Azure

How to deploy Citrix XenApp Essentials on Azure

Citrix have recently released a new edition to the XenApp family called XenApp Essentials.
But what is the new flavour of XenApp and why has it been created?

So, a brief history lesson.
Microsoft have had for a number of years an Azure services called Azure RemoteApp. This was essentially Remote Desktop Services "as a service" from the the Azure cloud.
It was cost effective, simple to deploy and had many of the great capabilities that only the cloud provides, such as auto scaling, usage based pricing, etc.

It allowed organisations to publish applications (no desktops) directly to the users, without the need to manage an estate of virtual machines, and the need to build these out to meet the peak user load.
However, on the 31st of August 2017 this product will be switched off. In fact this will be the first ever Azure product to be switched off. The reason it is being switched off is because there simply are not enough users on the service, and the reason there are not enough users on the service is the same reason that enterprise haven't historically used RDS on its own in their on-premises app delivery and virtual desktop estates. These enterprises have been willing to pay Citrix for the additional management capabilities and access to the many tools that they have developed over the last 25 years of extending upon RDS.

So where did that leave this capability and the existing RemoteApp users. Well Microsoft approached Citrix and asked if they could produce a replacement for RemoteApp. Citrix as such produced XenApp Express subsequently renamed to Essentials.

This "Essential" moniker is there to represent only the fact that it is the Essential services of XenApp, because the edition has been designed to replace not another edition of XenApp but rather RemoteApp which itself was a simple solution. Hence Citrix have simplified XenApp Essentials by removing some of the more advanced capabilities to try to draw it closer to what RemoteApp was.
For example, it only allows application publishing - no desktops which is what RemoteApp provided, there are a limited amount of Policies, RemoteApp had none.


So essentially, Essentials is marketed as the RemoteApp replacement, plus SME's or greenfield projects inside larger organisations. For enterprises, they may well be better of choosing one of the other higher editions of Citrix cloud running on Azure.

So then how to you deploy this?
At the top level, there are only two requirements. 1. An Azure Subscription and 2. a Citrix Cloud account.
This guide assumes you have an Azure subscription. If you don't have one - go and get one now.
What is the Citrix Cloud, well it’s not a public cloud in the same sense that Azure is. Rather this is Citrix "cloudifying" their management service, plus Netscaler and Storefront. It provides Studio and Director as a service via a browser and optional use of Netscaler and StoreFront as a service.


Hence, the second requirement is a Citrix Cloud account. As the name suggests this is just an account in the Citrix Cloud. You then have services enabled for that account that can then be consumed by your organisation.
Easiest way to create a Citrix Cloud Account is by completing the form at https://onboarding.cloud.com/ where you can also optionally register for a trial of the full Citrix Cloud suite.
Or if you are a RemoteApp user you can register for a XenApp Essentials trial here: https://www.citrix.com/products/citrix-cloud/form/xenapp-essentials-trial/


So now to deploying XenApp Essentials.
This depends on what Citrix Cloud enablement you have. If you have specifically requested a XenApp Essentials trial account as per the second option above - you don't actually have to deploy the XenApp Essentials product in Azure, as per section 1 below, you can move to section 2. You will already have this enablement in your Citrix Cloud account and all you need to deploy are your Azure infrastructure.


If, however you have a Citrix Cloud account without XenApp Essentials then you will need to deploy XenApp Essentials from the Azure marketplace, so you will need to complete both sections 1 and 2.

Section 1 - Deploying XenApp Essentials via the Azure Marketplace.

Step 1:  Go to the Azure Portal and Click on New



Step 2: Type Citrix…. And Select Citrix XenApp Essentials


Step 3: Then Select Citrix XenApp Essentials

Then the Create button on the next Blade
Step 4: In the resulting blade, start by providing a name for the Resource itself, chose the Azure Subscription you would like place this resource, then either Create a new Resource Group, or use an existing one, and chose an Azure region to locate it:
Step 5: 

Now you will need to connect this resource back to your Citrix Cloud Account.Click on the Connect button




Step 6: This will bring up another browser for you to enter your Citrix Cloud credentials




Step 7: If there is an existing Citrix Cloud account this will return and show you the name of the customer when you created your Citrix Cloud Account



Then you just need to select the number of users you want with a minimum of 25, and any additional Data Transfer. 
Then just click on Create

Step 8:  This will take a couple of hours to complete. You can see the progress by looking at the overview of this resource and look at the Status, you will be ready to proceed when the status changes to “Ready”.

Step 9: This doesn’t actually deploy anything at this point, it just sets up the billing and related services in the Citrix backend.
As this takes some time to complete, it’s worth doing two things in the interim.
1.  View the Citrix Cloud. Click on “Manage through Citrix Cloud”. This will take you directly to your Citrix Cloud Account which if you are just enabled for XenApp Essentials will look like this:



This look is unique just for XenApp Essentials, as it is designed to be as simple as Azure RemoteApp was. All the other editions will have a different albeit similar appearance. All the other editions will show you the standard Studio console, whilst the XenApp Essentials is a very simple point and click user interface.
We will come back here to configure our catalogues.
You can achieve the same directly by thing by logging into citrix.cloud.com

2.  Start considering your core Azure services that you need, such as VM size, Storage Accounts, and storage type, connectivity, generally the recommendation is to use ExpressRoute for enterprise grade connectivity.

You will need to have a Virtual Network available with at least one subnet when you come to deploy a catalogue later. This virtual network will need to have DNS configured using the Custom option to add the IP address(es) of your DNS server(s) in its options to enable the deployment of the master images to work correctly as they need to reach your domain controllers in order to join your domain.


Section 2 - Deploying Workloads into your Azure Subscription

Step 10:  Once the status is Ready you are well, ready to go. Its worthwhile reading the information here, and once you’re ready you can click on I’m ready to start!


The first thing we will do is create a new Catalog


Step 11: Give the Catalog a name and Save it.


Step 12: Now link this to your Azure Subscription. Click on the Subscription Name Drop Down and click on Link an Azure subscription.



Click on Sign in



Step 13: You will be redirected to the Azure Sign in page, note it will have "XenApp Essentials" at the top of the page. Log in with the Azure credentials for the subscription you will use to host your VDA’s.

Then Click on Accept to allow XenApp Essentials to have permissions to the Subscription.


Step 14: You will be returned to your Citrix Cloud configuration. If you have more than one Azure subscription this will list them all. Select the one(s) you would like to use.

Now ensure the Subscription is selected, then choose a Resource Group to deploy into, then select a Virtual Network and Subnet that you will have needed to have created previously.



Click on Save
Step 15: Enter the details of the domain you want these VM’s to join, and click on Save

Step 16: Now you need to link to a master image that includes your apps for this catalogue. You have three choices:
1. Select an existing image – Use this if you already have a custom image.
2. Import a new image - this will require you to have uploaded your VHD to an Azure Storage account.
3. Use a Citrix prepared image – this is for demo purposes as it is a Citrix prepared image.
For this we will use option three to demonstrate how it works.
Click on Use a Citrix Prepared Image, and select an image name, then click on Save



Step 17: Now select the disk type, the capacity on the VM’s that get deployed, and scaling settings.
You can choose Standard Disks which are magnetic disks or for better performance, premium disks which are SSD backed. Then you can select the user load expected per VM, by selecting a preconfigured value or by selecting your own custom value, in accordance with your known app/user workload figures


Step 18: Now select your scaling settings.



Step 19: Once you have everything selected correctly you can click on Start deployment:
and the Citrix Cloud will start provisioning.

So what gets deployed?

This will take a few hours to complete, but if you are watching it will the Citrix Cloud will firstly deploy two Virtual Machines that host the Cloud Connector client, with the associated Azure infrastructure components, such as NIC's, Storage accounts, Network Security Groups and a Key Vault. 


These components will be deployed in to the same Resource Group that you selected in Step 14. Refresh your Resource Group and you will start to see these resources being deployed.

The Cloud Connector VM's will be named something like: XAE60xxx-Edge1 and 2, and will be a Standard  A2-V2, but you can scale them up or down manually by going to the Size blade and changing the size to something you would prefer.
After this is complete it will move on to create the Catalog. It will create a new Resource Group using the name of the Catalog as the Resource Group name. In here it will create the infrastructure required for the Resource Group.
Go back to the Resource Groups and refresh and you will see a new Resource Group Called XenApp-"Your catalog name", and you will start to see components appearing in this new Resource Group.



Section 3 - Publishing Applications and Assigning users



You will notice that the Catalog has been successfully created when the Citrix Cloud console moves to Section 2



Now we need to add some applications and some users.

Step 20: Click on + Apps


Step 21: You will now have two options to find your application. 1, is from the Start menu, and 2, is from a path.

Select Publish from Start menu on the left and then click on the drop down on the right to select your app:
This screen seems a little un-intuitive here as the app is published as soon as you click on it there is no "Publish" type of button. However selecting the radio button to the left of the app just gives you the option to Unpublish the app. Then you just click the X at the top right but this feels as if you are actually cancelling this action instead you are just closing.

Step 22: Now we need to add users. click on Add Users. In the search field on the right type in your user name:
Here you do need to put a tick in the box and make sure you click the "Assign Users button at the top.

You should now get two green ticks at the right of the rows.

Step 23: Now all that is left is to launch the app. Go to Section 3 which will show you your StoreFront URL. Click on the link and you can log in and launch your applications.

That's it you now have an app published from Azure orchestrated by Citrix XenApp Essentials.

Notes: 
You can easily deploy a global Citrix farm, by deploying a Catalog into any of the 30 Azure regions around the world. This is a compelling capability that is next to impossible without the power of Azure. You just need to deploy two Citrix Cloud connectors in any region, and deploy then deploy a Catalog to that region.

You can also integrate multiple domains simply by deploying Cloud Connectors that are connected to other domains, and then the standard domain drop down in StoreFront will display the domain names.

You can also add in multiple Azure subscriptions, just by going to the Subscriptions and clicking on Add Subscriptions, then just signing in with credential for another subscription. This will then allow you to deploy infrastructure into other subscriptions.



Using PowerShell to create a Windows VM Hosted AD and join VM's to that Domain - in Windows Azure

There seem to be numerous PowerShell snippits of scripts out there to create an AD and to join VM's to that domain. However this Microsoft article (bit.ly/LEOSocseems to suggest that people are still having difficulties doing so, myself included and it took hours of trial and error to get the scripts correct.

So I thought that I would document exactly what I have got that now works every time (for me at least). My intention is that there would be nothing missing to get this to work.

So we are going to use two PowerShell scripts, one to create a VM that will have AD installed on it, and a second to create a VM that is automatically joined to that domain all hosted in Azure.

There are numerous prerequisites that are still needed in order to get this script to work. I.e. the script depends on you having an Azure subscription with the following items already created: Storage Account, Certificate, Publish settings file, Affinity Group, Virtual Network and subnet. These can all be created by following the link above.

You also need to have Azure Powershell installed, and use the PowerShell ISE (Integrated scripting environment). Microsoft have released the October version  with new features. One of those new features is the ability to use Azure AD support to configure Powershell to integrate with your Azure subscription (see 
http://michaelcollier.wordpress.com/2013/10/28/windows-azure-ad-authentication-support-for-powershell), which is great as it prevents having to download and specify a .publishsetings file and creating, uploading and installing a certificate and specifying it  in your scripts. 

However this version (0.7.0) of the Azure PowerShell cmdlets also has a bug that prevents the  function that joins VM's to a domain, as per (bit.ly/1b3tf94). This means that you need an older version of the Azure PowerShell cmdlets, namely June's version which is 0.6.19. This should get resolved in early November.

You can get this from the Microsoft download site or from here.

So the scripts are also here. You need two. The first creates a base VM that you will then need to deploy AD on. The second creates a VM that is joined to the domain created by running the first script. You will need some basic scripting knowledge and knowledge of the values that are required in relation to your subscription - only you will know these!

The brief overall instructions are:
1. Install Powershell 0.6.19 (until the issue mentioned above is fixed).
2. Create, upload to your Azure subscription and install locally a suitable certificate (not required if the above issue is resolved)
3. Get your Azure publish.settings file by following this link:
https://manage.windowsazure.com/publishsettings/Index?client=vs&SchemaVersion=1.0

Once you have all of this you are ready to configure your PowerShell scripts. The first script is split into three sections. The first is where you will need to configure:
1. The path to the Azurepsd1 file (if its not as per the default location).
2. Your certificate and its thumbprint (you get this from the Azure portal in SETTINGS>MANAGEMENT CERTIFICATES. You also need to have installed the certificate locally in the local personal certificate store.
3. The path to your publish.settings file you got in step 3 above.
4. Define your subscription name and storage account using the $Storage variable

The second section is where you will define all of the variables related to your Azure subscription and the VM your are creating, these include:
1. DNS Service name
2. VMName
3. Azure Windows OS Image (these change frequently and a current list can be retrieved by running Get-AzueVMImage, then paste into the scrip the image you want.
4. Affinity Group
5. Virtual Network and Subnet
6. Cloud Service
7. Password for a local user account
8. VMSize

The third section has the PowerShell commands used in conjunction with the variable settings to build your VM.

Once you have specified all of these variables then you can paste the scrip into the PowerShell ISE and press enter. If the text turns white it is all good to go, and you will be prompted to enter a username. This username is for a local account on the VM that you will use to connect over RDP, with the password specified in the script. PowerShell will then connect to the Azure API and configure your VM. You then need to follow the instructions in bit.ly/LEOSoc to configure AD.

Once you have done this then you are ready to add VM's to that domain as part of the provisioning process. This requires the second script.

This script requires many of the same variable as script one, so just copy them in where appropriate. The one different variable that you need to set is $myDNS, this needs to be the AD and DNS server that you have created using the first script and have manually deployed AD and DNS.

Once you have the variables configured correctly, again just copy and paste it into the PowerShell ISE and it will create you a VM that is automatically joined to your Windows VM hosted Active Directory. If you want to deploy additional Domain joined VM's just change the variable that need to be unique such as VMName and run it again, saving you alot of time.

No comments:

Post a Comment