A FSLogix Profile Container is more or less a Windows user profile living in a VHD- or VHDX-File. The concept is similar to Microsoftâ€™s User Profile Disks for RDS which tries to solve issue with traditional Windows roaming profiles
A user profile disk in Microsoftâ€™s world can only be mounted once. Additional attempts mounting the disk will fail.
There is a new option for FSLogix Profile Container which enables you to mount a VHD(X) at the same time on different machines. This is a kind of concurrent access to a FSLogix Profile Container.
Typical use cases:
- Somebody has a workstation PC which uses FSLogix Profile Containers. At the same time the users connects from this PC to a remote desktop session, which needs to load the same FSLogix Profile Container.
- From a XenDektop Virtual Machine, which uses FSLogix Profile Containers, a user starts a published application on a XenApp Server. On the XenApp Server the same FSLogix Profile Container needs to be used.
You have 4 different options for the behavior of FSLogix Profile Containers on a machine.
- Normal profile behavior:
This means that the VHD(X) gets exclusively mounted and can not be mounted on a different machine at the same time.
- RW profile:
This means that the VHD(X) gets mounted in read/write mode, but it can also be mounted read only on a different machine at the same time.
- RO profile:
This means that the VHD(X) gets only mounted in read only mode, and it can also be mounted in read/write mode or read only mode on a different machine at the same time.
- Try RW profile:
This means that the machine tries to mount the VHD(X) in read/write mode, but if it fails, then it fails back and mounts it in read only mode.
If we remember our use case, we can say the XenDesktop VM is our main working place and our FSLogix Profile Container gets read/write mounted. When starting a published application, then the XenApp Server uses the same FSLogix Profile Container, but mounts it only in read only mode.
The configuration setting to allow concurrent access to FSLogix Profile Containers are not available in any GUI-configuration dialog, but are documented in the FSLogix Apps Administration Guide.
What really happens under the hood?
To trace a little bit and find out what happens under the hood, we can use some simple tools.
Because of the VHD(X) files are on a file share, we can use the â€œShared Foldersâ€ MMC-Snap-in on the file server, to see which user opens and locks which file.
Normal profile behavior
For the normal profile behavior, we see that there is a lock on the VHDX-file and FSLogix opened it in read/write mode
If we configure FSLogix Profile Containers on a machine using the option RW profile, we see that the user has opened two different VHDX files, but only one of them is opened in read/write mode.
The one with the read/write mode is a differencing disk and the other is the base disk. So, FSLogix automatically creates a differencing disk and writes to it. And now any other machine can easily access the base disk also in read only mode.
We can also trace the algorithm in the log file of FSLogix, where we see the used mode – in this case RW profile and also the information about creating a differencing disk.
At logoff the differencing disk gets successfully merged into the base disk.
If we configure FSLogix Profile Containers on a machine using the option RO profile, we see that a user has opened the VHDX file in read only mode.
If we trace this in the log again, we see that we are using the read-only option, but there is also a differencing disk created. In contrast to the option RW profile, the differencing disk is not stored on the file share but in the local Windows-TEMP. The reason why here is also a differencing disk is that we need writeable disk for our user profile in any case.
But in contrast to the RW profile at logoff the differencing disk is not merged, but gets deleted.
Try RW profile
If we configure FSLogix Profile Containers on a machine using the option Try RW profile, then at logon there happens a check if there exists a differencing disk named RW.vhdx in the file share. If not then a differencing disk is created in the file share and the RW role is taken.
Otherwise if the differencing disk already exists in the file share then FSLogix assumes that another machine already has the RW role. That means, this machine can only take the RO role.
Here is also a comparison table between FSLogix Profile Containers and Microsoft Profile Disks, which shows a lot more differencies.
- Anwendungsfälle für Kontext-basierte Sicherheit LIVE demonstrieren - 9. Mai 2020
- Webroot DNS Protection - 27. April 2020
- Einfaches Arbeiten von zu Hause aus mit Windows Virtual Desktop und Liquit - 8. April 2020