Product documentation
Linux Virtual Delivery Agent
Current Release 2311 2308 2305 2303 2301 2212 2210 2209 2207 2206 2204 2203 LTSR 1912 LTSR 7.15 LTSR
View PDF

Create Linux VDAs on Google Cloud Platform (GCP) using Machine Creation Services (MCS)

April 12, 2024
Contributed by: 
B

To create Linux VDAs on GCP using MCS, complete the following steps:

Step 1: Create a Linux Virtual Machine (VM) on GCP

Step 2: Create a GCP service account

Step 3: Create a host connection to GCP in Citrix Studio

Step 4: Prepare a Linux VDA master image

Step 5: Create a machine catalog

Step 6: Create a delivery group

Step 1: Create a Linux VM on GCP

Step 1a: In the Google Cloud console, navigate to Compute Engine > VM instances.

Step 1b: On the VM instances page, click CREATE INSTANCE to create a VM instance.

CREATE INSTANCE tab

Step 1c: Make the following configurations and keep other configurations as default:

  • Enter a name for your VM instance.
  • Select a region and zone to host your VM.
  • (Optional) Add a GPU to your VM. For more information, see Step 4c later in this article.

  • In the Boot disk section, select the operating system and disk size for your VM. For example:

    Boot disk

  • Navigate to Advanced options > Networking and set the Hostname field to an FQDN.

    Set the hostname field

Step 1d: Click Create to create the VM instance.

Step 1e: After the VM is created, return to the Compute Engine dashboard, find your VM instance in the list, and click the SSH button to connect to your VM.

Click the SSH button to connect to your VM on GCP

Step 1f: Upload the Linux VDA package to your VM through the web-based SSH client.

Upload the Linux VDA package to your VM on GCP

Step 1g: Prevent failures to access the VM using SSH.

The VM might be unreachable after a restart. To work around the issue, set a root password when logging on to the VM for the first time and make sure that you can log on to the VM as root. Then, run the following commands in the console after restarting the VM:

nmcli dev connect eth0
systemctl restart NetworkManager
<!--NeedCopy-->

Connect to the serial console

Step 2: Create a GCP service account

This section guides you through creating a GCP service account, including creating a service account key and granting the required roles to the service account.

Note:

To create a GCP service account, ensure that you are granted the Service Account Admin (roles/iam.serviceAccountAdmin) IAM role.

Step 2a: In the Google Cloud console, navigate to IAM & Admin > Service Accounts and then Click the Create Service Account tab.

Create Service Account tab

Step 2b: In the Service account details step, enter the values in the fields and then click Create and continue.

Service account details

Step 2c: Skip the optional steps and click Done at the bottom.

Done with creating a GCP service account

Step 2d: Navigate to IAM & Admin > Service Accounts again and then click the Service accounts tab. Find the newly created service account, navigate to the Keys tab, and then click Add key > Create new key > JSON > Create.

Add a GCP service account key

Download the key file

Note:

After you download the key file, you can’t download it again.

Step 2e: In the Google Cloud console, navigate to IAM & Admin > IAM and then click Add. Search for and select the newly created service account in the New members field and then select a role for the service account to grant it access to your resources. Keep granting roles by clicking Add another role to ensure that you grant all the following roles to the newly created service account.

  • Compute Admin
  • Storage Admin
  • Cloud Build Editor
  • Service Account User
  • Cloud Datastore User
  • Compute Instance Admin (beta)
  • Owner

For example:

Grant roles to the GCP service account

Step 3: Create a host connection to GCP in Citrix Studio

Set up your GCP environment according to Google Cloud Platform virtualization environments and then complete the following steps to create a host connection to GCP.

  1. For on-premises Delivery Controllers, choose Configuration > Hosting > Add Connection and Resources in the on-premises Citrix Studio to create a host connection. For cloud Delivery Controllers, choose Manage > Hosting > Add Connection and Resources in the web-based Studio console on Citrix Cloud to create a host connection.

  2. In the Add Connection and Resources wizard, select Google Cloud Platform as the connection type.

    For example, in the web-based Studio console on Citrix Cloud:

    Add connection image

  3. Import the service account key of your GCP account and type your connection name.

  4. The wizard guides you through the pages. Specific page content depends on the selected connection type. After completing each page, select Next until you reach the Summary page. For more information, see Step 2: Create a host connection in the Create non-domain-joined Linux VDAs using MCS article.

Step 4: Prepare a Linux VDA master image

Step 4a: (For RHEL 8.x/9.x and Rocky Linux 8.x/9.x) Configure Ethernet connection.

After you install the Linux VDA on RHEL 8.x/9.x and Rocky Linux 8.x/9.x hosted on GCP, the Ethernet connection might be lost and the Linux VDA might be unreachable after a VM restart. To work around the issue, set a root password when logging on to the VM for the first time and make sure that you can log on to the VM as root. Then, run the following commands in the console after restarting the VM:

nmcli dev connect eth0
systemctl restart NetworkManager
<!--NeedCopy-->

Connect to the serial console

Step 4b: Install the Linux VDA package on the template VM.

On the template VM, do the following to install the Linux VDA package:

  1. Install .NET Runtime 6.0:

    sudo yum install dotnet-sdk-6.0
<!--NeedCopy-->

  2. Install the Linux VDA package:

    sudo yum –y localinstall <PATH>/<Linux VDA RPM>
<!--NeedCopy-->

  3. Enable the EPEL repository:

    sudo rpm -ivh  https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
<!--NeedCopy-->

Step 4c: Add a Graphics Processing Unit (GPU) to the template VM on GCP (optional).

  1. In the Google Cloud console, add one or more GPUs to the template VM. For information about adding and removing GPUs on GCP, see https://cloud.google.com/compute/docs/gpus/add-remove-gpus.

    Add one or more GPUs to a VM on GCP

  2. Install the appropriate GPU driver on the template VM. For more information, see https://cloud.google.com/compute/docs/gpus/install-drivers-gpu.

    Required NVIDIA driver versions:

    NVIDIA GPUs running on Compute Engine must use the following NVIDIA driver versions:

    • For L4 GPUs:
      • Linux : 525.60.13 or later
    • For A100 GPUs:
      • Linux : 450.80.02 or later
    • For T4, P4, P100, and V100 GPUs:
      • Linux : 410.79 or later
    • For K80 GPUs (End-of-life):
      • Linux : 410.79 - latest R470 version

    For K80 GPUs, NVIDIA has announced that the R470 driver branch is the final driver version to receive debug support. To review this update, see NVIDIA Software Support Matrix.

    Installation script:

    You can use the following script to automate the installation process:

    https://raw.githubusercontent.com/GoogleCloudPlatform/compute-gpu-installation/main/linux/install_gpu_driver.py --output install_gpu_driver.py
<!--NeedCopy-->

    Supported operating systems:

    The installation script was tested on the following Linux distributions:

    • CentOS 7/8
    • Debian 10/11
    • Red Hat Enterprise Linux (RHEL) 7/8
    • Rocky Linux 8
    • Ubuntu 18/20/22

    If you use this script on other Linux distributions, the installation fails. For Linux VMs, this script installs only the NVIDIA driver.

    1. Download the installation script.

      curl https://raw.githubusercontent.com/GoogleCloudPlatform/compute-gpu-installation/main/linux/install_gpu_driver.py --output install_gpu_driver.py
<!--NeedCopy-->

    2. Grant complete access to the script.

      chmod 777 install_gpu_driver.py
<!--NeedCopy-->

    3. Run the installation script.

      python3 install_gpu_driver.py
<!--NeedCopy-->

    4. Disable Wayland in gdm3.

      • Locate your distribution’s Wayland configuration file in one of the following locations:
        • /etc/gdm3/custom.conf (Ubuntu)
        • /etc/gdm/custom.conf (CentOS, RHEL, Rocky Linux)
      • Open the file with sudo/root privileges.
      • Uncomment WaylandEnable=false by deleting the # at the beginning of the line.
      • Restart the VM.

    5. If you installed an NVIDIA 510 or later driver, disable the GSP firmware.

      If GSP firmware is enabled, disable it by setting the NVIDIA module parameter NVreg_EnableGpuFirmware to 0.

      Set this parameter by adding the following entry to the /etc/modprobe.d/nvidia.conf file:

      • options nvidia NVreg_EnableGpuFirmware=0

      • If the /etc/modprobe.d/nvidia.conf file does not exist, create it.

      When completing this step, keep the following in mind:

      • Use sudo to run the commands to create and update the configuration file.

      • To restart the VM, you can use sudo reboot in the Linux terminal or stop and start the VM.

Step 4d: Configure MCS variables.

Configure MCS variables by editing the /etc/xdl/mcs/mcs.conf file. The following are MCS variables that you can configure for non-domain-joined and domain-joined scenarios:

  • For non-domain-joined scenarios

    You can use the default variable values or customize the variables as required (optional):

    DOTNET_RUNTIME_PATH=path-to-install-dotnet-runtime \
    DESKTOP_ENVIRONMENT= **gnome | mate \**
    REGISTER_SERVICE=**Y | N**
    ADD_FIREWALL_RULES=**Y | N**
    VDI_MODE=**Y | N**
    START_SERVICE=**Y | N**

    MCS variables for non-domain-joined scenarios

  • For domain-joined scenarios

    • Use_AD_Configuration_Files_Of_Current_VDA: Determines whether to use the existing AD-related configuration files (/etc/krb5.conf, /etc/sssd.conf, and /etc/samba/smb.conf) of the currently running VDA. If set to Y, the configuration files on MCS-created machines are the same as the equivalents on the currently running VDA. However, you still must configure the dns and AD_INTEGRATION variables. The default value is N, which means the configuration templates on the master image determine the configuration files on MCS-created machines. To use a currently running VDA as the template VM, set the value to Y. Otherwise, set it to N.

    • dns: Sets the IP address for each DNS server. You can set up to four DNS servers.

    • NTP_SERVER: Sets the IP address for your NTP server. Unless otherwise specified, it’s the IP address of your domain controller.

    • WORKGROUP: Sets the workgroup name to the NetBIOS name (case-sensitive) that you configured in AD. Otherwise, MCS uses the part of the domain name that immediately follows the machine hostname as the workgroup name. For example, if the machine account is user1.lvda.citrix.com, MCS uses lvda as the workgroup name while citrix is the correct choice. Ensure that you set the workgroup name correctly.

    • AD_INTEGRATION: Sets Winbind, SSSD, PBIS, or Centrify. For a matrix of the Linux distributions and domain joining methods that MSC supports, see Supported distributions.

    • CENTRIFY_DOWNLOAD_PATH: Sets the path for downloading the Server Suite Free (formerly Centrify Express) package. The value takes effect only when you set the AD_INTEGRATION variable to Centrify.

    • CENTRIFY_SAMBA_DOWNLOAD_PATH: Sets the path for downloading the Centrify Samba package. The value takes effect only when you set the AD_INTEGRATION variable to Centrify.

    • PBIS_DOWNLOAD_PATH: Sets the path for downloading the PBIS package. The value takes effect only when you set the AD_INTEGRATION variable to PBIS.

    • UPDATE_MACHINE_PW: Enables or disables automating machine account password updates. For more information, see Automate machine account password updates.

    • Linux VDA configuration variables:

      DOTNET_RUNTIME_PATH=path-to-install-dotnet-runtime \
      DESKTOP_ENVIRONMENT= **gnome | mate \**
      SUPPORT_DDC_AS_CNAME=**Y | N**
      VDA_PORT=port-number
      REGISTER_SERVICE=**Y | N**
      ADD_FIREWALL_RULES=**Y | N**
      HDX_3D_PRO=**Y | N**
      VDI_MODE=**Y | N**
      SITE_NAME=**dns-site-name | ‘<none>’**
      LDAP_LIST=**‘list-ldap-servers’ | ‘<none>’**
      SEARCH_BASE=**search-base-set | ‘<none>’**
      FAS_LIST=**‘list-fas-servers’ | ‘<none>’**
      START_SERVICE=**Y | N**
      TELEMETRY_SOCKET_PORT=port-number
      TELEMETRY_PORT=port-number

Step 4e: Create a master image

  1. (For SSSD + RHEL 8.x/9.x or Rocky Linux 8.x/9.x only) Run the update-crypto-policies --set DEFAULT:AD-SUPPORT command and then restart the template VM.

  2. Run /opt/Citrix/VDA/sbin/deploymcs.sh.

    For non-domain-joined scenarios, the following error is normal and does not block you from proceeding.

    MCS deployment for non-domain-joined scenarios

  3. Install applications on the template VM and shut down the template VM. Create and name a snapshot of your master image.

Step 5: Create a machine catalog

  1. Sign in to Citrix Cloud. In the upper left menu, select My Services > DaaS.
  2. From Manage > Full Configuration, select Machine Catalogs in the left pane.
  3. Select Create Machine Catalog in the action bar.

  4. On the Machine Type page, select Multi-session OS or Single-session OS and then select Next.

    Machine type

  5. On the Machine Management page, select the Machines that are power managed and the Citrix Machine Creation Services options and then select Next. If there are multiple resources, select one from the menu.

    Machine management

  6. On the Master Image page, select the master image created earlier.

    Select a master image

    Master image selected

  7. On the Machine Identities page, select Non-domain-joined if the master image wasn’t joined to any domain or select an Active Directory account if you joined the master image to a domain.

    For non-domain-joined scenarios:

    Machine identity types

    For domain-joined scenarios:

    Select an Active Directory account option

    • If you select Create new Active Directory accounts, select a domain and then enter the sequence of characters representing the naming scheme for the provisioned VM computer accounts created in the Active Directory. The account naming scheme can contain 1–64 characters, and cannot contain blank spaces, or non-ASCII or special characters.
    • If you select Use existing Active Directory accounts, select Browse to navigate to the existing Active Directory computer accounts for the selected machines.
    • On the Domain Credentials page, select Enter credentials, type the user name and password, select Save, and then select Next. The credential you type must have permission to perform Active Directory account operations.
  8. Configure additional settings on the other pages. For more information, see Create a Google Cloud Platform catalog.

  9. On the Summary page, confirm the information, specify a name for the catalog, and then select Finish.

    Machine catalog setup summary

Machine catalog creation might take a long time to complete. When it completes, the catalog is listed. You can verify that the machines are created on the target node groups in the Google Cloud console.

Step 6: Create a delivery group

A delivery group is a collection of machines selected from one or more machine catalogs. It specifies which users can use those machines, and the applications and desktops available to those users.

For more information, see delivery group creation in the Citrix DaaS documentation.

  1. Sign in to Citrix Cloud. In the upper left menu, select My Services > DaaS.
  2. From Manage > Full Configuration, select Delivery Groups in the left pane.

  3. Select Create Delivery Group in the action bar. The delivery group creation wizard opens.

    The wizard pages that you see might be different, depending on the selections you make.

  4. On the Machines page, select a machine catalog and select the number of machines you want to use from that catalog.

    Create a delivery group

  5. Configure additional settings on the other pages. For more information, see Create delivery groups.

  6. On the Summary page, enter a name for the delivery group. You can also (optionally) enter a description, which appears in Citrix Workspace app and in the Full Configuration management interface. For example:

    Enter a name for the delivery group:

    Name a delivery group

    List of delivery groups in the Full Configuration management interface:

    List of delivery groups in the Full Configuration management interface

    Delivered machine in Citrix Workspace app

    Delivered machine in Citrix Workspace app

Create Linux VDAs on Google Cloud Platform (GCP) using Machine Creation Services (MCS)
April 12, 2024
Contributed by: 
B
April 12, 2024
Contributed by: 
B

In this article

Site feedback | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.