Last Update: Mar 10, 2023 | Published: Mar 08, 2023
Remote and virtual desktop solutions provide a flexible way for users to access remote services securely while maintaining control of how the users access those services. In this article, I’ll explain how FSLogix can optimize remote and virtual desktop environments by leveraging Profile Containers and Application Masking. I’ll also detail the FSLogix features allowing users to provide customized, user-based access to applications in a virtual desktop environment.
Providing a consistent experience as users log into non-persistent or shared desktops is an essential factor in the success of a remote and virtual desktop environment. Microsoft acquired FSLogix in 2018, and it is the recommended way to manage user profiles in Azure Virtual Desktop environments.
FSLogix is not limited to use with Microsoft solutions. It is available to use with Citrix, VMware Horizon, and other virtual desktop infrastructure (VDI) platforms to manage user profiles and the desktop experience.
There are three main components included with FSLogix:
FSLogix Profile Container creates a container on a network share that holds the user’s profile. The profile is available as the user moves between different computers in a remote or virtual desktop environment, providing a consistent desktop experience with non-persistent and multi-user desktops.
Departments or business units within an organization require access to unique combinations of applications. Managing images with different collections of applications can be time-consuming in these environments. FSLogix Application Masking simplifies image management by dynamically hiding and blocking access to applications based on user or group membership. This leads to fewer images to manage while limiting access to applications on those images.
Lastly, Java Version Control allows administrators to specify versions of Java for web applications based on a URL. Java Version Control only works with Internet Explorer. Internet Explorer has reached its end of life, and I won’t cover Java Version Control in this article.
FSLogix provides a way to centralize user profiles so they can be accessed as users log into different computers. Centralizing profiles provides a consistent desktop experience in shared, non-persistent, and multi-user desktop environments.
When a user who is enabled for FSLogix Profile Container logs into a computer, the FSLogix application checks the network share for a profile. Then, the Profile Container is mounted if it exists. If not, one is created and then mounted. The Profile Containers are in a .VHD or .VHDX virtual disk format.
The FSLogix application redirects profile reads and writes to the Profile Container on the network share. Some profile items, such as temporary files or session-specific information, do not need to be stored in the profile container. A file with the format “Local_UserName” is created on the local computer to store these items. This folder is removed once the user logs off.
The Profile Container stores all user data by default. Sometimes, it may be desirable to separate Office 365 data into a separate container. Separating Office 365 data is possible with FSLogix Office containers.
Office 365 data is a cached copy of Office 365 data, Outlook .OST files, and the local OneDrive cache. For example, Office 365 data is easily recreated from the Microsoft online copy.
By splitting Office 365 data, we can limit the amount of data backed up and replicated for disaster recovery preparation. Also, separating the Office 365 data into a different Profile Container will spread profile reads and writes across multiple file shares, potentially increasing performance.
With traditional Profile Containers, only one file share location is used for profiles and another file share for Office 365 data, if used. However, some organizations require a low recovery point objective (RPO) for their business continuity and disaster recovery plans.
FSLogix Cloud Cache offers near real-time profile redirection to multiple file share locations. Cloud Cache uses multiple file locations simultaneously, keeping all copies updated with changes.
Cloud Cache leverages the computer’s local drive to build a profile cache when the user logs in. The cache is populated with profile data from one of the remote shares. The profile reads come from the cache. Profile writes are written to the local cache, then asynchronously to the profile shares. The remote profiles are kept up to date in near real-time.
The profile locations can be local, at a remote or disaster recovery site, or both. Should one copy become unavailable, the available copy is used. The offline location is brought up to date once it’s available again. This makes Cloud Cache a good option for high availability with failover to a remote site.
Cloud Cache is a good option for high availability, but there are some things to consider before implementing it:
Image management requires significant time and effort in environments with various applications and many business units. Each department has its own catalog of applications that must be available to end users. Creating images for virtual and remote desktops that meet the application requirements can lead to multiple images, and managing these multiple images can be time-consuming and complex.
FSLogix Application Masking lets us control what applications users have access to on the client operating system. For example, an organization can reduce the number of images by adding more applications to a smaller number of images. Access to the applications is granted or denied with Application Masking based on the user, group membership, or other factors.
App Masking rules are created with the Application Masking rule editor. The rule editor can be found in the FSLogix installation files. The rule editor has the option to create a blank rule, a rule from a program file path, or select an installed application.
Here’s what you can do in practice:
FSLogix Application Masking streamlines the image creation and management process. More applications can be added to a smaller number of images, reducing image management overhead. Application Masking controls access to the application with rule assignments.
Eligibility to use FSLogix is dependent on Microsoft licensing. The list below shows the license eligibility to use FSLogix:
FSLogix can be used in public or private data centers. It supports Windows 7 clients, Windows Server 2008 R2, and newer client and server operating systems.
FSLogix Profile Container solves the problem of profile management by creating a central location for user profiles, then attaching those profiles to user sessions as they move between computers in a virtual or remote desktop environment. In addition, FSLogix Profile Container provides a way to split Office 365 data into its own profile container, and it can keep multiple copies of profile containers up to date in near real-time with Cloud Cache.
Lastly, FSLogix Application Masking simplifies image management by managing access to applications installed on the image. Users are restricted to only the applications they need access to with App Masking rules. Overall, FSLogix Profile Container and Application Masking are really helpful tools for optimizing your user’s VDI experience.