« Previous 1 2 3 Next »
Desktops and applications with Essentials
Cloud Worker
Selecting Network Connections
At this point, you could in principle carry out further configuration in the Citrix Cloud. However, you need to clarify some important questions beforehand. For the connection between the Citrix Cloud and Microsoft Azure, the Citrix Cloud in this resource group creates two virtual machines on which a Citrix Cloud Connector is installed automatically. However, to access existing resources (data, printers, Active Directory) in your data center, you need a network connection.
Here, you have the choice between a site-to-site VPN or the luxury variant, Express Route. Of course, both variants have their advantages and disadvantages: With the VPN, the disadvantage is limited bandwidth, with Express Route, usually the price. A VPN is certainly sufficient for a proof of concept or a limited number of users (e.g., only external employees); in a production environment, only Express Route is advisable. A TechNet article [4] describes how to configure a site-to-site VPN with Citrix NetScaler Cloud Bridge.
Integrating Active Directory
A decision regarding Active Directory is also necessary. Various options include:
- Extending the internal Active Directory: In principle, this means providing one or more domain controllers (DCs) in the Azure resource group and adding them as full DCs to the internal domain. Please note that these DCs must of course not be read-only, because the Citrix Cloud has to create machine accounts for the virtual desktops or terminal servers on these DCs. Because of security concerns and, of course, replication traffic, this variant is usually not advisable.
- A new, independent forest: The better variant is to create an independent forest with its own namespace (not a subdomain) in the resource group, where all machine accounts can then be created without a problem. For the authentication of internal users, however, a corresponding trust position to the internal domain is required. This variant is also possible with Active Directory Federation Services (ADFS) instead of with a position of trust.
- Azure Active Directory Domain Services: With this variant, not to be confused with AD on Azure, by the way, you operate Active Directory exclusively in the cloud, which of course should be used only in Cloud-only infrastructures.
For the first two variants, a connection between the Azure resource group and your local network via VPN or Express Route is mandatory. Therefore, for variants 1 and 2, you also need to provide virtual machines for the required DCs and configure them accordingly. Not much happens on these DCs, so a DS1 v2 or DS2 v2 instance [5] should be fine as a virtual machine. In this context, you will also want to set up a small instance as a file server for the user profiles. It makes sense to place the user profiles as close as possible to the virtual desktops or terminal servers.
For the golden image, you can either create another instance and install the image with Windows 10 or Windows 2016 Server, the required applications, and the corresponding Citrix Virtual Delivery Agent (VDA), or you can use an existing image and upload the virtual hard disk as a Virtual Hard Disk (VHD) file to the resource group from a storage account. It doesn't really matter which method you choose. If you don't want to do all this manually, you can use prefabricated Azure templates [6]. As mentioned before, all instances are assigned an IP address by DHCP. You should not use static IP addresses within the instance; rather, create a DHCP reservation using Azure. Now your infrastructure should look as shown in Figure 2.
Setting Up Citrix Components
Now for the Citrix part: Log in with your previously created Citrix Cloud account, where you should see a XenApp/XenDesktop Essentials service with a Manage button. The information here is self-explanatory: a name for this environment, the selection of the Azure subscription and the previously created resource group, and the information about the domain in which the required machine accounts are to be created (Figure 3).
For the image to be used, you have a choice between an image prepared by Citrix, which essentially contains only the plain vanilla operating system and Chrome and should only be used for test purposes, and two other options. You can choose an existing image, either from an instance you created in the resource group or an already uploaded image. You can select and use this image from a drop-down list. If you do not have either, you can also upload and use a locally available VHD file. The golden image is created as before: Operating system, required applications, and current VDA, which, if not available, can be downloaded from the Citrix Cloud with the download link.
The last two steps are again driven by cost. For example, XenApp Essentials uses DS2 v2 instances because they offer the best value for money. You only need to specify how many user sessions you want to use per server. The number of virtual instances that will later be created by Citrix Cloud in your Azure subscription depends on this. The power scheme, which you must now select, ensures that unused user connections are logged off and unneeded machines are shut down. It is also possible to take into account that certain capacities remain active to allow users to reconnect without having to start up additional machines first.
Now a little patience is required, because it takes one to two hours until all infrastructure components in the Citrix Cloud and the two machines for the Cloud Connector are created in the Azure resource group. In parallel, another resource group is created in which the virtual desktops or terminal servers are located; they will again be generated by Citrix on the basis of the golden image, courtesy of the Machine Creation Service (MCS). In the Citrix Cloud portal, you can then publish applications to XenApp Essentials and assign users or deploy them using the limited version of the Citrix Studio virtual desktop infrastructure (VDI).
Once the installation is complete, the Citrix Cloud portal will provide a link to the StoreFront server. You can now connect to the infrastructure and start applications or desktops. You can use a Citrix Receiver on a mobile device or the Citrix Receiver for HTML5 in the browser.
« Previous 1 2 3 Next »
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.