Configuring for high availability with shared storage
Provisioning Servers are configured to access your shared-storage location. Provisioning Services supports various shared-storage configurations. The steps for configuring for highly available storage in the network varies depending on shared-storage configurations.
Installing Provisioning Services affects the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MRXSmb\Parameters\OplocksDisabled. Changing this registry key disables Windows Opportunity Locking, providing the fastest possible failover time when contact with the active Provisioning Server is lost. Without this change, failover times can take up to one minute. During this time, Windows does not allow access to the vDisk file that was in use by the failed Provisioning Server. By disabling Windows Opportunity Locking on Provisioning Servers, the Stream Service can have immediate access to vDisk files. However, this reduces caching of remote vDisk data for the entire Provisioning Server.
Windows shared-storage configuration
If you are using a Windows shared-storage location, the Service account credentials (user account name and password) must be a domain account that is configured on each Provisioning Server, in order to access the Stream Service and the shared storage system.
Creating Stream Service account credentials on the domain controller
The Stream Service runs under the user account. When the Stream Service accesses a vDisk stored locally on the Provisioning Server, the local user rights provide full access. However, when the database or vDisk is located on a remote storage device, the Streaming Server must use a domain account with rights to both the Provisioning Server and the remote storage location. An administrator must assign full control rights to the Stream Service account in order for it to read and write to the remote storage location.
An administrator creates service account credentials in Active Directory and assigns the credentials to the Stream Service on all Provisioning Servers that will participate in HA. Alternatively, an existing domain user account can be given full control rights to the network share and be assigned to the Stream Service.
Consider the following when creating service account credentials:
- You must be logged on as an administrator or a member of the Administrator group to create a domain account.
- Clear the User must change password at next logon check box.
Assigning Stream Service account credentials manually
When running the Configuration Wizard on a Provisioning Server, you are prompted to enter an account name and password for the Stream Service to use. This account must have access permissions for any stores it is given access to, as well as permissions in SQL Server for database access. If necessary, credentials can be assigned manually.
To assign the Service account credentials to the Stream Service:
- Open the Windows Control Panel.
- Go to Administrative Tools>Services.
- Double-click on the first PVS Stream Service name in the Services list.
- On the Log On tab, select This Account, then click Browse.
- Click Locations, select the domain node, then click OK.
- Type the name of the Stream Service user account, then click Check Names.
- Click OK to close the Select User dialog.
- On the Log On tab, enter and confirm the Stream Service account password, then click OK.
- After assigning the Service account credentials to the Stream Service, restart the Stream Service.
Configuring storage access
The stores that contain the vDisks need to be shared, and the Service account credentials need to have access to remote storage for vDisks, with the appropriate permissions.
To share your vDisk’s stores folders, and grant access permissions to your Service account credentials:
- In Windows Explorer, right-click on the folder that contains the database and vDisk folders. For example, if the database and vDisk files are stored in the default C:\Program Files\Citrix\Provisioning Services folder, right-click on that folder.
- Select Sharing and Security from the shortcut menu.
- Enable the Share this folder radio button, then optionally enter a share name, and comment.
- Click Permissions.
- If the Service account credentials user name does not appear in the Group or user names list, click Add. Enter the user name of the Service account credentials, and click Check Names to verify.
- Click OK.
- Select the service account credentials user name.
- Enable the Full Control check box (the Full Control check box and all check boxes below it should be checked).
- Click Apply.
- Click the Security tab.
- If the Service account credentials user name does not appear in the Group or user names list, click Add. Enter the user name of the Service account credentials, then click Check Names to verify.
- Click OK.
- Select the Service account credentials as user name.
- Enable the Full Control check box, then click Apply.
- Click OK.
If you are storing the database and vDisks on a SAN, use local system accounts for the Stream Service. Unlike a Windows network share, creating special Service Account Credentials to guarantee access to your data may not be necessary to guarantee access to your data.
In most cases, a SAN configuration allows setting up as if the database and vDisks were stored locally on the Provisioning Server.