Product Documentation

VMware vSphere

A vSphere connector configuration contains the credentials and storage location that the appliance needs to connect to vSphere.

Before you start

You can use your vSphere environment for creating Layers, and for publishing layered images. Each connector configuration accesses a specific storage location.

You may need more than one vSphere connector configuration to access the correct location for each purpose. Further, you may want to publish each layered image to a location convenient to the system you will be provisioning with the published image. For more about connectors, and connector configurations, see Connect.

For more about vCenter permissions and other platform requirements, see VMware requirements/en-us/citrix-app-layering/4/install-appliance/vmware-vsphere.html).

If this is your first time using App Layering

If this is your first time using App Layering and you want to create layers using a vSphere virtual machine, you will need a vSphere connector. If you are also publishing layered images to vSphere, you can create a connector configuration for each of your publishing locations as well.

The Create Layer and Publish Layered Image wizards each ask you to select a connector configuration. If you don’t yet have the right connector configuration for the task, you can create one by clicking New on the Connector wizard tab (details below),or by proceeding to System tab > Connectors > Add Connector Configuration in App Layering.

Required information for vSphere connector configuration settings

The vSphere connector configuration wizard lets you browse for the vCenter Server, Data Store, and Host to use for a new configuration.

Important:

The fields are case sensitive, so any values that you enter manually must match the case of the object in vSphere, or the validation will fail.

  • Connector Configuration Name- A useful name to help identify and keep track of this connector configuration.
  • vCenter Server- The name of the vSphere server with which the appliance will integrate.
  • vCenter User Name- The user name of the account that the appliance will use to connect to vSphere.
  • vCenter Password- The password of the account that the appliance will use to connect to vSphere.
  • DataCenter Name- The name of the vSphere DataCenter in which the App Layering appliance will create and retrieve virtual machines.
  • Layer Disk Cache Size in GB (optional)- The size of the Disk Cache that App Layering uses when creating layers. If you leave the size blank or set it to 0, App Layering does not use a Disk Cache. If you specify a size, App Layering users a Disk Cache of up to this size to keep copies of boot disks and packaging disks and reuses these disks to create new packaging machines. The reuse of these boot disks and packaging disks reduces the time it takes to package an App layer.
  • Virtual Machine Template (Optional) - Virtual Machine Template that can be used to clone a virtual machine with the hardware settings for VMware, including memory, CPUs and video settings. You can specify the host, datastore and network for configuring the resulting VMs. The OS version used by the selected template must match the OS version that you are using for building layers or publishing layered images. The template must not have any disks attached, and must have at least one network card attached. If it does not, you will see an error when trying to validate or save the configuration.
  • ESXHost Name- The name of thevSphereESX Host on which the appliance will create and retrieve virtual machines.
  • DataStore Name- The name of the vSphere DataStore in which the appliance will create and retrieve virtual machines.
  • Network Name- The name of the vSphere Network in which the appliance will create and retrieve virtual machines.
  • Virtual Machine Folder Name- The name of the vSphere Folder in which the appliance will create and retrieve virtual machines.

Required Privileges for the connector’s vSphere Client Administrator Role

The following privileges are required by the vSphere Client Administrator. Verifying these privileges is done when you click TEST in the Connector wizard:

  • Datastore
    • Allocate space
    • Browse datastore
    • Low level file operations
  • Folder
    • Create folder
    • Delete folder
  • Global
    • Cancel task
  • Host
    • Configuration
      • System Management
  • Network
    • Assign network
  • Resource
    • Assign virtual machine to resource pool
  • vApp
    • Export
    • Import
  • Virtual machine
    • Configuration
      • Add existing disk
      • Add new disk
      • Add or remove device
      • Change CPU count
      • Change resource
      • Memory
      • Modify device settings
      • Remove disk
      • Rename
      • Set Annotation
      • Settings
      • Upgrade virtual machine compatibility
    • Interaction
      • Configure CD media
      • Console interaction
      • Device connection
      • Power off
      • Power on
      • Reset
      • VMware Tools install
    • Inventory
      • Create from existing
      • Create new
      • Remove
    • Provisioning
      • Clone template
      • Clone virtual machine
    • Snapshot management
      • Create snapshot

Create a connector configuration

To enter values:

  • The first three vCenter fields must be entered manually. Once the credentials in those fields are validated, you can select values for the remaining fields from drop-down menus.
  • To enter values manually, click to put the cursor in the field and type the value, making sure that the case matches the value in vCenter.
  • To select a value from a drop-down list, click once to put the cursor in the field, and a second time to display the list of possible values.

To add a new connector configuration

  1. On the wizard for creating a layer or for adding a layer version, click the Connector tab.
  2. Below the list of connector configurations, click the New button. This opens a small dialog box.
  3. Select the Connector Type for the platform and location where you are creating the layer or publishing the image. Then click New to open the Connector Configuration page.
  4. Enter the configuration Name, and the vCenter Server, vCenter User Name, and vCenter Password. For guidance, see the above field definitions.
  5. Click the CHECK CREDENTIALS button below the vCenter fields. The DataCenter field is then enabled with a list of DataCenters available.
  6. Select the DataCenter, enabling the remaining dropdowns.
  7. Complete the remaining fields and click the TEST button to verify that App Layering can access the location specified using the credentials supplied.
  8. Click Save. The new connector configuration should now be listed on the Connector page.

Script Configuration (Optional, Advanced feature)

When creating a new connector configuration, you can configure an optional Powershell script on any Windows machine running an App Layering agent, the same agent used on the Provisioning Services server. These scripts must be stored on the same machine that the App Layering agent is installed on, and will only run after a successful deployment of a layered image. Some preset variables are available to enable scripts to be reusable with different template images and different connector configurations. These variables also contain information needed to identify the virtual machine created as part of the published layered image in vSphere.

Running the scripts will not affect the outcome of the publish job, and the progress of commands run in the script willnotbe visible. The vSphere connector logs contain the output of the script after it runs.

Configure a Script

Remember that this is an optional procedure. If you want a script to run each time a layered image is published, complete these steps using the values described in the sections that follow.

  1. Complete and save the connector configuration as described above.

    Note:

    Before selecting Script Configuration page, you must save (or discard) any edits to the connector configuration settings,

  2. If the Navigation menu on the left is not open, select it and then click Script Configuration to open the Script Path page.

  3. Complete the required fields using the values detailed herein, and click Save.

Script Configuration fields

  • Enable script- Select this check box to enable the remaining fields. This allows you to enter a script that will be run each time a layered image is published.
  • Script Agent- The agent machine where the scripts will be located and run from.
  • Username (optional)- The user name toimpersonatewhen running the script. This can be used to ensure the script runs in the context of a user that has the needed rights/permissions to perform the operations in the script.
  • Password (optional)- The password for the specified username.
  • Path- A full path and filename on the agent machine where the script file resides.

Other Script Configuration values

When the script runs, the following variables are set and can be used in the powershell script:

Value Applies to connector types Value determined by which code Description
connectorCfgName All Common code This is the name of the connector configuration with which the script configuration is associated.
imageName All Common code This is the name of the layered image template that was used to build/publish the layered image.
osType All Common code The OS type of the published layered image. It can be one of the following values: Windows7; Windows764; Windows8; Windows864; Windows200864; Windows201264; Windows10; Windows1064
virtualInfrastructureServer All vSphere connector code The vCenter server specified in the connector configuration.
vmName All vSphere connector code The name of the virtual machine.
vmId All vSphere connector code The virtual machine ID taken from the mobref of the vm (i.e. “vm-12345”).
vmUuid All vSphere connector code The virtual machine UUID as set by the underlying highbrd.

User Impersonation

The App Layering agent, which runs as a service on a Windows machine, runs under either the local system account or the network account. Either of these accounts may have some special privileges, but they often are restricted when it comes to executing specific commands or seeing files in the file system. Therefore, App Layering gives you the option of adding a domain user and password that can be used to “impersonate” a user. This means that the script can be executed as if that user had logged onto the system so that any commands or data will be accessible subject to those user rights and permissions. If no user name or password is entered, the script executes using the account under which the service is configured to run.

Script Execution Policy

Script execution policy requirements are generally up to you. If you intend to run unsigned scripts, you must configure the execution policy to one of the more lenient policies. However, if you sign your own scripts accordingly, you can choose to use a more restrictive execution policy.