"Traditional profiles are dead, long live layered profiles!"
This article has been in my pipeline for quite a while, and after talking to a number of subject matter experts I thought that now is the time to finally publish it: When dealing with virtual Windows desktops or remote user sessions, profile management and personalization pops up as a discussion topic or a pain point on a regular basis. This has not changed since 10 years and it is independent of the underlying virtualization or remoting technology. As a rule of thumb, once or twice a year, Windows user profile management is on the agenda. But things have changed over time. A couple of years ago, it was all about maintaining the EXACT layout of a user’s desktop. Moving application icons by a couple of pixels or removing the custom wallpaper may have resulted in seriously angry users. Typically, this is not the case anymore since users are used to having access to other personalized “desktops”, like their tablets or smartphones. They have learned how to deal with different background images and user interface element locations. But still, user profile management is a hot topic when it comes to maintaining application-specific settings across various work-related Windows desktops.
Any person new to the world of VDI and RDS would probably argue that if such a topic existed since such a long time, why was it not implemented properly years ago. The reason may be that Windows applications do not have to pass a mandatory user profile compliance test program before being shipped. No company — not even Microsoft — has real control over the way Windows applications are implemented and where they store personalization information. In addition, Microsoft Windows does not include an overall management console for user profiles. To make things even worse, Microsoft provides three different user profile management concepts, each of them with their specific limitations and if combined they do not always play nice with each other:
- User State Virtualization (USV) which is a combination of Roaming User Profiles (RUP), Folder Redirection and Offline Folders. Unfortunately, there are several incompatible versions of RUP across the various versions of Windows.
- User Profile Disks (UPD) is a lightweight “layering solution” based on user-specific VHD files. This profile management concept only works within selected types of Remote Desktop Services collections.
- User Environment Virtualization (UE-V) which is based on a filter driver for file and registry redirection combined with group policies. UE-V is part of the Microsoft Desktop Optimization Pack (MDOP), making it impossible to purchase it independently.
But there is more. The lack of a proper “one for all” solution provided by Microsoft created an entire ecosystem of third party profile management products: Citrix Profile Management (acquired from Sepago), VMware Persona (acquired from RTO), Immidio Flex Profiles (recently acquired by VMware), Dell Wyse vWorkspace, AppSense Environment Manager, RES Workspace Manager, Liquidware Labs ProfileUnity and others. Some of these products are solely addressing profile management while others provide this kind of functionality within a bigger product suite. But they all have in common that they want to replace (or enhance) Microsoft’s profile management mechanisms. The underlying product concepts are based on configurable file, folder, registry and object redirection, typically implemented on top of filter drivers. While this works great in traditional terminal server or Citrix XenApp environments, such concepts often fail in containerized or cloud-based environments.
This is exactly where we want to take a look at software layering, a technology that goes far beyond Microsoft User Profile Disk. As Ron Oglesby points out in his great BrianMadden.com article from September 2013, “Layering is a way to present to Windows a holistic C: drive that is made up of a number of distinct parts.” These distinct parts are called layers and they are stored in separate, isolated virtual disk files. Multiple layers can be stacked on top of each other, creating a (virtual) drive that is presented to Windows as a single image. An individual layer can be the Windows operating system itself, an application or a unique personalization layer. The latter may represent an application-specific user profile segment — and this is exactly what makes layering an interesting candidate for a better profile management solution. While today’s profile management products are about copying objects from one file system to another, layering allows attaching “application-specific (profile) volumes” to “master volumes”. Block-level transfer of virtual disk resources to a central storage can have huge advantages over file-level transfers, in particular when the central storage lives in the cloud – it’s like talking directly to your neighbor next door instead of calling him on his mobile phone. Layering has the potential to make sure that settings of applications hosted on Azure are in-sync with applications hosted on-premises.
Popular layering products are Unidesk, CloudVolumes (now VMware AppVolumes) and — as the new kid on the block — FSLogix. In essence, they all isolate applications in individual layers and allow user profile segments to be managed in separate layers. There are also several “light” versions of layering. As mentioned earlier, Microsoft User Profile Disk in Windows Server 2012 and later allows to configure virtual machine deployments to save user and application data in a single VHD file that is stored on a network share. Citrix Personal vDisk (PvD, formerly RingCube) also has only one layer for “departmental installed applications”. PvD is a great solution used in many Citrix implementations, but it was never designed to manage user profiles. VMware Mirage (formerly Wanova) also has one virtual disk and uses an agent to add applications to this disk.
But how do application virtualization and streaming solutions, such as Microsoft App-V or VMware ThinApp fit into this picture? I personally believe that they still have some relevance, but like traditional profile management solutions they may be replaced by layering products in the future as isolation is an important aspect of layering.
Another trend that needs to be taken into account is containerization, provided by virtualization software such as Docker or Spoon. Containers use resource isolation to package applications and run them separated from each other without the overhead of a full virtual machine. It will be interesting to see how application virtualization, layering and containerization will fit together.
In summary, software layering and containerization are hot topics. I want to predict that all ISVs dealing with user profile management in the VDI and “Windows from the cloud” space that don’t have a layering or containerization solution in their development pipeline are facing rough times in the near future. Traditional profiles are dead, long live layered profiles!
This article is reprinted with permission, and first appeared on Dr. Tritsch's blog, April 24th, 2015