Product Documentation

Build a new environment

May 03, 2015

Set up an environment in a public or private cloud, or use virtualization resources such as XenServer, Hyper-V, or VMware.

Install

You can install components using a wizard-based graphical interface or a command-line interface, which enables scripted installation. Both methods install most prerequisites automatically.

Important: Before beginning any installation, read and complete the Prepare to install checklist.
  1. Install the core components: Delivery Controller, Citrix Studio, Citrix Director, Citrix License Server, and Citrix StoreFront.
  2. From Studio, create a Site.
  3. If you will be using provisioning tools (such as Machine Creation Services or Provisioning Services) to create VMs from a master image, install a VDA for Desktop OS. Otherwise, install a VDA for Desktop OS or a VDA for Server OS directly on each machine.

    For Remote PC Access deployments, install a VDA for Desktop OS on the office PC. Citrix recommends using your existing Electronic Software Distribution (ESD) methods and the VDA installer's command line interface.

  4. After you install components and create a Site, use the guidance in Studio to create Machine Catalogs and Delivery Groups.

Set up a cloud environment

This release supports provisioning Server OS and Server VDI machines on cloud platforms. This software platform pools computing resources to build public, private, and hybrid Infrastructure as a Service (IaaS) clouds.

You can select one of the following cloud deployment solutions:

Manage virtual machines with Microsoft System Center Virtual Machine Manager

Configure your system as described in this topic if you use Hyper-V with Microsoft System Center Virtual Machine Manager (VMM) to provide virtual machines in your environment.

System requirements

Before you create virtual machines (VMs), make sure that your environment meets the requirements listed in System requirements for XenApp 7.5 and XenDesktop 7.5.

Virtual Machine support

Note the following:
  • This release supports only Generation 1 virtual machines with VMM 2012 R2. Generation 2 virtual machines are not supported.
  • Generation2 VMs are not supported for both Machine Creation Services (MCS) and Provisioning Services deployments. When creating VMs in Studio with Machine Creation Services or Provisioning Services, Generation 2 VMs do not appear in the selection list for a master VM.
  • Generation 2 VMs have Secure Boot enabled by default, which prevent the VDA for functioning properly.

Install and configure a hypervisor

  1. Install Microsoft Hyper-V Server and VMM on your servers. All Delivery Controllers in your environment must be in the same forest as the VMM servers.
  2. Install the System Center Virtual Machine Manager Console on all Delivery Controllers in your machine environment.
  3. Verify the following account information:

    • The account you use to create hosts in Studio is a VMM administrator or VMM delegated administrator for the relevant Hyper-V machines. If this account only has the delegated administrator role in VMM, the storage data is not listed in Studio during the host creation process.
    • The user account used for Studio integration must also be a member of the administrators local security group on each Hyper-V Server to support VM life cycle management (such as VM creation, update, and deletion).
      Note: Installing the Delivery Controller directly on a server running Hyper-V is not supported.

Create a Master VM

You create a master VM to provide user desktops.

  1. Install the Virtual Desktop Agent on the Master VM, and make sure that you select the option to optimize the desktop. This improves the performance of users' desktops by reconfiguring various Windows features that are incompatible with or unnecessary for virtual desktops.
  2. Take a snapshot of the Master VM to use as a back-up. For more information, see Preparing a Master image.

Create virtual desktops

If you are using Citrix Studio to create VMs, rather than selecting an existing Machine Catalog, run the Studio Deployment wizard and create virtual desktops as follows:

  1. On the Host page, select Virtual Machines and then select Microsoft virtualization as the host type.
  2. Enter the service address as the fully qualified domain name of the host server.
  3. Enter the credentials for the administrator account you set up earlier that has permissions to create new VMs.
  4. In the Host Details dialog box, select the cluster or standalone host to use when creating new VMs.
    Important: Browse for and select a cluster or standalone host even if you are using a single Hyper-V host deployment.

Upgrade from a previous version of VMM

Upgrade from VMM 2012

Consider the following component operating system versions combinations when upgrading from VMM 2012 to VMM 2012 SP1 or VMM 2012 R2:

Upgrade from VMM 2012 SP1 to VMM 2012 R2

If you are starting from XenDesktop 7 on VMM 2012 SP1, it is important to follow this sequence so that XenDesktop can continue to operate without any downtime.

The recommended component upgrade sequence is as follows:
  1. Upgrade XenDesktop to 7.5 or XenApp 7.5 (now running XenDesktop 7.5 or XenApp 7.5 and VMM 2012 SP1)
  2. Upgrade VMM 2012 SP1 to 2012 R2 (now running XenDesktop 7.5 or XenApp 7.5 and VMM 2012 R2)

Upgrade from VMM 2008 R2 to VMM 2012 SP1

If you are starting from XenDesktop 5.6 on VMM 2008 R2, follow this sequence so that XenDesktop can continue to operate without any downtime.

The recommend component upgrade sequence is as follows:
  1. Upgrade VMM to Version 2012 (now running XenDesktop 5.6 and VMM 2012)
  2. Upgrade XenDesktop to 7.x (now running XenDesktop 7.x and VMM 2012)
  3. Upgrade VMM from 2012 to 2012 SP1 (now running XenDesktop 7.x and VMM 2012 SP1)

Support for Microsoft System Center Virtual Machine Manager

This release supports:

  • VMM 2012: Provides improved management capabilities, letting you manage the entire virtualized datacenter as well as virtual machines. This release now orchestrates cluster host patching as well as integrating with Windows Server Update Services, allowing you to define baselines of patches that each host needs.
  • VMM 2012 SP1: Provides performance improvements for Machine Creation Services ( MCS) when using SMB 3.0 on file servers with clustered shared volumes and Storage Area Networks (SANs). These file shares provide low cost caching and reduced IO on the SAN storage improving the performance.
  • VMM 2012 R2: Enables at-scale management of major Windows Server 2012 R2 capabilities, including running VM snapshots, dynamic VHDX resize, and Storage Spaces.

Machine Creation Services (MCS) on SMB 3 file shares

For Machine Catalogs created through MCS on SMB 3 file shares for VM storage, make sure that credentials are set up as follows so that calls from a Delivery Controller's Hypervisor Communications Library (HCL) can successfully connect to SMB storage:
  • VMM user credentials must include full read write access to the SMB storage.
  • Storage virtual disk operations during VM life cycle events are performed through the Hyper-V server using the VMM user credentials.
    Note: If you use SMB as storage, enable the CredSSP from the Delivery Controller to individual Hyper-V machines when using VMM 2012 SP1 with Hyper-V on Windows Server 2012. For more information, see the Enabling CredSSP KB article http://support.citrix.com/article/CTX137465.

Using a standard PowerShell V3 Remote session, the HCL opens a connection to the to Hyper-V machine using the Authentication Credential Security Support Provider (CredSSP) feature. This feature passes users' credentials across to the Hyper-V Machine (Kerberos encrypted) and the PowerShell commands in this session on the remote Hyper-V machine run with the credentials provided (in this case, those of the VMM User), so that communication commands to storage work correctly.

The following tasks use PowerShell scripts that originate in the Delivery Controller HCL and are then sent to the Hyper-V machine to act on the SMB 3.0 storage.

Consolidate Master Image

A Master Image creates a new MCS Provisioning scheme (Machine Catalog). It clones and flattens the Master VM ready for creating new VMs from the new disk created (and removes dependency on the original master VM).

Example
$ims = Get-WmiObject -class $class -namespace "root\virtualization\v2";  $result = $ims.ConvertVirtualHardDisk($diskName, $vhdastext)  $result

Create difference disk

Creates a difference disk from the Master Image generated by consolidating the Master Image. The difference disk is then attached to a new VM.

Example
$ims = Get-WmiObject -class $class -namespace "root\virtualization\v2";  $result = $ims.CreateVirtualHardDisk($vhdastext);  $result

Upload identity disks

The Hypervisor Communications Library (HCL) cannot directly upload the identity disk to SMB storage. Therefore, the Hyper-V machine must upload and copy the identity disk to the storage. Because the Hyper-V machine cannot read the disk from the Delivery Controller, HCL must first copy the identity disk through the Hyper-V machine as follows.
  1. HCL uploads the Identity to the Hyper-V machine through the administrator share.
  2. Hyper-V machine copies the disk to the SMB storage through a PowerShell script running in the PowerShell V3 remote session. A folder is created on the Hyper-V machine and the permissions on that folder are locked for the VMM user only (through the remote PowerShell connection).
  3. HCL deletes the file from the administrator share.
  4. When the HCL completes the identity disk upload to the Hyper-V machine. The remote PowerShell session copies the identity disks to SMB storage and then deletes it from the Hyper-V machine.
    Note: The identity disk folder is recreated if it is deleted so that it is available for reuse.

Download identity disks

As with uploads, the identity disks pass though the Hyper-V machine to the HCL. The following process creates a folder that only has VMM user permissions on the Hyper-V server if it does not exist.
  1. The HyperV machine copies the disk from the SMB storage to local Hyper-V storage through a PowerShell script running in the PowerShell V3 remote session.
  2. HCL reads the disk from the Hyper-V machine's administrator share into memory.
  3. HCL deletes the file from the administrator share.

Personal vDisk creation

If the administrator creates the VM in a Personal vDisk Machine Catalog, you must create an empty disk (Personal vDisk).

The call to create an empty disk does not require direct access to the storage. If you have PvD disks that reside on different storage than the Main or Operating System disk, then the use Remote PowerShell to create the PvD disk in a directory folder that has the same name of the VM from which it was created. For CSV or LocalStorage, do not use Remote PowerShell. Creating the directory before creating an empty disk avoids VMM command failure.

From the Hyper-V machine, perform a mkdir on the storage.

For more information about using the SDK, see About the XenApp and XenDesktop SDK.

Microsoft System Center Configuration Manager integration

Sites that use System Center Configuration Manager (Configuration Manager) 2012 to manage access to applications and desktops on physical devices can extend that use to XenApp or XenDesktop through these integration options.

  • Citrix Connector 7.5 for Configuration Manager 2012 – Citrix Connector provides a bridge between Configuration Manager and XenApp or XenDesktop. The Connector enables you to unify day-to-day operations across the physical environments you manage with Configuration Manager and the virtual environments you manage with XenApp or XenDesktop. For information about the Connector, refer to Citrix Connector 7.5 for System Center Configuration Manager 2012.
  • Configuration Manager Wake Proxy feature – Whether or not your environment includes Citrix Connector, use of the Remote PC Access Wake on LAN feature requires Configuration Manager. For more information, refer to Microsoft System Center Configuration Manager and Remote PC Access Wake on LAN.
  • XenApp and XenDesktop properties – XenApp and XenDesktop properties enable you to identify Citrix virtual desktops for management through Configuration Manager. These properties are automatically used by the Citrix Connector but can also be manually configured. The remainder of this topic describes the properties.

The properties are available for the Citrix_virtualDesktopInfo class in the Root\Citrix\DesktopInformation namespace.

The following properties are available. Property names come from the Windows Management Instrumentation (WMI) provider:

  • AssignmentType – Sets the value of IsAssigned. The valid AssignmentType values are:
    • ClientIP
    • ClientName
    • None
    • User – This value sets IsAssigned to True
  • BrokerSiteName – Site; returns the same value as HostIdentifier

  • DesktopCatalogName – Machine Catalog associated with the desktop

  • DesktopGroupName – Delivery group associated with the desktop

  • HostIdentifier – Site; returns the same value as BrokerSiteName

  • IsAssigned – True to assign the desktop to a user, set to False for a random desktop

  • IsMasterImage – Allows decisions about the environment. For example, you may want to install applications on the Master Image and not on the provisioned machines, especially if those machines are in a clean state on boot machines. The values are:
    • True on a Virtual Machine (VM) that is used as a Master Image (This value is set during installation based on a selection during in the installation process).
    • Cleared on a VM that is provisioned from that image.
  • IsVirtualMachine – True for a virtual machine, false for a physical machine.

  • OSChangesPersist – False if the desktop operating system image is reset to a clean state every time it is restarted, otherwise true.

  • PersistentDataLocation – The location where Configuration Manager stores persistent data. This is not accessible to users.

  • PersonalvDiskDriveLetter – For a desktop with a Personal vDisk, the drive letter you assign to the Personal vDisk.

The properties BrokerSiteName, DesktopCatalogName, DesktopGroupName, and HostIdentifier are determined when the desktop registers with the controller they are null for a desktop that has not fully registered.

To collect the properties, run a hardware inventory in Configuration Manager. To view the properties, use the Configuration Manager Resource Explorer. In these instances, the names may include spaces or vary slightly from the property names. For example, BrokerSiteName may appear as Broker Site Name. For information about the following tasks, refer to Citrix WMI Properties and System Center Configuration Manager 2012:

  • Configure Configuration Manager to collect Citrix WMI properties from the Citrix VDA
  • Create query-based device collections using Citrix WMI properties
  • Create global conditions based on Citrix WMI properties
  • Use global conditions to define application deployment type requirements

You can also use Microsoft properties in the Microsoft class CCM_DesktopMachine in the Root\ccm_vdi namespace. For more information on these properties, see the Microsoft documentation.

Note: Boolean properties displayed in Configuration Manager 2012 may appear as 1 or 0, not true or false.

Microsoft System Center Configuration Manager and Remote PC Access Wake on LAN

For a description of the Remote PC Access Wake on LAN feature, see Remote PC Access.

To configure the feature, complete the following before installing a VDA on the office PCs and using Studio to create or update the Remote PC Access deployment:
  • Configure Microsoft System Center Configuration Manager (ConfigMgr) 2012 within the organization, and then deploy the ConfigMgr client to all Remote PC Access machines, allowing time for the scheduled SCCM inventory cycle to run (or forcing one manually, if required). The access credentials you specify in Studio to configure the connection to ConfigMgr must include collections in the scope and the Remote Tools Operator role.
  • For Intel Active Management Technology (AMT) support:
    • The minimum supported version on the PC must be AMT 3.2.1.
    • Provision the PC for AMT use with certificates and associated provisioning processes.
  • For ConfigMgr Wake Proxy and/or magic packet support:
    • Configure Wake on LAN in each PC's BIOS settings.
    • For ConfigMgr Wake Proxy support, enable the option in ConfigMgr. For each subnet in the organization that contains PCs that will use the Remote PC Access Wake on LAN feature, ensure that three or more machines can serve as sentinel machines.
    • For magic packet support, configure network routers and firewalls to allow magic packets to be sent from the Delivery Controller, using either a subnet-directed broadcast or unicast.
After you install the VDA on office PCs, enable or disable power management when you create the Remote PC Access deployment in Studio.
  • If you enable power management, specify connection details: the ConfigMgr address and access credentials, plus a name.
  • If you do not enable power management, you can add a power management (ConfigMgr) connection later and then edit a Remote PC Access machine catalog to enable power management and specify the new power management connection.

You can edit a power management connection to configure the use of the ConfigMgr Wake Proxy and magic packets, as well as change the packet transmission method. See Provide users with Remote PC Access.

Manage virtual machines with VMware

Configure your system as described in this topic if you use VMware to provide virtual machines in your environment.

See System requirements for XenApp 7.5 and XenDesktop 7.5 for supported VMware version information.

Install and configure your hypervisor

  1. Install vCenter Server and the appropriate management tools required.
    Note: No support is provided for vSphere vCenter Linked Mode operation.
  2. Create a VMware user account with the following permissions, at the DataCenter level, at a minimum:
    Note: This account has permissions to create new VMs and is used to communicate with vCenter.

    SDK

    User Interface

    Datastore.AllocateSpace

    Datastore > Allocate space

    Datastore.Browse

    Datastore > Browse datastore

    Datastore.FileManagement

    Datastore > Low level file operations

    Network.Assign

    Network > Assign network

    Resource.AssignVMToPool

    Resource > Assign virtual machine to resource pool

    System.Anonymous

    Added automatically.

    System.Read

    Added automatically.

    System.View

    Added automatically.

    Task.Create

    Tasks > Create task

    VirtualMachine.Config.AddRemoveDevice

    Virtual machine > Configuration > Add or remove device

    VirtualMachine.Config.AddExistingDisk

    Virtual machine > Configuration > Add existing disk

    VirtualMachine.Config.AddNewDisk

    Virtual machine > Configuration > Add new disk

    VirtualMachine.Config.AdvancedConfig

    Virtual machine > Configuration > Advanced

    VirtualMachine.Config.CPUCount

    Virtual machine > Configuration > Change CPU Count

    VirtualMachine.Config.Memory

    Virtual machine > Configuration > Memory

    VirtualMachine.Config.RemoveDisk

    Virtual machine > Configuration > Remove disk

    VirtualMachine.Config.Resource

    Virtual machine > Configuration > Change resource

    VirtualMachine.Config.Settings

    Virtual machine > Configuration > Settings

    VirtualMachine.Interact.PowerOff

    Virtual machine > Interaction > Power Off

    VirtualMachine.Interact.PowerOn

    Virtual machine > Interaction > Power On

    VirtualMachine.Interact.Reset

    Virtual machine > Interaction > Reset

    VirtualMachine.Interact.Suspend

    Virtual machine > Interaction > Suspend

    VirtualMachine.Inventory.Create

    Virtual machine > Inventory > Create new

    VirtualMachine.Inventory.CreateFromExisting

    Virtual machine > Inventory > Create from existing

    VirtualMachine.Inventory.Delete

    Virtual machine > Inventory > Remove

    VirtualMachine.Inventory.Register

    Virtual machine > Inventory > Register

    VirtualMachine.Provisioning.Clone

    Virtual machine > Provisioning > Clone template

    VirtualMachine.Provisioning.DiskRandomAccess

    Virtual machine > Provisioning > Allow disk access

    VirtualMachine.Provisioning.GetVmFiles

    Virtual machine > Provisioning > Allow virtual machine download

    VirtualMachine.Provisioning.PutVmFiles

    Virtual machine > Provisioning > Allow virtual machine files upload

    VirtualMachine.Provisioning.DeployTemplate

    Virtual machine > Provisioning > Deploy template

    VirtualMachine.Provisioning.MarkAsVM

    Virtual machine > Provisioning > Mark as virtual machine

    VirtualMachine.State.CreateSnapshot

    • For vSphere 5.0, Update 2 and vSphere 5.1, Update 1:

      Virtual machine > State > Create snapshot

    • For vSphere 5.5:

      Virtual machine > Snapshot management > Create snapshot

    VirtualMachine.State.RemoveSnapshot

    • For vSphere 5.0, Update 2 and vSphere 5.1, Update 1:

      Virtual machine > State > Remove snapshot

    • For vSphere 5.5:

      Virtual machine > Snapshot management > Remove snapshot

    VirtualMachine.State.RevertToSnapshot

    • For vSphere 5.0, Update 2 and vSphere 5.1, Update 1:

      Virtual machine > State > Revert to snapshot

    • For vSphere 5.5:

      Virtual machine > Snapshot management > Revert to snapshot

  3. If you want the VMs you create to be tagged, add the following permissions for the user account:

    SDK

    User Interface

    Global.ManageCustomFields

    Global > Manage custom attributes

    Global.SetCustomField

    Global > Set custom attribute

    To ensure that you use a clean base image for creating new VMs, tag VMs created with Machine Creation Services to exclude them from the list of VMs available to use as base images.

  4. To protect vSphere communications, Citrix recommends that you use HTTPS rather than HTTP. HTTPS requires digital certificates. Citrix recommends you use a digital certificate issued from a certificate authority in accordance with your organization's security policy.
    If you are unable to use a digital certificate issued from a certificate authority, and your organization's security policy permits it, you can use the VMware-installed self-signed certificate. The VMware vCenter certificate needs to be added in each of the delivery controllers in your environment. To do this:
    1. Add the fully qualified domain name (FQDN) of the computer running vCenter Server to the hosts file on that server, located at %SystemRoot%/WINDOWS/system32/Drivers/etc/. This step is required only if the FQDN of the computer running vCenter Server is not already present in the domain name system.
    2. Obtain the vCenter certificate using any of the following methods:
      • Copy from the vCenter server:
        1. Copy the file rui.crt from the vCenter server to a location accessible on your delivery controllers. The default location on the vCenter server is c:\Documents and Settings\All Users\Applications Data\VMware\VMware VirtualCenter\SSL\
        2. On your delivery controller, navigate to the location of the exported certificate and open the rui.crt file.
      • Download the certificate using a web browser. If you are using Internet Explorer, depending on your user account, you may need to right-click on Internet Explorer and choose Run as Administrator to download or install the certificate.
        1. Open your web browser and make a secure web connection to the vCenter server; for example https://server1.domain1.com
        2. Accept the security warnings.
        3. Click on the address bar where it shows the certificate error.
        4. View the certificate and click on the Details tab.
        5. Select Copy to file... and export in .CER format, providing a name when prompted to do so.
        6. Save the exported certificate.
        7. Navigate to the location of the exported certificate and open the .CER file.
      • Import directly from Internet Explorer running as an administrator:
        1. Open your web browser and make a secure web connection to the vCenter server; for example https://server1.domain1.com
        2. Accept the security warnings.
        3. Click on the address bar where it shows the certificate error.
        4. View the certificate.
    3. Import the certificate into the certificate store on each of your delivery controllers:
      1. Click Install certificate, select Local Machine, and then click Next.
      2. Select Place all certificates in the following store, and then click Browse.
        If you are using Windows Server 2008 R2:
        1. Select the Show physical stores check box.
        2. Expand Trusted People.
        3. Select Local Computer.
        4. Click Next, then click Finish.
        If you are using Windows Server 2012 or Windows Server 2012 R2:
        1. Select Trusted People, then click OK.
        2. Click Next, then click Finish.
    Important: If you change the name of the vSphere server after installation, you must generate a new self-signed certificate on that server before following the process to import the new certificate.

Create a master VM

You create a master VM to provide users' desktops and applications.

  1. Install the VDA on the master VM, ensuring you select the option to optimize the desktop. This improves the performance of users' desktops and applications by reconfiguring various Windows features that are incompatible with or unnecessary for virtual desktops.
  2. Take a snapshot of the master VM to use as a back-up. For more information, see Prepare a master image.

Create virtual desktops

If you are using Studio to create VMs, rather than selecting an existing machine catalog, ensure you enter the following information when setting up your hosting infrastructure to create virtual desktops:
  1. On the Host Connection page, select VMWare vSphere® as the host type.
  2. Enter the address of the access point for the vCenter SDK.

    For example, https://vmware.example.com/sdk.

  3. Enter the credentials for the VMware user account you set up earlier that has permissions to create new VMs. Ensure you specify the username for the account in the format Domain/Username.