Often, when first introduced to the Citrix App Layering technology, admins will call it “magic”. This response is both flattering and somewhat undeserved! Magic has often been used to describe events or processes that the viewer could not explain. But App Layering is not magic; it’s some creative, innovative thinking that is easy to understand once you break it down.

In this post, we will look at the basics of file system layering, conflict resolution/file system merger along with the concept of layer priority and what happens when Layered Images and Elastic Layers (hot add) are combined.

Let’s start with a couple of basic statements, so we are all on the same page.

C: is really a virtual thing. Whether you are running a physical laptop, server or virtual machine, C: is just a logical assignment to whatever “drive” Windows can see. It contains a hierarchy of folders and files (in specific locations) to enable Windows to boot, services and applications to run, and users to interact with them.

To layer a C: drive is really to create a logical C: drive from a series of Layers each with their own file system and set of file system objects.

A Layer is simply a container for the file system objects and registry entries unique to that layer. In an Application Layer, this is just the files and registry entries that have been added, changed or even removed during the application install.

Understanding that App Layers are stored in separate VHDs, you can then begin to understand that a Virtual Machine may have several layers assigned to it, BUT the C: drive that the Windows ‘sees’ is really made up of one merged view of all assigned layers.  This is done via our Composite File System (CFS), which leverages a mini-filter to intercept I/O, and direct file system operations to the appropriate volume.  Essentially, the CFS will allow Windows to “see” a single complete C: drive, that is really made up of numerous logical volumes.

Basics of Layer Priority


Starting with the image above, we will assume these three layers make up this logical C: drive for this VM (we have obviously simplified the number of files and folders here to make layering easier to understand). Each layer contains only two files.

When these layers are assigned to an image or user, they are logically merged to make the applications look like they have just been installed into a “regular” C:\ drive, but underneath they are in separate virtual disks.

Within Windows (if you were to browse the C: drive) you would see files 1 through 5. Files and directories may come from different layers but they are merged together seamlessly. The Program Files directory is a great example of this layer merging. You will see application sub-directories from numerous layers in Program Files, along with individual files from different layers that may wind up in the system’s common folders. This is not simple Windows mount points in a directory. This is a function of file system level virtualization allowing I/O requests to be intercepted and directed to the appropriate disk/volume containing the layers.

You may also note that “File 4” is located in both App 1 and App 2 layers. In cases where a file may reside in two layers the conflict is resolved using a layer priority mechanism. Each layer is assigned a priority and those layers with the higher priorities are checked first for the file being opened. The App Layering software is essentially virtualizing the name space for the filesystem and using a file system filter (called a mini-filter driver) to intercept I/O requests for files and direct them to the proper layered file system (Virtual disk).

As an example, if something in Windows attempts to open File 3, the call to the file system is intercepted by the mini-filter which locates File 3 in the logical volume for the App 1 layer. The I/O is then processed against that file, in that volume/file system.  If File 4 is opened, the same process occurs again with the mini-filter intercepting the I/O request, locating the file (in this case in the App 2 layer) and passing it back to Windows.  Even though the File 4 may reside in two locations, the layer with the highest priority “wins” and that file will be used.

It should be noted, that during the first opening of a file, Windows will note the location (which volume the file is in) and cache this location for faster access later. Therefore, you sometimes may notice that an app takes a second or two the first time it launches and then on second launch it does not.

A word on Mini-Filters/File System Filters

One of the discussions I often have with customers is about the use of mini-filters in the world today. Few people (outside of some real desktop geeks and backup/replication or AV folks) know about these babies. Mini-filters are not something unique to App Layering. We have just found an interesting way to employ filters for desktop management. Filter drivers have been around for a long time and are used by everyone from anti-virus vendors, backup/replication software and even some persona/profile management tools. They are very standard in the Microsoft world and not something to fear. Actually, if you are on a Windows device right now you probably have a couple of filter drivers running and might not even know it.

Layer Priority in Layered images

Now that we have the basics of layer priority let’s look at that the process of layering within a Layered Image.


When a Layered Image is created a new virtual disk is generated. Once the disk is created and formatted, the App Layering virtual appliance copies the contents of the assigned layers into this new disk in the layer priority order (starting with the OS layer, moving through the app layers and then the final layer applied is ALWAYS the platform layer).

The results of this image creation is a single volume disk, containing the contents of all assigned layers. Here, a mini-filter is not use as this is truly a single volume C: drive that has only been built based on layer priority.

For our discussion here, the image above shows numerous App Layers in the image, based on their priority. But realize this is simply a logical representation of what is a single disk and single volume.

Layered Images and Elastic Layers Combined Priority


Once a Layered Image is built and provisioned out via your chosen image deployment tool (MCS, PVS, etc.) your users may be assigned additional layers that will be attached at login.  These hot add layers are attached based on the user’s AD group assignments.

At login, the user’s assigned app layers are processed and connected to in priority order, with the User Layer (if enabled) being the last layer connected and the highest priority of all the layers.  These hot add layers are attached in a priority ABOVE the layers that were used in the creation of the Layered Image. Our example above shows App 3 and App 5 both assuming a higher priority than App 7 and App 8 that are contained in the Layered Image.  In this example, the entire Layered Image is really its own single disk/volume layer (like the OS layer) with the additional apps and user layer being add on top logically.

Wrapping up

In summary, the concept of file system layering is fairly simple:

  • Individual Layers are disks that contain a file system and the objects in that file system that are unique to that layer.
  • Layers can be combined into a Layered Image OR attached at login based on user assignments.
  • The Layers have an inherent priority order whether they are in the layered image or attached at login
  • The Layer priority determines which layer is used when files are in conflict between layers.
  • Regardless of where the layer is applied/deployed the result is that Windows “sees” a holistic C:\ drive

Obviously, this is a very simplistic view of what is done under the covers, but the basic concepts of layer priority and I/O intercept are important to understand if you are starting an App Layering Project.  But the benefit of deploying applications in this way is that it lets Windows and applications to operate normally. These applications behave, look, and feel, just like they were installed in the image. This allows Citrix App Layering to also support applications that most app virtualization technology cannot (Apps with drivers, services, or those that need to communicate with other applications).

If you are looking to try Citrix App Layering you can download the software via Citrix Cloud under Citrix App Layering → Get Started.