Reflecting on the past 20 years of end-user computing, user data and profile management have been a consistent operational challenge, and focus of design decisions. For much of the lifetime of EUC as an industry, profile management saw limited innovation as the industry focused more on environment management overall.Beyond variants of the quintessential file-based “roaming profile”, the largest breakthrough was in the containerization of profile data heralded by the likes of FSLogix which simplified aspects of profile management and opened new possibilities.
In recent years, optionality has increased with a proliferation of solutions which we have written about previously and contrasted their capabilities and weak points along with their respective appropriate use cases. We’ll be revising our guidance in due time, as advancements have been made.
Over the past year, Citrix has made significant strides in their Citrix Profile Management (CPM) solution, eclipsing FSLogix’s capabilities in some instances (which sadly has stagnated and almost appears to be in maintenance) and warrants a serious second look.James Kindon did a great write-up and comparison of CPM and FSLogix’s current container capabilities in October 2023 and is worth the read.
Some highlights of merit have included:
Multi-session Container Writeback
File Deduplication (CPM 2209, for file-based profiles)
Active Writeback on Session Lock and Disconnect (CPM 2303)
VHDX Disk Compaction (CPM 2303)
VHDX Auto Expansion (CPM 2308)
UPW App Roaming (CPM 2308)
Citrix has recently written a blog covering some of the more recent CPM storage management advancements here.
Unlike FSLogix’s ham-fisted approach to issue remediation a year or so ago by forcing synchronous GPO processing (increasing login times notably), CPM from 2206 onward processes user GPOs asynchronously as is optimal.
The Wishlist
With the preamble and context out of the way, I’d like to discuss the blind spots in profile management above and beyond the advancements made in recent years. Here are my personal “wish list” items for a profile management solution to assist in addressing various operational woes without relying on external scripts and tools. items I feel should be native to a profile management component. It is unlikely that the components themselves could manage the feats presented below alone, and may require orchestration via a centralized control plane (i.e. Citrix Director, etc.)
Orphaned Profiles. This is an ongoing annoyance, in particular in larger environments. Profiles are seldom if ever, purged after users leave an organization or de-provisioned access. We’ve seen profiles in assessments untouched for years, just sitting around taking up storage unless there is a need to reclaim space. More mature operations may periodically scan via scripts for abandoned profiles or those not logged into in months to drive space reclamation and improve security. I feel strongly that this capability should be included in an enterprise profile solution to drive visibility and ideally automation in a proactive fashion.
Phase I. Introduce periodic scanning and reporting. These should be configurable (scan frequency, stale profile age threshold, user-defined cost per GB, etc.). Reports of stale profiles organized by file shares would be sent to administrators alongside potential storage space and cost savings.
Phase II. Automated actions introduced to allow the archiving and deletion of profiles at set time intervals, with relevant data included in the reports.
Storage Intelligence. Once a matter only for large enterprise environments, the challenge of spreading profiles across multiple shares has become much more frequent in the realm of public cloud where services such as Azure Files present limits on the number of profiles one might store in each account. This number has increased in 2023 in the case of Azure Files, but nonetheless, this remains a point of consideration, if only for optimizing failure domains and leveraging multiple profile shares per use case. Today, customers can work around this in some cases via scripts to spread profiles out over different shares, but it is often quite kludgy and far from perfect. Implementing storage intelligence into the profile solution would alleviate these issues, similar to VMware DRS.
Phase I. Profile solution is given storage awareness ability to assess the performance, capacity, and remaining space of multiple profile shares aggregated into one storage set for the given profile use case. This data is then used for net-new placement of profiles. based on storage capacity. Reports are generated and sent to administrators on capacity trends across the shares, as such visibility might typically only be available to storage admins, allowing proactive decisions.
Phase II. Additional automation is introduced, such as the ability to rebalance profiles across shares in the set when new shares are added, space per share is changed, or a disparity on remaining capacity becomes significant between shares in the set.
Recovery Orchestration. Features such as Cloud Cache were seen by many as significant advancements in profile strategy. I was no exception. Designing around the challenges with active-active profiles across geographies as well as disaster recovery have been a pain for years, and go beyond the basic “high availability” design considerations. We’d often direct customers to use purpose-built filter platforms and leverage their “presumed to be available” replication and recovery functions. Unfortunately, not all customers have access to such an arrangement, thus handling this challenge at the application level vs. the hardware level provided a promising alternative. One of the drawbacks of this model that we have seen in the field, however, is in recovery.We have had instances on the current iterations of these technologies of outages being caused by the overwhelming of storage systems or VDAs when the primary storage locations returned to service, causing a widespread replication event for the deltas. Implementing some default intelligence to monitor and throttle the replication actions would go a long way in mitigating the risk. CPM’s active writeback on lock or disconnect is a halfway point in the interim, wherein for several scenarios, replication is likely to be staggered therefore potentially minimizing load.
In Closing
And there you have it. A small, focused list of profile solutions enhancements that would bring meaningful improvements to both the visibility and utility of modern profile management. More are sure to come as the landscape evolves. Have any I missed? Would love to hear from you, as I am sure Product Management would from the vendors as well.
Subscribe
Connect with
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
Connect with
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
