Citrix DaaS

Create an AWS catalog

Create machine catalogs describes the wizards that create a machine catalog. The following information covers details specific to AWS virtualization environments.

Note:

Before creating an AWS catalog, you need to finish creating a connection to AWS. See Connection to AWS.

Network setting during image preparation

During image preparation, a preparation virtual machine (VM) is created based on the original VM. This preparation VM is disconnected from the network. To disconnect the network from the preparation VM, a network security group is created to deny all inbound and outbound traffic. This network security group persists and is reused. The network security group’s name is Citrix.XenDesktop.IsolationGroup-GUID, where GUID is randomly generated.

AWS tenancy

AWS provides the following tenancy options: shared tenancy (the default type) and dedicated tenancy. Shared tenancy means that multiple Amazon EC2 instances from different customers might reside on the same piece of physical hardware. Dedicated tenancy means that your EC2 instances run only on hardware with other instances that you have deployed. Other customers do not use the same piece of hardware.

You can use MCS to provision AWS dedicated hosts by using the Full Configuration interface or PowerShell.

Requirements for provisioning to AWS hosts

  • An imported BYOL (bring your own license) image (AMI). With dedicated hosts, use and manage your existing licenses.
  • An allocation of dedicated hosts with sufficient utilization to satisfy provisioning requests.
  • Enabling auto-placement.

Configure AWS dedicated host tenancy using the Full Configuration interface

When you use MCS to create a catalog to provision machines in AWS, the Machine Catalog Setup > Security page presents the following options:

  • Use shared hardware. This setting is suitable for most deployments. Multiple customers share pieces of hardware even though they do not interact with each other. Using shared hardware is the least expensive option for running your Amazon EC2 instances.
  • Use dedicated host. An Amazon EC2 dedicated host is a physical server with EC2 instance capacity that is fully dedicated, letting you use existing per-socket or per-VM software licenses. Dedicated hosts have preset utilization based on instance type. For example, a single allocated dedicated host of C4 Large instance types is limited to running 16 instances. See the AWS site for more information.
  • Use dedicated instance. This setting is more suitable for deployments with specific security or compliance requirements. With a dedicated instance, you still enjoy the benefits of having a host separate from other AWS customers but you do not pay for the entire host. You do not need to worry about the capacity of the host but you are charged at a higher rate for the instances.

    This setting is suitable for deployments with licensing restrictions or security requirements that need your use of a dedicated host. With a dedicated host, you own an entire physical host and are billed on an hourly basis. Owning that host lets you spin up as many EC2 instances as that host permits, without more charges.

Note:

You can delete any available preparation identity disk if there is no ongoing catalog creation or image update task.

Configure AWS dedicated host tenancy using the PowerShell

Alternatively, you can provision AWS dedicated hosts through PowerShell. Use the New-ProvScheme cmdlet with the parameter TenancyType set to Host. See the Citrix Developer Documentation for more information.

Capture AWS instance property

When you create a catalog to provision machines using Machine Creation Services (MCS) in AWS, you select an AMI to represent the master image of that catalog. From that AMI, MCS uses a snapshot of the disk.

Tip:

To use AWS instance property capturing, you must have a VM associated with the AMI.

MCS reads properties from the instance from which the AMI was taken and applies the Identity Access Management (IAM) role and tags of the machine to the machines provisioned for a given catalog. When using this optional feature, the catalog creation process finds the selected AMI source instance, reading a limited set of properties. These properties are then stored in an AWS Launch Template, which is used to provision machines for that catalog. Any machine in the catalog inherits the captured instance properties.

Captured properties include:

  • IAM roles: applied to provisioned instances.
  • Tags: applied to provisioned instances, their disks, and NICs. These tags are applied to transient Citrix resources, including: S3 bucket and objects, and AMIs, snapshots, and launch templates.

Tip:

The tagging of transient Citrix resources is optional and is configurable using the custom property AwsOperationalResourcesTagging. To successfully apply tags and create an AWS catalog with operational resource tagging, do not delete the EC2 instance which was used to create the AMI image.

Capture the AWS instance property

You can use this feature by specifying a custom property, AwsCaptureInstanceProperties, when creating a provisioning scheme for an AWS hosting connection:

New-ProvScheme -CustomProperties “AwsCaptureInstanceProperties,true” …<standard provscheme parameters

Refer to the Citrix Developer Documentation for more information.

Note:

The AwsCaptureInstanceProperties is deprecated.

Tag AWS operational resource

An Amazon Machine Image (AMI) represents a type of virtual appliance used to create a virtual machine within the Amazon Cloud environment, commonly referred to as EC2. You use an AMI to deploy services that use the EC2 environment. When you create a catalog to provision machines using MCS for AWS, you select the AMI to act as the golden image for that catalog.

Important:

Creating catalogs by capturing an instance property and a launch template is required for using operational resource tagging.

To create an AWS catalog, you must first create an AMI for the instance you want to be the golden image. MCS reads the tags from that instance and incorporates them into the launch template. The launch template tags are then applied to all Citrix resources created in your AWS environment, including:

  • Virtual Machines
  • VM disks
  • VM network interfaces
  • S3 buckets
  • S3 objects
  • Launch templates
  • AMIs

Apply AWS instance properties and tag operational resources in the Full Configuration interface

When creating a catalog to provision machines in AWS by using MCS, you can control whether to apply the IAM role and tag properties to those machines. You can also control whether to apply machine tags to operational resources. You have the following two options:

AWS machine tags and template properties

  • Apply machine template properties to virtual machines
    • Controls whether to apply the IAM role and tag properties associated with the selected machine template to virtual machines in this catalog.
  • Apply machine tags to operational resources
    • Controls whether to apply machine tags to every item created in your AWS environment that facilitates provisioning of machines. Operational resources are created as byproducts of catalog creation. They include both temporary and persistent resources, such as preparation VM instance and AMI.

Tag an operational resource using PowerShell

To use PowerShell to tag resources:

  1. Open a PowerShell window from the DDC host.
  2. Run the command asnp citrix to load Citrix-specific PowerShell modules.

To tag a resource for a provisioned VM, use the custom property AwsOperationalResourcesTagging. The syntax for this property is:

New-ProvScheme -CustomProperties “AwsCaptureInstanceProperties,true; AwsOperationalResourcesTagging,true” …<standard provscheme parameters>

Create a machine profile-based machine catalog using PowerShell

You can use a machine profile to capture the hardware properties from an EC2 instance (VM) or launch a template version and apply them to the provisioned machines. Properties that are captured can include, for example, EBS volume properties, instance type, EBS optimization, and other supported AWS configurations.

You can use an AWS EC2 Instance (VM) or AWS Launch Template version as the machine profile input.

Note:

EBS volume properties are derived only from a machine profile.

Important considerations

The important considerations while creating an MCS machine catalog:

  • If you add machine hardware property parameters in the New-ProvScheme and Set-ProvScheme commands, then the values provided in the parameters overwrites the values in the machine profile.
  • If you set AwsCaptureInstanceProperties as true and do not set MachineProfile property, then only IAM roles and tags are captured.
  • You cannot set both AwsCaptureInstanceProperties and MachineProfile at the same time.

    **Note:

    The AwsCaptureInstanceProperties is deprecated.

  • You must explicitly provide the values of the following properties:

    • TenancyType
    • Security Group
    • ENI or Virtual Network
  • You can enable AwsOperationalResourcesTagging only if you enable AwsCaptureInstanceProperties or specify a machine profile.

The important consideration after creating an MCS machine catalog is:

  • You cannot change a catalog from a machine profile-based to a non-machine profile-based catalog.

Create a machine catalog using a machine profile

To create a machine catalog using a machine profile:

  1. Open a PowerShell window.
  2. Run asnp citrix* to load the Citrix-specific PowerShell modules.
  3. Create an identity pool if not already created. For example,

    New-AcctIdentityPool -IdentityPoolName idPool -NamingScheme ms## -Domain abcdf -NamingSchemeType Numeric
    <!--NeedCopy-->
    
  4. Run New-ProvScheme command. For example:

    New-ProvScheme -ProvisioningSchemeName demet-test-1
    -HostingUnitUid aa633238-9xxd-4cf6-80e8-232a758a1xx1
    -IdentityPoolUid 34d5b088-e312-416f-907d-16573xxxxxc4
    -CleanOnBoot
    -MasterImageVM 'XDHyp:\HostingUnits\cvad-test-scalestress\citrix-demet-ami.0 (ami-0ca813xxxxxx061ef).template'
    -MachineProfile 'XdHyp:\HostingUnits\cvad-test-scalestress\us-east-1a.availabilityzone\machine-profile-instance i (i-0xxxxxxxx).vm'
    <!--NeedCopy-->
    
  5. Complete creating the catalog. For more information, see Creating a Catalog.

Update the machine profile

To update the machine profile on a catalog that was initially provisioned with a machine profile:

  1. Run Set-ProvScheme command. For example,

    Set-ProvScheme `
    -ProvisioningSchemeUid "<ID" `
    -MachineProfile "XDHyp:\HostingUnits\abc\us-east-1a.availabilityzone\citrix-cvad-machineprofile-instance (i-0xxxxxxxx).vm"
    <!--NeedCopy-->
    

Create a catalog with launch template version using PowerShell

You can create an MCS machine catalog with a launch template version as a machine profile input. You can also update the input of a machine profile catalog from a VM to a launch template version and from a launch template version to a VM.

On the AWS EC2 console, you can provide the instance configuration information of a launch template along with version number. When you specify the launch template version as a machine profile input while creating or updating a machine catalog, the properties from that version of the launch template are copied to the provisioned VDA VMs.

The following properties can be provided using machine profile input or explicitly as parameters in New-ProvScheme or Set-ProvSchemecommands. If they are provided in New-ProvScheme or Set-ProvScheme commands, they take precedence over the machine profile values of these properties.

  • Service Offering
  • Networks
  • Security Groups
  • Tenancy Type

Note:

If service offering is not provided in the machine profile launch template or as a parameter in the New-ProvScheme command, you get an appropriate error.

To create a catalog using launch template version as a machine profile input:

  1. Open a PowerShell window.
  2. Run asnp citrix* to load the Citrix-specific PowerShell modules.
  3. Get the list of launch template versions of a launch template. For example:

    XDHyp:\HostingUnits\test\test-mp-sard (lt-01xxxxx).launchtemplate> ls | Select FullPath
    <!--NeedCopy-->
    
  4. Create an identity pool if not created. For example:

    New-AcctIdentityPool `
    -IdentityPoolName "abc11" `
    -NamingScheme "abc1-##" `
    -NamingSchemeType Numeric `
    -Domain "citrix-xxxxxx.local" `
    -ZoneUid "xxxxxxxx" `
    <!--NeedCopy-->
    
  5. Create a provisioning scheme with a launch template version as a machine profile input. For example:

    New-ProvScheme `
    -ProvisioningSchemeName "MPLT1" `
    -HostingUnitUid "c7f71f6a-3f45-4xxx-xxxx-xxxxxxxxxx" `
    -IdentityPoolUid "bf3a6ba2-1f80-4xxx-xxxx-xxxxxxxxx" `
    -MasterImageVM "XDHyp:\HostingUnits\xxxd-ue1a\apollo-non-persistent-vda-win2022 (ami-0axxxxxxxxxxx).template" `
    -CleanOnBoot `
    -MachineProfile "XDHyp:\HostingUnits\xxxx-ue1a\machineprofiletest (lt-01xxxxx).launchtemplate\lt-01xxxxx (1).launchtemplateversion"
    <!--NeedCopy-->
    

    You can also override parameters like service offering, security groups, tenancy, and networks. For example:

    New-ProvScheme `
    -ProvisioningSchemeName "MPLT1" `
    -HostingUnitUid " c7f71f6a-3f45-4xxx-xxxx-xxxxxxxxxx" `
    -IdentityPoolUid " bf3a6ba2-1f80-4xxx-xxxx-xxxxxxxxx" `
    -MasterImageVM "XDHyp:\HostingUnits\xxxd-ue1a\apollo-non-persistent-vda-win2022 (ami-0axxxxxxxxxxx).template" `
    -CleanOnBoot `
    -MachineProfile "XDHyp:\HostingUnits\xxxx-ue1a\machineprofiletest (lt-01xxxx).launchtemplate\lt-01xxxx (1).launchtemplateversion" `
    -ServiceOffering "XDHyp:\HostingUnits\xxxd-ue1a\T3 Large Instance.serviceoffering"
    <!--NeedCopy-->
    
  6. Register a provisioning scheme as a broker catalog. For example:

    New-BrokerCatalog -Name "MPLT1" `
    -AllocationType Random `
    -Description "Machine profile catalog" `
    -ProvisioningSchemeId fe7df345-244e-4xxxx-xxxxxxxxx `
    -ProvisioningType Mcs `
    -SessionSupport MultiSession `
    -PersistUserChanges Discard
    <!--NeedCopy-->
    
  7. Complete creating the catalog. For more information, see Creating a Catalog.

Update the machine profile source

You can also update the input of a machine profile catalog from a VM to a launch template version and from a launch template version to a VM. For example:

  • To update the input of a machine profile catalog from a VM to a launch template version:

     Set-ProvScheme -ProvisioningSchemeName "CloudServiceOfferingTest" `
     -MachineProfile "XDHyp:\HostingUnits\xxxx-ue1a\machineprofiletest (lt-0bxxxxxxxxxxxx).launchtemplate\lt-0bxxxxxxxxxxxx (1).launchtemplateversion"
     <!--NeedCopy-->
    
  • To update the input of a machine profile catalog from a launch template version to a VM:

     Set-ProvScheme -ProvisioningSchemeName "CloudServiceOfferingTest" `
     -MachineProfile "XDHyp:\HostingUnits\sard-ue1a\us-east-1a.availabilityzone\apollo-non-persistent-vda-win2022-2 (i-08xxxxxxxxx).vm"
     <!--NeedCopy-->
    

Copy tags on VMs

You can copy tags on NICs, and disks (Identity disk, write back cache disk, and OS disk) that are specified in the machine profile to newly created VMs in an MCS machine catalog. You can specify these tags in any of the machine profile sources (AWS VM instance or AWS launch template version). This feature is applicable to persistent and non-persistent machine catalogs and VMs.

Note:

  • On the AWS EC2 console, you cannot see the Tag Network Interfaces values under the Launch Template Version Resource Tags. However, you can run the PowerShell command aws ec2 describe-launch-template-versions --launch-template-id lt-0bb652503d45dcbcd --versions 12 to see the tag specifications.
  • If a machine profile source (VM or launch template version) has two network interfaces (eni-1 and eni-2), and eni-1 has tag t1 and eni-2 has tag t2, then the VM gets both the two network interfaces’ tags.

Filter VM instances using PowerShell

An AWS VM instance that you use as a machine profile VM must be compatible for the machine catalog to create and function correctly. To list the AWS VM instances that can be used as machine profile input VMs, you can use the Get-HypInventoryItem command. The command can page and filter the inventory of VMs available on a hosting unit.

Pagination:

Get-HypInventoryItem supports two modes of pagination:

  • Paging mode uses the -MaxRecords and -Skip parameters to return sets of items:
    • -MaxRecords: The default is 1. This controls how many items to return.
    • -Skip: The default is 0. This controls how many items to skip from the absolute beginning (or absolute end) of the list in the hypervisor.
  • Scrolling mode uses -MaxRecords, -ForwardDirection, and -ContinuationToken parameters to allow scrolling of the records:
    • -ForwardDirection: The default is True. This is used along with -MaxRecords to return either the next set of matching records or the previous set of matching records.
    • -ContinuationToken: The returns the items immediately after (or before if ForwardDirection is false) but not including the item given in the ContinuationToken.

Examples of pagination:

  • To return a single record of the machine template with the lowest name. The AdditionalData field has the TotalItemsCount and the TotalFilteredItemsCount:

     Get-HypInventoryItem -LiteralPath "XDHyp:\HostingUnits\ctx-test" -ResourceType template
     <!--NeedCopy-->
    
  • To return 10 records of the machine template with the lowest name:

     Get-HypInventoryItem -LiteralPath "XDHyp:\HostingUnits\ctx-test" -ResourceType template -MaxRecords 10 | select Name
     <!--NeedCopy-->
    
  • To return an array of records ending with the highest name:

     Get-HypInventoryItem -LiteralPath "XDHyp:\HostingUnits\ctx-test" -ResourceType template -ForwardDirection $False -MaxRecords 10 | select Name
     <!--NeedCopy-->
    
  • To return an array of records starting at the machine template associated with the given ContinuationToken:

     Get-HypInventoryItem -LiteralPath "XDHyp:\HostingUnits\ctx-test" -ResourceType template -ContinuationToken "ami-07xxxxxxxxxx" -MaxRecords 10
     <!--NeedCopy-->
    

Filtering:

The following additional optional parameters are supported for filtering. You can combine these parameters with the pagination options.

  • -ContainsName "my_name": If the given string matches part of an AMI name, then the AMI is included in the Get result. For example:

     Get-HypInventoryItem -LiteralPath "XDHyp:\HostingUnits\ctx-test" -ResourceType template -MaxRecords 100 -ContainName ‘apollo’ | select Name
     <!--NeedCopy-->
    
  • -Tags '{ "Key0": "Value0", "Key1": "Value1", "Key2": "Value2" }': If an AMI has at least one of these tags, it is included in the Get result. For example:

     Get-HypInventoryItem -LiteralPath "XDHyp:\HostingUnits\ctx-test" -ResourceType template -MaxRecords 100 -Tags '{"opex owner": "Not tagged"}' | select Name
     <!--NeedCopy-->
    

    Note:

    Two tag values are supported. Not Tagged tag value matches items which do not have the given tag in their list of tags. All values tag value matches items which have the tag regardless of the value of the tag. Otherwise, the match happens only if the item has the tag and the value equals to what is given in the filter.

  • -Id "ami-0a2d913927e0352f3": If the AMI matches the given ID, it is included in the Get result. For example:

     Get-HypInventoryItem -LiteralPath "XDHyp:\HostingUnits\ctx-test" -ResourceType template -Id ami-xxxxxxxxxxxxx
     <!--NeedCopy-->
    

Filtering on AdditionalData parameter:

The AdditionalData filter parameter lists templates or VMs based on their capability, service offering, or any property which is in AdditionalData. For example:

(Get-HypInventoryItem -ResourceType "launchtemplateversion" -LiteralPath "XDHyp:\HostingUnits\aws" -MaxRecords 200).AdditionalData
<!--NeedCopy-->

You can also add a -Warn parameter to indicate the incompatible VMs. The VMs are included with an AdditionalData field named Warning. For example:

(Get-HypInventoryItem -ResourceType "launchtemplateversion" -LiteralPath "XDHyp:\HostingUnits\aws" -MaxRecords 200 -Template "ami-015xxxxxxxxx" -Warn $true).AdditionalData
<!--NeedCopy-->

Where to go next

More information

Create an AWS catalog