VMware Horizon Community
himcrucified
Enthusiast
Enthusiast

UEM in combination with AppVolumes (recommendations)

I keep hearing that the best way to do VDI is to couple UEM and AppVolumes, using AppVolumes for AppStacks and Writeables (UIA Only), and using UEM for the user's profile (folder redirection, windows settings, app settings). Would most of you agree with this recommendation?

We're a small organization (150-200 persistent desktops) and I'm currently running a small pilot group to test these two products (we're going to move away from Citrix/Unidesk). I currently have my pilot group exclusively using Writeable Volumes for a persistent experience and it generally works pretty well, however, I'm told that using UEM for maintaining the persistent experience would be better in the long run, so I've taken the time to setup a UEM environment and test.

Since doing so I've tested the User Environment functionality (folder redirection, shortcuts, drive mappings, etc.) and the Personalization functionality (windows settings, application settings, etc.). All of which seem to work well, but at this point I've only tried using the out-of-the-box configurations for Personalizations. It seems like it could take a lot of time to build your own configs for every application that isn't already listed. It appears that I would have to track down the registry entries of every 3rd party application that we use in order to try and build configuration files for all of them that would capture user edits/changes (seems daunting and maybe impractical for one person).

Given that, I'm considering using UEM for folder redirection (to protect a user's files) in combination with Writeable Volumes (UIA & Profile). That way I can backup and protect the user's files using UEM, maybe use it to deploy printers, shortcuts, etc., but then rely on Writeable Volumes to catch user installed apps and any custom windows and application configuration changes that the user makes.

Any thoughts? Thank you in advance.

Reply
0 Kudos
12 Replies
Wimp777
Enthusiast
Enthusiast

I migrated away from Unidesk 2.x before the buyout by Citrix. I now run exclusively non-persistent desktops with Appvolumes and UEM. I don't use any writable volumes as anything relevant is on the file server already via mapped drives.

Addressing what I can:

Folder Redirection: I do not use UEM however, it does work in redirecting the files without error. The only caveat I have for UEM and folder redirection is since I moved to Horizon 7.0 and beyond the folder redirection leaves empty unlinked directories in C:\users\%username%. They are not symbolically linked or redirected, so if any data is written via that path it gets deleted at logoff. I am always waiting for updates if it does get resolved. I still use the standard Microsoft GPO to handle all my folder redirection tasks.

Moving to UEM. You get out what you put in. A lot of the default configs for Office products are useful and I use them. Window and individual application configs are down to your environment. If you stick to persistent desktops like the old Unidesk way. There is much not of a use for UEM until the desktops need to be recomposed. UEM becomes very useful if you go with non-persistent desktops to make the user experience feel persistent. The more you want to be persisted. The more work it is on you to set up. Overall the product is great at handling everything I need for my environment aside from computer-based GPO's and folder redirection.

Appvolumes is akin to selecting all the application layers you want in the image. Except Appvolumes does it in real-time without the need to rebuild a desktop. So I can do routine maintenance and testing during production without affecting my users. Each appstack (layer) can be assigned just like Unidesk could be by user/computer/AD groups etc.. I don't currently use the new JMP service VMware is pushing with these latest updates. JMP is very similar to how the Unidesk 2x process was with one central console doing all your assignment/build tasks once you have all the Horizon services connected to it.

Reply
0 Kudos
Ray_handels
Virtuoso
Virtuoso

I'm able to shed some light on the Appvolumes/UEM matter but would also like to hear why you moved away from Citrix, just out of curiosity.

UEM is what it says it is, User Environment Manager. You can pretty much collect anything and everything with it. Does what it needs to do and yes, if you have some quirky applications it might take some time to create the configuration file. Using version 9.5 you can automagically download community driver templates for about 250 applications (and counting) so normally it shouldn't take all to long. I would suggest using UEM for personalisation if possible, will come back to the writable profile in a moment Smiley Happy.

Regarding applications, Appvolumes is easy to learn, hard to master. When you look at the packaging process it is very straightforward but because it collects everything that happens during processing you could end up with a very large appstack that has a lot of junk it. Say for example the windows update is triggered you could end up with windows patches in your appstack, just be very aware of that!!

And now to the writables. We have been using the UIA + profile. As long as you are using W7 I would suggest using it for creating persistency for your VDI machines. It works pretty well as the profile in W7 is pretty straightforward. The moment you start looking at W10 (or W11 or W12 or whatever version it is they are not calling it Smiley Happy) doing profile management within the writable is pretty hard.

The big positive of the writable is that it will collect anything and everything, basically being a dumb bucket. But that's also the downside of it. If there is an error in the writable your left with very limited options, basically just resetting the writable. For the user this would be the equivalent of a reinstall of his machine. Depending on your user base this could be an issue..

You could try to do catch all profile with UEM (we are also trying this) to still give the user a stateless experience.

Writables will give you a quicker logontime though because it does not need to copy information or settings from a file share but attaches the writables using vsphere and it is there instantly.

Reply
0 Kudos
Wimp777
Enthusiast
Enthusiast

I inherited Unidesk. I switched as our license agreement was coming up. So I did the research into what we were already paying for with our Enterprise Horizon license. The new version 4.x of Unidesk was many steps in the wrong direction. I have it a fair shot against AV with exact same Appstacks/layers and base image builds. The Unidesk process is horrifically slow even on complete flash storage on my HP 3PAR. Just to prepare the master image took over 40mins for Unidesk take the vhd and get it into the system and move onto the next step. Multiply that time for the same process to get layers(appstacks) available as well. The older 2.x product was still slow in comparison but viable. Also, I wanted to shift to the non-persistent route to trim space from my datastores and make the management side of things much easier. I don't know how Unidesk has progressed since it became Citrix, but I have no intention of looking back. Maintenance was time-consuming versus updating an appstack making changes and rebooting. Along with everything being persistent desktops things could get out of hand with what users were doing on their desktops.

Reply
0 Kudos
himcrucified
Enthusiast
Enthusiast

Wimp777 thank you for taking the time to reply.

I also noticed the same caveat that UEM doesn't use symbolic links to redirect data.

Yeah, we're planning on using non-persistent instant clones (our pilot group is currently using them without issue). The amount of work that I'll need to put into UEM in order to get the same persistent experience as we had with Unidesk seems daunting with only three of us in the department. That's why I'm contemplating a hybrid approach with UEM and Writeable volumes. Any major drawbacks to this approach that jump out at you?

With regards to AppStacks I like them except that the more AppStacks I use the slower the login times get (which I know is expected). So I've put as much as I can into the gold image and plan to have an AppStack for Office and a few other staple apps but most other miscellaneous applications I'm going to put in manually, relying on the Writeable UIA feature. What kind of login times do you see with AppStacks? I'm finding that if I use 1-2 AppStacks that my login times are near or around 30 seconds, and if I start adding more the login times increas by 10-15 second increments. I have a blazing fast datacenter with an all-flash array from Pure so there's nothing more I can do in terms of hardware performance.

--------------------------------------------------------------------------------

@Ray_handels thank you for taking the time to reply as well.

We're moving away from Unidesk/Citrix because of the uncertainty it brought to the product, and since we hadn't yet moved to their 4.x product we thought it was the best time to move away if we were going to do so. The 4.x product was also missing the persistent feature (which we rely upon heavily), at least up until recent months.

I was wondering if there was a repository of configurations for applications. Are they only accessible for v9.5 users? Are these visible directly via the application or is there somewhere online I need to go? Are there any good tutorials/examples on how to build configs for your applications? I'm new to this aspect of UEM which is probably what makes me most apprehensive about whether this is something we can implement and maintain over the long-haul. If I felt confident I could easily and readily accommodate 99% of my apps this way then I think my perceived hangups with UEM would largely disappear.

I do like the idea of using writeables (UIA + Profile) in order to capture mainly the system & application customizations. I wouldn't mind then managing their data via UEM's folder redirection, that way if the writeable blows up I don't have to be worried about their data. Their system and application configs would have to redone but that wouldn't be too big of a deal assuming it doesn't happen every six months. What are specifically your reservation with writeables and Windows 10? We're planning on using LTSB/LTSC so maybe that eliminates some of the potential problems. Thoughts?

That's interesting to hear that your login times increased when leveraging UEM. I haven't tested that much, at least not since playing with UEM's folder redirection.

Reply
0 Kudos
sjesse
Leadership
Leadership

Look here for shared configurations for UEM

VMware User Environment Manager

there is section in the forum where people have uploaded ones for them.

I've done the approach you've mentioned with the writeables and UEM, and its works ok, but this method is just putting persistence back into non persistent desktops I think. Is there a buisness reason to put office in an app-stack and most everything else in the parent image? Office is one of the applications that in the past have had problems in an appstack, which is why I moved the parent image. If your using app volumes I suggest organizing your apps into logical groups that contain as many applications as possible, and not split them up to keep them small. Thats what works for me, and our environments is a bunch of hand me downs,

Reply
0 Kudos
Wimp777
Enthusiast
Enthusiast

UEM comes with a lot of usable default templates for capturing common functions to give the user a persistent feel. I handle my environment myself with around 250 desktops so it is definitely doable. The default configs keep most work to a minimum and you can tweak or add what you need. I don't use writable drives because there is no reason for my environment. Whatever a user needs is on the network or within their user profile that is being redirected. I have very special cases with writable drives for high-level users mainly for Outlook and the search index redirection. However, in odd occurrences from Windows Updates to be my best guess. Office always has trouble and my KMS will break for the user that has the writable drive, and the easiest way around it for me is to trash and give them a new one. Since it is only an Outlook file. I am not concerned about losing anything.

I condense my appstacks as much as possible to deliver as few as possible, and to keep my mgmt console from becoming cumbersome. I run on all-flash storage as well and my login times are typically 40-70 seconds for login on Windows 7 32/64. Due to constraints put on me. I do capture a lot of data that would otherwise be discarded in a normal non-persistent setup. So I have to accept the slower login time. The login time will always be slower than the Unidesk persistent desktop, but Appvolumes/UEM and the non-persistent desktops are far easier to manage.

Reply
0 Kudos
himcrucified
Enthusiast
Enthusiast

sjesse​ the only reason I haven't put Office in the gold image is because we currently use both Standard and Pro Plus, so AppStacks became necessary to avoid more pools and gold images. We've also chosen to use Active Directory activation instead of KMS which has been very helpful, I'm so glad to leave KMS behind (no more 25 count minimum).

Reply
0 Kudos
Ray_handels
Virtuoso
Virtuoso

I do like the idea of using writeables (UIA + Profile) in order to capture mainly the system & application customizations. I wouldn't mind then managing their data via UEM's folder redirection, that way if the writeable blows up I don't have to be worried about their data. Their system and application configs would have to redone but that wouldn't be too big of a deal assuming it doesn't happen every six months. What are specifically your reservation with writeables and Windows 10? We're planning on using LTSB/LTSC so maybe that eliminates some of the potential problems. Thoughts?

Because everything else has already been answered Smiley Happy..

If you are going to use LTSB it would rule out some issues with W10 and writables with a profile. Modern apps dont fly well with a writable to be honest because they are not captured within the writable. Also Microsoft tends to change it's start menu behavior and settings as they please. You could end up with a broken startmenu or applications if you would upgrade to a new version. Off course using LTSB you don't have those issues.

When looking at writables with a profile. We have some users that need a reset of their writable once every few months but normally users can do with a writable for a very long period of time. Sometimes up to a total lifespan of the Windows version. WIth W7 we had users with a writable that was over 2 years old.

Regarding the slower logontime. If you load a lot of settings for a user during logon using UEM it needs to copy the zip file and extract it during logon, this can take up some time. If you tweak it well enough it wont of course. When looking at a writable, it is mostly attached within a few seconds and the profile is also merged within a few seconds and you have a complete profile load in just about 5 seconds or so (at least that's the numbers we are seeing).

Reply
0 Kudos
himcrucified
Enthusiast
Enthusiast

Thanks @Ray_handels.

Where's the documentation on how to create your own config files for software? Any tutorials or examples I can follow? Thanks for pointing me to the software config repository too.

Reply
0 Kudos
Ray_handels
Virtuoso
Virtuoso

You mean for UEM? I would suggest getting a new machine and installing the profiler on it. It is in the UEM folder that you downloaded. If you start up the profiler it will check the process of the application you are starting up and create an .ini file that you can then import into UEM.

This is also a good place to start.

Quick-Start Tutorial for User Environment Manager | VMware

And, but that's just my 2 cents, I would not be using the JMP console.. Just use the UEM management console to configure settings so you get a grip on what you are setting up.

Reply
0 Kudos
himcrucified
Enthusiast
Enthusiast

I just wanted to say thank you to everyone taking the time to chime in on my original questions/comments. The responses have been very helpful for us in determining our the best path forward.

Reply
0 Kudos
Ray_handels
Virtuoso
Virtuoso

:smileycool:

If you have any more question just feel free to ask or maybe also share the insight that you might have found that were any different than we experienced.

Reply
0 Kudos