Citrix Provisioning (Citrix Hypervisor, VMware, Hyper-V, Nutanix)
The Citrix Provisioning connector configuration requires an account that the App Layering appliance can use to access the virtual machine where you are creating a layer or publishing layered images.
If you plan to publish layered images to your Citrix Provisioning environment, add a Citrix Provisioning connector configuration for that Citrix Provisioning location.
Citrix Provisioning requirements
- Domain accounts have permissions to access the Citrix Provisioning store and the local system account does not. If your Citrix Provisioning server is configured to use the local system account, which is the default setting, you can change the account by running the Citrix Provisioning configuration tool. The tool gives you an option to run as local system or use a domain account. Choose a domain account.
- The domain user account in the connector configuration must be in the local Administrators group on the Citrix Provisioning server.
- Citrix Provisioning server and account information - For App Layering to access the location in your Citrix Provisioning environment where you want to publish a layered image, you need to supply the credentials and location in a Citrix Provisioning connector configuration.
- The App Layering agent must be installed on each of your Citrix Provisioning servers. For details, see the agent installation instructions.
Citrix Provisioning connector configuration
The information you need for the Citrix Provisioning connector configuration includes.
Name- A useful name to help identify and keep track of this connector configuration.
Console- The name of the Citrix Provisioning server on which the App Layering agent is deployed. This is the server to which the vDisk will be published.
The host name is required, rather than the FQDN so that the Citrix Provisioning server can access the App Layering appliance if it is on a different domain.
Domain User- User name of a domain account that has permission to manage Citrix Provisioning. This account is used by the agent to run Provisioning Services PowerShell commands. This account must have Read/Write access to the Citrix Provisioning store for writing the published vDisk.
Password- Password for the domain user account.
Site Name- Name of the Site this vDisk is to be a member of.
Store Name- Name of the Store that this vDisk is a member of.
Write Cache- When a new Disk is being created, this value sets the Write Cache type of the new Disk. Possible values include:
- Cache on Server
- Cache on Server, Persistent
- Cache in Device RAM
- Cache in Device RAM with Overflow on Hard Disk
- Cache on Device Hard Drive
Important: When choosing a Write Cache option, see Selecting the write cache destination for standard vDisk images to ensure that the Citrix Provisioning servers and target devices that use this vDisk are properly configured for the type you select.
License Mode- Sets the Windows License Mode to:
- KMS - Key Management Service
- MAK - Multiple Activation Keys
Enable Active Directory machine account password management- Enables Active Directory password management. The default value is Enabled.
Enable Load Balancing- Enables load balancing. for the streaming of the vDisk.
Enable Printer Management- When enabled, invalid printers will be deleted from the Device.
Script configuration (Optional, advanced feature)
When creating a new connector configuration, you can configure an optional PowerShell script on any Windows machine running an App Layering agent–the same agent used on the Citrix Provisioning server. These scripts must be stored on the same machine that the App Layering agent is installed on, and are only run after a successful deployment of a layered image. Some preset variables are available to enable scripts to be reusable with different template images and different connector configurations. These variables will also contain information needed to identify the virtual machine created as part of the published layered image in Citrix Provisioning.
Running the scripts will not affect the outcome of the publish job, and progress of commands run in the script will not be visible. The Citrix Provisioning connector logs contain the output of the script that ran.
Configure a script
Remember that this procedure is optional. If you want a script to run each time a layered image is published, complete these steps using the values described in the sections that follow.
Complete and save the connector configuration as described above.
Before selecting Script configuration page, you must save (or discard) any edits to the connector configuration settings,
If the Navigation menu on the left is not open, select it and click Script Configuration to open the Script Path page.
Complete the required fields using the values detailed herein, and click Save.
Script Configuration fields
- Enable script- Select this check box to enable the remaining fields. This allows you to enter a script that runs each time a Layered Image is published.
- Script Agent- The agent machine where the scripts are located and run from.
- Username (optional)- The username to impersonate when running the script. This name can be used to ensure the script runs in the context of a user that has the needed rights/permissions to perform the operations in the script.
- Password (optional)- The password for the specified username.
- Script Path- A full path and file name on the agent machine where the script file resides.
Other Script Configuration values
When the script is executed the following variables will be set and can be used in the powershell script:
|Value||Applies to connector types||Value determined by which code||Description|
|connectorCfgName||All||Common code||The name of the connector configuration with which the script configuration is associated.|
|imageName||All||Common code||The name of the layered image template that is used to build/publish the layered image.|
|osType||All||Common code||The OS type of the published layered image. It can be one of the following values: Windows7; Windows764; Windows200864; Windows201264; Windows10; Windows1064|
|diskLocatorId||All||Provisioning Services||The internal ID for the vDisk.|
The App Layering Agent, which runs as a service on a Windows machine, runs under either the local system account or the network account. Either of these accounts may have some special privileges, but they often are restricted when it comes to running specific commands or seeing files in the file system. Therefore, App Layering gives you the option of adding a domain user and password that can be used to “impersonate” a user. This means that the script can be run as if that user had logged onto the system so that any commands or data will be accessible subject to those user rights and permissions. If a user name or password is not entered, the script runs using the account under which the service is configured to run.
Script Execution Policy
Script execution policy requirements are generally up to you. If you intend to run unsigned scripts, you must configure the execution policy to one of the more lenient policies. However, if you sign your own scripts accordingly, you can choose to use a more restrictive execution policy.