User profiles play an important role in the user experience in Citrix Virtual Apps and Desktops environments. You’ve been able to manage them in three ways: local, roaming, and mandatory profiles. (Some combinations generate hybrid profiles — for example, mandatory profiles with any personalization script, or local profiles that copies some files to a centralized location.) But generally we focus on these three types when discussing user profile management.

You can also handle user profiles with a newer technology — profile containers — which redirect user profiles to a network location. Profiles are stored as virtual disks and are mounted on the operating system at the time of execution, minimizing the file copy required to get the profile up and running.

We regularly recommend that our Citrix Consulting customers use Citrix Profile Management. But as new technologies emerge over time, user profiles become more complex, such as with storage of Outlook OST files and OneDrive caches. This adds complexity to the configurations needed for virtual desktop environments because not all new features work as easily as they do as on a physical desktop.

We’re seeing more customers adopt FSLogix to take advantage of profile containerization when using the O365 suite. FSLogix is a Microsoft tool available to customers with the required licensing, and you can learn more about it here.

FSLogix is simple to enable. All you need is an agent, a policy that activates the feature, and a network location to store the profile container (VHDX files). In this blog post, I’ll cover some general recommendations you should consider when enabling FSLogix for your environment.

Multisession Profiles

Multisession profiles are environments where the same user has access to apps and/or desktops that span operating systems. These could be apps distributed across different server silos (and that, in turn, can mix operating systems, such as Win2016 and Win2019); multiple virtual desktops (where mixtures such as Win 10 + Win 10 or Win10 + Win7 can also occur); or hopping from a virtual desktop into a virtual application session. The possible scenarios are limited only by the creativity of the person who designs the solution.

When designing profiles for users with access to multiple operating systems and use cases, you need to maintain separate profiles for each use case, avoiding reuse of the profile in more than one session at the same time.

Why?

When the same user profile is used in different sessions, only the first session will have read/write access. The other user sessions will only have read access. You might also encounter problems in running the VDI/applications session because there might be version differences in the profile, which can cause corruption of the user profile. The image below illustrates this scenario.

Multiuser Profile vs. Single Profile (click to view image larger)

If you must use the same user profile in multisession mode, you can use profile write-back, a Citrix Profile Management feature that can be used with FSLogix. It enables a kind of temporary disk that synchronizes changes to profiles that are in read-only mode. The only caveat? This feature operates under the theory of “last writer wins,” which can confuse the user.

Container Creation and Folder Redirection

Separating data such as desktop and document folders from user settings has a lot of advantages. In addition to improving login times, it also enables users in different use cases to access their data regardless of the desktop they’re launching.

Folder redirection common scenario (click to view image larger)

Remember to use a single folder for each user profile, but the same folder for folder redirection. With this configuration, we expect that the users can change their VDIs or Virtual Apps silos, but their data will be always available on all their sessions. But what happens when you use OneDrive in a virtualization environment?

You can configure the redirection of known folders to OneDrive. This is a good idea considering that the wide adoption of Azure and Office 365 services has led to expansion of cloud services for storage of user data, eliminating dependence on on-premise infrastructure.

Even so, it’s important to consider the limitations and additional conditions that arise when using this type of configuration. When working in an on-premises environment with a local file server, the availability of the stored data is immediate for any session that accesses this repository.

When using OneDrive, information must be synced to the cloud, which can cause a delay in files being available, depending on their size. There are also now additional features such as on-demand files, which are only downloaded when the user tries to access them. Because the files are not stored locally, they reduce the amount of storage needed. At the same time, they aren’t immediately available, and permanent internet access is required. Microsoft recommends using Windows 10 Fall Creator Update (1709 or later) or Windows Server 2019 and the current version of the OneDrive client to get the benefits of Files On-Demand.

One design option is to configure all devices to redirect their known folders to OneDrive and enable Files On-Demand to minimize profile sizes. The important point here is that all user information is redirected to OneDrive, so it is important to be clear about where the user profile information is going to be stored and how it is going to be accessed.

User profiles are stored on-prem, and folder redirection are on OneDrive. (click to view image larger)

Storage for Containers

When it comes to storage, it all depends on the architecture of each environment. The basic variables to consider are whether the environment is in a public cloud or on premises (or hybrid) and the level of high availability required. It’s important to note that, by default, a user profile includes the user’s settings and customizations, as well as their data and documents.

If VDAs are deployed in Azure, Azure Blob service and Azure Files are available (there are others, but I will focus on these here). The first issue to consider is the difference between these services. Basically, Azure Blob is an object that allows you to store large volumes of unstructured data, designed for cloud solutions of any type. Azure Files is an SMB-based distributed file system similar as the ones we see when we work on on-prem solutions. Although we can consider using both services to store profile containers, Azure Files is easier to use and maintain because it is a file system similar to a traditional SMB share.

Additionally, these data must be validated before performing any sizing. On the other hand, taking into account that these storage mechanisms are based on cloud (PaaS), we can sleep peacefully because the Azure team is making sure that everything is fine for us, in addition to providing high availability services for the services, according to our needs.

A file-storage solution should be considered for environments that are 100 percent on premises. Technically, a shared folder is sufficient, but high availability is very important here because it’s a critical service. Microsoft Cloud Cache enables us to write simultaneously to multiple locations using the same namespace. Please note that to enable this feature, you must add a registry entry (or GPO) that includes two lines with the locations. The first line will be considered as the primary location, while the remaining ones (up to four) will be considered as backup.

I know that this is a topic that always generates a lot of discussion. These resources may be useful when making decisions or configuring the settings for the profile.

In this blog post, we looked at some of the most important topics to consider as you get started with FSLogix. Look for future blog posts on FSLogix and what you need to know when working with other public cloud providers. And learn how Citrix Consulting can partner with you to help your organization get more value, sooner, from your Citrix solutions.