Microsoft System Center Virtual Machine Manager virtualization environments
Follow this guidance if you use Hyper-V with Microsoft System Center Virtual Machine Manager (VMM) to provide virtual machines.
See System requirements for a list of supported VMM versions.
You can use Machine Creation Services or Citrix Provisioning (formerly Provisioning Services) to provision:
- Generation 1 Desktop or Server OS VMs
- Generation 2 Windows Server 2012 R2, Windows Server 2016, and Windows 10 VMs (with or without Secure Boot)
Install and configure a hypervisor
Install Microsoft Hyper-V server and VMM on your servers.
Verify the following account information:
In Studio, the account you specify when creating a connection must be a VMM administrator or VMM delegated administrator for the relevant Hyper-V machines. If this account has only the delegated administrator role in VMM, the storage data is not listed in Studio during the connection creation process.
Your user account must also be a member of the administrators local security group on each Hyper-V server to support VM lifecycle management (such as VM creation, update, and deletion).
Install the VMM console
Install a System Center Virtual Machine Manager console on each server that contains a Citrix Cloud Connector.
Create a master VM
- Install a VDA on the master VM, and select the option to optimize the desktop. This improves performance.
- Take a snapshot of the master VM to use as a backup.
- Create virtual desktops.
Create a connection
If you used MCS to provision VMs, in the Studio connection creation wizard:
- Enter the address as a fully qualified domain name of the host server.
- Enter credentials for the administrator account you set up earlier. This account must have permission to create new VMs.
- In the Host Details dialog box, select the cluster or standalone host to use when creating VMs. Important: Browse for a select a cluster or standalone host even if you are using a single Hyper-V host deployment.
MCS on SMB 3 file shares
For machine \catalogs created with MCS on SMB 3 file shares for VM storage, credentials must meet the following requirements to ensure that calls from the Citrix Hypervisor Communiations Library (HCL) connect successfully to SMB storage.
- VMM user credentials must include full read write access to the SMB storage.
- Storage virtual disk operations during VM lifecycle events are performed through the Hyper-V server using the VMM user credentials.
When using VMM 2012 SP1 with Hyper-V on Windows Server 2012: When using SMB as storage, enable the Authentication Credential Security Support Provider (CredSSP) from the Cloud Connector to individual Hyper-V machines. For more information, see CTX 137465.
Using a standard PowerShell V3 remote session, the HCL in the Cloud Connector uses CredSSP to open a connection to the Hyper-V machine. This feature passes Kerberos-encrypted user credentials to the Hyper-V machine, and the PowerShell commands in the session on the remote Hyper-V machine run with the credentials provided (in this case, those of the VMM user), so that communication commands to storage work correctly.
The following tasks use PowerShell scripts that originate in the HCL. The scripts are then sent to the Hyper-V machine to act on the SMB 3.0 storage.
Consolidate Master Image: A master image creates a new MCS provisioning scheme (machine catalog). It clones and flattens the master VM ready for creating new VMs from the new disk created (and removes dependency on the original master VM).
ConvertVirtualHardDisk on the root\virtualization\v2 namespace
$ims = Get-WmiObject -class $class -namespace “root\virtualization\v2”; $result = $ims.ConvertVirtualHardDisk($diskName, $vhdastext) $result
Create difference disk: Creates a difference disk from the master image generated by consolidating the master image. The difference disk is then attached to a new VM.
CreateVirtualHardDisk on the root\virtualization\v2 namespace
$ims = Get-WmiObject -class $class -namespace “root\virtualization\v2”; $result = $ims.CreateVirtualHardDisk($vhdastext); $result
Upload identity disks: The HCL cannot directly upload the identity disk to SMB storage. Therefore, the Hyper-V machine must upload and copy the identity disk to the storage. Because the Hyper-V machine cannot read the disk from the Cloud Connector, the HCL must first copy the identity disk through the Hyper-V machine as follows.
- The HCL uploads the Identity to the Hyper-V machine through the administrator share.
- The Hyper-V machine copies the disk to the SMB storage through a PowerShell script running in the PowerShell remote session. A folder is created on the Hyper-V machine and the permissions on that folder are locked for the VMM user only (through the remote PowerShell connection).
- The HCL deletes the file from the administrator share.
- When the HCL completes the identity disk upload to the Hyper-V machine, the remote PowerShell session copies the identity disks to SMB storage and then deletes it from the Hyper-V machine.
The identity disk folder is recreated if it is deleted so that it is available for reuse.
Download identity disks: As with uploads, the identity disks pass though the Hyper-V machine to the HCL. The following process creates a folder that has only VMM user permissions on the Hyper-V server if it does not exist.
- The HyperV machine copies the disk from the SMB storage to local Hyper-V storage through a PowerShell script running in the PowerShell V3 remote session.
- HCL reads the disk from the Hyper-V machine’s administrator share into memory.
- HCL deletes the file from the administrator share.