Product Documentation

Microsoft Azure Resource Manager virtualization environments

Apr 24, 2017

Follow this guidance when using Microsoft Azure Resource Manager to provision virtual machines in your XenApp or XenDesktop deployment.

You should be familiar with the following:

Create a connection to Azure Resource Manager

See the Connections and resources article in the latest XenApp and XenDesktop product documentation for complete information about all pages in the wizard that creates a connection. The following information covers only details specific to Azure Resource Manager connections.

There are two ways to establish a host connection to Azure Resource Manager:

  • Authenticate to Azure Resource Manager to create a new service principal.
  • Use the details from a previously-created service principal to connect to Azure Resource Manager.

Authenticate to Azure Resource Manager to create a new service principal

Before you start, make sure:

  • You have a user account in your subscription's Azure Active Directory tenant.
  • The Azure AD user account is also a co-administrator for the Azure subscription you want to use for provisioning resouces.

In the Add Connection and Resources wizard:

  1. On the Connection page, select the Microsoft Azure connection type and your Azure environment.
  2. On the Connection Details page, enter your Azure subscription ID and a name for the connection. The connection name can contain 1-64 characters. The name cannot contain only blank spaces of the characters \/;:#.*?=<>|[]{}"'()'). After you enter the subscription ID and connection name, the Create new button is enabled.
  3. Enter the Azure Active Directory account username and password.
  4. Click Sign in.
  5. Click Accept to give XenApp or XenDesktop the listed permissions. XenApp or XenDesktop creates a service principal that allows it to manage Azure Resource Manager resources on behalf of the specified user.
  6. After you click Accept, you are returned to the Connection page. Notice that when you successfully authenticate to Azure, the Create new and Use existing buttons are replaced with Connected, and a green check mark indicates the successful connection to your Azure subscription.
  7. Indicate which tools to use to create the virtual machines, and then click Next. (You cannot progress beyond this page in the wizard until you either successfully authenticate with Azure and accept giving the required permissions.

Resources comprise the region and the network.

  • On the Region page, select a region.
  • On the Network page:
    • Type a 1-64 character resources name to help identify the region and network combination in Studio. A resource name cannot contain only blank spaces, and cannot contain the characters \/;:#.*?=<>|[]{}"'()'.
    • Select a virtual network and resource group pair. (Since you can have more than one virtual network with the same name, pairing the network name with the resource group provides unique combinations.) If you selected a region on the previous page that does not have any virtual networks, you will need to return to that page and select a region that has virtual networks.

Complete the wizard.

Use the details from a previously-created service principal to connect to Azure Resource Manager

To create a service principal manually, connect to your Azure Resource Manager subscription and use the PowerShell cmdlets provided below.

Prerequisites:

  • $SubscriptionId: Azure Resource Manager SubscriptionID for the subscription where you want to provision VDAs.
  • $AADUser: Azure AD user account for your subscription’s AD tenant.
  • Make the $AADUser the co-administrator for your subscription.
  • $ApplicationName: Name for the application to be created in Azure AD.
  • $ApplicationPassword: Password for the application. You will use this password as the application secret when creating the host connection.

To create a service principal:

Step 1: Connect to your Azure Resoucre Manager subscription.

Login-AzureRmAccount.

Step 2: Select the Azure Resource Manager subscription where you want to create the service principal.

Select-AzureRmSubscription -SubscriptionID $SubscriptionId; 

Step 3: Create the application in your AD tenant.

$AzureADApplication = New-AzureRmADApplication -DisplayName $ApplicationName -HomePage "https://localhost/$ApplicationName" -IdentifierUris https://$ApplicationName -Password $ApplicationPassword 

Step 4: Create a service principal.

New-AzureRmADServicePrincipal -ApplicationId $AzureADApplication.ApplicationId 

Step 5: Assign a role to the service principal.

New-AzureRmRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $AzureADApplication.ApplicationId –scope /subscriptions/$SubscriptionId

Step 6: From the output window of the PowerShell console, note the ApplicationId. You will provide that ID when creating the host connection.

In the Add Connection and Resources wizard:

  1. On the Connection page, select the Microsoft Azure connection type and your Azure environment.
  2. Ont he Connection Details page, enter your Azure subscription ID and a name for the connection. The connection name can contain 1-64 characters, and cannot contain only blank spaces or he characters \/;:#.*?=<>|[]{}"'()'.
  3. Click Use existing. Provide the subscription ID, subscription name, authentication URL, management URL, storage suffix, Active Directory ID or tenant ID, application ID, and application secret for the existing service principal. After you enter the details, the OK button is enabled. Click OK.
  4. Indicate which tools to use to create the virtual machines, and then click Next. The service principal details you provided will be used to connect to your Azure subscription. (You cannot progress beyond this page in the wizard until you provide valid details for the Use existing option.)

Resources comprise the region and the network.

  • On the Region page, select a region.
  • On the Network page,
    • Type a 1-64 character resources name to help identify the region and network combination in Studio. A resource name cannot contain only blank spaces, and cannot contain the characters \/;:#.*?=<>|[]{}"'()'.
    • Select a virtual network and resource group pair. (Since you can have more than one virtual network with the same name, pairing the network name with the resource group provides unique combinations.) If you selected a region on the previous page that does not have any virtual networks, you will need to return to that page and select a region that has virtual networks.

Complete the wizard.

Create a Machine Catalog using an Azure Resource Manager master image

This information is a supplement to the guidance in the Create Machine Catalogs article in the latest XenApp and XenDesktop product documentation.

A master image is the template that will be used to create the VMs in a Machine Catalog. Before creating the Machine Catalog, create a master image in Azure Resource Manager. For information about master images in general, see the Create Machine Catalogs article.

When you create a Machine Catalog in Studio:

  • The Operating System and Machine Management pages do not contain Azure-specific information. Follow the guidance in the Create Machine Catalogs article.
  • On the Master Image page, select a resource group and then navigate (drill down) thorugh the containers to the Azure VHD you want to use as the master image. The VHD must have a Citrix VDA installed on it. If the VHD is attached to a VM, the VM must be stopped.
  • The Storage and License Types page appears only when using an Azure Resource Manager master image. 

Select a storage type: standard or premium. The storage type affects which machine sizes are offered on the Virtual Machines page of the wizard. Both storage types make multiple synchronous copies of your data within a single data center. For details about Azure storage types and storage replication, see the following:

https://azure.microsoft.com/en-us/documentation/articles/storage-introduction/

https://azure.microsoft.com/en-us/documentation/articles/storage-premium-storage/

https://azure.microsoft.com/en-us/documentation/articles/storage-redundancy/

Select whether or not to use existing on-premises Windows Server licenses. Doing so in conjunction with using existing on-premises Windows Server images utilizes Azure Hybrid Use Benefits (HUB). More details are available at https://azure.microsoft.com/pricing/hybrid-use-benefit/

HUB reduces the cost of running VMs in Azure to the base compute rate since it waives the price of additional Windows Server licenses from the Azure gallery. You need to bring your on-premises Windows Servers images to Azure to use HUB. Azure gallery images are not supported. On-premises Windows Client licenses are currently not supported. See https://blogs.msdn.microsoft.com/azureedu/2016/04/13/how-can-i-use-the-hybrid-use-benefit-in-azure/%23comment-145

To check if the provisioned Virtual Machines are successfully utilizing HUB, run the powershell command

Get-AzureRmVM -ResourceGroup MyResourceGroup -Name MyVM

and check that the license type is Windows_Server. Additional instructions are available at https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-windows-hybrid-use-benefit-licensing/

  • On the Virtual Machines page, indicate how many VMs you want to create; you must specify at least one. Select a machine size. After you create a Machine Catalog, you cannot change the machine size. If you later want a different size, delete the catalog and then create a new catalog that uses the same master image and specifies the desired machine size.

Virtual machine names cannot contain non-ASCII or special characters.

  • The Network Cards, Computer Accounts, and Summary pages do not contain Azure-specific information. Follow the guidance in the Create Machine Catalogs article.

Complete the wizard.