Just after 6 years of its foundation, Microsoft acquired FSLogix in the last quarter of 2018. In this article, I will walk you through FSLogix Office 365 Container setup.
Remember UPD (User Profile Disk)? Microsoft introduced it in server 2012. It is a great solution that allows moving the entire user profile to a VHD file. In UPD settings you define, the location (for High Availability, you can place UPDs on a clustered file share) where UPDs will be saved, and what do you want to include in the UPD.
When a user logs in, a VDH file is created for that user on the User Profile Disks location using “UVHD-template”. This template file is created when you configure and apply UPD settings. The format of the user-specific VHD file is UVHD-userSID(the objectSID attribute of a user object).
Then, that user-specific VHDfile is mounted to the server or a desktop and appears as a symlink under C:\Users. When the user logs off, the VHD file is un-mounted and all the changes to the user profile are saved to VHDX file.
So far so good, correct? Folder Redirection is sorted, Outlook OST is sorted, HKCU is also captured, and logon time is improved but what about Citrix and VMware? UPD works with Remote Desktop Services environment. Look at the first screenshot; it is a collection of pooled machine where User Profile Disk settings are being configured. Checkout this video or this article to understand how to enable UPD.
To make it work for Citrix XenApp and VMware Horizon (although they have UPM/WEM and UEM respectively), you have to go an extra mile of executing some PowerShell commands or pushing UvhdRoamingPolicy.xml using computer start-up script through GPO. If you are interested in that, then visit this whitepaper and scroll down to Command Line Implementation.
(gwmi -ns root\cimv2\terminalservices -class win32_tssessiondirectory).createuserdisktemplate("\\FILE_SERVER\SHARE",SIZE) (gwmi -ns root\cimv2\terminalservices -class win32_tssessiondirectory).enableuservhd("\\FILE_SERVER\SHARE","0")
<UvhdRoamingPolicy> <RoamingMode>2</RoamingMode> <Include> <Folder>AppData\Local\Microsoft\Outlook</Folder> </Include> </UvhdRoamingPolicy>
By now, you must be thinking why we are discussing UPD so much when the topic is FSLogix. Please hold on to that, we will get there soon.
Outlook OST (Cache Mode) is not the only feature that is expected from a profiling solution (or a workspace solution). It also needs to provide an efficient delivery and consumption of following:
- Roaming of Search Index Database so you can effectively search e-mails in Outlook
- Seamless multi-session roaming of One Drive for Business and SharePoint user data so you don’t have re-sync at each logon
- Support for Skype of Business GAL, Microsoft Teams Data and One Note Notebook files.
Can UPD meet these expectations? Unfortunately, No. Can other well-known solutions like Citrix UPM, Citrix WEM, Citrix App layering User Layer, Citrix App Layering O365 Layer, Liquidware Profile Unity, Ivanti Workspace Manager, and VMware App Volumes fulfil these expectations? The answer Yes, No and Partially Yes. David Wilkinson has done an outstanding job at creating a Comparison Matrix that illustrate what you can achieve with what solution. He keeps updating the content as and when new features are added so I definitely recommend you to visit that article.
Finally, after more than 500 words, we are here. FSLogix, not just delivers up to the expectations, it goes one-step further with feature like Cloud Cache and concurrent access modes.
FSLogix provides 4 solutions:
- Profile Container (Cloud Cache is used with Profile Container) – Profile Container takes your whole user profile and places it into a VHD(X) file on a file share. If you are using Cloud Cache, you replace the VHD location with CCD location. Check this tutorial from Microsoft. Enterprise Architect, Roy Zylowski has written a blog explaining the different between Citrix App layering and FSLogix Profile Container. In summary, he says:
- Use FSLogix to solve problems associated with roaming profiles on non-persistent VDI.
- Use user layers when you’re trying to provide a persistent user experience on non-persistent VDI.
- If you’re using FSLogix and Citrix App Layering together, install FSLogix into an application layer.
- If you’re using FSLogix and Citrix App Layering together, you must change the altitude of the FSLogix filter driver.
- If you’re using FSLogix and Citrix App Layering together, use a GPP to create the FSLogix local groups
- Office 365 Container – In this article, we will concentrate on FS Logix Office 365 Container. See next Topic.
- Application Masking – You can use App Masking to hide applications from certain users on a golden image. That’s not it, there are many use cases that make App Masking an appealing solution. Check FSLogix App Masking – Real World Examples.
- Java Version Control – Java Version Control allows you to tie Website URLs with a specific version of Java.
If you own any of the following license, you are eligible to use FSLogix
- Microsoft 365 E3/E5
- Microsoft 365 A3/A5/ Student Use Benefits
- Microsoft 365 F1
- Microsoft 365 Business
- Windows 10 Enterprise E3/E5
- Windows 10 Education A3/A5
- Windows 10 VDA per user
- Remote Desktop Services (RDS) Client Access License (CAL)
- Remote Desktop Services (RDS) Subscriber Access License (SAL)
Do check Microsoft’s official document to stay updated.
FSLogix Office 365 Container
FSLogix Office 365 Container redirects only Office related data to a VHD file compared to profile Container that redirects entire profile. When the user logs in, the VHD file is mounted and at logoff, VHD is unmounted and changes are saved to be available in next logons as persistent data. It is best to store VHDs on a Network file share. FSLogix uses Filter Driver to convince applications that profile is local to the server or desktop. That’s the reason most of the applications work with FSLogix solutions because they don’t recognize that profile is actually on a remote storage.
Installing FSLogix Office 365 Container is very straight forward and configuration is done through either GPOs or registry.
- Download FSLogix media from https://docs.microsoft.com/en-us/fslogix/install-ht
- Go to FSLogix_Apps_2.9.7237.48865\x64\Release
- Right click on FSLogixAppsSetup.exe and select Run as Administrator
- Click on Yes in UAC prompt
- Check “I agree to the license terms and conditions” and click on Install
- If you want to change default installation location then click on Options
- Installation will proceed
- Once completed, you will see Setup Successful
- In Programs and Features, you will see Microsoft FSLogix Apps
- Set up a File Share. Remove Everyone from Share Permissions, assign Read, and Change permission to Authenticated Users. This will be used as VHD Location to store VHD files
- Modify NTFS permission as shows in below images
|Users||This Folder Only||Modify|
|Creator / Owner||Subfolders and Files Only||Modify|
|Administrator (optional)||This Folder, Subfolders, and Files||Full Control|
- Copy fslogix.admx and paste it at \\domain\SYSVOL\domain\Policies\PolicyDefinitions. Copy fslogix.adml and paste it at \\domain\SYSVOL\domain\Policies\PolicyDefinitions\en-us
- Edit a GPO or create a new One. Go to Computer Configuration/Administrative Templates/FSLogix/Office 365 containers. Open Enable setting. Select Enable and check Enabled. This setting enables FSLogix Office 365 container
- Open VHD Location setting. Enable it and put the path of the file share we created in one of the previous step
- Open Size in MBs setting. Enable it and leave the size to 500MBs. The default size of the VHD is 30 GBs and minimum size is 500 MBs. If you try to change the size to any number below 500, you will get an alert.
- If you wish, you can enable Dynamic VHD(X) allocation
- Open Include Outlook data in container and enable it
- Open Include Outlook personalization date in container and enable it
- Open Include search database in Office 365 container. Enable it and select Multi-user search for server and Single-user for desktop operating system
- Confirm that searchindexer.exe is running. If it not then install Window Search Service Feature
- Open Include OneDrive data in container and enable it
- Open Include Teams data in container and enable it
- Open Include Skype data in container and enable it
- Open Include OneNote data in container and enable it
- Open Include OneNote UWP notebook data in container and enable it
- Now, when a user logs in, a folder in VHD Location by the name SID_UserID is created. Inside that folder, you can find the VHD file by the name ODFC_UserID.vhd. Inside Disk Management, you see the mounted disk of 500 MBs
- Let’s configure concurrent access to VHD now. Concurrent Access means that a user is allowed to make multiple, concurrent connections to same windows instance. This is very normal in Citrix Virtual Apps and Desktops. Concurrent Access in FSLogix is possible because of a Difference Disk. The purpose of Difference disk is to ensure that changes are reverted or merged to the parent VHD.
- Open Allow concurrent user sessions and enable it
- Open VHD access type, enable it and select Unique disk per session. Using Difference disk stored on local machine or Difference disk stored on network could potentially cause data loss to Outlook and One Drive for Business. Direct Access will fail the concurrent access with a sharing violation error (20)
- Per-session unique disk doesn’t use Difference Disk. As the name suggests, it uses a unique disk for every concurrent session
- Per-session VHD files are named as ODFC-%username%-SESSION-<sessionnumber>.vhd where SessionNumber is an integer from 0 – 9
- At logon, if VHD is found and currently not in use then it will be directly attached. If not found, one will be created and used
- At logout, the VHD is detached and if it marked for deletion (the number exceeds 9) then it will be removed
- To the maximum, 10 number of per-session VHDs can be created
- The disadvantage of Per-session unique disk is that there is no fully merged VHD therefore the currently attached VHD takes extra time to fully synchronize. Unfortunately, that the only supported method at time of writing if you want Concurrent Access and don’t want to lose data while using Outlook and OneDrive for Business.
- If Concurrent Access is not required then go with Direct Access that is the default option and works with Outlook and OneDrive for Business.
- To understand how to setup concurrent access on FSLogix Profile Container, read this Microsoft doc
- This is how VHDs will look with Per-session unique disk
- Final Result
- Exclude Administrators so their profiles (Profile Container) or Office Data (Office Container) is not processed. FSLogix creates four groups. By default, Everyone is added to both Include List groups. Add Administrators to both Exclude List groups
- If you are using any other profile solution like Citrix UPM with FSLogix Office 365 Container then you should add following exclusions in that profiling solution otherwise conflicts will happen
At the end of this article, I recommend reading Leveraging new FSLogix platform capabilities in virtual environments by Dave Brear.
Thanks for reading.