I've got a very specific requirement.....I have a client who wants persistent Win10/11 virtual desktops for developers and power users, but they need to be rebuilt every three months as part of security standards. Covering the profile side of it is easy enough - just use Citrix UPM to sync off a copy of the profile every now and then. It's the apps that will give me trouble, as these users have access to Nexus repositories to install whatever they want. So I somehow need to come up with a way of provisioning them new desktops every three months and "restoring" all of their applications (data isn't an issue as OneDrive covers that, profile is covered too as I said). I thought of a few things:- 1. Take a backup of their machine somehow and restore it (but security aren't very keen on this because the whole idea of the 3-month rebuild is to "kill off" any APTs that may be hiding in the filesystem) 2. Use Citrix User Personalization Layer to capture their apps into a layer (not sure how this would perform, but certainly an option - although I'm not sure if UPL can run on persistent machines) 3. Load all the applications into InTune and see if they can be "re-delivered" smartly to the user after the rebuild (not sure how slick this would be, pretty sure InTune apps need to be installed from the company portal, so a lot of time and faff potentially in this which isn't what they want) 4. Use something like Chocolatey or WinGet to handle their interaction with Nexus and put something together to write a file somewhere in their profile that details what apps have been installed, and then use this as a source to redeploy them at rebuild time (not entirely sure if this is doable - Chocolatey certainly doesn't support a "do after install" action so would have to do some custom stuff) Anyone got any more suggestions that might be worth looking at to handle this? I appreciate being able to "snap" applications into the session based around the user context is pretty much a Holy Grail for VDI environments - hopefully there is something obvious I've missed during my hiatus which will make everything nice and easy 🙂

Spitballing here…..MSIX app attatch maybe and then use the reset feature via MCS (golden image) but persistent option?

Would be great if applications would actually go into MSIX. Some big apps being used (Anaconda and the like)

talk about the hardest use case, automating builds of static dev/power user machines. Taking away the users right to install apps, would give you a better system around who needs what app, then you just need to find a way to automate the install of the apps on said VM, and then find where they are storing the data for that app. Instead of taking away the rights to install, you could write something to query what's installed too, but will still need to automate that upon new build. That's a tough one, as each VM is going to be different.

You could use ansible with Nexus to deploy and configure

Docker containers for their Nexus/Dev stuff - to keep it separate from the OS Image??

Hmmm, sounds worth investigating

FlexApp sounds perfect

There's something I hadn't thought of....not sure paid is an option but if that's the best then so be it

We did a large PoC and it worked great, but the licensing didn't fit for us. That said, apps would need to be "packaged" as FlexApp packages.

FlexApp has a bit of a performance hit loading large apps but if it’s persistent it should only have to load it once every 3 months.

Yeah we can take a bit of a hit at first provisioning but that's it. Numecent I won't entertain after some odd experiences with them from a commercial perspective

last time I checked, Numecent was twice FlexApp cost haha

yeah, their licensing is odd

Wasn't just their licensing, but I'm not going to discuss that on a public forum ;-)

lol fair enough

Connect with @Johnny Ma if you want to explore FlexApp options

yeah, I’ll second that, Johnny is great to work with

Happy to talk, DM me and I can answer questions

You might well get a message tomorrow 😀

Can Chocolatey or Winget interact with a Nexus repo? - Chocolatey and Winget can export a list of apps that can be read back in to re-install those apps. Microsoft Dev Home is a front-end to Winget to do exactly this (I’m not suggesting you use Dev Home). If the user has admin rights, they could complete this task themselves.

For such case, we give this kind of users access to a dedicated pipeline in gitlab to create the base image for the machine catalog. It's based on a common Citrix image (including VDA, FSlogix and so on) and they can write an ansible playbook to personalize image's content. They add/remove software based on their need and they deploy it whenever they want. It gives them a lot of autonomy and Citrix looks very modern with this approach.

Not gonna lie, that sounds f*cking awesome 🙂