Generation 2 vms must use an iso file or a network boot to start an installation.
This article explains how to move your Citrix Provisioning workloads to the Azure Cloud, using the same provisioning tools and policies as you use with on-premises hypervisors. Show
This functionality includes support for the Citrix Virtual Apps and Desktops Setup Wizard. You can integrate with Citrix Virtual Apps and Desktops and Citrix DaaS (formerly Citrix Virtual Apps and Desktops service) using the same tools that you already know. Installing Citrix Provisioning in your Azure subscription is the same as installing it in an on-premises provisioning farm. Supported featuresThe following Citrix Provisioning features are supported when provisioning workloads in Azure:
LimitationsThe following features are not supported:
Consider the following Azure limitations:
This release has the following additional limitations:
If you try to create vDisks from master VMs that have plan information, creation will fail with the following error message: RequirementsTo use Citrix Provisioning on Azure you need the following:
You can license this functionality in one of the following ways:
You can install the license server on one of the Citrix Provisioning server VMs. ArchitectureThis high-level architecture diagram shows the components that are either required or recommended to set up Citrix Provisioning on Azure. The following diagram focuses on the Citrix Provisioning Server itself, and related components: This section describes the main components. Citrix CloudWhen using Citrix Provisioning on Azure, Citrix DaaS, including the:
The Citrix Provisioning Server does not manage power for Azure target VMs although targets can be manually turned on and off from the provisioning console. The Broker initiates power management by talking directly to Azure. As the VM boots, it streams the boot disk from the virtual disk maintained by the Citrix Provisioning Server. Azure Active Directory Classic versionCitrix Provisioning on Azure supports “Classic” Active Directory only. You can make the classic Active Directory available on Azure in one of the ways as described in Set up Active Directory. SQL Server on Azure SQLThis release supports SQL Server, SQL Server Express, Azure SQL Database, and Azure SQL Managed Instance. Supported authentication typesCitrix Provisioning on Azure supports more authentication modes to benefit from the features found in Azure SQL Database and Azure SQL Managed Instance. Choose the authentication mode that best suits your needs. The authentication modes that the Citrix Provisioning on Azure supports are:
Following are the tables that provide information about the users to which the authentication modes grants access, required credentials, and supported database platforms.
Other restrictions
Citrix Provisioning ServerYou install the Citrix Provisioning Server on a server-class Azure VM, similar to on-premises deployments. The usual processes for providing storage for vDisks apply:
Target VMs boot using a small boot diskThe Citrix Provisioning Server and targets do not support either PXE or ISO boot, because they are not available on Azure. Instead, target VMs boot uses a small boot disk, the BDM Boot Disk, which is about 20 MB and contains the Citrix Provisioning UEFI boot application. Once the BDM app is running, it uses the Citrix Provisioning protocol to stream the virtual disk contents to the VM. The Citrix Virtual Apps and Desktops Setup Wizard can be used to create BDM boot disk. If you want to manually provision target VMs, you can use the BDM.exe tool to create a VHD file. This file is the boot image which can then be uploaded to Azure. Provisioning of target VMsThe Citrix Virtual Apps and Desktops Setup Wizard can handle all the required steps for provisioning target VMs including:
Citrix Provisioning master VM used to capture a virtual diskThe Citrix Provisioning master VM is used to capture a virtual disk. You create the VM manually on Azure where you install the Citrix Provisioning Target Driver package. The mechanisms for this and the subsequent capture of a virtual disk from the master VM are essentially the same as for existing on-premises installations. There are some important points to note that are covered in the following sections. Set up Citrix Provisioning on AzureThis section explains the pre-installation tasks, steps for creating a Citrix Provisioning collection with a set of targets streamed from your virtual disk, and links to the Azure docs to guide you. To set up Azure provisioning, begin by configuring your provisioning server and other infrastructure on Azure. Using the Azure Resource Manager APIs and the instructions, set up the components along the same lines as your current on-premises setup. You can create PowerShell scripts to automate the process. Pre-installation tasksComplete the following tasks before installing and configuring Citrix Provisioning. Select and configure the databaseEach Citrix Provisioning farm has a single database. You can provide the database on either:
All Citrix Provisioning servers in a farm must be able to communicate with the database server. In a production environment, to avoid poor distribution during load balancing, best practice is to install the SQL Server or SQL Server Express instance and the Citrix Provisioning server component software on separate servers. There are three ways to create the database:
Run the DbScript.exe utility to create or update the databaseIf you do not have permission to create databases, use DbScript.exe to generate a SQL script for the database administrator to run to create or update the PVS database. Run the script from the Windows command prompt in To generate a script to create the database, use this syntax:
When creating a new database for Azure SQL Database, DbScript produces two script files instead of one.
This is due to limitations of Azure SQL Database. To generate the script to update the database, enter:
The commands use these arguments:
Configuration wizard user permissionsYou must have the system privilege of a local administrator to run the configuration wizard. The admin database principal is the database principal used by the configuration wizard to create and set up the provisioning database. The authentication credentials that you specify in the configuration wizard identify the database principal.
See Supported authentication types for more information on selecting an admin database principal.
Service account permissionsThe service account for the Stream and SOAP services must have the following system privileges:
The service database principal is the database principal used by the services to access the provisioning database. The authentication credentials you specify in the configuration wizard identify the database principal to be used.
See Supported authentication types for more information on selecting a service database principal. The configuration wizard will configure the database to ensure the service database principal has the following permissions.
Enable a feature flag on your Azure subscriptionsEnable the
This PowerShell command only changes the timing when MAC addresses are allocated for virtual NICs and does not change the functionality any other way. If you want to permanently remove the capability to create target VMs on Azure, you can disable the feature flag as follows:
Create one or more Resource groups on AzureUsing the Azure documentation, create the Resource groups that match your required structure. Set up Active DirectoryUse one of the following methods to support Active Directory APIs and functionality on Azure:
Establish a virtual network for streaming on AzureIf you do not already have a virtual network on Azure, create a virtual network per region and subscription that you are using. There must be virtual network peering to the Active Directory virtual network and to the Azure SQL Managed Instance virtual network (if used). Refer to the Azure instructions, Establish a Virtual Network.
(Recommended) Set up Azure Bastion access for secure VM accessFor secure external access to VMs running in the subscriptions, we strongly recommend that you create your infrastructure VMs with NO public IP address and configure Azure Bastion, as described in the Azure documentation, Configure Bastion. Create a connector VM on AzureCreate VMs to act as cloud connectors in each unique combination of region and subscription you are using. Then, install a Citrix Cloud Connector. Create the Citrix Provisioning Server on AzureOn Azure, create VMs for the provisioning servers. Size servers for the expected load, similar to on-premises provisioning servers. Then install the Citrix Provisioning software on the VMs. Install the Citrix Provisioning softwareThe Citrix Provisioning Server VMs require the following resources:
To install the Citrix Provisioning Server and Console:
Workflow for running the configuration wizard silentlyThe basic steps involved in the silent configuration of servers in the farm are:
Create the ConfigWizard.ans file manuallyIf you want to create the
Create the master VMThis section explains how to create the master VM, and preparing the image to connect to the Citrix Provisioning Server at boot time. Be sure to use:
To create the master VM:
Create target VMs on Azure using the Citrix Virtual Apps and Desktops Setup WizardThe Citrix Virtual Apps and Desktops Setup Wizard lets you create multiple target VMs in a single invocation. The wizard guides you through the complete process of creating target VMs and integrating them with Citrix Virtual Apps and Desktops and Citrix DaaS. Initial SetupDo the following once before running the Citrix Virtual Apps and Desktops Setup wizard:
Create target VMsTo create target VMs using the wizard:
Also, consider the following:
Manually creating target VMs on AzureCitrix recommends using the Citrix Virtual Desktops Setup Wizard to create target VMs and integrate with Citrix Virtual Apps and Desktops and Citrix DaaS, as documented in the previous section. If you cannot use the Citrix Virtual Desktops Setup Wizard, then you can manually provision target VMs using the procedures outlined in this section. The Citrix Provisioning Server and targets do not support either PXE or ISO boot on Azure, because Azure does not support them. Instead, target VMs boot using a small boot disk, the BDM Boot Disk, which is about ~20 MB and contains the Citrix Provisioning UEFI boot application. Creating the boot diskCreate the boot disk using the Boot Device Manager (BDM) program installed with the server. Run as follows:
Target VMs can also use a DNS name to locate the Provisioning Server, as opposed to specifying its IP address. First, you create a DNS entry that maps to the IP addresses used by the Citrix Provisioning servers on the streaming network. Then, you configure the BDM Boot disk to contact your Citrix Provisioning servers using this name. Defining the DNS name to locate the Provisioning Server is useful for High Availability (HA), because it allows you to return a list of IP addresses as opposed to configuring all IP addresses in the BDM boot disk. To use this feature, you create a DNS entry that maps to one or more IP addresses used by the provisioning servers on the streaming network. In this case, you run the BDM.exe program, and specify the DNS host name for the provisioning server DNS on the first page. Creating the Target VMsIf you want to provision VMs yourself, use the following instructions to create the target VMs:
Azure server side encryption with customer-managed keyCitrix Provisioning on Azure now supports customer-managed encryption keys to encrypt all managed disks, which are BDM Boot disk and WBC disk, associated with each target device. With this support, you can manage your organizational and compliance requirements by encrypting the managed disks of your machine catalog using your own encryption key. For more information, see Server-side encryption of Azure Disk Storage. A Disk Encryption Set (DES) represents a customer-managed key. Assign a DES ID to the boot disk of the template VM. This DES is applied to all disks created when targets are provisioned using Citrix Virtual Apps and Desktops Setup Wizard. The disks created also include BDM Boot disk and WBC disk. Also, if you select Encryption-At-Host for the target VM, then encryption starts on the VM host itself. The encryption is also applied to all target VMs provisioned using the Citrix Virtual Apps and Desktops Setup Wizard. Integrate Manually Created Targets with Citrix Virtual Apps and Desktops and Citrix DaaSAdding a Hosting Connection in Studio connects you to your resource location. When you specify your Azure credentials, Studio creates an Azure Application ID and secret. Citrix DaaS uses these Azure credentials to control the VMs in the resource location. The provisioning Export Devices Wizard uses data from this hosting connection to assist it in creating a Broker Catalog. To integrate with Citrix Virtual Apps and Desktops and Citrix DaaS:
Update Azure credentialsUse the information in this section to update the Azure credentials through the Host Properties in the Citrix Provisioning console.
Delete target VMs on AzureThe delete feature removes the Azure target VMs provisioned through Citrix Virtual Desktops Setup Wizard from the:
In the Citrix Provisioning Console, you can delete target VMs by individually selecting the devices from the Device Collections or Views, or delete the entire device collection. To delete the target VMs:
Troubleshooting deletion process
What is a Generation 2 VM?Generation 2 virtual machines have a simplified virtual hardware model, and supports Unified Extensible Firmware Interface (UEFI) firmware instead of BIOS-based firmware. The majority of legacy devices have also been removed from generation 2 virtual machines.
Which of the following operating systems are supported for use within a generation 2 virtual machine?Generation 2 virtual machines support most 64-bit versions of Windows and more current versions of Linux and FreeBSD operating systems.
Which is an advantage of Generation 2?The major benefits of using generation 2 virtual machine are virtual machine can boot off a SCSI device or a standard network adapter and helps prevent unauthorized firmware, operating systems, or UEFI drivers (also known as Option ROMs) from running at boot time when Secure Boot is enabled.
Which PowerShell cmdlet can be used to start a virtual machine?The Start-VM cmdlet starts a virtual machine.
|