One of the common questions organizations have when looking at Citrix App Layering is, “How does a cloud based service work with my environment that is completely (or mostly) on-prem today”? The answer lies in understanding a little bit about where layers are stored and deployed, and where Citrix Cloud comes into play.

Where are the layers?

The layers, should always be kept as close as possible to your workloads. If your environment is completely on-prem and in your datacenter, that is where your layers (your OS and app layers) will be maintained. The virtual appliance you download (the Enterprise Layer Manager), the master copy of all layers, the Layered Images you deploy, and the Layer Repository for your user assigned layers all will reside in the same datacenter(s) where the majority of your workloads run.


This keeps the layers and images as close as possible to the hosts, minimizing network requirements and the time spent copying these layers when they are updated or new Layered Images are generated.

So where does Citrix Cloud come in?

Citrix Cloud will provide the management plane for App Layering. Currently, this feature is in Labs (so give it a shot!), but you can also access the management console directly via a HTTPS connection to the virtual appliance.  As the management service moves to a pure cloud service, our design still assumes all layers and data are going to remain local to the workloads, this means the management plane (read interface) is located in Citrix Cloud and is communicating with your Layer Manager on-prem (all done via SSL).


When implementing App Layering, you will deploy a Citrix Cloud Connector (if you haven’t already) which will allow SSL communications between the layer manager and the Citrix Cloud App Layering management interface. The Administrator can simply use the Citrix Cloud interface to manage all layers, regardless of where they are located.

It is important to note at this point that the interaction with Citrix Cloud is purely for management of the layers. Updating or creating new layers, deploying a new layered Image, etc. Users and user sessions NEVER communicate with Citrix Cloud to access their applications. The layers are being “handed off” to either a network file share (for Elastic Layers) or to a provisioning system (for Layered Images). Interruption of the internet connectivity will have no impact on users’ ability to login or access applications.

But what if I CAN’T connect my network to the internet?

We understand that there are some environments that have such strict security protocols that no internet connectivity is allowed in or out from the environment. These are especially common in government agencies but can also be seen in the private sector as well.

To address these isolated or air gapped networks, we will be releasing an LTSR version of App Layering that will maintain a local management interface on the Layer Manager virtual appliance. Of course, updates and new features will be released much more frequently with the cloud hosted App Layering, so we encourage you to leverage that model whenever possible.

Give it a try

If you would like to give Citrix App Layering a try, you can request a trial right from Citrix Cloud. Create a Citrix Cloud account (there’s no cost) and then select Citrix App Layering from the menu to access your 60-day free trial. The Citrix App Layering service includes full feature functionality and eligible customers with active Customer Success Services Select can use this service for production roll out.