App Layering

Automating App and OS Layers

Back in May I attended my local CUGC where Ron Oglesby presented a master class on Citrix App Layering (ELM) and after the presentation, it was asked if there was any sort an SDK. Ron explained that there is no public API or SDK (yet), but some of the newer ELM components were built with this in mind. This statement resonated with me and when I got home that afternoon, I fired up Fiddler to see how the API worked. After a rather lengthy process of reverse engineering the API with Fiddler, Postman and documenting the processes I was able to write my SDK. When I completed the SDK I wasn’t really sure how it could be utilized in an environment or if there would be a need. Figured it would be more useful around documenting an ELM environment vs actually automating the creation or updating layers. I was under the impression that if an organization could automate layer creation, chances are they could automate the entire image making ELM redundant. However, after thinking about it for some time I now see ELM in combination with automation potentially being the stopgap between manual installs\updates and a fully automated build. By automating certain aspects of ELM it could allow organizations to tiptoe into automation and create a comfort level and free up time otherwise spent on updating common layers. This allows administrators to continue manually installing the difficult applications or even controlled by other teams but allowing automation to keep the common apps (e.g. Firefox, Chrome, Notepad Plus Plus…) and OS layers fully updated on regular intervals.

layer

The intent of this series of posts is how to approach automating some common apps and keeping the operating system layers fully updated.

  1. The first section will detail the steps needed for the script host and the base operating system layer allowing for automation.
  2. The second section will cover automatically building and updating app layers utilizing Choclatey packages.
  3. The third will cover continually keeping an operating system layer updated with Windows updates

Disclaimer

Just some notes before getting started.

  • The SDK in these posts isn’t supported by Citrix so please TEST fully and make sure you understand what's taking place.
  • These guides are by no means the only way to approach automating ELM but a proof a concept to show it can be done and others can hopefully use as a base.
  • The process isn’t necessarily the most secure but again this is to show the possibilities so please run with care.
  • I really hope Citrix sees the value in having a supported SDK and the possibilities it can create to further the adoption of ELM.
Add a comment

Read more: Automating App and OS Layers

Getting Started with the Citrix App Layering Cloud API Service

Last week Citrix released a "Tech Preview" of the App Layering API.  The API as a starting point has some basic functionality that customers have been wanting for a long time such as querying layers and resources. The Citrix documentation provides a JSON spec but I also imported into Swagger to quickly see what it offers.  The API is very different than other Citrix SDKs\APIS in that it requires an on-premises appliance that communicates to the ELM appliance while the API calls are made over the internet.  This post will go over the basics of getting started and provide a script that provides some of the functionality.

main

Agent Appliance Configuration

In order to gain access to the appliance and API, you will need both a Citrix Cloud account ID and a submitted form requesting access.  Once the request is approved you will receive instructions on how to install the appliance and provide the needed Cloud account information.  Once the appliance is registered with Citrix cloud make note of the registration ID to be used later.

agentid

Registering ELM Appliance with Agent

Once the appliance is registered with Citrix Cloud the appliance then needs to register the on-prem ELM appliance.  In order to register the appliance you will need to identify your endpoint URL.  There are currently three.

Like all the Citrix Cloud APIs a token will need to be requested to do any further commands. In order to request a token your cloud id and secret will be used.  Again, the below code will be provided in a single script at the end of this post.

function Get-BearerToken {
param (
[Parameter(Mandatory=$true)]
[string] $customerId,
[Parameter(Mandatory=$true)]
[string] $clientId,
[Parameter(Mandatory=$true)]
[string] $secret
)
$requestUri = "https://trust.citrixworkspacesapi.net/$customerId/tokens/clients"
$headers = @{"Content-Type"="application/json"}

$auth = @{
"ClientId" = $clientId
"ClientSecret" = $secret
}
$response = Invoke-RestMethod -Uri $requestUri -Method POST -Headers $headers -Body (ConvertTo-Json $auth)
return $response.token
}

This function will return a token to be used for all further commands. 

Now that we have our token we can register our ELM appliance with the API agent. In addition to the token you will also need the agent ID that we documented earlier, the IP or hostname of the ELM appliance and admin credentials.

function Invoke-ApplianceReg {
param (
[Parameter(Mandatory=$true)]
[string] $customerId,
[Parameter(Mandatory=$true)]
[string] $token,
[Parameter(Mandatory=$true)]
[string] $url
)
$requestUri = $url + "/resources/"
$headers = @{
"Content-Type"="application/json; charset=utf-8"
"Authorization" = "CWSAuth bearer=$token"
"Accept" = "application/json;version=preview"
"Citrix-CustomerId" = $customerId
}
$body = @{
 "name"= "Butler's Appliance"
"description"= "A description of my App Layering appliance"
"type"= "Appliance"
"resourceLocationId"= "1333b292...."
"applianceConnection"= @{
"address"= "192.168.2.50"
"auth"= @{
"credentials"= @{
"username" = "administrator"
"password" = "mypassword"
}
}
}
}
$response = Invoke-RestMethod -Uri $requestUri -Method POST -Headers $headers -Body ($body|ConvertTo-Json -Depth 5)
 return $response
}

Make sure to adjust the script to reflect your information.  Once the script is run you should receive information about your registration.

appliance

Sync Appliance

Once the ELM is registered it must be synced with the agent in order to receive the needed metadata such as layers and appliance info.

function Invoke-ApplianceSync {
param (
[Parameter(Mandatory = $true)]
[string] $customerId,
[Parameter(Mandatory = $true)]
[string] $token,
[Parameter(Mandatory = $true)]
[string] $url,
[Parameter(Mandatory = $true)]
[string] $ApplianceID
)

$headers = @{
"Content-Type" = "application/json; charset=utf-8"
"Authorization" = "CWSAuth bearer=$token"
"Accept" = "application/json;version=preview"
"Citrix-CustomerId" = $customerId
}
$requestUri = $url + "/resources/" + $ApplianceID + "/`$sync?async=true"
$response = Invoke-WebRequest -Uri $requestUri -Method POST -Headers $headers
return $response.headers.Location
}

This will return a Job URL that can be queried to see the progress.  After the job is completed you will notice further info available and you are ready to start automating!

Note: There is no automatic sync.  If layers are updated on the ELM a sync should be run to update the API agent

appliancemore

The Script

The script is available here that includes the above-mentioned functions and a few others to get you started.

 

 

Add a comment