In 2018, Microsoft acquired FSLogix and in what was great news for so many, they made the excellent suite of products available for pretty much all enterprise customers. FSLogix were the first to market with a complete solution for roaming Office 365 data and settings in non-persistent machines and with Windows Virtual Desktop being made generally available worldwide in 2019 it made a lot of sense for Microsoft to not only have a solution for their WVD and Office 365 customers but also a solution for overall profile management which is exactly what FSLogix excels at.
Compared to other profile management solutions aimed at non-persistent machines, FSLogix keeps things very, very simple. Rather than redirecting data to network shares or storing profiles in a database, with FSLogix Profile Containers the entire profile is stored in a virtual disk and mounted in the Operating System at login. While other solutions require a lot of different settings and exclusions, FSLogix Profile Containers require very little configuration and rarely requires exclusions.
One of the original features of FSLogix is its unique App Masking capabilities which can also be great for WVD, VDI, Published Apps and Published Desktop users by allowing Admins to install applications into a shared machine used by many but to selectively hide certain app’s files, directories, registry etc. Numecent Cloudpaging works very well on these platforms too and they are also a WVD partner. In my environment I have on-premises VDI with FSLogix Profile Containers and wanted to share for others who wonder if Cloudpaging and FSLogix can co-exist and if hey complement each other. The short answer is YES!
Cloudpaging and FSLogix Profile Containers
At a very basic level. The Numecent Cloudpaging Player and FSLogix agents co-exist without any issue.
You can use your Cloudpaging apps whilst using an FSLogix Profile Container in-place of a local Windows Profile. No matter how you to decide to deliver your Cloudpaging apps they will be able to work with the FSLogix Profile Container present.
Cloudpaging provides multiple options for how to handle runtime data and applications settings while using your apps. You can leverage their Sandbox for whatever directories you would like, you can set exclusions and you can also optionally allow Windows to handle the roaming of app settings for you. Of course, when you have FSLogix Profile Containers enabled, the Windows roaming becomes the FSLogix profile doing the roaming for you. It really is up to you. You may find that you are happy to use the built in Cloudpaging features for the apps you deploy from your Cloudpaging server or Cloudpaging Content Delivery Network and use your FSLogix Profile Containers for other facets of the user profile. In my case, I am happy to rely on the sandbox.
App Masking
There has been multiple blogs related to using FSLogix App Masking with globally published App-V sequenced applications to ensure application files and directories are not visible on shared machines for users who should not be permitted to use them. This was useful for App-V as global publishing ensured a higher success rate when deploying applications as App-V packages. Numecent Cloudpaging is different to App-V and indeed different to traditional application virtualization in general. With the unique disposition layers, Cloudpaging doesn’t have the same limitations to contend with. There is no need to use a global publishing approach. You can deploy your applications to your users and groups with high confidence the apps will work.
A unique feature of the disposition layers is the ability to set a file, directory, registry key or registry value to an Installed layer which is essentially putting it on your machine just like you’d expect a traditional local install to do. These layers are not all that commonly used for application compatibility purposes as most apps will work in layer 3 or layer 4 but may be used for certain apps when you wish to provide file level visibility to the users on their machines.
This is where App Masking with Cloudpaging can get interesting. What if you would like to deliver some files, directories or even registry that you would like to have remain on the machines even after the application is removed and also ensure is present when the applications are not in use BUT you don’t want them visible to all users on the machines, only to those who should have access for their work needs. You can set these to Layer 1 in your package and have an FSLogix Rule hiding those components from Everyone but allowing it for a certain group like in the above screenshot. In my above example, I have an application that contains some Invoice template documents that I have set to Layer 1 to ensure they are permanent and I am ensuring they are only visible for my Finance Department users.
This can be great on Windows 10 Enterprise Virtual Desktops in WVD ensuring you don’t have to manage multiple desktop pools. Users from all different departments can use the same multi-session OS desktops with the applications and data being tailored for their role.
The most common deployment method for FSLogix App Masking rules is via Group Policy with the rules copied into the desktop on login. This works very well. Previously, I blogged about delivering these rules on a per app basis as needed using App-V. This approach can also be used with Cloudpaging’s Custom AppEvents by using a simple copy command or you can add the directory for the rules in your package and set these to Layer 1 or Layer 2.
Conclusion
While you can use FSLogix Profile Containers for roaming general app settings even for apps delivered with Cloudpaging, you don’t have to. You can leverage the Cloudpaging Sandbox. When using the Cloudpaging Sandbox, you should be able to also assign users an FSLogix Profile Container for roaming everything else. They do work side by side. Since cloudified apps execute in layers only visible to the user launching the app, App Masking is not required for masking app files, directories, registry or even printer objects when delivered as part of a Cloudpaging app. While App Masking can be useful if you do find yourself relying on the Install layers on shared machines, I’d bet most people will very rarely need to use those layers so App Masking with Cloudpaging Apps should never be required but based on my research, it will work for those Install Layers if you do ever need it.