By Joanne Lei, Partner Solution Architect at AWS
By Andrew Kloman, Partner Solution Architect – EUC Segment Lead at AWS
Amazon Web Services (AWS) customers looking to migrate or extend their Citrix Virtual Apps and Desktops (CVAD) workloads to the cloud find it reassuring to retain their on-premises processes and tooling.
By running CVAD on VMware Cloud on AWS, customers can use the same management tools and desktop images as their on-premises VMware vSphere environment. They can also streamline operations between their data centers and the AWS Cloud.
In this post, we provide guidance on how customers looking to deploy Citrix Virtual Apps and Desktops Service on VMware Cloud on AWS can leverage AWS native services and AWS Marketplace to accelerate their deployment with scalability and high availability.
Citrix is an AWS Partner Network (APN) Advanced Technology Partner with the AWS Networking Competency. With leading cloud, collaboration, networking, and virtualization technologies, Citrix transforms how businesses and IT work and people collaborate.
Citrix Virtual Apps and Desktops secures the delivery of Windows, Linux, Web, or software-as-a-service (SaaS) applications and desktops to any device. Available as a cloud service or hybrid solution, it allows you to choose the deployment option that best aligns with your enterprise cloud strategy.
VMware Cloud on AWS provides you consistent and interoperable infrastructure and services between VMware-based data centers and the AWS Cloud, which minimizes the complexity and associated risks of managing diverse environments.
Figure 1 – Architecture of CVAD on VMware Cloud on AWS.
Our solution has these key components:
- Hybrid cloud environment with a single or multiple on-premises data center and one or more AWS Regions.
- A Citrix Cloud services deployment with “resource location” on both VMware Cloud on AWS and on-premises data centers.
- VMware Cloud on AWS is connected to the customer’s AWS account (virtual private cloud) via a VMware Cloud Embedded Networking Interface (ENI).
- AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD), Microsoft Active Directory deployed on Amazon Elastic Compute Cloud (Amazon EC2), or Microsoft Active Directory deployed on VMware Cloud on AWS.
- Two Citrix Cloud Connectors (one in each AWS Availability Zone for fault tolerance and load-sharing) deployed on Amazon EC2.
- For using Citrix Provisioning:
- Amazon RDS for SQL Server (AWS Managed Microsoft SQL), Microsoft SQL Server deployed on Amazon EC2, or Microsoft SQL Server deployed on VMware Cloud on AWS.
- Citrix Provisioning servers (PVS) deployed within VMware Cloud on AWS.
- (optional) Amazon FSx for Windows File Server (AWS Managed Windows File System) for hosting user profiles and user data.
- (optional) Two Citrix ADC Gateways (deployed from AWS Marketplace) for HDX session proxy.
How to Set it Up
To set up this architecture, follow these steps:
- Set up a Microsoft Active Directory.
- Deploy the Citrix Cloud Connectors.
- Install Citrix Provisioning Server.
- Create Citrix Provisioning Services image.
- Create Machine Catalog and Delivery Group.
Step 1: Setting Up an Active Directory
The first step is to create a Microsoft Active Directory. Using the AWS Directory Service, a setup wizard guides you through this step-by-step configuration:
1. Choose AWS Managed Microsoft Active Directory.
2. Choose the server size (Standard or Enterprise Edition), enter the Directory fully qualified domain name (FQDN), and select an administrator password.
3. Choose VPC and subnets to deploy the Microsoft servers. You need to provide two subnets in different Availability Zones for high availability. You should always select private subnets to prevent exposing your Active Directory to the internet.
4. Review all the configuration and launch.
Alternatively, you can deploy the Active Directory in an automated fashion using the Active Directory Domain Services on AWS Quick Start. This includes an option to create your entire Amazon Virtual Private Cloud (VPC) environment.
Figure 2 – Deploying Active Directory using the AWS console.
Step 2: Deploying the Citrix Cloud Connectors
The Citrix Cloud Connector serves as a channel for communication between Citrix Cloud and your resource location in VMware Cloud on AWS. Deploying the Cloud Connectors (and the optional Citrix ADC Gateways) on Amazon EC2 allows you to scale the CVAD compute resources beyond a single software-defined data center (SDDC).
Because each SDDC has a single compute gateway, the number of concurrent desktops supported in an SDDC is determined by the maximum number of connections allowed. That number varies for different workload types and usage patterns.
To deploy the Citrix Cloud Connectors, follow these steps:
1. Provision two Amazon EC2 instances for Microsoft Windows Server in the private subnets, one in each Availability Zone, and join them to the Active Directory domain.
Make sure the assigned EC2 security group allows outbound internet access on HTTPS (TCP 443). Once installed, the Cloud Connectors automatically initialize an outbound connection to Citrix Cloud to establish a SSL tunnel. No inbound access is required.
2. From the EC2 instances, log in to your Citrix Cloud account to download and install the Citrix Connector. Upon successful completion, a “resource location” and “domain” are added automatically to your Citrix Cloud account.
For fault tolerance and load balancing, Citrix recommends at least two Cloud Connectors in each resource location. Since each Cloud Connector is stateless, the load can be distributed across all available Cloud Connectors. There’s no need to configure this load balancing function, as it’s completely automated.
Figure 3 – Installed Cloud Connectors viewed from Citrix Cloud console.
Step 3: Install Citrix Provisioning Server
We need a Microsoft SQL database for Citrix Provisioning Service. Use Amazon Relational Database Service (Amazon RDS) to create a managed database instance.
1. From the AWS console, go to the Amazon RDS service and choose Create database. Select Microsoft SQL Server, and then pick the database engine edition and version you want to use.
2. Choose the template that matches your use case. For example, if you choose Production, the following capabilities are pre-selected in a later step:
- Multi-Availability Zone failover option (mirroring / always on).
- Provisioned IOPS storage option.
- Enable deletion protection option.
We recommend these features for any production environment.
3. Choose a unique database instance name, and select an administrator password.
4. Choose the VPC and subnets to deploy the SQL servers. You must provide at least two subnets in different Availability Zones (database subnet groups).
5. Leave the default of ‘No’ for Publicly Accessible setting to allow access only from within your VPC or VMware Cloud environment.
6. Select or create an EC2 security group that allows inbound SQL traffic from your Citrix Provisioning Services (Citrix PVS) servers.
Figure 4 – Databases viewed from the Amazon RDS console.
7. Set up your VMware Cloud SDDC Virtual Delivery Agent (VDA) subnet per Citrix PVS target device bootstrap requirements. You can use one of three options to deliver the bootstrap files to target deices: DHCP/TFTP, PXE, or local file.
8. From the SDDC vCenter, create the Citrix Provisioning Service virtual machines (VMs) with Microsoft Windows Servers:
- Join them to the Active Directory domain.
- Verify you can communicate to the SQL database on TCP 1433.
9. Install Citrix Provisioning Server:
- Follow the Provisioning Services Configuration wizard to complete the installation and create a new PVS Farm and Site.
- Install the Provisioning Services Console.
- Connect to the Farm to perform PVS administrative tasks.
Note that the console can be installed on any machine that can communicate to the Farm.
Step 4: Creating a Citrix Provisioning Services Image
1. Prepare a master VDA virtual machine as the golden image:
- Create a VM and install all the necessary software and tools.
- Install the Citrix VDA:
- Select Create a master image using Citrix Provisioning or third-party provisioning tools.
- When prompted for the Delivery Controller address, use CloudConnector FQDN.
Figure 5 – Citrix Virtual Apps and Desktops VDA installation wizard.
- After VDA installation is completed, use the Citrix Health Assistant to verify the VDA can communicate with the DeliveryControllers (Cloud Connectors).
2. Install the Provisioning Service Target Device.
3. Create the PVS image (vDisk image).
At this stage, we have one PVS Target Device. To create a VDA fleet, simply launch more VMs and create corresponding PVS Target Devices with properties set to match the VM’s MAC addresses and boot from this new vDisk image.
Figure 6 – Citrix Provisioning Services Target Devices.
Step 5: Creating a Machine Catalog and Delivery Group
There are different ways to create a Machine Catalog. In this post, we use Citrix Studio to import Citrix Provisioning Services target devices.
You can also export the provisioned devices to the Citrix Cloud Delivery Controller using the new Export Device Wizard, or the Citrix Virtual Apps and Desktops Setup Wizard from the PVS Console.
1. From the Citrix Cloud console, select Virtual Apps and Desktops, click Manage and Studio opens. Then, create a Hosting Connection/Zone and provide the SDDC vCenter URL and credentials.
Under Create virtual machines using, select Other tools.
Figure 7 – Creating a new connection.
2. Create a Machine Catalog and Delivery Group like you normally would with an on-premises install.
When prompted for PVS server address, enter the private IP address assigned to the VM from the SDDC subnet. Neither Public IP address nor NAT is required, as the Cloud Connectors provide the communication channel between Citrix Cloud and your resource locations on AWS.
Figure 8 – Available Citrix Provisioning device collections to be imported into Machine Catalog.
Here, we have created a Delivery Group of two machines with Autoscale enabled, a feature exclusive to Citrix Virtual Apps and Desktops service that allows you to scale up or down to match the workload demand and be more cost effective.
Figure 9 – Delivery Group viewed from the Virtual Apps and Desktops service console.
At this point, you should be able to navigate to the Citrix Workspace for your Citrix Cloud tenant, log in with appropriate credentials, and connect to the published applications or desktop.
Alternatively, you can deploy a pair of Citrix Application Delivery Controller (ADC) Gateways from AWS Marketplace for a more flexible configuration and full featured capability to proxy the HDX session to the VDA.
Running Citrix Virtual Apps and Desktops on VMware Cloud on AWS lets you use the same management tools and desktop images as on your on-premises VMware vSphere environment.
You can easily extend your Citrix workload to the cloud and take advantage of AWS on-demand delivery, global footprint, elasticity, and scalability to meet your business objectives.
- Instructions for Citrix on AWS accelerator
- Citrix on AWS reference architecture
- Citrix support statement
- Citrix Ready for VMware Cloud on AWS
- Citrix Ready VMware Blog
- Citrix Ready for AWS Directory Service for Microsoft Active Directory
- Citrix Ready for Amazon RDS for SQL Server
- Citrix Ready for Amazon FSx for Windows File Server
Citrix – APN Partner Spotlight
Citrix is an AWS Networking Competency Partner. They transform how businesses and IT work, and as an extension of their ongoing collaboration with Amazon, Citrix now delivers networking and desktop virtualization solutions on AWS.
*Already worked with Citrix? Rate the Partner
*To review an APN Partner, you must be an AWS customer that has worked with them directly on a project.