Create an AWS catalog
Create machine catalogs describes the wizards that create a machine catalog. The following information covers details specific to AWS virtualization environments.
Note:
Before creating an AWS catalog, you need to finish creating a connection to AWS. See Connection to AWS.
Network setting during image preparation
During image preparation, a preparation virtual machine (VM) is created based on the original VM. This preparation VM is disconnected from the network. To disconnect the network from the preparation VM, a network security group is created to deny all inbound and outbound traffic. This network security group persists and is reused. The network security group’s name is Citrix.XenDesktop.IsolationGroup-GUID, where GUID is randomly generated.
AWS tenancy
AWS provides the following tenancy options: shared tenancy (the default type) and dedicated tenancy. Shared tenancy means that multiple Amazon EC2 instances from different customers might reside on the same piece of physical hardware. Dedicated tenancy means that your EC2 instances run only on hardware with other instances that you have deployed. Other customers do not use the same piece of hardware.
You can use MCS to provision AWS dedicated hosts by using the Full Configuration interface or PowerShell.
Configure AWS dedicated host tenancy using the Full Configuration interface
When you use MCS to create a catalog to provision machines in AWS, the Machine Catalog Setup > Security page presents the following options:
-
Use shared hardware. This setting is suitable for most deployments. Multiple customers share pieces of hardware even though they do not interact with each other. Using shared hardware is the least expensive option for running your Amazon EC2 instances.
-
Use dedicated host. An Amazon EC2 dedicated host is a physical server with EC2 instance capacity that is fully dedicated, letting you use existing per-socket or per-VM software licenses. Dedicated hosts have preset utilization based on instance type. For example, a single allocated dedicated host of C4 Large instance types is limited to running 16 instances. See the AWS site for more information.
The requirements for provisioning to AWS hosts include:
- An imported BYOL (bring your own license) image (AMI). With dedicated hosts, use and manage your existing licenses.
- An allocation of dedicated hosts with sufficient utilization to satisfy provisioning requests.
- Enabling auto-placement.
This setting is suitable for deployments with licensing restrictions or security requirements that need your use of a dedicated host. With a dedicated host, you own an entire physical host and are billed on an hourly basis. Owning that host lets you spin up as many EC2 instances as that host permits, without more charges.
Alternatively, you can provision AWS dedicated hosts through PowerShell. To do that, use the
New-ProvSchemecmdlet with the parameterTenancyTypeset toHost. See the Citrix Developer Documentation for more information. -
Use dedicated instance. This setting is more suitable for deployments with specific security or compliance requirements. With a dedicated instance, you still enjoy the benefits of having a host separate from other AWS customers but you do not pay for the entire host. You do not need to worry about the capacity of the host but you are charged at a higher rate for the instances.
Configure AWS dedicated host tenancy using PowerShell
You can create a catalog of machines with host tenancy defined through PowerShell.
An Amazon [EC2] dedicated host is a physical server with [EC2] instance capacity that is fully dedicated, allowing you to use existing per-socket, or per-VM software licenses.
Dedicated hosts have preset utilization based on instance type. For example, a single allocated dedicated host of C4 Large instance types is limited to running 16 instances. See the AWS site for more information.
The requirements for provisioning to AWS hosts include:
- An imported BYOL (bring your own license) image (AMI). With dedicated hosts, use and manage your existing licenses.
- An allocation of dedicated hosts with sufficient utilization to satisfy provisioning requests.
- enable auto-placement.
To provision to a dedicated host in AWS using PowerShell, use the New-ProvScheme cmdlet with the parameter TenancyType set to Host.
Refer to the Citrix Developer Documentation for more information.
AWS instance property capturing
When you create a catalog to provision machines using Machine Creation Services (MCS) in AWS, you select an AMI to represent the master/golden image of that catalog. From that AMI, MCS uses a snapshot of the disk. In previous releases, if you wanted roles or tags on your machines you would use the AWS console to set them individually. This functionality is enabled by default.
Tip:
To use AWS instance property capturing, you must have a VM associated with the AMI.
To improve this process, MCS reads properties from the instance from which the AMI was taken and applies the Identity Access Management (IAM) role and tags of the machine to the machines provisioned for a given catalog. When using this optional feature, the catalog creation process finds the selected AMI source instance, reading a limited set of properties. These properties are then stored in an AWS Launch Template, which is used to provision machines for that catalog. Any machine in the catalog inherits the captured instance properties.
Captured properties include:
- IAM roles – applied to provisioned instances.
- Tags - applied to provisioned instances, their disk, and NICs. These tags are applied to transient Citrix resources, including: S3 bucket and objects, volume and worker resources, and AMIs, snapshots, and launch templates.
Tip:
The tagging of transient Citrix resources is optional and is configurable using the custom property
AwsOperationalResourcesTagging. To successfully apply tags and create an AWS catalog with operational resource tagging, do not delete the EC2 instance which was used to create the AMI image.
Capturing the AWS instance property
You can use this feature by specifying a custom property, AwsCaptureInstanceProperties, when creating a provisioning scheme for an AWS hosting connection:
New-ProvScheme -CustomProperties “AwsCaptureInstanceProperties,true” …<standard provscheme parameters
Refer to the Citrix Developer Documentation for more information.
Applying AWS instance properties and tagging operational resources in the Full Configuration interface
When creating a catalog to provision machines in AWS by using MCS, you can control whether to apply the IAM role and tag properties to those machines. You can also control whether to apply machine tags to operational resources. You have the following two options:
-
Apply machine template properties to virtual machines
- Controls whether to apply the IAM role and tag properties associated with the selected machine template to virtual machines in this catalog.
-
Apply machine tags to operational resources
- Controls whether to apply machine tags to every item created in your AWS environment that facilitates provisioning of machines. Operational resources are created as byproducts of catalog creation. They include both temporary and persistent resources, such as preparation VM instance and AMI.
AWS operational resource tagging
An Amazon Machine Image (AMI) represents a type of virtual appliance used to create a virtual machine within the Amazon Cloud environment, commonly referred to as EC2. You use an AMI to deploy services that use the EC2 environment. When you create a catalog to provision machines using MCS for AWS, you select the AMI to act as the golden image for that catalog.
Important:
Creating catalogs by capturing an instance property and a launch template is required for using operational resource tagging.
To create an AWS catalog, you must first create an AMI for the instance you want to be the golden image. MCS reads the tags from that instance and incorporates them into the launch template. The launch template tags are then applied to all Citrix resources created in your AWS environment, including:
- Virtual Machines
- VM disks
- VM network interfaces
- S3 buckets
- S3 objects
- Launch templates
- AMIs
Tagging an operational resource
To use PowerShell to tag resources:
- Open a PowerShell window from the DDC host.
- Run the command
asnp citrixto load Citrix-specific PowerShell modules.
To tag a resource for a provisioned VM, use the new custom property AwsOperationalResourcesTagging. The syntax for this property is:
New-ProvScheme -CustomProperties “AwsCaptureInstanceProperties,true; AwsOperationalResourcesTagging,true” …<standard provscheme parameters>
Where to go next
- If this is the first catalog created, you are guided to create a delivery group.
- To review the entire configuration process, see Plan and build a deployment.
- To manage catalogs, see Manage machine catalogs and Manage an AWS catalog.