edition licenses to deploy User Layers. Without App Layering in use, you can deploy UPL instead in CVAD(s) 1912 onward to achieve many of the same benefits. Again, unless otherwise specified, the context for the following table is “Full” User Layers or UPL.

Pros Cons
  • Replace dedicated/persistent single-session VDA allowing benefits of pooled VDI
  • Easier to backup and replicate to DR due to containerization technology used
  • Works with SMB file shares and Azure Files
  • Works with Microsoft 365 apps
  • Accommodates user-installed applications with some limitations
  • Larger potential work effort to implement
  • Only functional on single-session OS (For Full layers. Session Office 365 User Layers supports Outlook data on multi-session systems, commonly Server OS VDAs)
  • Requires CVAD Premium Edition licensing
  • Session launch time increases as User Layers attach to VDA during logon
  • User Layers are not OS-agnostic including build versions; when upgrading an OS Layer or Windows VDA VM, an in-place upgrade must be performed to ensure compatibility with existing assigned containers



Conversations and options to develop a profile management strategy have evolved very quickly over the past few years. Instead of a single solution to address profile management, you very likely could have existing entitlements to three enterprise solutions that each address specific technical issues:

  • Citrix Profile Management: Best suited for environments with Roaming and Mandatory Profiles. Ensures fast logins and a consistent usage experience across session hosts in non-persistent VDI environments.
  • FSLogix: Best suited for integration of Microsoft 365/Office applications in non-persistent VDI environments.
  • User Layers: Extends the capabilities of non-persistent CVAD(s) Machine Catalogs to preserve users’ data and locally installed applications across single-session OS.

With the options that administrators now have at their disposal, building a profile management solution may involve a mix of solutions, depending upon the requirements of the user groups. In determining the best mix of respective profile solutions, the guidance I have for you is to keep it simple, and play to the strengths of the respective products and the technical issues they were built to address.

If you are not familiar with FSLogix or User Layers, do not be intimidated by these products. As consultants, you will likely be required to deploy these products in the near future if you haven’t already. As administrators, you will need to understand that not all profile management solutions are created equal, and each requires a unique maintenance effort.

Refer to the table below for a quick reference to operational sweet spots for each of the three products.

Finally, thanks very much for reading. If you have any feedback on the topic, I would love to hear your thoughts. If you would like to continue the discussion about deploying these solutions in your environment, please do not hesitate to reach out. We are standing by to serve!

Special thanks to Michael Shuster, Reubin Huckle, and Jim Moyle for their insights into this post.

0 0 votes
Article Rating
Notify of
1 Comment
Inline Feedbacks
View all comments
2 years ago

A very nice overview! Thanks a lot. To make it perfect, a performance comparisson for User Login Times with each of the solutions would be interesting. I have seen one on the web but ist was from 2019.
No I have to decide for me wether we go with CPM+FSLOGIX Office Containers or FSlogix with Office+Profile containers.

Would love your thoughts, please comment.x