App Layering – Enterprise Layer Manager

Last Modified: Apr 21, 2017 @ 7:49 pm


These articles focus on VMware vSphere. For Hyper-V, see Installing and configuring Unidesk 4.x by George Spiers.

Upgrade Enterprise Layer Manager

If you are deploying a new ELM appliance, skip to Import Enterprise Layer Manager.

  1. Download the App Layering Upgrade Package from
  2. In the App Layering file share, create an Upgrade folder.
  3. Unzip the Upgrade Package and copy the citrix_app_layering_upgrade_4.1.0.vhd file to the Upgrade folder in the App Layering file share.
  4. Login to the App Layering management console.
  5. Switch to the System tab.
  6. On the right, click Upgrade.
  7. In the Upgrade Disk Details page, click Browse.
  8. Expand the Upgrade folder, select the citrix_app_layering_upgrade_4.1.0.vhd file, and click Choose.
  9. Click the down arrow (next).
  10. In the Confirm and Complete page, click Upgrade.
  11. The browser window changes to the upgrade progress page.
  12. It will eventually say that Upgrade Status is Complete. Refresh the browser.
  13. Login to the App Layering console.
  14. If the Citrix License Agreement window is displayed, check the box next to I accept the Terms and Conditions, and click Close.
  15. If the Setup Login Credentials wizard is displayed, in the About Your Credentials page, click the down arrow (next).
  16. In the Change Passwords page, enter passwords for the three accounts, and click the down arrow.
  17. In the Confirm and Complete page, click Change Credentials.
  18. Click OK when prompted that the passwords were changed successfully.
  19. Click OK when prompted that the ELM was upgraded.
  20. In the top right of the window, click About.
  21. Verify the ELM Software Version.
  22. From Gunther Anderson at Upgrading machine tools to CitrixApp layer v.4.1 at You do not uninstall or upgrade the Unidesk Image Preparation Tool – Setup_x64.exe. The current drivers are installed in the ELM, and every time the ELM produces an image for any purpose, it injects the current drivers into it. You do not need to touch your OS layer for that.

Upgrade Provisioning Services Agent

  1. On your Provisioning Services server, open Programs and Features, and uninstall the Unidesk Agent.
  2. Run citrix_app_layering_agent_installer.exe.
  3. In the Welcome to the InstallShield Wizard for Citrix App Layering Agent page, click Next.
  4. In the License Agreement page, select I accept the terms in the license agreement, and click Next.
  5. In the Agent Port page, click Next.
  6. In the Ready to Install the Program page, click Install.
  7. Enter the ELM FQDN, enter ELM credentials, and click Register.
  8. In the InstallShield Wizard Completed page, click Finish.

Import Enterprise Layer Manager Appliance

Download Appliance

  1. Go to and login. You can create a Cloud account.
  2. After logging in, find the App Layering service, and click Request Trial. Everybody sees this text.
  3. Once the trial is activated, in the My Services section, find App Layering, and click Manage.
  4. In the App Layering service, click the Getting Started tab.
  5. Select your hypervisor.
  6. In step 2, click Download for vSphere, or whatever your hypervisor is.
  7. After downloading, extract the .zip file.

Import Appliance

  1. In vSphere Web Client, right-click a cluster, and click Deploy OVF Template.
  2. In the Select template page, browse to the vmware_4.1.0.41.ova file, and click Next.

  3. In the Select name and location page, give the machine a name, and click Next.
  4. In the Select a resource page, select a cluster, and click Next.
  5. In the Review details page, click Next.
  6. In the Accept license agreements page, click Accept, and then click Next.
  7. In the Select storage page, select a datastore. The ELM appliance stores all master layers inside the appliance, so ensure there’s sufficient disk space (typically 300-500 GB) for the virtual appliance.
    1. You can view the appliance’s consumed disk space inside the ELM Management Console at System > Manage Appliance.
    2. To expand the storage, either increase the existing disk size, or add a disk to the VM. Then, on the right, is a link to Expand Storage.
  8. Select thin provision, or not. Then Click Next
  9. In the Select networks page, change the IP Allocation to Static – Manual, and then click Next.
  10. In the Ready to complete page, click Finish.
  11. See Open firewall ports for Unidesk, as needed at

Configure ELM IP Address

  1. Once imported, power on the ELM appliance.
  2. After the RUN_ONCE commands are complete, login to the console as administrator with a password of Unidesk1. You might have to press enter before the logon prompt appears.
  3. Enter c to configure networking.
  4. Enter s to assign a static network.
  5. Enter a new IP address for this appliance. Then enter y to save settings and restart networking.
  6. Press <Enter> to continue.
  7. While here, feel free to configure the time zone.
  8. Press / to search. For Central Time, search for chicago, and note the time zone number.
  9. Press Q to quit the display.
  10. Enter the time zone number to configure it.
  11. NTP is configured to use Internet servers. Feel free to change them.

Cloud Management of ELM

You are welcome to mange the ELM appliance locally by skipping ahead to the next section (Silverlight). Or, if you want manage the ELM appliance from Citrix Cloud, follow the instructions in this section.

  1. Go to and login. Or, after logging into Citrix Cloud, switch to the App Layering service.
  2. Switch to the Getting Started tab.
  3. In Step 1, click Get Cloud Connector.
  4. A new tab opens to the Resource Locations view. Click Download.
  5. From any server machine in your local network, right-click cwcconnector.exe, and Run as administrator.
  6. Click Sign In, and enter your Citrix Cloud credentials.

  7. The Connector will install.

  8. After installation, go back to your browser, and click Refresh.
  9. Your Resource Location should now have a connector. You can install a second connector. You can also rename the Resource Location.
  10. Go back to the App Layering service.
  11. In Step 4, click Log in to Appliance.
  12. Choose the Resource Location, and enter the IP address of your ELM appliance. Then click Connect.
  13. You can now login to the ELM as administrator and Unidesk1. One advantage of Citrix Cloud is no need to install Silverlight. Once logged in, skip to the First Login section.


  1. Use Internet Explorer to connect to the ELM IP address. Silverlight does not work in Chrome.
  2. If Silverlight is not installed, click the button to install it.
  3. Uncheck the two boxes, and then click Install now.
  4. Click Close.
  5. When you go to the ELM console, the screen will be white for a few seconds. Be patient.
  6. You can login as administrator with Unidesk1 as the default password.

First Login

  1. The first time you logon you are prompted with the End User License Agreement. Check the box next to I accept the Terms and Conditions, and then click Close.
  2. If the Setup Login Credentials wizard is displayed, in the About Your Credentials page, click the down arrow (next).
  3. In the Change Passwords page, enter passwords for the three accounts, and click the down arrow.
  4. In the Confirm and Complete page, click Change Credentials.
  5. Click OK when prompted that the passwords were changed successfully.
  6. Feel free to close the welcome wizard.

Appliance Certificate

  1. In the ELM Management Console, go to System > Settings and Configuration.
  2. Scroll down until you see the HTTP Certificate Settings section. Click the Edit button.
  3. Scroll down, and click Upload.
  4. Browse to a PEM file that contains an unencrypted RSA key, and one certificate (no chain). You can use OpenSSL to convert a .pfx file to a PEM file.
  5. If you scroll up, it should show you the Common Name of the certificate you uploaded. If it’s the root certificate, then you need to remove the extra certificate from the PEM file.
  6. Scroll down and click Save.
  7. Click Yes to restart the web server.

  8. It might take a few minutes to apply. Eventually, you should be able to point your browser to the https URL and not see any certificate errors.
  9. At System > Settings and Configuration, you can scroll down to the Security Settings section to edit the Management Console idle timeout.

File Share

  1. On a Windows file server, create a new share that will store the Elastic Layers. Only SMB shares are supported with Elastic Layers. NFS shares will not work with Elastic Layers.
  2. For High Availability, you can use any file server High Availability technology like File Server Scale-out Clustering, DFS, etc. For local high availability, Citrix recommends clustering over DFS since DFS failure requires reboot of Elastic Layered Machines. See DFS path and Elastic Layers at Citrix Discussions.  💡
  3. For DR Elastic Layer machines, the registry value HKEY_LOCAL_MACHINE\SOFTWARE\Unidesk\ULayer:RepositoryPath can be configured to point to a file share in a DR site. See DFS path and Elastic Layers at Citrix Discussions.  💡
  4. Give Everyone (or equivalent) Full Control to the share.
  5. On the Security tab, make sure the Users groups only have Read access (no Modify/Write).
  6. Add a service account to the share, and give it Modify access. ELM uses this service account to upload elastic layers to the share.
  7. Back in the ELM, go to System > Settings and Configuration.
  8. Scroll down until you get to the Network File Shares section. Click Edit.
  9. Make sure Windows share is selected. Elastic Layers don’t work on NFS.
  10. Enter the file share path, the service account credentials, and click Test Network File Share.
  11. Click Save.
  1. Go to Users > Directory Service.
  2. On the right, click Create Directory Junction.
  3. Give the “junction” a friendly name (e.g. domain name).
  4. Enter one domain controller address. LDAP Load balancing is recommended.
  5. Change the port to 636 (assuming you have certificates on your domain controllers).
  6. Click Test Connection.
  7. When prompted with a certificate error, click OK.
  8. Check the box next to Ignore Certificate Errors, and then click Next.
  9. You’ll need a bind account. Get the full Distinguished Name (look in Active Directory Users & Computers > user > Attribute Editor) and enter it here in the Authentication Details page with the password. Click Test Authentication.
  10. After successful authentication, click the down arrow.
  11. In the Distinguished Name (DN) Details page, click the drop down to select the Base DN. Click Test Base DN. And then click the down arrow.
  12. In the Attribute Mapping page, leave them set to the defaults, and click the down arrow.
  13. In the Confirm and Complete page, click Create Directory Junction.

Role Based Access

  1. Go to Users > Directory.
  2. Search through the tree and find your ELM Admins group. Select it. On the right, click Edit Properties.
  3. In the Machine Association page, click the down arrow.
  4. In the Roles page, change it to Administrator, and click the down arrow.
  5. In the Confirm and Complete page, click Update Group.
  6. Logout of ELM.
  7. Log back in using an AD account that’s in your ELM Admins group.

Citrix Provisioning Services Publishing Agent

To publish to PvS, you install the Unidesk Agent on the PvS Servers. It’s only needed on one PvS server.

  1. From Install the App Layering Agent (required for PVS and Connector Scripts) at
  2. Ensure the PvS services are running as a domain account. Network Service won’t work.
  3. Run the following command on the PvS 7.7 or newer Server:
    "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe" "c:\program files\citrix\provisioning services console\Citrix.PVS.snapin.dll"

    1. If PvS 7.6, then run the following command instead:
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe" "c:\program files\citrix\provisioning services console\MCliPSSnapIn.dll"
  4. Go to the downloaded Unidesk files and run citrix_app_layering_agent_installer.exe.
  5. In the Welcome to the InstallShield Wizard for Citrix App Layering Agent page, click Next.
  6. In the License Agreement page, select I accept the terms in the license agreement, and click Next.
  7. In the Agent Port page, click Next.
  8. In the Ready to Install the Program page, click Install.
  9. Enter the ELM FQDN, enter ELM credentials, and click Register.
  10. Registration logs can be found at C:\Program Files (x86)\Citrix\Agent\Logs.
  11. In the InstallShield Wizard Completed page, click Finish.
  12. When an image is published to PvS, ELM can run a script. Citrix has a sample Versioning and Convert VHD to VHDX script at that converts the VHD file to VHDX, and/or adds the published image as a version. The script files can be installed on the PvS server at this time. Later, you specify the path to the script when you create the PvS Connector in ELM while creating an image template.  💡
  13. Citrix also has a BootPrivate script that modifies the vDisk mode to Private, boots the vDisk on a pre-defined target so that it can run pre-defined layer scripts, shuts down the target, waits for that shutdown, and then switches the mode back to standard.

Next Steps

9 thoughts on “App Layering – Enterprise Layer Manager”

  1. Hi Carl ,

    It was not possible to download the agent from the link you supplied. Its only available on Unidesk website in the download section you register and login your account. But all new account have denied access to download it. I was able to get it only by talking to the unidesk support. I have a copy of the installer in my onedrive if you allow me to share it.!AuLfTH_M3TdArRvDVJeYSRIWhv1g

  2. Thanks for the reply, what about the os layer template creation , would that have to be created on the same hypervisor as the ELM sists on ?

  3. Hi Carl,
    if my Xendesktop environment runs on a xenserver hyper-visor , is it beneficiary to install the unidesk appliance also on the xenserver platform or is it completely independent and i could put it into our hyper-v cluster ?


    1. I can’t think of any reason why it has to run on XenSever since ELM can push layers to multiple hypervisors.

  4. Hi Carl,

    With the Unidesk acquisition by Citrix, what is the future for AppDisk ?
    I suppose I shouldn’t waste my time implementing Appdisk and focus myself on Unidesk.
    I read several blogs talking about “physical workstations support in a near-future”.
    Mounting VHDs on Windows OS is feasible since years now, why Unidesk could not be used with physical computers ? Maybe because of the necessary bandwidth between a workstation and the servers holding the VHDs repository ? Or maybe because the mount has to be carried out in the very early steps of the Windows boot ?

    Kind regards


    1. Unidesk will replace AppDisk.

      Physical is on the roadmap. But I suspect that Cloud is the primary reason for the Unidesk acquisition.

Leave a Reply