Add to collection(s) Add to saved
  1. No category
Uploaded by Adityyaa Kumar Pagadala

CXD-252-3I-en-StudentExerciseWorkbook-1-3-days-v01(1)

advertisement 
Education
Moving to the Citrix Virtual Apps and Desktops
Service on Citrix Cloud
Citrix Course: CXD-250-3I
Lab Manual
Version 2.22
PUBLISHED BY
Citrix Systems, Inc.
851 West Cypress Creek Road
Fort Lauderdale, Florida 33309 USA
http://www.citrix.com
Copyright © 2020 by Citrix Systems, Inc.
All rights reserved. Citrix, the Citrix logo are trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries,
and may be registered with the U.S. Patent and Trademark Office and in other countries. Citrix Virtual Apps and
Desktops, Citrix App Layering, Citrix Workspace Environment Management, and all other marks appearing herein
are the property of their respective owners.
Citrix Systems, Inc. (Citrix) makes no representations or warranties with respect to the content or use of this
publication. Citrix specifically disclaims any expressed or implied warranties, merchantability or fitness for any
particular purpose. Citrix reserves the right to make any changes in specifications and other information contained
in this publication without prior notice and without obligation to notify any person or entity of such revisions or
changes.
No part of the publication may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording or information storage and retrieval systems, for any purpose other
than the purchaser’s personal use, without express written permission of.
2
Credits
Title
Architect
Product Manager
Technical Solutions Developers
Name
Justin Apsley
Amit Ben-Chanoch
Anurag Sharma
Aseem Shaikh
Carsten Thue
Christopher McMillan
Edwin Villafana
Prabhjot Singh Bhatia
Craig Overmyer
Ryan Flowers
Rahul Mohandas
Instructional Designer
Graphic Designer
Publication Services
3
Contents
Credits ................................................................................................................................................................... 3
Lab Manual Overview ............................................................................................................................................. 6
Lab Environment Overview..................................................................................................................................... 7
Lab Access .............................................................................................................................................................. 9
Module 1: Introduction to Citrix Cloud.................................................................................................................. 11
Exercise 1-1: Log on to Citrix Cloud ................................................................................................................... 11
Exercise 1-2: Verify Identity and Access Management....................................................................................... 17
Exercise 1-3: Create and Download the Secure Client Key ................................................................................. 20
Exercise 1-4: Add a Full Administrator .............................................................................................................. 24
Exercise 1-5: Change Administrator Permissions ............................................................................................... 33
Module 2: Citrix Cloud Connectors........................................................................................................................ 38
Exercise 2-1: Install Cloud Connector ................................................................................................................ 38
Exercise 2-2: Test Cloud Connector ................................................................................................................... 46
Exercise 2-3: Disable Cloud Connector and Verify Service Outage ..................................................................... 51
Exercise 2-4: Silent Install for Citrix Cloud Connector ........................................................................................ 53
Exercise 2-5: Open Cloud Studio ....................................................................................................................... 63
Exercise 2-6: Secure XML Traffic on Cloud Connectors ...................................................................................... 66
Module 3: Introduction to Citrix Virtual Apps and Desktops Service ...................................................................... 78
Exercise 3-1: Create a Hosting Connection ........................................................................................................ 79
Exercise 3-2: Install Server OS VDA ................................................................................................................... 87
Exercise 3-3: Create a Server OS Catalog......................................................................................................... 104
Exercise 3-4: Test Server OS Catalog ............................................................................................................... 113
Exercise 3-5: Create Server OS Delivery Group for MCS Created Machines ...................................................... 117
Exercise 3-6: Assign Published Apps to Users .................................................................................................. 122
Exercise 3-7: Assign Published Desktops to Users............................................................................................ 126
Module 4: Manage the Virtual Apps and Desktops Service .................................................................................. 129
Exercise 4-1: Install and Configure the SDK ..................................................................................................... 129
Exercise 4-2: Communicate with Citrix Cloud API using the SDK ...................................................................... 136
Exercise 4-3: Create a Desktop OS Catalog using the SDK ................................................................................ 140
Exercise 4-4: Test a Desktop OS Catalog using the SDK.................................................................................... 154
Exercise 4-5: Create Desktop OS Delivery Group for SDK Created Machines .................................................... 155
Exercise 4-6: Create Access Policies for a Delivery Group using the SDK .......................................................... 157
Exercise 4-7: Enrolling a New Organization into WW Labs’ Citrix Cloud service................................................ 161
Exercise 4-8: Publish an Application to a User from a New Organization ......................................................... 172
Exercise 4-9: Create a Delegated Admin for the Citrix Virtual Apps and Desktops in Citrix Cloud...................... 175
Module 5: Provide Access in Citrix Cloud............................................................................................................. 182
Exercise 5-1: Test Citrix Cloud Workspace Experience ..................................................................................... 183
Exercise 5-2: Configure Citrix Workspace branding ......................................................................................... 190
Exercise 5-3: Verify Active Sessions are Connected via Citrix Cloud Connector ................................................ 197
Exercise 5-4: Configure On-Premises StoreFront ............................................................................................. 203
Exercise 5-5: Configure the Default Domain .................................................................................................... 211
Exercise 5-6: Configure StoreFront Store Branding .......................................................................................... 218
Exercise 5-7: Start Resources from On-Premises StoreFront............................................................................ 224
Exercise 5-8: Enable Remote Access to the On-Premises StoreFront ............................................................... 226
4
Exercise 5-9: Configure On-Premises Citrix ADC .............................................................................................. 234
Exercise 5-10: Customize On-Premises Citrix ADC Logon Point ........................................................................ 241
Exercise 5-11: Start Resources through On-Premises Citrix ADC ...................................................................... 245
Exercise 5-12: Configuring On-premises Citrix ADCs in Workspace Experience ................................................ 246
Exercise 5-13: Aggregate Cloud and On-premises Resources using On-premises StoreFront ............................ 255
Module 6: Operations and Support in Citrix Cloud .............................................................................................. 259
Exercise 6-1: Cloud Connector Session failover ............................................................................................... 259
Exercise 6-2: Cloud Connector Outage Monitoring .......................................................................................... 270
Exercise 6-3: Cloud Connector CDF tracing...................................................................................................... 274
Exercise 6-4: Monitor the Site with Cloud Director and Application Analytics .................................................. 280
Exercise 6-5: Determine hourly usage of VDAs ................................................................................................ 290
Module 7: Public Clouds ..................................................................................................................................... 298
Exercise 7-1: Complete a cost calculation on your preferred Cloud vendor...................................................... 298
Exercise 7-2: Configure Autoscale for Delivery Groups .................................................................................... 298
Module 8: On-Premises Migration to Citrix Virtual Apps and Desktops in Citrix Cloud.......................................... 309
Exercise 8-1: Re-register VDA Machines and add them to an Existing Catalog.................................................. 310
Exercise 8-2: Convert Studio Policies to AD Policies......................................................................................... 333
Exercise 8-3: Citrix Secure Browser Service ..................................................................................................... 341
5
Lab Manual Overview
Lab Exercises:
The exercises in this Lab Manual were developed for use with the CXD-250, Moving to the Citrix
Virtual Apps and Desktops Service on Citrix Cloud course. The virtual machines in this lab are
running on Windows Server 2016 and Windows 10 Desktop.
At the completion of these exercises, you will gain valuable hands-on experience in installing,
configuring, administering, and supporting Citrix Virtual Apps and Desktops on Citrix Cloud.
Lab Scenario:
WW Labs is a technology company whose infrastructure topology is centrally located in New
York City—referenced as NYC in the company naming convention. The CTO has received a trial
account for Citrix Virtual Apps and Desktops on Citrix Cloud and has requested the Citrix team
to compare functionality to the on-premises version of Citrix Virtual Apps and Desktops. The
Lead Citrix Architect has tasked the Citrix Administrator team to implement a Proof of Concept
(POC) to simulate the migration to Citrix Virtual Apps and Desktops on Citrix Cloud, utilizing the
current implementation of Active Directory, DHCP, and DNS.
The Lead Citrix Architect has designated a Microsoft Hyper-V host for the POC, and various
virtual machines have already been provisioned on this host to verify that the POC can be easily
implemented. The Lead Citrix Architect has instructed the Citrix Administrator team to meet the
following project goals with the Citrix Cloud POC:
 Verify Cloud Connector software and functionality including the ability to automate
installation.
 Create on-premises hosting connections and deploy on-premises machines using MCS.
 Validate the functionality of the Remote PowerShell SDK.
 Examine the functionality and features of a Citrix Cloud hosted Workspace.
 Integrate on-premises Citrix ADC and StoreFront with Citrix Cloud.
 Identify the manual steps involved in moving from an on-premises environment to Citrix
Cloud.
You are a Citrix Administrator on the WW Labs Citrix Administrator team and you have been
tasked to assist with the implementation of this POC.
6
Lab Environment Overview
SERVER LIST
Virtual Machine Name
NYC-ADS-001
NYC-SQL-001
NYC-FSR-001
NYC-VDC-001
NYC-STF-001
NYC-SRV-MST
NYC-SRV-001
NYC-SRV-002
NYC-SRV-003
NYC-CON-001
NYC-CON-002
NYC-WRK-001
NYC-WRK-002
NYC-ADC-001
IP Address
192.168.10.11
192.168.10.21
192.168.10.17
192.168.10.45
192.168.10.31
192.168.10.48
192.168.10.51
DHCP
DHCP
192.168.10.41
192.168.10.42
DHCP
192.168.10.52
192.168.10.100
Operating System
Windows Server 2016
Windows Server 2016
Windows Server 2016
Windows Server 2016
Windows Server 2016
Windows Server 2016
Windows Server 2016
Windows Server 2016
Windows Server 2016
Windows Server 2016
Windows Server 2016
Windows 10
Windows 10
12 Build 56.20
7
Description
Domain Controller, DNS, DHCP
SQL Server
File Server, Print Server
Delivery Controller XD 7.19
StoreFront 3.14
Windows 2016 Master Template
On-prem Server OS VDA 7.19
Server OS VDA – MCS Provisioned
Server OS VDA – MCS Provisioned
Cloud Connector
Cloud Connector
Desktop OS VDA 7.19
On-prem Desktop OS VDA 7.19
Citrix ADC
CREDENTIALS LIST
User Name
Workspacelab\Administrator
Password
Password1
Administrator
Citrix
Workspacelab\HR1
Workspacelab\Engineer1
Workspacelab\Marketing1
Workspacelab\XDAdmin
Workspacelab\HDAdmin
Nsroot
Password1
Password1
Password1
Password1
Password1
Password1
Password1
nsroot
Description
Domain Administrator
(workspacelab.com)
Local (non-domain) user
Local (non-domain) user
HR user
Engineering user
Domain User
Virtual Desktops Admin
License Administrator
Citrix ADC superuser
The credentials required to connect to the environment and complete the lab exercises are
shown within the step-by-step instructions.
As Citrix Cloud is a SaaS offering, product updates and hotfixes are continuously implemented.
As a result, you may notice procedures are different from those described in the step-by-step
instructions, and screenshots differ from what you see on your screen.
8
Lab Access
Once connected to the NYC-HYP-101 Desktop, start both the lab management consoles:
Remote Desktop Connection Manager and Hyper-V Manager as shown in the example below.
The icon to start Remote Desktop Connection Manager is named CXD-250.rdg and the icon to
start Hyper-V is Hyper-V Manager.
You will primarily use Remote Desktop Connection Manager to log on and interact with your
virtual lab machines. You will primarily use Hyper-V Manager to manage the power state of the
virtual machines and manage the mounting and un-mounting of ISOs used in installations.
Remote Desktop Connection Manager is pre-configured with the credentials required for this
lab.
9
To select alternate credentials for a specific machine, right-click the machine and select
Connect server as, as shown in the example below.
10
Module 1: Introduction to Citrix Cloud
Overview:
The module presents a high-level overview of the Citrix Cloud control plane. The control plane
is where we administer the Citrix Cloud hosted components and configure the integration with
the resources that are hosted on-premises or in a public cloud. The control plane can be
accessed using the webpage https://citrix.cloud.com. We will be focusing on logging in with the
Citrix provided credentials, verifying how to create an Active Directory association, creating and
downloading a Secure Client Key for future SDK integration, and lastly how to add a new
administrator to the Citrix Cloud control plane. Throughout these exercises, we will assume the
role of a Citrix Administrator that is in the process of implementing a POC at WW Labs.
Before you begin:
Estimated time to complete Module 1 lab exercises: 30 minutes
Exercise 1-1: Log on to Citrix Cloud
Scenario:
You are a Citrix Administrator for your company, WW Labs. Your CIO has received a trial
account for Citrix Cloud and he has tasked you to investigate how the Citrix Cloud web page
works and how all the different menus can benefit WW Labs.
Your Lead Citrix Architect has pointed out that there is an option to upload a custom logo
within the control plane. You decide to test this feature while you are navigating the control
plane.
Step
1.
Action
The following VMs are required before beginning the exercises for this Module; all others may be
powered down.
To power manage your VMs, switch to Hyper-V Manager, right-click the VM in the left pane, and
select Start or Shut Down.
2.
• NYC-ADS-001
• NYC-FSR-001
• NYC-SQL-001
• NYC-SRV-MST
• NYC-WRK-001
Click the Google Chrome icon on the taskbar of Student Desktop (NYC-HYP-101).
3.
Type https://citrix.cloud.com in the Address bar of Google Chrome.
11
4.
Note: The URLs https://citrix.cloud.com and https://cloud.citrix.com can be used interchangeably.
Both URLs redirect to the Citrix Cloud sign-in page. Also, when you browse using HTTP instead of
HTTPS, you will be redirected to the secure site, which is https://citrix.cloud.com.
Type your Citrix Cloud Credentials.
Enable the Remember me checkbox and click Sign In.
5.
6.
Note: The Citrix Cloud Credentials for your lab environment will differ from those shown.
A dialog box will appear at the top-right of the webpage, asking Do you want Google Chrome to save
your password for this site? Click Save.
Note: We select to remember the credentials on the Student Desktop only for the purpose of this lab.
Do not save the credentials of your Citrix Cloud account on shared machines.
If a Sign in prompt appears, click No thanks to continue without signing into Chrome.
12
7.
8.
The first-time logon to a Citrix Cloud account requires you to accept the Terms of Service.
Select the checkbox I have read, understand, and agree to the Terms of Service and click Continue.
Note: Ignore this step if you do not receive this prompt.
On the Welcome to Citrix Cloud window, click X.
Note: Ignore this step if you do not receive this prompt.
13
9.
Click X on the Select the help menu (?) and Getting Started Guide… prompt, located on the upperright hand corner.
Note: You can review the Getting Started Guide at a later time by selecting the ? button on the upperright-hand corner.
Note: Ignore this step if you do not receive this prompt.
10. After signing in, the home page of Citrix Cloud shows Zero Library Offerings, One Resource Location,
Zero Domains, Zero Notifications and Zero Open Tickets by default.
Note:
Library Offerings: Published resources configured in a cloud service (for example, the applications or
desktops delivered by a Delivery Group in Citrix Virtual Apps and Desktops) are assigned to Active
Directory Users or Groups through Library Offerings.
Resource Locations: Customers use Resource Locations to define the places that contain their
resources. These resources are all within a defined communication/network boundary, where access
is available to them from the Citrix Cloud and to any other customer infrastructure required to
operate. Connection to the Citrix Cloud is via the Citrix Cloud Connector.
Domains: These are the list of Active Directory domains that can communicate with Citrix Cloud.
Notifications: Notifications provide information to administrators about issues that might be of
interest to them. These notifications showcase any new features in Citrix Cloud or alert you to
problems with your deployments. Notifications can come from any service within Citrix Cloud.
Open Tickets: This allows the customer to raise or track a support ticket with the Citrix Cloud support
team.
11. The top-right area of the web page shows the User name and the OrgID of the customer.
Note: Each student will have a unique set of cloud credentials, so the screenshots represented in this
manual will not look identical to what you see in your lab.
12. The four icons adjacent to the User name are typically referenced as the Control Center, starting from
the left. The icons provide access to Feedback and support, What’s new in Citrix Cloud, Notifications,
and Help.
14
Note: The Announcement Icon may look different in your lab if Citrix Cloud has released recent
announcements.
13. Click the down arrow next to the User name.
Select Account Settings.
14. The Account Settings page shows Company Account, My Profile, and Orders that have been placed by
the customer.
By default, the Account Settings page opens on the Company Account tab.
15
15. On the Company Account page, click the browse icon to pick a logo.
16. Navigate to \\Nyc-fsr-001\Resources\Workspace Configuration, select Customer_Logo.png, and click
Open.
17. On the top left, click Citrix Cloud to return to the homepage.
16
18. Refer to the middle of the home page for Citrix Cloud. My Services shows the services currently
subscribed to this account.
Currently, this account has Gateway, Secure Browser, Smart Tools, Virtual Apps and Desktops, and
Workspace Environment Management subscribed.
Key Takeaways:
•
•
•
Either https://citrix.cloud.com or https://cloud.citrix.com can be used to sign in to Citrix
Cloud. Both URLs redirect to the Citrix Cloud sign-in page.
A resource location corresponds to a data center where the workloads (VDA machines)
reside.
Library Offerings provide an alternate way to assign applications or desktops to domain
users. In a legacy Citrix Virtual Apps and Desktops on-premises deployment, this was
done using Delivery Groups. In Citrix Virtual Apps and Desktops Cloud Service model,
administrators have an option to either use Delivery Groups or manage published
resources via Library offerings.
Exercise 1-2: Verify Identity and Access Management
Scenario:
You are a Citrix Administrator for your company, WW Labs. You have been tasked with
investigating the options for integrating Citrix Cloud with WW Labs Active Directory. The WW
Labs enterprise administrator has explained to you that while Azure AD may be in the plans for
the future, during the POC, WW Labs’ on-premises Active Directory will be used.
Step
Action
17
1.
At the top left of the Citrix Cloud page, click the Fly-out menu.
2.
Select Identity and Access Management.
3.
Note: Identity and Access Management defines the accounts used for the administration of Citrix
Cloud services. It also defines the domains to which the resources are published.
Select the Domains tab on the Identity and Access Management page.
18
4.
5.
6.
Validate that the Domains tab has no domains listed and provides an option to download a Cloud
Connector.
Note: A Citrix Cloud Connector is a Citrix component that is installed to facilitate the administration
and control of a Resource Location from Citrix Cloud. If this Citrix Cloud account were integrated with
a domain, then the domain name would be listed here along with the name of Citrix Cloud Connector
machine.
Click the Authentication tab on the Identity and Access Management page.
Verify this account has no integration with Azure AD and administrators use a general sign-in URL
(https://citrix.cloud.com) to sign in.
19
7.
Note: This is the location from where administrators can integrate Azure Active Directory with Citrix
Cloud.
Click Citrix Cloud on the top left to return to the homepage.
Key Takeaways:
•
•
•
Identity and Access Management defines the accounts used for the administration of
Citrix Cloud Services. It also defines the domains to which the resources are published.
There are two sets of identities for Citrix Cloud:
o Administrators
o Subscribers
Microsoft Azure AD can be integrated with Citrix Cloud Sign in to facilitate multifactor
authentication and self-service password provisioning.
Exercise 1-3: Create and Download the Secure Client Key
Scenario:
You are a Citrix Administrator for your company, WW Labs. You have been tasked with
investigating the security mechanism behind integrating the Remote PowerShell SDK. You have
learned that you need to enable API Access and download a Client Key, then in a later exercise
you will install the Remote PowerShell SDK using this Client Key and use the SDK as an
alternative to Citrix Cloud Studio for administrative tasks.
20
Step
1.
Action
At the top left of the Citrix Cloud page, click the Fly-out menu.
2.
Select Identity and Access Management.
3.
Click API Access to create a secure client.
21
4.
Note: Secure clients can be used to authenticate with the Citrix Cloud APIs and manage the cloud
services. This enables administrators to create fully automated scripts and scheduled tasks.
Type Remote-SDK in the Name your Secure Client box and click Create Client.
5.
Once the ID and Secret have been created successfully, click Download.
Note: A file secureclient.csv is downloaded on the Student Desktop. The file is saved in
C:\Users\localuser\Downloads by default.
6.
7.
Note: The ID and secret contained within the secureclient.csv must be kept safe. These two attributes
are sufficient to gain full access to the cloud service instance, so these must be stored safely.
Click the File Explorer icon on the taskbar of the Student Desktop and navigate to
C:\Users\ctxadmin\Downloads.
Right-click secureclient.csv and select Edit with Notepad++.
22
8.
Verify the three important entries stored within a secureclient.csv file.
Name: Name assigned at the time of creating a secure client.
Client Id: Highlighted in blue. This is the unique ID associated to the name of a secure client.
Client Secret: Highlighted in orange. This secret is used along with Client ID to authenticate with Citrix
Cloud via PowerShell SDK.
9.
Note: In the secureclient.csv make sure there are no quotation marks [“”] present. Remove all the
quotation marks [“”] if present.
Click X to close Notepad++.
Again, click X to close File Explorer.
10. On the Google Chrome browser, click Close on the ID and Secret have been created successfully
window.
23
11. Click Citrix Cloud on the top left to return to the homepage.
Key Takeaways:
•
•
•
For automation purposes, the Virtual Apps and Desktops Citrix Cloud service can be
accessed via a Cloud API.
Any Desktop or Server OS machine with Windows PowerShell 3.0 installed can be used
to install Virtual Apps and Desktops Remote PowerShell SDKs.
The secureclient.csv file contains the Name, ID, and Secret used to authenticate with
Citrix Cloud. This information must be kept classified to help to enable security.
Exercise 1-4: Add a Full Administrator
Scenario:
You are a Citrix Administrator for your company, WW Labs. Your Lead Citrix Architect has
expressed concerns that currently the company only has one set of administrative credentials
for Citrix Cloud. He has tasked you to investigate how to add additional administrators to the
Citrix Cloud control plane.
Step
1.
2.
Action
Minimize the student desktop and on the local machine open Google Chrome web browser.
Type https://citrix.cloud.com in the Address bar of Google Chrome.
24
3.
Type your Citrix Cloud Credentials.
Enable the Remember me checkbox and click Sign In.
4.
Note: The Citrix Cloud Credentials for your lab environment will differ from those shown.
A dialog box will appear at the top-right of the webpage, asking Do you want Google Chrome to save
your password for this site? Click Never.
5.
If a Sign in prompt appears, click No thanks to continue without signing into Chrome.
25
6.
7.
8.
The first-time logon to a Citrix Cloud account requires you to accept the Terms of Service.
Select the checkbox I have read, understand, and agree to the Terms of Service and click Continue.
Note: Ignore this step if you do not receive this prompt.
On the Welcome to Citrix Cloud window, click X.
Note: Ignore this step if you do not receive this prompt.
Click X on the Select the help menu (?) and Getting Started Guide… prompt, located on the upperright hand corner.
26
Note: You can review the Getting Started Guide at a later time by selecting the ? button on the upperright-hand corner.
9.
Note: Ignore this step if you do not receive this prompt.
At the top left of the Citrix Cloud page, click the Fly-out menu.
10. Select Identity and Access Management.
11. Click the Administrators tab on the Identity and Access Management page.
27
Note: The Administrators tab shows all the current administrators along with an option to invite new
administrators.
12. Click the drop-down arrow and select Citrix Identity.
13. Type any email ID in the Email Address box and click Invite.
Use an email ID that is associated with training.citrix.com (MyCitrix).
14. On the dialog box that appears, verify that Full access is selected.
Click Send Invite.
28
Note: The screenshot above will not be identical to the one students will see in their lab.
15. Verify that the Status shows as Invite Sent.
Note: The screenshot above will not be identical to the one students will see in their lab.
16. Start Internet Explorer from the taskbar on the Student Desktop.
Log in to the web portal for the Email ID used in step 13 and open the email sent from Citrix Cloud.
Note: Do not use Google Chrome to open the email invite for Citrix Cloud because you are already
logged in to Citrix Cloud with another account in the Chrome browser.
29
Note: Accessing your personal email account may vary per email service.
17. Open the email you received and click Sign In.
Note: The email link has a reference for the customer account from which the invite has been sent.
This link can only be used once and expires thereafter.
18. After clicking the Sign-in, you will see the below screen.
30
Click Sign-in.
Note: If the account asked for the 6 digit passcode, wait for a few minutes to get the passcode via
email.
19. In the inbox of your email account, verify you received the second email from Citrix Cloud with a
subject line – Get Started with Citrix Cloud.
Open this email and click Sign In to Get Started.
31
Note: Verify that the link opens in Internet Explorer instead of Google Chrome because you might
already be signed in to Citrix Cloud with the Google Chrome browser.
20. Once you are redirected to the Citrix Cloud sign-in page, log on using the newly created account.
Note: This new user has the same level of access as the Full Administrator.
Note: The Citrix Cloud webpage may have a different look and feel in Internet Explorer and Firefox
compared to Google Chrome. Google Chrome is currently the best browser for working with Citrix
Cloud.
21. On the Welcome to Citrix Cloud prompt, click X.
Note: Ignore this step if you do not receive this prompt.
22. Browse through the different pages and tabs to validate that the new administrator has access to all
features and options.
Log off the Citrix Cloud Site.
On the top-right of the Citrix Cloud webpage click the drop-down arrow next to user name and select
Sign Out.
23. Click X to close the Internet Explorer browser.
32
When prompted Do you want to close all tabs or the current tab, select Close all tabs.
Key Takeaways:
•
•
Inviting a new administrator is a two-step process:
o The existing administrator sends an invite to a new administrator using Identity
and Access Management.
o If the new administrator already had a Citrix Cloud account, then he uses the
same credentials. If the new administrator does not have a Citrix Cloud account,
he creates a password to sign in.
If an administrator account has been successfully created, the status of the account will
show as Active. If an administrator account has not been created, then the status will
show as Invite Sent.
Exercise 1-5: Change Administrator Permissions
Scenario:
You are a Citrix Administrator for your company, WW Labs. Your Lead Citrix Architect noticed a
Citrix Blogs post that highlighted that it is now possible to change administrator permissions
within Citrix Cloud. You have been tasked to investigate how granular the permissions can be
set.
Step
1.
Action
Inside the student desktop at the top left of the Citrix Cloud page in Google Chrome, click the Fly-out
menu.
33
2.
Note: Verify that you are signed in with the Citrix Cloud credentials that were provided along with this
course. You should not be signed in with the credentials created in Exercise 1-4.
Select Identity and Access Management.
3.
Click the Administrators tab on the Identity and Access Management page.
4.
Verify that you now have two administrators listed with Full access.
34
Workspacelab@outlook.com
You@email.domain
5.
Locate the administrator account you created in exercise 1-4, click the three dots on the right side in
the row correlating to your personal email address.
6.
7.
Click Edit Access on the drop-down to change the administrator’s privileges.
On the Edit Access page, select the Custom access radio button to change the administrator from a
Full administrator.
In the General Management section, select Resource Location to provide access to only this service
for this administrator. Leave the other items in this section un-selected.
In the Virtual Apps and Desktops section, select Delivery Group Administrator, All, Host
Administrator, All, and Machine Catalog Administrator, All to provide access to these services for this
administrator.
35
8.
At the top of the page, click Save to accept the changes.
9.
Confirm that Admin access successfully updated, then click the backwards arrow to exit the page.
10. On the Identity and Access Management page, navigate to the Administrators tab and verify that you
now have a Full and a Custom administrator.
11. Open Internet Explorer from the taskbar and browse to the Citrix Cloud Sign-in page by typing
Cloud.citrix.com, then log on using the newly created account.
Type the User name and Password created in exercise 1-4 and click Sign In.
36
Note: This user now has a custom level of access.
12. Browse through the different pages and tabs to validate the permissions assigned to the custom
administrator.
13. Log off the Citrix Cloud Site.
On the top-right of the Citrix Cloud webpage click the drop-down arrow next to user name and select
Sign Out.
14. Click X to close the Internet Explorer browser.
If prompted Do you want to close all tabs or the current tab, select Close all tabs.
Key Takeaways:
•
•
Currently, new administrator accounts added to Citrix Cloud can be created as full or
custom administrators.
After creating an administrator, the privileges assigned can be altered.
37
Currently, a delegated administrator can be assigned to several roles depending on the
level of access and permissions to various cloud services are desired.
•
Module 2: Citrix Cloud Connectors
Overview:
The module presents the concept of Citrix Cloud Connectors and the role they play integrating
on-premises resources into the Citrix Cloud control plane. Cloud Connectors act as a proxy
between Citrix Cloud and resources defined in Resource Locations, allowing for Active Directory
lookup, VDA registration, hypervisor integration and much more.
Before you begin:
Estimated time to complete Module 2 lab exercises: 50 minutes
Exercise 2-1: Install Cloud Connector
Scenario:
You are a Citrix Administrator for your company, WW Labs. You have been tasked with
deploying the first Citrix Cloud Connector in the POC. For this purpose, a virtual machine has
already been created for you. Your job is to download and install the Cloud Connector on NYCCON-001 and verify that the Connector registers with the Citrix Cloud control plane. For the
time being, you will only deploy one Cloud Connector; in a later exercise, you will deploy one
additional Cloud Connector via command line to achieve redundancy and high availability.
Step
1.
Action
The following VMs are required before beginning the exercises for this Module; all others may be
powered down.
To power manage your VMs, switch to Hyper-V Manager, right-click the VM in the left pane and select
Start or Shut Down.
2.
• NYC-ADS-001
• NYC-CON-001
• NYC-CON-002
• NYC-FSR-001
• NYC-SQL-001
• NYC-SRV-MST
• NYC-WRK-001
Using the VMs.rdg named icon on the Student Desktop, start Remote Desktop Connection Manager.
38
3.
Note: The Remote Desktop Connection Manager is the primary management console used to log on
and interact with the virtual machines of the lab environment. Throughout the rest of the course, the
lab manual will reference the named icon above as Remote Desktop Connection Manager.
Using Remote Desktop Connection Manager, connect to NYC-CON-001.
To log on to NYC-CON-001, right-click this machine and select Connect server.
Note: The following credentials are used to make the connection:
User Name: WORKSPACELAB\Administrator
Password: Password1.
Click the Internet Explorer icon on the taskbar of NYC-CON-001.
4.
5.
Type https://citrix.cloud.com in the Address bar of Internet Explorer.
6.
Type your Citrix Cloud credentials, then click Sign In.
7.
Note: Ensure you are using the original Full Administrator credentials to sign in.
Click the Add New button below the Domains icon.
8.
Confirm that you are redirected to the Domains tab on the Identity and Access Management page.
Click the Download button to download the Citrix Cloud Connector and add the on-premises domain
to your Virtual Apps and Desktops.
39
9.
Note: A Citrix Cloud Connector is a Citrix component that is installed to facilitate the administration
and control of Resource Locations from Citrix Cloud.
On the dialog box at the bottom of the webpage, it asks Do you want to run or save cwcconnector.exe
from downloads.cloud.com? Click Save.
10. Wait for the download to complete and then click Open folder.
Notice that the installer is saved in the Downloads folder. We will use this installer again in a later
exercise.
11. Double-click cwcconnector.exe to run the installer.
Note: The Citrix Cloud Connector Setup requires Microsoft .NET Framework 4.7.2 to be installed. To
save time, it is already installed on NYC-CON-001 and NYC-CON-002(Cloud Connector will be installed
on NYC-CON-002 in a later exercise)
12. After an initial connectivity check to Citrix Cloud, the installer prompts you to sign in.
Click Sign In.
40
Note: You will not be required to enter credentials as you have previously signed in using Internet
Explorer. However, if you are prompted to do so, use the provided Citrix Cloud credentials.
13. The installation begins, and after the components are installed, the installer will test service
connectivity with Citrix Cloud. The installation and connectivity tests may take 2-3 minutes to
complete.
41
Note: The NYC-CON-001 machine may restart as part of the Cloud Connector installation process.
In case the machine restarts, switch to the Student Desktop (NYC-HYP-101), in Hyper-V Manager
double-click NYC-CON-001 to observe the restart process. When the restart has completed, proceed
to the next step.
14. On the machine NYC-CON-001, switch back to Internet Explorer.
On the Citrix Cloud portal page, click the browser’s refresh button, then under Domain, click the Add
New button.
42
Note: You had previously logged into Citrix Cloud console. If you closed Internet Explorer or signed
out, start the Internet Explorer browser and type https://citrix.cloud.com in the Address bar. Sign in
using your cloud credentials.
15. Confirm that the Domains tab shows Forest: workspacelab.com.
Note: If it takes a long time to display this information, click Refresh again.
Note: Notice the warning sign to install another Cloud Connector server to ensure high availability. It
is a best practice but not mandatory to have multiple Cloud Connector servers, and all features of
Citrix Cloud can be used with a single Connector as well. In a later lab exercise, we install the second
Cloud Connector server through the command line.
16. On top-right of the Citrix Cloud webpage click the drop-down arrow next to user name and select Sign
Out.
43
17. Click X to close the Internet Explorer browser.
18. Right-click the Start menu, then click Run.
19. Type services.msc and click OK.
20. Locate all services starting with Citrix.
44
21. Click the File Explorer on the taskbar and browse to
%ProgramData%\Citrix\WorkspaceCloud\InstallLogs.
Note: If you do not see the %ProgramData% directory by default, then enable the Hidden items option
under the View menu bar for Windows Explorer.
22. Verify that the log files corresponding to all the services are present in this directory.
Click X to close the File Explorer window.
Click X to close the Services window.
23. Log off NYC-CON-001.
To log-off, right-click Start, select Shut down or sign out, then select Sign out.
45
Key Takeaways:
•
•
•
•
A Citrix Cloud Connector is a Citrix component that is installed to facilitate the
administration and control of Resource Locations from Citrix Cloud.
The Cloud Connector needs to be installed on a Windows 2012 R2, Windows 2016, or
Windows 2019 server that is domain-joined.
After the installation of Cloud Connector, the install logs can be found at the following
consolidated location: %ProgramData%\Citrix\WorkspaceCloud\InstallLogs.
The servers on which Citrix Cloud Connector is installed must be able to communicate
with the Internet.
Exercise 2-2: Test Cloud Connector
Scenario:
After installing the Citrix Cloud Connector, your Lead Citrix Architect has tasked you to prove
that the Cloud Connector is reachable from the Citrix Cloud control plane and that
communication is flowing between the on-premises datacenter and Citrix Cloud. Since there
are currently no VDA machines deployed, you decide to investigate the Active Directory
connection.
Step
1.
Action
Using the Google Chrome browser on the Student Desktop, confirm you are still connected to the
Citrix Cloud home page.
If you are on some other page of the cloud console, click Citrix Cloud to return to the Citrix Cloud
home page.
46
3.
Note: In a previous exercise, you had logged into Citrix Cloud console. If you closed Google Chrome
or signed out, Start Google Chrome browser and type https://citrix.cloud.com in the Address bar.
Sign in using your cloud credentials.
At the top left of the Citrix Cloud page, click the Fly-out menu.
4.
Select Identity and Access Management.
47
5.
Click the Domains tab on the Identity and Access Management page.
6.
Workspacelab.com is now listed as a forest. This validates that this Citrix Cloud account is now
integrated with workspacelab.com via a Citrix Cloud Connector.
Click the arrow on the right of workspacelab.com.
7.
Review the Forest Name and Functional Level of the Active Directory forest. The updated
information in the Citrix Cloud account again proves successful communication between the Citrix
Cloud and the Active Directory domain via the Cloud Connector.
8.
Click Show details under 1 Resource Location at the bottom of the screen.
Validate nyc-con-001.workspacelab.com is reflected under My Resource Location.
This is the name of the Cloud Connector server configured in the previous exercise. Do not close the
Google Chrome browser.
48
9.
Using the Remote Desktop Connection Manager, connect to NYC-CON-001.
To log on to NYC-CON-001, right-click this machine and select Connect server.
10.
11.
12.
13.
14.
15.
16.
17.
Note: The following credentials are used to make the connection: user name:
WORKSPACELAB\Administrator with Password1 as the password.
Right-click the Start menu, click Run and type services.msc. Click OK.
Select Citrix Cloud Agent Services Agent WatchDog, right-click and select Restart.
Right-click the Start menu icon and open Event Viewer. Navigate to Event Viewer > Windows Logs >
Application.
Locate event ID 10000 from Citrix.CloudServices.AgentWatchDog.
Note: Event ID 10000 is not reported immediately after the restart of Citrix Cloud Agent WatchDog
Service. It takes about 2 minutes for this event message to be recorded in the event logs.
Details of this log message inform that AgentWatchDog successfully connected to the messaging
service hosted in Citrix Cloud. This validates that the Cloud Connector service is successfully
communicating with the cloud-hosted Citrix Virtual Apps and Desktops environment.
Click X to close the Event Viewer.
Click X to close the Services window.
Click File Explorer on the taskbar and browse to
%ProgramData%\Citrix\WorkspaceCloud\logs\InProgress.
Verify that the operational log files for Citrix Cloud Connector are written in this directory.
49
Note: The plugins folder has operational logs for each service. These logs are uploaded to Citrix
Cloud and analyzed using tools like SumoLogic to monitor the health of the environment.
18.
Click X to close the File Explorer window.
Log off NYC-CON-001.
To log off, right-click Start, select Shut down or sign out, then select Sign out.
Key Takeaways:
•
•
•
•
The Citrix Cloud Connector has a service-based architecture.
All the on-premises components like the VDA machines, on-premises StoreFront, and
on-premises Citrix ADC communicate with the Citrix Connector server, which encrypts
and proxies the traffic to the cloud-hosted Citrix Virtual Apps and Desktops
environment.
All communications between the Cloud Connector and Citrix Cloud are outbound. No
inbound connections are required. All connections use the standard HTTPS port (443)
and the TCP protocol.
The operational logs of Cloud Connector are stored at
‘C:\ProgramData\Citrix\WorkspaceCloud\Logs’.
50
Exercise 2-3: Disable Cloud Connector and Verify Service
Outage
Scenario:
WW Labs Lead Citrix Architect has tasked you to investigate the need for high availability for
the Cloud Connector role and how long it takes for Cloud Connector to re-negotiate with Citrix
Cloud after a catastrophic failure. You decide to test this by shutting down Cloud Connector and
investigating the control plane during the simulated outage.
Step
1.
Action
On the Student Desktop (NYC-HYP-101), switch to Hyper-V Manager.
In Hyper-V Manager, right-click the NYC-CON-001 virtual machine in the left pane and select Shut
Down.
2.
Switch back to the Google Chrome browser on the Student Desktop and click Refresh under the
Domain tab.
3.
Validate that the domain workspacelab.com is no longer reachable.
4.
Click the arrow next to workspacelab.com to review the details and validate that Citrix Cloud is unable
to find this domain.
51
5.
On the Student Desktop, switch to Hyper-V Manager.
In Hyper-V Manager, right-click the NYC-CON-001 virtual machine in the left pane and select Start.
6.
7.
Wait for a few minutes to allow NYC-CON-001 to start.
Switch back to the Google Chrome browser on the Student Desktop.
Click Refresh under the Domain tab.
.
8.
Note: If clicking Refresh does not change the status of the domain to reachable, Cloud Connector has
not fully booted yet. Wait 2 minutes and click Refresh again.
The workspacelab.com domain is now accessible again; this means that the Cloud Connector is online
and connectivity between the cloud service and resource location has been restored.
52
Note: If the domain is not accessible, then wait for 2 minutes and click Refresh again.
Key Takeaways:
Citrix Cloud Connectors must always be installed in pairs to provide high availability.
In case the Cloud Connector servers are not available, then the following activities
cannot be performed:
o Active Directory operations for your resource location
o Publishing resources from your resource location
o Provisioning new machines in your resource location
Existing HDX connections are not interrupted in case of loss of communication between
Citrix Cloud and the Cloud Connector servers.
•
•
•
Exercise 2-4: Silent Install for Citrix Cloud Connector
Scenario:
Based on your reported findings from the previous exercise, the Lead Citrix Architect has
decided to follow leading practices and deploy an additional Cloud Connector. However, the
architect has tasked you with investigating how the installation can be completed using the
command line. This will allow WW Labs to automate future deployments. A virtual machine
called NYC-CON-002 has already been provisioned for this task.
Step
1.
Action
Using the Remote Desktop Connection Manager, connect to NYC-CON-002.
To log on to NYC-CON-002, right-click this machine and select Connect server.
2.
Note: The following credentials are used to make the connection: user name:
WORKSPACELAB\Administrator with Password1 as the password.
Click the File Explorer icon on the taskbar of NYC-CON-002.
53
3.
4.
Navigate to:
\\nyc-con-001\C$\Users\administrator.WORKSPACELAB\Downloads
Right-click cwcconnector.exe and select Copy.
5.
Now browse to the C: drive of NYC-CON-002 and paste cwcconnector application.
Select This PC from the left pane in File Explorer and browse to Local Disk (C:).
6.
Right-click and select Paste.
54
7.
8.
Click X to close the File Explorer window.
Click Start and select Windows PowerShell ISE from the Start menu.
9.
Using the Google Chrome browser on the Student Desktop, confirm that you are still connected to
the Citrix Cloud home page.
At the top left of the Citrix Cloud page, click the Fly-out menu.
10.
55
11.
Select Identity and Access Management.
12.
Identify your Citrix Cloud customer name; this name can be found by on the Identity and Access
Management > API Access web page.
Note: This is just an example. The customer ID in your lab environment will be different.
56
13.
Return to NYC-CON-002 and the PowerShell ISE window, and type the following command to start the
installation of Cloud Connector. Substitute Account Name with the unique name noted in the
previous step.
C:\cwcconnector.exe /q /customer: "Customer ID" /AcceptTermsofservice: “True”
Press Enter.
14.
Note: The Customer ID is displayed on the Identity and Access Management > API Access web page.
Once the command is executed successfully, right-click the Start menu and select Programs and
Features.
Validate that the Citrix Cloud Connector software is not installed.
15.
In File Explorer, navigate to %LOCALAPPDATA%\Temp\CitrixLogs\CloudServicesSetup and open the
installation log file.
In the Notepad window, click Edit > Find and search for exit code.
The line above the exit code shows the reason for the installation failure. The installation failed
because the ClientSecret and CustomerName attributes are missing.
16.
Note: For a silent install of CWCCloudconnector.exe, the following arguments must be supplied in the
command line:
• Customer
• ClientId
• ClientSecret
• AcceptTermsOfService:true
A couple of additional parameters are needed to complete the silent installation of the Cloud
Connector role.
On the Student Desktop, open Notepad and collect the required parameter details.
Steps to locate unique parameter values are as follows:
Customer ID: Customer ID is displayed on the API Access page of Citrix Cloud webpage.
57
ClientId: Open the secureclient.csv file downloaded in exercise 1-3 using Notepad++, second attribute
is the Client ID. This file is saved in the Downloads folder on the Student Desktop.
ClientSecret: Open the secureclient.csv file downloaded in exercise 1-3 using Notepad++, third
attribute is the Client Secret.
ResourceLocationId: From Google Chrome on Student Desktop, the resource location ID can be
verified on the Resource Locations page next to the ID button. Click ID to display the
ResourceLocaitonId.
Note: If you see the Citrix Cloud Connector download prompt while finding the ResourceLocationId,
click No thanks, skip for now to view resource location information.
17.
Using the additional parameters, install Citrix Cloud Connector using the following command line
switches in PowerShell ISE on NYC-CON-002:
C:\CWCConnector.exe /q /Customer:"Customer ID" /ClientId:"Unique"
/clientSecret:"Unique" /ResourceLocationId:"Unique" /AcceptTermsOfService:true
58
Press Enter.
18.
Note: If the command is correct, the installation of Citrix Cloud Connector takes approximately 3
minutes. There is no feedback in the PowerShell window if the installation parameters are correct or
when the installation is complete.
Once the command is executed successfully, right-click the Start menu and select Programs and
Features.
Verify that the Cloud Connector is successfully installed.
Note: Installation is still running in the background and is evident by looking at the Services console. It
takes approximately 5 minutes for all the services to initialize successfully.
19.
Click X to close the File Explorer window.
Click X to close the Programs and Features window.
Click X to close the Notepad window. If prompted to save changes to Untitled, click Don’t Save.
Click X to close the PowerShell ISE window. If prompted to save the Untitled.ps1 file, click No.
Log off NYC-CON-002.
To log off, right-click Start > select Shut down or sign out > and click Sign out.
59
20.
Switch back to Google Chrome on the Student Desktop and click Citrix Cloud on the top left to return
to the Home page.
21.
At the top left of the Citrix Cloud page, click the Fly-out menu.
22.
Select Resource Locations.
60
23.
Validate that two Cloud Connectors are now listed under My Resource Location:
•
•
24.
nyc-con-001.workspacelab.com
nyc-con-002.workspacelab.com
Note: If you see the Citrix Cloud Connector download prompt, click No thanks, skip for now to view
resource location information.
Click the 2 Cloud Connectors tile under My Resource Location to verify that both Cloud Connectors
are listed.
61
25.
26.
At the top left of the Citrix Cloud page, click the Fly-out menu and select Resource Locations.
Click the … button next to My Resource Location and select Rename.
27.
Change the name from My Resource Location to New York Data Center and click Save.
62
Key Takeaways:
Installation logs for Cloud Connectors can be found here:
%LOCALAPPDATA%\Temp\CitrixLogs\CloudServicesSetup
Alternatively, they can be found within the following consolidated location, after
installation: %ProgramData%\Citrix\WorkspaceCloud\InstallLogs
Each exit code seen in the log has a different meaning. Exit Code details:
o 1603 - An unexpected error occurred.
o 2 - A prerequisite check failed.
o 0 - Installation completed successfully.
•
•
•
Exercise 2-5: Open Cloud Studio
Scenario:
Your Lead Citrix Architect has tasked you to investigate how the Citrix Cloud control plane
works as it regards to administering the solution. They are already familiar with the onpremises version of Citrix Studio, so they are curious to know how the Citrix Cloud hosted
administration console will look, how it is accessed, and how it is different than what WW Labs
is currently using.
Step
1.
2.
Action
At the top left of the Citrix Cloud page, click the Fly-out menu.
Click the drop-down button on My Services and select Virtual Apps and Desktops.
63
3.
On the Virtual Apps and Desktops Service home page, click the Manage drop-down and select Full
Configuration.
4.
Wait for Citrix Studio to appear.
64
5.
This is a published instance of Citrix Studio being launched inside the browser using Citrix HTML5
Workspace App.
In the left pane of Citrix Studio, click Zones.
6.
On the Welcome page for Zones, click Close.
7.
Validate that both Cloud Connector servers are listed in New York Data Center Zone.
65
Note: In contrast to an on-premises setup, zones contain Connector servers instead of Delivery
Controllers. In addition, the published Studio does not have a controller node, unlike Citrix Studio in
an on-premises setup.
Key Takeaways:
Citrix Cloud Studio is a modified instance of the Citrix Studio MMC Console, launched as
a published application inside the browser using Citrix HTML5 Workspace App.
The Cloud Studio does not have a Controllers node, Licensing node or App-V node in
comparison to an on-premises Citrix Studio.
Zone names in Citrix Cloud Studio are automatically aligned with the Resource Locations
names.
•
•
•
Exercise 2-6: Secure XML Traffic on Cloud Connectors
Scenario:
The Citrix Cloud Connector installer adds a broker service component that interacts with the
Citrix XML service in Citrix Cloud for resource enumeration and launch. In a future exercise, you
will configure communication between an on-premises StoreFront server and the Citrix Cloud
Connectors. The on-premises StoreFront to Cloud Connector server communication uses HTTP
clear text by default. It is considered a Citrix leading practice to secure this communication.
Your task is to secure XML traffic on the Cloud Connectors.
Step
1.
Action
Using the Remote Desktop Connection Manager, connect to NYC-CON-001.
To log on to NYC-CON-001, right-click this machine and select Connect server.
2.
Note: The following credentials are used to make the connection: user name:
WORKSPACELAB\Administrator with Password1 as the password.
Import a certificate.
3.
From the desktop of NYC-CON-001 double-click the Lab Resources share.
Browse to: \\NYC-FSR-001\Resources\Certs
Right-click wildcard certificate and select Install PFX.
66
4.
In the Certificate Import Wizard, select Local Machine and click Next.
5.
Confirm that the Browse box is showing the correct PFX file, and click Next.
67
6.
In the Private key protection window of the Certificate Import Wizard, enter the password as
Password1 and click Next.
68
7.
Select Place all certificates in the following store and browse to the Personal store. Click OK.
8.
Click Next.
In the Completing the Certificate Import Wizard window, click Finish.
69
9.
Click OK on the Certification Import Wizard prompt.
10.
11.
Right-click Start > select Run > type mmc, and hit Enter.
On MMC console, click File and select Add/Remove Snap-in.
Under Available snap-ins, click Certificates and click Add.
70
Select Computer account, then click Next.
Select Local computer, then click Finish.
71
On the Add or Remove Snap-ins window, click OK.
12.
Navigate to the Personal store and then Certificates.
The list of certificates should include the newly imported *.workspacelab.com certificate.
72
13.
Double-click *.workspacelab.com, click the Details tab and scroll down and select the Thumbprint
field.
14.
Highlight the Value details; copy the contents using the keyboard shortcut CTRL + C and paste into
Notepad.
15.
In Notepad click Edit > Replace.
In the Find what box, left-click inside the box and hit the spacebar key on your keyboard one time.
73
In the Replace with box, leave it blank.
Click Replace All to replace all spaces with no character, then click Cancel to close the Replace dialog
box.
16.
17.
Minimize Notepad.
Click OK to close the Certificate Properties dialog box.
Left-click Start, select Run and then type Regedit > press Enter.
Select the HKEY_CLASSES_ROOT\Installer\Products\ key and press CTRL+F to search for Citrix Broker
Service.
74
18.
Click Find Next.
Copy the alphanumeric string of the registry key that contains the Citrix Broker Service value. This can
be done by right-clicking the key, selecting Copy Key Name.
75
19.
Open Notepad and Paste the copied string.
20.
Clear HKEY_CLASSES_ROOT\INSTALLER\PRODUCTS\
Add dashes after the 8th, 12th, 16th, and 20th characters, so it aligns with the following format:
C9D22EE4-3988-D0F4-184B-16002FEAEE98
Note: It is important to mention that the entry in the registry is presented without the dashes for the
GUID. Make sure that the dashes are added in the following format: 8-4-4-4-12
76
21.
Note: C9D22EE4-3988-D0F4-184B-16002FEAEE98 is just an example and will be different in each
environment.
Copy the following command into Notepad and replace the specified values with the hash and GUID
strings values copied on step 15 and 20.
netsh http add sslcert ipport=0.0.0.0:443
certhash=PASTE_CERT_HASH_HERE_FROM_NOTEPAD(Step15)
appid={PASTE_XD_GUID_HERE_BETWEEN_FROM_NOTEPAD}
Note: Make sure the appid= field contains {} surrounding the GUID.
22.
Example: netsh http add sslcert ipport=0.0.0.0:443
certhash=3ef69f2dfdf0b8fc46f11853522754f81b077dfd appid={702BD164-E902-2C74-8A30CB9F73ED7AD}
Make sure to have a blank notepad open containing only the command from the previous step.
Click File > Save. Expand This PC, click Documents, and type SecureSSL.txt as the File name.
Click the Encoding drop-down list and select UTF-8. Click Save.
77
23.
Right-click Start and click Command Prompt (Admin).
Copy the command from Notepad and paste it in the Administrator: command prompt window.
Delete any Special characters that appear in the pasted command.
Press Enter to bind the certificate to the connector over port 443.
The command should return, SSL Certificate successfully added.
24.
Note: The certificate has been correctly bound to port 443 on the connector. However, to enable the
secure XML traffic, when configuring StoreFront in a future exercise, we will make sure to configure
StoreFront to use HTTPS.
Repeat all steps from 1-23 for NYC-CON-002.
Key Takeaways:
•
•
•
•
•
After the server certificate is installed on Cloud Connector, register the SSL certificate
for HTTPS on the server. To accomplish this, Windows has a built-in utility called netsh;
this utility allows you to bind SSL certificates to a port configuration.
Remember to always import the PFX server certificates under the Cloud Connector Local
Computer certificate store, and not the My User account.
Securing XML traffic prevents attackers from cracking obfuscation and getting
passwords, stealing resource set information and tickets, or impersonating and
intercepting authentication requests.
A certificate is required to secure the XML port on Citrix Cloud Connector.
For added security, the unsecured XML port should be disabled.
Module 3: Introduction to Citrix Virtual Apps and
Desktops Service
Overview:
This module presents Citrix Virtual Apps and Desktops in Citrix Cloud; we will be focusing on
building out resources using Citrix Cloud Studio. First off, we will create a hosting connection,
pointing to our on-premises Microsoft Hyper-V deployment; next, we will prepare a master
image with the VDA and apps. After the master image has been prepared, we will use Machine
Creation Services to generate a catalog from Cloud Studio. This catalog will be the basis for a
78
new Delivery Group and we will then use the Citrix Cloud control plane to add users from Active
Directory to the Published Apps and Desktops.
Before you begin:
Estimated time to complete Module 3 lab exercises: 65 minutes
Exercise 3-1: Create a Hosting Connection
Scenario:
The Citrix Lead Architect identified a single Microsoft Hyper-V host that will be used for the
POC. You have been tasked to identify the steps involved in getting Hyper-V integrated with
Citrix Cloud Studio, allowing Machine Creation Services and power management to function
with the on-premises resources.
Step
1.
Action
The following VMs are required before beginning the exercises for this Module; all others may be
powered down.
To power manage your VMs, switch to Hyper-V Manager, right-click the VM in the left pane and select
Start or Shut Down.
2.
• NYC-ADS-001
• NYC-CON-001
• NYC-CON-002
• NYC-FSR-001
• NYC-SQL-001
• NYC-SRV-MST
• NYC-WRK-001
Using the Google Chrome browser on the Student Desktop, confirm you are still connected to the
published Citrix Studio on https://citrix.cloud.com.
Note: In a previous exercise, you had opened the published Citrix Studio using the Service Creation
option on the Virtual Apps and Desktops web page.
3.
Note: If the browser was closed, then relaunch Google Chrome from the taskbar on the Student
Desktop, browse to https://citrix.cloud.com and sign in. Now select the My Services > Virtual Apps
and Desktops from the Fly-out menu on the left. Select the Full Configuration option from the Manage
drop-down menu.
In the left pane of Citrix Studio, click Hosting under Configuration.
79
4.
From the Actions pane on the right, select Add Connection and Resources.
5.
On Add Connection and Resources screen, enter connection resource details.
•
•
•
•
•
Connection type: Microsoft® System Center Virtual Machine Manager
Connection address: NYC-HYP-101.workspacelab.com
User name: WORKSPACELAB\scvmmadmin
Password: Password1
Connection name: Hyper-V
Click Next to continue with the wizard.
80
6.
Note: Citrix Virtual Apps and Desktops equally supports all of the following:
• Citrix Hypervisor
• Microsoft System Center Virtual Machine Manager
• VMware vSphere
• CloudPlatform
• Microsoft Azure
• Microsoft Azure Classic
• Amazon EC2
On the Storage Management page, next to Select a Cluster, click Browse and select NYC-HYP-101.
Click OK.
81
On the Storage Management page, select Use storage local to the hypervisor and click Next.
7.
Note: Since this a lab environment, we only use local storage.
On the Storage Selection page, leave the defaults and click Next.
82
8.
Note: For this deployment, your Microsoft Hyper-V local storage is adequate. You have met with the
Citrix Lead Architect and you agree that in the WW Labs production deployment, you will need to
consider a fast and redundant storage solution.
On the Network page, specify the name and the network that the future machine catalog machines
will use.
In the Name for these resources box, type Internal.
Select the LabNetwork checkbox under the Select one or more networks for the virtual machines to
use section and click Next.
83
9.
Note: You have been tasked to use this specific network for the machine catalog machines. You will
be creating and working with machine catalog machines in later exercises.
On the Summary page, verify that the configuration information is correct.
84
10.
11.
Click Finish.
After the hosting connection is successfully added, select Hyper-V from the middle pane and select
Edit Connection from the Actions pane on the right.
In the Edit Connection window, select the Advanced option and change the Simultaneous actions (all
types) value:
Absolute: 80
Percentage: 15
85
Click Apply, then click OK.
Key Takeaways:
•
•
•
A hosting connection enables Citrix Virtual Apps and Desktops to communicate with
your cloud provider or on-premises hypervisor. It defines the network and storage
resources that Citrix Virtual Apps and Desktops can use when provisioning virtual
machines to host applications and desktops for your users.
A hosting connection should be adjusted to match the limitations of your cloud
provider’s API. Public cloud vendors often implement rate limits to reduce the risk of
Denial of Service attacks.
Citrix Virtual Apps and Desktops equally supports all of the following:
o Citrix Hypervisor
o Microsoft System Center Virtual Machine Manager
o VMware vSphere
o CloudPlatform
o Microsoft Azure
o Microsoft Azure Classic
o Amazon EC2
86
Exercise 3-2: Install Server OS VDA
Scenario:
Although WW Labs currently has Citrix Virtual Apps and Desktops running on-premises, the
deployment is using Citrix Provisioning to supply VDA machines with their hard disk
configuration. While Citrix Provisioning is supported with Citrix Cloud, your Lead Citrix Architect
has tasked you to evaluate Citrix Machine Creation Services. A new VM has been prepared for
you to implement the VDA in the master image mode.
Step
1.
Action
Using the Remote Desktop Connection Manager, connect to NYC-SRV-MST.
To log into NYC-SRV-MST, right-click this machine and select Connect server.
2.
Note: The following credentials are used to make the connection: user name:
WORKSPACELAB\Administrator with Password1 as the password.
Right-click Start and click System.
Verify that the machine is joined to the workspacelab.com domain and Windows is activated.
87
3.
Note: This machine will be used as a Master to create a machine catalog. To validate that all machines
in this machine catalog join the domain, we have to verify that this Master is joined to the domain.
Verify that the date and time are correct on NYC-SRV-MST.
Right-click the current time in the system tray.
Click Adjust date/time.
4.
If the time or the time zone needs to be changed, you would click Change Date and time or the Time
zone dropdown. For the purpose of this lab, we will leave the default settings. Click X to close the
Date and time dialog box.
Modify the power plan for NYC-SRV-MST.
Right-click Start and click Power Options.
Under Choose or customize a power plan, select High performance.
88
Close the Power Options window.
5.
Note: When selecting High Performance mode as a power plan, the computer does not lower the
CPU’s speed when it is not being used, causing the CPU to run at higher speeds. It also increases
screen brightness. Other components, such as Wi-Fi or the disk drive, may also not go into powersaving modes. High Performance favors performance but may use more energy.
Now that we have verified configurations for this VM, we will install the Virtual Delivery Agent so that
it can communicate and register with the Delivery Controller.
Open the Lab Resources folder on the NYC-SRV-MST desktop. Double-click the folder
“Citrix_Virtual_Apps_and_Desktops_7_1912 LTSR and right-click AutoSelect.exe
Click Run as Administrator.
89
6.
On the Deliver applications and desktops to any user, anywhere, on any device screen, click Start next
to the Virtual Apps and Desktops option.
90
Note: Citrix Virtual Apps and Desktops share infrastructure components. Choosing to click on Start for
Virtual Apps will present the same components for installation. The difference is in the title at the top
of the next screen.
7.
Note: Ignore this step if you do not see the above screen.
The wizard will now display all possible installation options that are compatible with the Operating
System of the machine running the installer. Select Virtual Delivery Agent for Windows Server OS.
91
8.
Verify Create a master MCS image is selected and click Next.
Note: Master is a term used to reference a machine that will be used as a base to create other
machines nearly identical to the Master. You will be tasked to use this Master machine in a future
exercise for this type of machine creation.
92
9.
On the Core Components page, the Virtual Delivery Agent is marked as Required. This software was
deployed from the main Virtual App and Desktops installer menu.
Click Next to continue the Virtual Delivery Agent installation wizard.
Note: You could choose to select Citrix Workspace App here, but for this lab, we are not installing it on
the VDA machine.
10. In the additional components window, clear all the checkmarks in the list.
93
Click Next.
11. Configure the VDA to register with the Citrix Cloud-based Delivery Controllers, via the Citrix Cloud
Connector servers deployed in a previous exercise.
On the Delivery Controller page, under Configuration, confirm the drop-down menu is set to Do it
manually.
In the Controller address box, type NYC-CON-001.workspacelab.com.
Click Test connection. If the test is successful, as indicated by a green checkmark to the right of the
Controller address box, click Add.
Again, in the Controller address box, type NYC-CON-002.workspacelab.com.
Click Test connection. If the test is successful, as indicated by a green checkmark to the right of the
Controller address box, click Add.
94
Click Next to continue the Virtual Delivery Agent installation wizard.
Note: This Controller address step in the VDA installation wizard saves the Citrix Cloud Connector
address into the registry of the Master that we are installing the VDA on. This is important because as
mentioned above, all machines created from this Master will be nearly identical, which means all
machines will have the same registry entry that can be used by the VDA machine to register with and
communicate with the Delivery Controllers through the Cloud Connectors.
12. On the Features page, verify that the following five checkboxes are selected:
•
•
•
•
•
Optimize performance
Use Windows Remote Assistance
Use Real-Time Audio Transport for audio
Framehawk
MCS IO
95
Click Next to continue the VDA installation wizard.
13. On the Firewall page, verify that the Automatically option is selected for configuring the firewall rules.
Click Next.
96
14. On the Summary page, review and confirm the configurations.
Click Install.
Note: The installation will take a few minutes and will require the NYC-SRV-MST machine to be
restarted.
15. After NYC-SRV-MST has finished rebooting, switch back to the Remote Desktop Connection Manager,
and connect to NYC-SRV-MST.
To log into NYC-SRV-MST, right-click this machine and select Connect server.
Note: The following credentials are used to make the connection: user name:
WORKSPACELAB\Administrator with Password1 as the password.
16. On the Smart Tools screen, select I do not want to participate in Call Home and click Next.
97
17. Verify that the prerequisites, core components, and post install items completed successfully. Verify
that the Restart machine option is enabled (default) and click Finish.
98
Note: You may want to switch to Hyper-V Manager to monitor the restart progress. To do this doubleclick the NYC-SRV-MST machine in the VMs pane.
18. After NYC-SRV-MST has finished rebooting, switch back to the Remote Desktop Connection Manager,
and connect to NYC-SRV-MST.
To log into NYC-SRV-MST, right-click this machine and select Connect server.
Note: The following credentials are used to make the connection: user name:
WORKSPACELAB\Administrator with Password1 as the password.
19. Verify that the expected Virtual Delivery Agent (VDA) software and version was installed.
Right-click Start and select Programs and Features.
Close the Programs and Features window.
20. Continue to build the Master machine by installing additional software.
Using the Lab Resources folder in Desktop select Office_Professional_Plus_2016_64Bit folder.
21. Double click Office_Professional_Plus_2016_64Bit>Setup.exe.
99
Note: When prompted with Microsoft Software License Agreement, review the agreement statement,
and if you agree, select I accept the terms of this license agreement and click Continue.
22. Click Customize.
100
Modify the installation to install Microsoft Access, Microsoft Excel, Microsoft OneNote, Microsoft
Outlook, Microsoft PowerPoint, Microsoft Publisher, and Microsoft Word by selecting the Run all
from My Computer option for each.
101
Note: Select Not Available for all other listings.
102
23. Click Install Now.
Click OK when prompted with the Setup Warning dialog box after selecting to Install Now.
Note: The install process should take approximately five minutes.
24. After the install has completed, click Close.
103
Key Takeaways:
•
•
When installing the VDA software, on the Delivery Controller page, select the “Do it
manually” option and then specify the FQDN of the Citrix Cloud Connectors in your
resource location.
Citrix recommends specifying multiple Connectors for high availability.
Exercise 3-3: Create a Server OS Catalog
Scenario:
Your task is to use Citrix Cloud Studio to generate a new Machine Creation Services based
catalog from the Master VM you prepared in the previous exercise. The Lead Citrix Architect
has expressed concerns about available resources on the Microsoft Hyper-V host and instructed
you to create only two VMs in the catalog.
Step
1.
Action
Switch back to Google Chrome on the Student Desktop and validate you are still in the published Citrix
Studio on the browser.
Note: In a previous exercise, you had opened the published Citrix Studio using the Service Creation
option on Virtual Apps and Desktops web page.
104
2.
Note: If the browser was closed, then relaunch Google Chrome from the taskbar on Student Desktop
and browse to https://citrix.cloud.com and Sign in. Now select the My Services > Virtual Apps and
Desktops from the Fly-out menu on the left. Select Full Configuration option from the Manage dropdown.
Using Studio, expand Citrix Studio (cloudxdsite) and click Machine Catalogs.
From the Actions pane on the right, click Create Machine Catalog.
3.
On the Introduction page, click Next to continue the Machine Catalog Setup wizard.
4.
Note: Machine Catalogs are collections of physical or virtual machines that you assign to users. You
create Catalogs from Master Images or physical machines in your environment. The master image or
physical machine that you use to create a Catalog must have a VDA installed. Also, verify that the
operating system is up-to-date and that applications are installed.
On the Operating System page, verify that Multi-session OS is selected and click Next.
105
Note: When selecting an operating system for the machine catalog you have three options:
Multi-session OS: The multi-session OS Machine Catalog provides hosted shared desktops for
a large-scale deployment of standardized Windows Server OS or Linux OS machines.
• Single session OS: The single session OS Machine Catalog provides VDI desktops ideal for a
variety of different users.
• Remote PC Access: The Remote PC Access Machine Catalog provides users with remote
access to their physical office desktops, allowing them to work at any time.
On the Machine Management page, verify that the following two options are selected:
•
5.
•
•
Machines that are power managed (for example, virtual machines or blade PCs)
Citrix Machine Creation Services (MCS)
Click Next to continue the Machine Catalog creation wizard.
106
Note: Indicate which tool you will use to deploy machines:
Citrix MCS – Uses a master image or template to create and manage virtual machines.
o MCS is not available for physical machines.
o Machine catalogs in cloud environments use MCS.
• Citrix Provisioning – Manages target devices as a device collection. A Citrix Provisioning vDisk
imaged from a master target device delivers desktops and applications.
• Another service or technology – A tool that manages machines already in the data center.
Citrix recommends you use Microsoft System Center Configuration Manager or another
third-party application to verify that the machines in the Catalog are consistent.
On the Master Image page, select NYC-SRV-MST as the Master machine.
•
6.
Select the minimum functional level for this catalog: 1811 (or newer)
Click Next to continue the Machine Catalog Setup wizard.
107
7.
Note: If snapshots existed for the machine, you could select a specific snapshot to be used for the
master. Since there are no snapshots, the resultant process of this wizard will create one
automatically.
On the Virtual Machines page, verify that the default settings are configured.
•
•
•
•
Number of Virtual machines needed: 2
Memory: 2048 MB
Memory allocated to cache (MB): 256
Disk cache size (GB): 50
108
Click Next to continue the Machine Catalog Setup wizard.
8.
Note: If you see the options for Memory allocated to cache and Disk cache size grayed out, then select
the checkboxes next to each option and confirm the values stated above.
On the Active Directory Computer Accounts page, verify the Create new Active Directory accounts
radio button is selected.
In the drop-down menu next to Domain for the Active Directory location for computer accounts, make
sure workspacelab.com is selected.
Using the arrows, browse by expanding Citrix > New York > VDA.
Select the Servers_CitrixCloudSite Organizational Unit (OU).
Note: The Servers OU is the WW Labs' location designated for machines running the VDA that are
used to host users’ server OS apps and desktop resources.
In the Account naming scheme, enter NYC-SRV-###
Verify that 0-9 is selected from the drop-down menu to the right of the naming scheme.
109
Note: If this wizard was being used to create machines on an existing naming convention, then the
resultant machines from this MCS process would increment to the next numerical sequence numbers
available.
9.
Click Next to continue the Machine Catalog Setup wizard.
On the Domain Credentials page, type the credentials of the account with permissions to create new
machine accounts.
Click Enter Credentials.
10. Type the credentials of the domain administrator.
•
•
User name: workspacelab.com\administrator
Password: Password1
110
Click OK, and then click Next.
11. On the Summary page, review the configuration and enter the following information:
•
•
Machine Catalog name: NYC-CAT-ServerOS
Machine Catalog description for administrators: Windows 2016 Hosted Apps and Desktops MCS
Click Finish.
Note: Clicking Finish begins the MCS process in which a combination of the parameters specified in
this machine catalog creation wizard and the parameters of the Citrix Virtual Apps and Desktops Site
are used to create complete virtual machines from the Master machine specified earlier in the said
wizard. Each virtual machine created is built into a machine catalog, visible from Studio. Each virtual
111
machine created has a nearly identical build to its Master machine, with a unique SID, machine
account in Active Directory, unique MAC, and a unique IP address.
Note: With the Microsoft Hyper-V resources allocated to this Virtual Apps and Desktops POC project
by the Citrix Lead Architect, you can expect this MCS process to take an estimated 15 minutes to
complete.
12. Verify that the MCS process has completed. Using Cloud Studio, verify that the machine catalog has
been created.
Click Machine Catalogs in the left pane of Studio and view the NYC-CAT-ServerOS Machine Catalog in
the middle pane.
Note: If a RDS license warning message is generated, right-click the NYC-CAT-ServerOS machine
catalog and select Remove RDS license warning. You will ignore this warning for the duration of the
POC. Click Yes when prompted to remove the warning.
112
Key Takeaways:
Machine catalogs group machines together that are similar in function, purpose, and
capabilities.
All computers within a machine catalog need to be either servers or desktops and
cannot be mixed.
Each catalog contains machines of only one of the following types:
o Server OS: A Server OS catalog provides desktops and applications that can be
shared by multiple users. The machines can be running supported versions of
Windows or Linux operating systems, but the catalog cannot contain both.
o Desktop OS: A Desktop OS catalog provides desktops and applications that are
assigned to a variety of different users.
o Remote PC Access: A Remote PC Access catalog provides users with remote
access to the physical office desktop machines. Remote PC Access does not
require a VPN to provide security. Currently, Remote PC Catalogs can only be
created using remote SDKs for Citrix Virtual Apps and Desktops in Citrix Cloud.
•
•
•
Exercise 3-4: Test Server OS Catalog
Scenario:
Based on your Citrix experience administering the current on-premises environment, you know
that VDA machine registration with the Delivery Controller is crucial to the functionality of a
catalog. Your Lead Citrix Architect has tasked you to verify that the newly created VDA
machines will register with the Cloud Connector and that the Cloud Connector is able to proxy
the request onwards to the Citrix Cloud Delivery Controller.
Step
1.
2.
Action
Confirm you are still connected to the published instance of Citrix Studio, and that the Machine
Catalogs node is selected on the left pane.
Verify that the expected virtual machines that were specified to be created using MCS have been
successfully created and added to the NYC-CAT-ServerOS machine catalog.
Using Studio, right-click the NYC-CAT-ServerOS machine catalog and select View Machines.
113
Verify that NYC-SRV-002.workspacelab.com and NYC-SRV-003.workspacelab.com are displayed.
3.
Note: The machines are unregistered because they are powered off at this time.
Additionally, verify that the virtual machines NYC-SRV-002 and NYC-SRV-003 were created in the
environment.
Using Hyper-V Manager, confirm that NYC-SRV-002 and NYC-SRV-003 are listed to verify that the
machines were created.
114
4.
Switch back to Google Chrome on the Student Desktop and using Cloud Studio, power on the newly
created NYC-SRV-002 VM.
Right-click NYC-SRV-002 and select Start.
When prompted for confirmation click Yes.
5.
Note: NYC-SRV-003 will remain powered off until used in a later exercise.
Wait for two minutes to let the machine start and register itself with the Cloud Delivery Controller.
Click Refresh in the Actions pane on the right.
115
6.
Verify that the machine is powered on and Registered successfully with the cloud-hosted Virtual Apps
and Desktops.
7.
Note: If NYC-SRV-002 is still in Unregistered state, follow the below steps.
Go to Hyper-V Manager on the Student Desktop (NYC-HYP-101) machine.
Right click NYC-SRV-002 and select Settings.
8.
In the left pane select Network Adapter and confirm virtual switch LabNetwork is selected in the
116
middle pane.
If Virtual switch is not selected, go to drop down in the right pane and select LabNetwork as Virtual
Switch.
Key Takeaways:
•
•
•
Catalog creation and management are identical whether you are using Cloud Studio or
on-premises Citrix Studio.
VDA machines communicate with the Citrix Cloud Connector servers. Cloud Connector
servers then proxy the traffic to Citrix Virtual Apps and Desktops in Citrix Cloud.
Cloud Connector servers are stateless and do not store any information. This enables
any Cloud Connector in a Resource Location to provide the operations required.
Exercise 3-5: Create Server OS Delivery Group for MCS Created
Machines
Scenario:
117
Following the creation of the MCS based machine catalog, the Lead Citrix Architect has tasked
you to investigate how applications and desktops are published in Citrix Cloud. Your task is to
create a new Delivery Group and select four specific applications to be published. However,
unlike a traditional deployment, you will not associate users with the Delivery Group in this
exercise.
Step
1.
Action
Using Cloud Studio within Google Chrome on the Student Desktop, expand Citrix Studio (cloudxdsite)
and click Delivery Groups.
In the Actions pane on the right, click Create Delivery Group.
2.
Note: If the browser was closed, then relaunch Google Chrome from the taskbar on Student Desktop
and browse to https://citrix.cloud.com and Sign in. Now select the My Services > Virtual Apps and
Desktops from the Fly-out menu on the left. Select Full Configuration option from the Manage dropdown.
On the Introduction page, click Next to continue the Delivery Group creation wizard.
3.
Note: Delivery Groups are collections of desktops and applications that are created from Machine
Catalogs. Create Delivery Groups for specific teams, departments, or types of users, and base them on
either a desktop or a server operating system. Make sure you have enough machines available in a
suitable Catalog to create the Delivery Groups you need.
On the Machines page, verify that the previously created Machine Catalog is listed.
Select NYC-CAT-ServerOS.
To choose the number of machines for this Delivery Group: set the box to 2.
Click Next to continue with Delivery Group creation wizard.
118
4.
On the Users page, select Leave user management to Citrix Cloud. This makes the Delivery Group
available as a Library offering you can assign to users.
Click Next to continue with Delivery Group creation.
119
5.
On the Applications page, click Add and select From start menu.
The wizard will begin the process of discovering applications found on NYC-SRV-002.
Select the checkbox next to each of the following applications to select them.
• Calculator
• Notepad
• PowerPoint 2016
• Word 2016
Click OK.
Click Next to continue with Delivery Group creation.
Note: The applications can take a while to populate, because the NYC-SRV-002 machine may have
been powered off by the Controller to save on resource consumption. In order to return a list of the
applications installed, the Controller has to call to the hypervisor hosting NYC-SRV-002 and have it
120
powered on. Once powered on, the VDA machine will register with the Controller and send a list of
installed applications to publish.
Note: If this application list does not appear after five minutes, use Hyper-V Manager to verify that
NYC-SRV-002 is powered on.
6.
Note: You can also add (create) applications manually, by providing the path to the executable,
working directory, any optional command-line arguments and specifying a display name visible to
users in Workspace App and administrators in Studio.
On the Summary page, verify the previously configured information and enter the following:
•
•
7.
Delivery Group name: NYC-DG-ServerOS
Display name: Windows 2016 Server Desktop
Click Finish.
Verify that applications selected during the Delivery Group creation wizard appear under the
Applications node.
Using Studio, select the Applications node in the left pane. Verify that you can see the following
published apps.
• Calculator
• Notepad
• PowerPoint 2016
• Word 2016
121
Key Takeaways:
•
•
Citrix Virtual Apps and Desktops offer a new way to manage user assignments to
published applications and desktops called Library.
Cloud Studio can still be used to assign users to Delivery Groups.
Exercise 3-6: Assign Published Apps to Users
Scenario:
The WW Labs Lead Citrix Architect has decided that assigning resources to users will be done
through the Citrix Cloud control plane rather than through Studio. Your task is to investigate
how the Citrix Cloud control plane can be used to assign resources to WW Labs users.
Step
1.
Action
Using the Google Chrome browser on the Student Desktop, confirm you are still connected to the
Citrix Cloud home page.
If you are on some other page of the cloud console, click Citrix Cloud to return to the Citrix Cloud
home page.
122
2.
3.
Note: In a previous exercise, you had logged into Citrix Cloud console. If you closed Google Chrome or
signed out, Start Google Chrome browser and type https://citrix.cloud.com in the Address bar. Sign in
using your cloud credentials.
Confirm that 2 Library Offerings are now available.
Click View Library and review the available library offerings.
Verify the two library offerings, which have become available after you created the Delivery Group in
Cloud Studio.
Note: The Citrix Cloud control plane will show a Library offering for both the apps and the desktop
connection in your Delivery Group, so user assignments can be done individually.
4.
Note: Offerings may consist of your applications, desktops, data shares, and web apps that are
created via a Citrix service within Citrix Cloud.
View applications, desktops, policies, and any other related offering information by clicking on the
down arrow on the offering card.
Click the down arrow under the library offerings card: NYC-DG-ServerOS (Applications)
123
5.
Add users or groups to a single offering by clicking Manage Subscribers from the dots menu.
Click the dots menu on NYC-DG-ServerOS (Application) Library Offerings card and select Manage
Subscribers.
Note: If you wanted to bulk manage your subscribers across many offerings in one go, you can select
multiple offerings using the radio button, and then click the Manage Subscribers bulk action button.
124
6.
Once you have selected Manage Subscribers, you will be able to search for users or groups within a
domain and assign them to the selected offerings.
Type Domain Users in the Search for AD Group / User and select the Domain Users group from the
search results.
Wait for the status to show Subscribed.
Click X to close the Manage Subscribers window.
You have successfully assigned applications to all users in the Domain Users group.
125
Note: From here, you can also remove users or groups by either clicking on the trash icon or bulk
selecting multiple users or groups in one go.
Key Takeaways:
The library provides a one level view of all the service offerings. Offerings may consist of
your applications, desktops, data shares and web apps that are created via a Citrix
service within Citrix Cloud.
If user management is delegated to Citrix Cloud for a Delivery Group, then that Delivery
Group will show two library cards – one for Applications and the other for Desktops.
•
•
Exercise 3-7: Assign Published Desktops to Users
Scenario:
After discovering the new process of assigning users to resources, the Lead Citrix Architect has
tasked you to assign the Human Resources group the ability to start a Hosted Desktop
connection from the MCS based Server OS Delivery Group.
Step
1.
Action
Click Citrix Cloud on the top left to return to the homepage.
2.
Validate that 2 Library Offerings are still available.
3.
Click View Library and review the available library offerings, which should be similar to the screenshot
below.
126
4.
Note: Offerings may consist of your apps, desktops, data shares, and web apps that are created via a
Citrix Service within Citrix Cloud.
View applications, desktops, policies, and any other related offering information by clicking on the
View Details button on the offering card.
Click the down arrow under the second library offerings card: NYC-DG-ServerOS (Desktops).
Scroll down to review the offering details.
5.
Add users or groups to a single offering by clicking Manage Subscribers from the dots menu.
Click the dots menu on the NYC-DG-ServerOS (Desktops) Library Offerings card and select Manage
Subscribers.
127
6.
Once you have selected Manage Subscribers, you will be able to search for users or groups within a
chosen domain and assign them to the selected offerings.
Type HR in the Search for AD Group / User and select the HR group from the search results.
Wait for the status to show Subscribed.
Click X to close the Manage Subscribers window.
You have successfully assigned a desktop to all the HR users.
128
7.
Note: From here, you can also remove users or groups by either clicking on the trash icon or bulk
selecting multiple users or groups in one go.
Click the back arrow on the left of Library to return to the Citrix Cloud home page.
Key Takeaways:
•
•
•
•
The service offerings can be assigned to users or groups in Active Directory.
Searching users and groups at the time of assignment is performed using the Citrix
Cloud Connector servers.
Filtering in Library allows administrators to search for any user or group that is currently
subscribed to an offering within the Library.
The cloud library does not currently offer a way to limit visibility for resources, so if a
group is associated with a Library offering, all users in this group will be able to start all
applications in this Library offering.
Module 4: Manage the Virtual Apps and Desktops
Service
Overview:
This module presents more details on managing the Virtual Apps and Desktops in Citrix Cloud.
The primary focus will be on integration with the Cloud SDK, provisioning resources through
PowerShell, and integrating the on-premises Citrix Provisioning environment into Citrix Cloud.
Before you begin:
Estimated time to complete Module 4 lab exercises: 65 minutes
Exercise 4-1: Install and Configure the SDK
Scenario:
The WW Labs Lead Citrix Architect has been reading about the new Remote PowerShell SDK
and is planning to use the Remote-SDK to complete all the migration tasks when moving the
WW Labs production environment to Citrix Cloud.
129
Your task is to download and install the Remote PowerShell SDK in the POC lab environment;
you have decided to install it on the file server to keep the resource usage impact to a
minimum.
Step
1.
Action
The following VMs are required before beginning the exercises for this Module; all others may be
powered down.
To power manage your VMs, switch to Hyper-V Manager, right-click the VM in the VMs pane and select
Start or Shut Down. If prompted, click Yes.
2.
• ABC-ADS-001
• ABC-CON-001
• NYC-ADS-001
• NYC-CON-001
• NYC-CON-002
• NYC-FSR-001
• NYC-SQL-001
• NYC-SRV-002
• NYC-WRK-001
Using Remote Desktop Connection Manager, connect to NYC-FSR-001.
To log into NYC-FSR-001, right-click this machine and select Connect server.
3.
Note: The following credentials are used to make the connection: user name:
WORKSPACELAB\Administrator with Password1 as the password.
Click the Internet Explorer icon on the taskbar.
4.
In the Internet Explorer address field, type: Citrix.com/downloads, then press Enter to browse to the
Citrix Downloads webpage.
5.
In the Search Downloads box, type Remote SDK and press Enter.
6.
Verify that the Virtual Apps and Desktops Remote PowerShell SDK is listed, then click the name to go
to the product download page.
130
7.
Click the Jump to Download drop-down menu and select Virtual Apps and Desktops Remote
PowerShell SDK.
8.
Click the Download File button within the Virtual Apps and Desktops Remote PowerShell SDK section.
131
9.
Note: You may see a different date on the download page, but you can ignore the date. Download with
what you see under Virtual Apps and Desktops Remote PowerShell SDK.
In the dialog box at the bottom of the webpage, it asks Do you want to run or save CitrixPoshSdk.exe
from download.apps.cloud.com? Click Save.
10. Wait for the download to complete and then click Open folder.
Notice that the installer is saved in the Downloads folder. You will use this installer again in a later
exercise.
11. Double-click CitrixPoshSdk.exe to run the installer.
12. When prompted with Citrix License Agreement, review the agreement statement, and if you agree,
select I accept the terms of this license agreement and click Next.
13. Upon completion of the installation clear the checkbox View the readme for how to use the XenApp
and XenDesktop Remote PowerShell SDK and click Close.
132
Note: Installation logs are located at %TEMP%\CitrixLogs\CitrixPoshSdk. Logs can help resolve
installation issues.
14. Click X to close the File Explorer window.
Use the XenApp and XenDesktop Remote PowerShell SDK
15. Click the Windows PowerShell ISE icon in the taskbar.
16. Type asnp Citrix* and press Enter to add the Citrix cmdlets.
17. Type Get-BrokerSite and press Enter.
18. You will now be prompted to enter your Citrix Cloud credentials to authenticate.
133
Type your Citrix Cloud Sign-in credentials and click Sign In.
Note: If prompted, select No to the AutoComplete Passwords prompt.
Note: The above authentication dialog box can be called using Get-XdAuthentication. The GetXdAuthentication cmdlet provides authorization to cross the secure Resource Location to control plane
boundary. By default, Get-XdAuthentication prompts users for MyCitrix credentials - authentication
must be done once per PowerShell session. If this cmdlet is not explicitly executed, it will be invoked by
the first PowerShell SDK cmdlet.
19. Wait for the command to execute and review the output.
134
This verifies that the PowerShell commands for Citrix Virtual Apps and Desktops in Citrix Cloud can be
successfully executed from a domain joined machine within the resource location.
20. Click X to close the PowerShell ISE window.
Note: If prompted to Save changes to the following files? Untitled1.ps1, click No.
Key Takeaways:
•
•
•
Verify PowerShell 3.0 or later is available on the system where XenApp and XenDesktop
Remote PowerShell SDK is installed.
The XenApp and XenDesktop Remote PowerShell SDK can be installed on 32-bit or 64bit Desktop or Server operating systems.
Citrix recommends not to run the XenApp and XenDesktop Remote PowerShell SDK on
the Cloud Connector servers; the SDK’s operation does not involve the Connectors.
135
Exercise 4-2: Communicate with Citrix Cloud API using the SDK
Scenario:
After installing the Remote PowerShell SDK in the previous exercise, your Lead Citrix Architect
has expressed concerns about having to authenticate to Citrix Cloud every time a PowerShell
command is executed. Your task is to verify that the Remote PowerShell SDK can run
commands without continuously prompting for Citrix Cloud credentials.
To bypass the authentication prompt, you can use the Set-XdCredentials cmdlet to create a
default authentication profile; this authentication profile is generated using a Secure Client
created in the Citrix Cloud console.
Step
1.
Action
From the Student Desktop (NYC-HYP-101), right-click Start menu and select File Explorer.
2.
In Windows Explorer, click Downloads.
3.
Right-click secureclient.csv and select Copy.
136
4.
Right-click Start menu, click Run, and type \\nyc-fsr001\c$\users\Administrator.WORKSPACELAB\Downloads\ and click OK.
5.
Note: If you are prompted for the credentials, give the below details:
WORKSPACELAB\Administrator with Password1 as the password.
Right-click the windows explorer and select Paste.
6.
Using Remote Desktop Manager, connect back to NYC-FSR-001.
In the previous exercise, you logged in to NYC-FSR-001 using the Remote Desktop Connection
Manager.
Note: The following credentials are used to make the connection: user name:
WORKSPACELAB\Administrator with Password1 as the password.
137
7.
Click the Windows PowerShell ISE icon in the taskbar.
8.
Load the Citrix modules by typing asnp Citrix* and press Enter.
9.
Create a credential profile for Citrix Cloud.
Type the following in PowerShell ISE:
Set-XDCredentials -CustomerId "Customer ID" -SecureClientFile
"C:\users\Administrator.WORKSPACELAB\Downloads\secureclient.csv" -ProfileType CloudApi StoreAs "CloudAdmin"
Press Enter.
Note: Identify your Citrix Cloud customer ID, this name can be found by on the Identity and Access
Management > API Access web page.
Account Name/Customer ID is case sensitive.
Set-XDCredentials creates a new XDCredentials object from a (downloaded) secure client file and
stores them in persistent store credentials (-StoreAs).
10. Type Get-XDCredentials –ListProfiles and press Enter.
Note: With the –ListProfiles switch, the Get-XDCredentials cmdlet can list the names of all credential
profiles held in the store. Without -ListProfiles, Get-XDCredentials returns an XDCredentials object
initialized from either credential currently set as the default in the shell, or saved and associated with
the supplied name from the credentials store.
11. Click X to close Windows PowerShell ISE.
12. Again, click the Windows PowerShell ISE icon in the taskbar.
138
Note: You close and re-open the PowerShell window to demonstrate authentication using the Cloud
API from the beginning.
13. Click the down arrow next to Script on the top-right of PowerShell ISE window.
14. Type the following commands in the Script editor:
Asnp Citrix*
Get-XDAuthentication –ProfileName “CloudAdmin”
Get-BrokerSite
Press F5 or click the Run Script icon (green arrow in the toolbar) to execute the commands.
Note: This time, you get the output of Get-BrokerSite without manually authenticating on the Citrix
Cloud Sign-in page.
15. Click X to close the PowerShell ISE window.
139
When prompted to Save changes to the following files? Untitled1.ps1, click No.
Key Takeaways:
•
•
•
Make sure PowerShell 3.0 or later is available on your system where you install the
XenApp and XenDesktop Remote PowerShell SDK.
Once authenticated, remote access remains valid in the current PowerShell session for
24 hours. After this time, you must enter your credentials.
The XenApp and XenDesktop Remote PS SDK must be run on a computer within the
Resource Location.
Exercise 4-3: Create a Desktop OS Catalog using the SDK
Scenario:
After installing and configuring the Remote PowerShell SDK, your Lead Citrix Architect has
tasked you with testing the ability to create machine catalogs and add machines using the
Remote PowerShell SDK. In order to create a new machine catalog, you decide to prepare a
new Desktop OS VM for the purpose.
Your task is to install the VDA software on NYC-WRK-001, enable this Desktop VM to register
with the Cloud Connector and use the Remote PowerShell SDK to create a new machine catalog
and add this Desktop to the machine catalog.
Step
Action
Prepare a Master image for Desktop OS
1. Using Remote Desktop Connection Manager, connect to NYC-WRK-001.
To log on to NYC-WRK-001, right-click this machine and select Connect server as. Select
WORKSPACELAB\Administrator (File).
140
2.
Note: The following credentials are used to make the connection: user name:
WORKSPACELAB\Administrator with Password1 as the password.
Right-click Start and click Run.
Type control system and click OK.
Verify that the machine is joined to the workspacelab.com domain and Windows is activated.
141
Close the System window.
3.
Note: This machine will be used as a Master to create a machine catalog. To enable all machines in this
machine catalog to join the domain, you have to verify that this Master is already joined to the
domain.
Verify the Date and time are correct on NYC-WRK-001.
Click current time in the system tray.
Click Date and time settings.
4.
Note: If the time or the time zone needed to be changed, you would click Additional date, time, &
regional settings. For the purpose of this lab, you will leave the default settings. Close the Date and
time settings window.
Verify the power plan for NYC-WRK-001.
Right-click Start and click Run.
142
Type powercfg.cpl and click OK.
Under Choose or customize a power plan verify High performance is enabled.
Close the Power Options window.
5.
Note: When selecting High Performance mode as a power plan, the computer does not lower the
CPU’s speed when it is not being used, causing the CPU to run at higher speeds. It also increases screen
brightness. Other components, such as Wi-Fi or the disk drive, may also not go into power-saving
modes. High Performance favors performance but may use more energy.
Now that you have verified configurations for this VM, you will install the VDA so that it can
communicate and register with the Cloud Connectors and the Cloud Delivery Controller.
On the NYC-WRK-001, double-click the Lab Resources folder.
6.
Double click “Citrix_Virtual_Apps_and_Desktops_7_1912 LTSR, then click Auto select.exe.
On the Deliver applications and desktops to any user, anywhere, on any device screen, click Start next
to the Virtual Apps and Desktops option.
143
7.
8.
Note: Virtual Apps and Desktops share infrastructure components. Choosing to click the Start option
for Virtual Apps will present the same components for installation. The difference is in the title at the
top of the next screen.
The wizard will now display all possible installation options that are compatible with the Operating
System of the machine that you are on. Select Virtual Delivery Agent for Windows Desktop OS.
Change the radio button to Enable Remote PC Access and click Next.
144
9.
On the Core Components page, the VDA is marked as Required. This is the software that was chosen
from the main Virtual Apps and Desktops installer menu.
Select the checkbox next to Citrix Workspace App, then click Next to continue the VDA installation
wizard.
145
Note: You could choose to not install the Citrix Workspace App here, but for this lab, you are installing
it on the VDA machine.
10. On the Additional Components page, remove the checkmarks on all components and click Next.
146
11. Configure the VDA to register with the Citrix Cloud-based Delivery Controllers, via the Citrix Cloud
Connector servers deployed in a previous exercise.
On the Delivery Controller page, under Configuration, confirm that the drop-down menu is set to Do it
manually.
In the Controller address box, enter NYC-CON-001.workspacelab.com.
Click Test connection. If the test is successful, as indicated by a green checkmark to the right of the
Controller address box, click Add.
In the Controller address box, enter NYC-CON-002.workspacelab.com.
Click Test connection. If the test is successful, as indicated by a green checkmark to the right of the
Controller address box, click Add.
147
Click Next to continue the VDA installation wizard.
12. On the Features page, select the checkboxes for the following four options:
•
•
•
•
Optimize performance
Use Windows Remote Assistance
Use Real-Time Audio Transport for audio
Framehawk
148
Click Next to continue the VDA installation wizard.
13. On the Firewall page, verify that the Automatically option is selected for configuring the firewall rules.
Click Next.
149
14. On the Summary page, review and confirm the configurations.
Click Install.
The installation will take a few minutes.
15. After the installation completes, on the Diagnostics screen, Uncheck Collect diagonstic information
and click Next.
150
16. On the Finish Installation page, verify that the Restart machine option is selected and click Finish. Wait
as the VM reboots.
151
Note: You may want to switch to Hyper-V to monitor the restart progress.
17. After NYC-WRK-001 has finished rebooting, switch back to NYC-WRK-001 using Remote Desktop
Connection Manager.
To log on to NYC-WRK-001, right-click this machine and select Connect server as. Select
WORKSPACELAB\Administrator (File).
Note: The following credentials are used to make the connection: user name:
WORKSPACELAB\Administrator with Password1 as the password.
18. Verify that the expected VDA software and version was installed.
Right-click Start and select Apps and Features. Verify that the Citrix Virtual Delivery Agent 1912 LTSR
now appears as an installed program.
Close the Apps & Features window.
19. Log off NYC-WRK-001.
Right-click Start, select Shut down or sign out and click Sign out.
152
Creating a Desktop OS Catalog via POSH
20. Using Remote Desktop Connection Manager, connect to NYC-FSR-001.
Note: The following credentials are used to make the connection: user name:
WORKSPACELAB\Administrator with Password1 as the password.
21. Click the Windows PowerShell ISE icon in the taskbar and type the following commands in the script
editor:
#Add Citrix Snap-ins
asnp citrix*
#Get the authentication profile
Get-XDAuthentication -ProfileName "CloudAdmin"
#Declare dependent variables.
$users = "workspacelab.com\engineer1"
$CatalogName = "NYC-CAT-DesktopOS"
$MachineName = "workspacelab.com\NYC-WRK-001"
#Create Catalog
$brokerUsers = New-BrokerUser -Name $users
$catalog = New-BrokerCatalog -AllocationType "Permanent" -IsRemotePC $False -MachinesArePhysical
$True -MinimumFunctionalLevel "L7_9" -Name "$CatalogName" -PersistUserChanges "OnLocal" ProvisioningType "Manual" -Scope @() -SessionSupport "SingleSession"
#Add Machine to Catalog
$BrokerMachine = New-BrokerMachine -MachineName $MachineName -CatalogUid $catalog.uid
#Add user to Catalog
Add-BrokerUser -Machine $brokerMachine.sid -Name $users
Select the above script in the script editor and click F8 or click the Execute Selection icon (page with a
green arrow on top) to execute the selected portion.
Note: Do not close Windows PowerShell ISE, you will be using the same script editor window in the
next lab exercise.
Note: The above script is also available at \\NYC-FSR-001\Resources\CXD-250-2i\Scripts_CXD-2502I.txt
153
22. Switch to the Google Chrome browser on the Student Desktop and confirm you are still connected to
the published Citrix Studio on https://citrix.cloud.com.
Note: If the browser was closed, then relaunch Google Chrome from the taskbar on Student Desktop
and browse to https://citrix.cloud.com and Sign in. Now select the My Services > Virtual Apps and
Desktops from the Fly-out menu on the left. Select Full Configuration option from the Manage dropdown.
23. Click the Machine Catalogs node in the left pane of the Cloud Studio.
24. Verify that two Catalogs are now listed.
NYC-CAT-DesktopOS is created successfully via PowerShell.
Key Takeaways:
New-BrokerCatalog is the PowerShell command used to create a new catalog.
The –AdminAddress attribute is not required for Citrix Virtual Apps and Desktops in
Citrix Cloud.
When creating a persistent machine catalog of existing machines, it is essential to
associate machines to users while creating the machine catalog.
•
•
•
Exercise 4-4: Test a Desktop OS Catalog using the SDK
Scenario:
After creating the new machine catalog using the Remote PowerShell SDK, you decide to test
that the Desktop OS machine has registered with the Cloud Connector and Citrix Cloud Delivery
Controller.
Step
1.
2.
Action
Switch back to Remote Desktop Connection Manager and confirm that you are still connected to NYCFSR-001.
Note: In the previous exercise, the following credentials were used to connect with NYC-FSR-001: user
name: WORKSPACELAB\Administrator with Password1 as the password.
Type the following commands in the script editor of Windows PowerShell ISE:
Get-BrokerMachine -MachineName "workspacelab\NYC-WRK-001" | Select CatalogName,
RegistrationState, SessionSupport, ProvisioningType, MachineInternalState
154
3.
Select only the above command and press F8 or click the Execute Selection icon (page with a green
arrow on top) to execute.
The registration state of the machine is registered, which confirms that the machine is successfully
added to the NYC-CAT-DesktopOS catalog.
Note: MachineInternalState is seen to be SoftRegistered. This means that the registration from the
VDA is complete. However, the private Citrix Broker Service instance has not acknowledged the
machine to be registered.
Key Takeaways:
•
Get-BrokerMachine returns objects that combine machine configuration and state
information.
Exercise 4-5: Create Desktop OS Delivery Group for SDK Created
Machines
Scenario:
After successfully creating and testing a machine catalog through the Remote PowerShell SDK,
the WW Labs Lead Citrix Architect has tasked you to investigate the process of creating a
Delivery Group and assigning a user to it, again using only the Remote PowerShell SDK.
Step
1.
2.
Action
Confirm you are still connected with NYC-FSR-001 via Remote Desktop Connection Manager.
Note: In the previous exercise, the following credentials were used to connect with NYC-FSR-001: user
name: WORKSPACELAB\Administrator with Password1 as the password.
Create a Delivery Group with the name NYC-DG-DesktopOS.
Type the following commands in the same script editor used in the previous exercise:
#Declare the variables to be used for creating a Delivery group.
$users = "workspacelab.com\engineer1"
$DGName = "NYC-DG-DesktopOS"
$MachineName = "workspacelab\NYC-WRK-001"
$Catalog = Get-BrokerCatalog -Name "NYC-CAT-DesktopOS"
$BrokerMachine = Get-BrokerMachine -machinename $MachineName -Cataloguid $Catalog.uid
#Create a Delivery Group.
$dg=New-BrokerDesktopGroup -ColorDepth "TwentyFourBit" -DeliveryType "DesktopsOnly" DesktopKind "Private" -InMaintenanceMode $False -IsRemotePC $False -MinimumFunctionalLevel
"L7_9" -Name "$DGName" -OffPeakBufferSizePercent 10 -PeakBufferSizePercent 10 -PublishedName
155
"$DGName" -Scope @() -SecureIcaRequired $False -SessionSupport "SingleSession" ShutdownDesktopsAfterUse $False
Select only the script and variables, and then press F8 or click the Execute Selection icon to execute
the selected script.
Note: This script creates a new Delivery Group with a name NYC-DG-DesktopOS. This Delivery Group is
configured to deliver desktops only.
3.
Note: The above script is also available at \\NYC-FSR-001\Resources\CXD-250-2i\Scripts_CXD-2502I.txt
Add NYC-WRK-001 to the Delivery Group created in the previous step.
Type the following:
#Add a machine to the Delivery Group.
Add-BrokerMachine -DesktopGroup “$DGName” -MachineName $BrokerMachine.SID
Select only the above script in the script editor and click F8 or click the Execute Selection icon to
execute.
4.
Note: This script adds the machine (workspacelab\NYC-WRK-001) to the newly created Delivery
Group. The value of the variables was taken from the previously executed command.
Add Engineer1 to the Delivery Group created in the previous step.
Type the following:
#Assign user to machine.
Add-BrokerUser -Machine $BrokerMachine.sid -Name $users
Select only the above script in the script editor and click F8 to execute.
5.
6.
Do not close the PowerShell window yet; you have declared a variable that you will be using in the
next exercise.
Using the Google Chrome browser on the Student Desktop, confirm you are still connected to the
published Citrix Studio on https://citrix.cloud.com.
Using published Citrix Studio, expand Citrix Studio (cloudxdsite) and click Delivery Groups.
156
7.
Verify two Delivery Groups are now listed.
NYC-DG-DesktopOS is created successfully via PowerShell.
Note: Note that this Delivery Group is not managed by Citrix Cloud, unlike NYC-DG-ServerOS.
Key Takeaways:
•
•
The New-BrokerDesktopGroup cmdlet creates a new Delivery Group that can then be
used to manage the brokering settings of all desktops within that Delivery Group.
Once the Delivery Group has been created, you can add the appropriate desktops to it
using the Add-BrokerMachine command.
Exercise 4-6: Create Access Policies for a Delivery Group using
the SDK
Scenario:
To complete the evaluation of the Remote PowerShell SDK, the Lead Citrix Architect has tasked
you to investigate how to create access policies using PowerShell. Your task is to allow any
authenticated user access from StoreFront and Citrix Gateway.
Step
1.
Action
Switch to Remote Desktop Connection Manager.
157
Confirm that you are still connected with NYC-FSR-001 via Remote Desktop Connection Manager.
2.
Note: In the previous exercise, the following credentials were used to connect with NYC-FSR-001: user
name: WORKSPACELAB\Administrator with Password1 as the password.
Assign users to the NYC-DG-DesktopOS Delivery Group.
Type the following commands in the same script editor that was used in the previous exercise:
#Create an access rule for incoming connections via StoreFront
New-BrokerAccessPolicyRule -AllowedConnections "NotViaAG" -AllowedProtocols @("HDX","RDP") AllowedUsers "AnyAuthenticated" -AllowRestart $True -DesktopGroupUid $dg.Uid -Enabled $True IncludedSmartAccessFilterEnabled $True -IncludedUserFilterEnabled $True -IncludedUsers @() -Name
"DOS_Direct"
#Create an access rule for incoming connections via Citrix Gateway
New-BrokerAccessPolicyRule -AllowedConnections "ViaAG" -AllowedProtocols @("HDX","RDP") AllowedUsers "AnyAuthenticated" -AllowRestart $True -DesktopGroupUid $dg.uid -Enabled $True IncludedSmartAccessFilterEnabled $True -IncludedSmartAccessTags @() -IncludedUserFilterEnabled
$True -IncludedUsers @() -Name "DOS_AG"
Select the above script in the script editor and click F8 or click the Execute Selection icon to execute.
Note: The above script is also available at \\NYC-FSR-001\Resources\CXD-250-2i\Scripts_CXD-2502I.txt
Review the two access rules created in the previous step
3. Type the following command:
Get-BrokerAccessPolicyRule -DesktopGroupName $DGName
4.
Select the above script in the script editor and click F8 or click the Execute Selection icon to execute.
Review the output of the above command.
Note: Each Delivery Group is bound to two access rules that dictate if the connection is internal or
external. The attribute value for Allowed Connections decides if this access rule should be evaluated
for the incoming connection or not.
158
5.
Click X to close the Windows PowerShell ISE window.
6.
When prompted to Save changes to the following files? Untitled1.ps1, click No.
Log off NYC-FSR-001.
7.
8.
9.
Right-click Start, select Shut down or sign out and click Sign out.
Using the Google Chrome browser on the Student Desktop, confirm you are still connected to the
published Citrix Studio on https://citrix.cloud.com.
Using published Citrix Studio, expand Citrix Studio (cloudxdsite) and click Delivery Groups.
Select NYC-DG-DesktopOS from the middle pane and click Edit Delivery Group from the Actions pane
on the right.
159
10. Verify that the Users tab shows Allow any authenticated users to use this Delivery Group is selected.
Note: This parameter was configured using the BrokerAccessPolicyRule command that you executed
in step 2 of this exercise.
11. On the Edit Delivery Group window, click Cancel.
12. Click Citrix Cloud on the top left to return to the Citrix Cloud home page.
160
Key Takeaways:
New-BrokerAccessPolicyRule defines a set of connection filters and access control rights
relating to a Delivery Group. These allow fine-grained control of what access is granted
to a Delivery Group based on the details of, for example, a user's endpoint device, its IP
address, and the user's identity.
•
Exercise 4-7: Enrolling a New Organization into WW Labs’ Citrix
Cloud service
Scenario:
WW Labs has recently purchased a new company called ABC Ventures. Your Lead Citrix
Architect has now tasked you with deploying a Cloud Connector to the new company’s data
center. This will allow users within ABC Venture’s domain to access resources from WW Labs’
Site using Citrix Cloud. Another administrator has previously configured a Domain Trust
between both domains.
Your task is to create a new Resource Location for the new company and to install and
configure the Citrix Cloud Connector for the new domain.
Step
1.
2.
Action
Using the Google Chrome browser on the Student Desktop, confirm that you are still connected to the
Citrix Cloud home page.
Note: If the browser was closed, then relaunch Google Chrome from the taskbar on Student Desktop
and browse to https://citrix.cloud.com and Sign in.
Click the Fly-out menu and select Home.
161
3.
Note: If already at the Home Page, ignore this step.
Click the Edit or Add New button below Resource Location.
4.
Click + Resource Location under Resource Locations
5.
Enter ABC Ventures Data Center in the name box and click Save.
6.
You should now see 2 Resource Locations listed.
162
7.
Using the Remote Desktop Connection Manager, connect to ABC-CON-001.
To log into ABC-CON-001, right-click this machine and select Connect server.
8.
Note: The following credentials are used to make the connection:
User name: ABCVentures\Administrator
Password: Password1.
Click the Internet Explorer icon on the taskbar of ABC-CON-001.
9.
Type https://citrix.cloud.com in the Address bar of Internet Explorer and hit Enter.
10. Type your Citrix Cloud credentials to sign in.
163
Click Sign In.
11. On the dialog box at the bottom of the webpage, it asks Would you like to store your password for
cloud.com? Click Not for this site.
12. Under Resource Locations click Edit or Add New.
13. Within the ABC Ventures Data Center resource location, select the
section.
14. In the Add a Cloud Connector dialog box, click Download.
164
+ icon in the Cloud Connectors
15. On the dialog box at the bottom of the webpage, it asks Do you want to run or save cwcconnector.exe
from downloads.cloud.com? Click Save.
16. Wait for the download to complete, and then click Open folder.
17. Double-click cwcconnector.exe to run the installer.
18. After an initial connectivity check to Citrix Cloud, the installer prompts you to sign in.
165
Click Sign In.
The installer automatically inherits the Citrix Cloud credentials from Internet Explorer and continues
the installation.
19. On the Choose a Resource Location window, select ABC Ventures Data Center from the drop-down
list and click Install.
166
20. The installation continues and tests the service connectivity with Citrix Cloud.
This might take 2-4 minutes to complete.
167
Click Close to complete the installation.
21. Switch back to Internet Explorer and click Refresh on the Add a Cloud Connector page.
22. You will notice that abc-con-001.abcventures.com has been added as a Cloud Connector in the ABC
Ventures Data Center resource location.
168
Note: If the new Cloud Connector is not visible right away, click the Refresh All button after a few
moments.
Note: Ignore the warning that states: To maintain high availability, we recommend installing at least
two connectors in the Active Directory forest that this domain is a member of. Citrix Cloud
recommends having two Cloud Connectors per resource location. However, for the purposes of this
lab you will only install one Cloud Connector for this Resource Location.
Note: If you are not automatically redirected to the ABC Ventures Cloud Connector page, navigate to
the ABC Ventures Data Center Cloud Connector page from the Resource Locations page.
23. Click Citrix Cloud on the upper left hand corner to return to the cloud portal’s home page.
24. You will notice that there are 2 domains now listed in your account.
25. At the top left of the Citrix Cloud page, click the Fly-out menu and select Identity and Access
Management.
169
26. Click the Domains tab on Identity and Access Management page.
27. Verify that you now have the abceventures.com and the workspacelab.com domains listed.
170
Note: The abcventures.com domain will have a warning symbol displayed due to only one Cloud
Connector being configured.
28. On the top-right of the Citrix Cloud webpage, click the drop-down arrow next to the user name and
select Sign Out.
29. Click X to close the Internet Explorer browser.
30. Log off ABC-CON-001.
To log off, right-click Start, select Shut down or sign out, then select Sign out.
171
Key Takeaways:
Resource Locations can contain different resources depending on which Citrix Cloud
services you want to provide to your subscribers.
There is currently no restriction on the number of Resource Locations you can maintain.
The overhead of a resource location is minimal.
The cwcconnector.exe file must be installed on each Cloud Connector to allow it to be
added to a Resource Location, and to perform its service capabilities.
•
•
•
Exercise 4-8: Publish an Application to a User from a New
Organization
Scenario:
After configuring the new abcventures.com domain, your Lead Citrix Architect has tasked you
with publishing an application for users in the new company.
Step
1.
2.
Action
Using the Google Chrome browser on the Student Desktop, confirm you are still connected to the
Citrix Cloud Homepage.
Note: If the browser was closed, then relaunch Google Chrome from the taskbar on Student Desktop
and browse to https://citrix.cloud.com and Sign in.
Click the Fly-out menu and select Library.
172
3.
Click the dots menu on the NYC-DG-ServerOS (Application) Library Offerings card and select Manage
Subscribers.
4.
Select abcventures.com as the domain underneath the Step 1: Choose a domain drop-down menu.
173
5.
Type HR in the Search for AD Group / User and select the HR5 user from the search results.
6.
Wait for the status to show Subscribed.
Click X to close the Manage Subscribers window.
You have successfully assigned applications to the HR5 user from the ABC Ventures domain.
Key Takeaways:
•
•
•
•
The Manage Subscribers option can be used to add groups or users from specific
domains to a library offering within your Citrix Cloud Infrastructure.
The Citrix Cloud Library displays every configured offering created for a specific cloud
service.
A Library offering may include applications, desktops, data shares, or web apps.
A Domain Trust or ADFS must be configured between the respective domains to enable
users to have the ability to access resources from another domain.
174
Exercise 4-9: Create a Delegated Admin for the Citrix Virtual
Apps and Desktops in Citrix Cloud
Scenario:
You are a Citrix Administrator for your company, WW Labs. You have been tasked to investigate
how to create a delegated administrator for Citrix Virtual Apps and Desktops in Citrix Cloud.
Step
1.
2.
Action
At the top left of the Citrix Cloud page in Google Chrome, click the Fly-out menu.
Note: Verify that you are signed in with the Citrix Cloud credentials that were provided along with this
course, you should not be signed in with the credentials created in exercise 1-4.
Select Identity and Access Management.
175
3.
Click the Administrators tab on the Identity and Access Management page.
4.
On the Identity and Access Management page, verify that you have a Full and a Custom
administrator.
5.
Note: The Administrator created in exercise 1-4 should have custom access.
Locate the administrator account you created in exercise 1-4, click the three dots on the right side
then click Edit Access.
6.
On the Edit Access page, verify that the Custom access radio button is chosen.
In the General Management section, click Resource Location to remove access to this service for this
administrator.
176
7.
In the Virtual Apps and Desktops section, click Virtual Apps and Desktops: Cloud Administrator, All.
Clear the checkboxes for the other previously selected roles.
8.
At the top of the page, click Save to accept the changes and exit the page.
9.
Using Remote Desktop Connection Manager, connect to NYC-FSR-001.
To log into NYC-FSR-001, right-click this machine and select Connect server.
Note: The following credentials are used to make the connection: user name:
WORKSPACELAB\Administrator with Password1 as the password.
10. Click the Internet Explorer icon on the taskbar of NYC-FSR-001.
11. Browse to the Citrix Cloud sign-in page by typing Cloud.citrix.com, then log on using the account
created in exercise 1-4.
Type the User name and Password created in exercise 1-4 step 9 and click Sign In.
12. In the My Services section, click Manage on the Virtual Apps and Desktops card.
177
13. Verify that you can see the Overview, Manage, and Monitor tabs.
Select the Manage tab.
14. The Virtual Apps and Desktops delegated administrator has full administrative rights within Studio.
Using Studio, expand Citrix Studio (cloudxdsite) and click Machine Catalogs.
From the Actions pane on the right pane, validate Create Machine Catalog is present.
15. Click the Monitor tab.
178
16. Verify that the administrator has access to Cloud Director.
Note: The Virtual Apps and Desktops: Cloud Administrator access setting provides a delegated
administrator rights to manage and monitor Citrix Virtual Apps and Desktops from Citrix Cloud.
17. Log off the delegated administrator within Internet Explorer.
On top-right of the Citrix Cloud webpage click the drop-down arrow next to user name and select Sign
Out, then close Internet Explorer.
18. Switch back to Google Chrome on the Student Desktop. Confirm you are still connected to the Citrix
Cloud Homepage.
Note: If the browser was closed, then relaunch Google Chrome from the taskbar on Student Desktop
and browse to https://citrix.cloud.com and Sign in.
19. At the top left of the Citrix Cloud page in Google Chrome, click the Fly-out menu and select Identity
and Access Management.
179
20. Click the Administrators tab on the Identity and Access Management page.
21. Locate the administrator account you created in exercise 1-4, click the three dots on the right side
then click Edit Access.
22. In the Virtual Apps and Desktops section, clear the check box for Virtual Apps and Desktops: Cloud
Administrator, All.
180
Click the checkbox for Virtual Apps and Desktops: Help Desk Administrator, All -Access to Monitor’
tab only.
23. Click Save to accept the changes and exit the page.
24. Using Remote Desktop Connection Manager, switch back to NYC-FSR-001.
25. Using Internet Explorer on NYC-FSR-001, browse to the Citrix Cloud Sign in page by typing
Cloud.citrix.com, then log on using the newly created account.
Type the User name and Password created in exercise 1-4 step 9 and click Sign In.
26. In the My Services section, click Manage on the Virtual Apps and Desktops card.
27. Verify that you can see the Overview and Monitor tabs.
Click the Monitor tab to open Cloud Director.
181
28. Verify that the delegated Help Desk Administrator can access Cloud Director. Note that Director shows
the same User and Machine search view that is presented to Help Desk Users in an on-premises
deployment.
Note: The Virtual Apps and Desktops: Help Desk Administrator, All role has rights to access Cloud
Director but not Cloud Studio.
29. Log off the delegated administrator within Internet Explorer.
On top-right of the Citrix Cloud webpage click the drop-down arrow next to user name and select Sign
Out, then close Internet Explorer.
30. Log off NYC-FSR-001.
To log off, right-click Start, select Shut down or sign out, then select Sign out.
Key Takeaways:
•
•
•
You can invite new administrators to join your Citrix Cloud infrastructure by sending an
invite email; Citrix Cloud sends an invitation to the email address you specified and adds
the administrator to the list.
Delegated Administration with Citrix Cloud consists of Full or Custom administrators by
default.
Custom administrator permissions can be enhanced or limited to manage specific
objects; to include Domains, Library, Notifications, and Resource Locations.
Module 5: Provide Access in Citrix Cloud
Overview:
182
This module presents the role of StoreFront and Citrix ADC in Citrix Virtual Apps and Desktops.
You will identify both the Citrix Cloud hosted StoreFront and the Citrix ADC service, as well as
deploying StoreFront and Citrix ADC on-premises, in order to understand the key differences
between hosting these resources on-premises and using the Citrix Cloud offerings.
Before you begin:
Estimated time to complete Module 5 lab exercises: 75 minutes
Exercise 5-1: Test Citrix Cloud Workspace Experience
Scenario:
The Lead Citrix Architect at WW Labs is still deciding whether to use the Citrix Cloud Workspace
or to install an on-premises StoreFront solution for the production deployment following this
POC. They have tasked you to verify that the cloud-hosted StoreFront is enabled, test user
experience and gain some more insight into WW Labs’ ability to customize the hosted
StoreFront deployment.
Step
1.
Action
The following VMs are required before beginning the exercises for this Module; all others may be powered
down.
To power manage your VMs, switch to Hyper-V Manager, right-click the VM in the left pane and select
Start or Shut Down. If prompted, click Yes.
2.
3.
• NYC-ADC-001
• NYC-ADS-001
• NYC-CON-001
• NYC-CON-002
• NYC-FSR-001
• NYC-SQL-001
• NYC-SRV-001
• NYC-SRV-002
• NYC-STF-001
• NYC-VDC-001
• NYC-WRK-001
• NYC-WRK-002
Using the Google Chrome browser on the Student Desktop, confirm you are still connected to the Citrix
Cloud Homepage.
Note: If the browser was closed, then relaunch Google Chrome from the taskbar on Student Desktop and
browse to https://citrix.cloud.com and sign in.
At the top left of the Citrix Cloud page, click the Fly-out menu and select Workspace Configuration.
183
Note: If prompted by the Welcome to Workspace Configuration pop-up window, click X to close the
window.
4.
On the Workspace Configuration home page, click the Service Integrations tab.
5.
In the Virtual Apps and Desktops section, click the three dots menu, then select Enable if not already
enabled.
184
6.
In the confirmation dialog box that appears, click Confirm.
7.
Note: Skip to step 8 if Virtual Apps and Desktops service is already enabled.
After a few moments, confirm that the Virtual Apps and Desktops service is Enabled.
8.
On the Workspace Configuration page, click the Access tab, then find the Workspace URL.
185
9.
Note: The actual URL will vary in your lab.
Right-click the Workspace URL link and select Open link in new tab to browse to the Workspace site.
10.
11.
On Gooogle Chrome, click the Citrix Workspace App tab.
On the Workspace portal page, use the following credentials to log on:
•
•
User name: workspacelab.com\Auditor1
Password: Password1
186
12.
Click Log On.
On the dialog box at the top-right of the webpage, it asks Do you want Google Chrome to save your
password for this site? Click Save.
Click X on the Password Saved. To get your passwords on all your devices, sign in to Chrome dialog box.
13.
Note: You should select to remember the credentials only for this lab and only on the Student Desktop.
On the Welcome to Citrix Workspace screen, click Detect Workspace.
187
14.
An Open Citrix Receiver Launcher prompt should appear at the top of the browser.
Select the Remember my choice for Citrix Receiver Launcher links on the Open Citrix Receiver Launcher?
prompt.
Click Open Citrix Receiver Launcher.
15.
Note: Citrix Workspace App has already been installed on the Student Desktop.
The cloud-hosted Citrix Workspace shows Recent Apps as the default view.
188
16.
17.
Note: The default landing page for Citrix Workspace may differ in your lab if new features have been
added by the Citrix Cloud Development team.
At the top-right of the Citrix Workspace page, click the downward arrow next to the user name and select
Log Out.
Switch back to the Citrix Cloud webpage tab.
On the top-right of the Citrix Cloud webpage, click the drop-down arrow next to user name and select Sign
Out, then close Google Chrome.
189
Key Takeaways:
Citrix Cloud hosted StoreFront, also known as Citrix Workspace, is enabled by default
when you subscribe to Citrix Cloud, but integration with the Citrix Virtual Apps and
Desktops service must be enabled manually.
Citrix Cloud hosted StoreFront does not require updates or maintenance from a
customer perspective.
Customers have limited control or ability to customize the cloud-hosted StoreFront,
compared to an on-premises StoreFront deployment.
•
•
•
Exercise 5-2: Configure Citrix Workspace branding
Scenario:
You are a Citrix Administrator for your company, WW Labs. You have tested Citrix Workspace
and the Lead Citrix Architect has decided to implement it in your infrastructure. Now, you are
tasked with customizing the interface branding to include the company logo and browser
heading.
This task brings Citrix Workspace into compliance with WW Labs’ policy by providing a familiar
appearance for employees.
Step
1.
Action
Using the Remote Desktop Connection Manager, connect to NYC-FSR-001.
To log into NYC-FSR-001, right-click this machine and select Connect server.
2.
Note: The following credentials are used to make the connection: user name:
WORKSPACELAB\Administrator with Password1 as the password.
Click the Internet Explorer icon on the taskbar of NYC-FSR-001.
3.
Browse to the Citrix Cloud Sign in page by typing Cloud.citrix.com
190
4.
Type your primary Citrix Cloud credentials to sign in.
5.
Click Sign In.
At the top left of the Citrix Cloud page, click the Fly-out menu and select Workspace Configuration.
6.
Click the Customize tab on the Workspace Configuration page.
191
7.
In the Workspace Configuration / Customize page, scroll down to the Sign-in Appearance section and click
the file icon within the Drop the logo file or browse from a folder box.
8.
Within the Choose File to Upload window, navigate to \\NYC-FSR-001\Resources\Workspace
Configuration.
9.
To select the Sign-in Appearance logo, double-click WW Labs Logo.png.
10.
The WW Labs logo should now appear in the Sign-in Appearance section.
192
11.
You will now modify the After Sign-in Appearance settings.
In the Workspace Configuration / Customize page, scroll down to the After Sign-in Appearance section and
click the file icon within the Drop the logo file or browse from a folder box.
12.
Within the Choose File to Upload window, navigate to \\NYC-FSR-001\Resources\Workspace
Configuration.
13.
Double-click WW Labs Logo.png.
14.
Scroll down to the Content Branding section and click the colored box above Background Color.
Type #00aeef in the hex field, then click outside the color picker pop-up to close it.
193
15.
Click the colored box above Accent Color and Type #1c75bc in the hex field, then click outside the color
picker pop-up to close it.
16.
Scroll up to the top of the page, and click Save under Customize how subscribers will see their workspace.
17.
Click the Access tab on the Workspace Configuration page.
194
18.
Right-click the Workspace URL link and select Open link in new tab to browse to the Workspace site.
19.
20.
Click the Citrix Workspace App tab in Internet Explorer.
View the recently customized Workspace Sign-In page.
Sign in with:
• User name: workspacelab.com\Auditor1
• Password: Password1
21.
Note: If the customized WW labs logo does not appear, continue to refresh the website until the logo
appears.
On the Welcome to Citrix Workspace screen, click Detect Workspace.
195
22.
A prompt should appear in the middle of the browser.
Select Cancel.
On the Client Detection window, select Already Installed.
196
23.
Note: Citrix Workspace App has not been installed on NYC-FSR-001. However, for the purposes of this
exercise, it will not be needed in order to view the customized Workspace page.
Verify that the After Sign-in Appearance settings have been modified.
24.
25.
Note: The default landing page for Citrix Workspace may differ in your lab if new features have been
added by the Citrix Cloud Development team.
Log off the Workspace Site and the Citrix Cloud Administrative Site. Then close Internet Explorer.
Log off NYC-FSR-001.
To log off, right-click Start, select Shut down or sign out, then select Sign out.
Key Takeaways:
•
•
•
The Workspace interface allows for customized branding very similar to the on-premises
StoreFront.
Customizations to the Workspace appearance take effect immediately.
Supported formats for graphics include JPEG, JPG, or PNG.
Exercise 5-3: Verify Active Sessions are Connected via Citrix
Cloud Connector
Scenario:
Your Lead Citrix Architect has now tasked you with verifying that connections made via the
Workspace portal are using the Citrix Cloud Connectors.
This connection information can be verified on Citrix Cloud Studio, similar to on-premises
connections.
197
Step
1.
Action
Using the Google Chrome browser on the Student Desktop, confirm you are still connected to the
Citrix Cloud Homepage.
2.
Note: If the browser was closed, then relaunch Google Chrome from the taskbar on Student Desktop
and browse to https://citrix.cloud.com and Sign in.
At the top left of the Citrix Cloud page, click the Fly-out menu and select Workspace Configuration.
3.
On the Workspace Configuration page, find the Workspace URL.
4.
5.
Note: The actual URL will vary in your lab.
Right-click the Workspace URL link and select Open link in new tab to browse to the Workspace site.
Browse to the workspace site and use the following credentials to log on:
• User name: workspacelab.com\Auditor1
• Password: Password1
198
Click Log On.
6.
Note: The credentials may already be entered since they were saved in a previous exercise.
On the Workspace page, click Apps > All Apps.
7.
On the All Apps page, start the Calculator application by clicking the Calculator icon.
199
8.
Verify that the Calculator application launches.
Do not exit out of the Calculator application.
9.
Note: If prompted by Citrix Workspace App to add an account, select ‘Do not show this window
automatically at logon’ checkbox and click Close.
Switch back to the Citrix Cloud site tab, click the Fly-out menu, and select My Services > Virtual Apps
and Desktops.
10.
Select the Full Configuration option from the Manage drop-down menu to open Citrix Studio.
200
11.
Click Search underneath Citrix Studio (cloudxdsite).
12.
Click the Sessions tab within the search view.
13.
Verify that Auditor1 has an active session on NYC-SRV-002.
14.
Note: If a previous session is present, log the user off.
Select the active Auditor1 session and view its details.
201
15.
Verity that the Connected Via: IP address is either 192.168.10.41 (NYC-CON-001) or 192.168.10.42
(NYC-CON-002).
You have verified that user sessions are connecting through the Cloud Connectors.
16.
Note: The Connected Via: IP address in your lab may vary between 192.168.10.41 and 192.168.10.42.
Switch back to the Calculator application. Click X, on the Calculator application, to close the
application.
17.
On Google Chrome, click the Citrix Workspace tab to navigate to the Workspace URL.
202
18.
Click the downward arrow on the upper-right-hand corner and select Log Out.
19.
Click X, on the Citrix Workspace tab, to close the Workspace page.
Key Takeaways:
Connections made via the Workspace portal will use the Citrix Cloud Connectors.
•
Exercise 5-4: Configure On-Premises StoreFront
Scenario:
Your Citrix Lead Architect has tasked you to configure an on-premises StoreFront server to be
used in the POC. The StoreFront software has already been installed on the server. Your
responsibility is to create a new Store and configure this Store to use the Cloud Connectors as
Delivery Controllers. For the POC, you will be using HTTPS on port 443 to integrate the Cloud
Connectors.
Step
1.
2.
Action
Using the Remote Desktop Connection Manager, connect to NYC-STF-001.
To log into NYC-STF-001, right-click this machine and select Connect server.
Note: The following credentials are used to make the connection:
User Name: WORKSPACELAB\Administrator
Password: Password1.
Click Start > Citrix > and click Citrix StoreFront to start the StoreFront Management Console.
203
2.
Using the StoreFront Management Console, create a new deployment.
In the middle pane, select the option Create a new deployment.
3.
On the Base URL page, set the Base URL for the Store in the new deployment.
Enter the following URL for the Base URL: https://storefront.workspacelab.com
204
Click Next to continue the Create New Deployment wizard.
Note: The deployment creation process takes a few minutes.
4.
Note: A DNS entry for storefront.workspacelab.com to resolve to this StoreFront server has already
been created in the lab base.
Click Next on the Getting Started page.
205
5.
On the Store Name page, type the following as the Store Name: WWLabsStore
Select the checkbox Set this Workspace App for Web site as IIS default.
Click Next to continue the Create Store wizard.
206
6.
On the Delivery Controllers page, add a Delivery Controller to this new Store deployment.
Below the box for Delivery Controllers, click Add.
7.
An Add Delivery Controller dialog box opens.
Enter the following settings to add a Delivery Controller:
• Display name: Citrix Cloud
• Type: XenDesktop (7.0 or Higher) XenApp (7.5 or Higher)
• Below the Servers box, click Add.
o Server name: NYC-CON-001.workspacelab.com
o Click OK. The Delivery Controller should now appear in the Servers box.
• Again, click Add
o Server name: NYC-CON-002.workspacelab.com
o Click OK. The Delivery Controller should now appear in the Servers box.
• Transport type: HTTPS
• Port: 443
Click OK to close the Add Delivery Controller dialog box.
207
Note: On the Type box, setting XenDesktop (7.0 or Higher) XenApp (7.5 or Higher) is the base option
for all FMA platforms.
8.
Note: The transport type and port are set to HTTPS and 443 respectively since you have previously
secured XML traffic on both connectors.
On the Delivery Controllers page, verify that the information appears correctly with the newly added
Delivery Controller.
208
9.
10.
Click Next to continue the Create Store wizard.
On the Remote Access page, leave the defaults, and click Next.
On Configure Authentication Methods page, verify User name and password is enabled and click
Next.
209
11.
On Configure XenApp Services URL, leave the defaults and click Create.
12.
Note: Creating a store will take approximately 3 minutes.
Click Finish on the Summary page.
210
Note: The website automatically created by the wizard has the same address as the store, with the
word web added at the end.
Key Takeaways:
•
•
The only difference in configuring on-premises StoreFront to work with Citrix Cloud
versus on-premises Delivery Controllers is adding the Cloud Controllers to the
configuration instead of Delivery Controllers.
It would be possible to add both the on-premises Delivery Controllers and the Cloud
Connectors and thereby aggregate resources from both sites.
Exercise 5-5: Configure the Default Domain
Scenario:
In the current WW Labs environment, all users must log on with their domain name\user name,
causing many users to mistype their logon credentials and giving a bad user experience. The
WW Labs Lead Citrix Architect never approved a change to set a default domain in production,
so you decide to test the change in the POC environment and present this optimized user
experience to your team.
Step
1.
Action
Using Remote Desktop Connection Manager, confirm you are still connected to NYC-STF-001.
Note: In a previous exercise, you had logged on to NYC-STF-001 using the following credentials to
make the connection: user name: WORKSPACELAB\Administrator with Password1 as the password.
Note: If your Remote Desktop Connection session is disconnected, log on to NYC-STF-001, right-click
this machine and select Connect server.
211
2.
Open Internet Explorer and browse to https://storefront.workspacelab.com.
The User name box is prompting for a domain\user or user@domain.com account information,
indicating that a domain is required.
Attempt to log on to this StoreFront page using the following credentials:
•
•
User name: Auditor1
Password: Password1
Note: This logon attempt failed with a message indicating to Enter a domain. This logon box requires a
domain, but you only specified a user name and a password.
212
Close Internet Explorer.
3.
Note: To allow users to log on to a StoreFront Store with a user name and a password but without
specifying a domain, you have to configure a trusted domain. You have been tasked by your Lead
Citrix Architect to configure this trusted domain in your Virtual Apps and Desktops POC environment.
Using the StoreFront Management Console, configure a trusted domain.
In the left pane, select Stores. In the right pane, select Manage Authentication Methods located
under WWLabsStore.
213
4.
Note: The StoreFront Management Console was launched in a previous exercise. If the console was
closed in a previous exercise, then click Start > Citrix > and click Citrix StoreFront.
On the Manage Authentication Methods – WWLabsStore page, click the Settings drop-down next to
User name and password and select Configure Trusted Domains.
5.
In the Configure Trusted Domains window, set the Allow users to log on from radio button to Trusted
domains only.
6.
Below the Trusted domains box, click Add.
In the Add Domain dialog box enter: workspacelab.com
Click OK.
214
7.
Below the Trusted domains box, click Add.
In the Add Domain dialog box enter: workspacelab
Click OK.
8.
In the Configure Trusted Domains dialog box, verify the following:
•
•
In the Default domain drop-down, workspacelab.com is selected.
The Show domains list in logon page is deselected.
Click OK to accept the changes.
Click OK again on Manage Authentication Methods – WWLabsStore.
215
9.
Note: If users need to access multiple domains, enable the box for Show domains list in logon page so
users can see a drop-down list in the StoreFront Store log on screen that will show the pre-defined list
of available domains a user can select and log on to.
Open an Internet browser to browse to the StoreFront Store and test that the Trusted Domains were
configured successfully by logging on with a user name and a password, but without a domain.
Open Internet Explorer and browse to https://storefront.workspacelab.com.
Log on to the StoreFront page using the following credentials:
•
•
User name: Auditor1
Password: Password1
Notice that the user is able to log on without specifying a domain.
Note: If prompted, select I agree with the Citrix license agreement and click Log on.
10. Close out the Store Session.
Click near the upper-right-hand corner on the user name used to log on to this Store. Select Log Off.
216
Internet Explorer will log out the user and will present a message stating, You have logged off
successfully. At this point, you could log back on by clicking on Log On, but for now close Internet
Explorer.
Key Takeaways:
•
•
•
Using default and trusted domains prevents users from having to manually enter a
domain during the authentication process. This will help prevent users from incorrectly
entering their domain and failing to log on.
If the Trusted domains only option is selected, and multiple domains are specified, users
will be presented with a drop-down list of domains from which to choose.
The first trusted domain entered is automatically configured as the default logon
domain. This is the domain used by default when users log on and do not specify a
domain.
217
Exercise 5-6: Configure StoreFront Store Branding
Scenario:
WW Labs has set expectations that all websites used for company business must be branded
using the standard appearance as defined in WW Labs’ written policy.
Your task is to update the StoreFront Store and Workspace for Web to match corporate
branding. This task brings the Store into compliance with WW Labs’ written policy by providing
a familiar appearance for employees.
You decide to start the customization by using the basic branding features available in the
StoreFront console.
Step
1.
Action
Using the Remote Desktop Connection Manager, confirm you are still connected to NYC-STF-001.
Note: In a previous exercise, you had logged on to NYC-STF-001 using the following credentials to
make the connection: user name: WORKSPACELAB\Administrator with Password1 as the password.
2.
Note: If your Remote Desktop Connection session is disconnected, log on to NYC-STF-001, right-click
this machine and select Connect server.
Using the StoreFront Management Console, customize the Workspace App appearance.
In the left pane, select Stores. In the right pane, under WWLabsStore, click Manage Receiver for Web
Sites.
218
3.
4.
Note: The StoreFront Management Console was launched in a previous exercise. If the console was
closed in a previous exercise, then click Start > Citrix > and click Citrix StoreFront.
On the Manage Receiver for Web Sites – WWLabsStore, click Configure.
On the Edit Receiver for Web site page, select Customize Appearance on the left and set the following
customizations:
•
•
•
Logon branding: Click Browse and navigate to \\NYC-FSR-001\Resources\StoreFront Design.
Select Logonbranding.png, and click Open.
Header branding (Post logon): Click Browse and navigate to \\NYC-FSR001\Resources\StoreFront Design. Select HeaderBranding.png, and click Open.
Background color: Click the drop-down and set the WW Labs RGB Values to:
o
o
o
R: 0
G: 174
B: 239
219
•
Text and icon color:
o R: 255
o G: 255
o B: 255
•
Link color:
o R: 28
o G: 117
o B: 188
220
Note: You can use the keyboard arrow keys for granular adjustments or double-click the numbers to
enter them manually.
5.
Disable Desktop Auto launch when a user logs in.
Select Client Interface Settings on the left.
221
6.
7.
Remove the checkmark for the Auto launch desktop check box.
Click OK to accept the changes made.
Click Close to exit the Manage Receiver for Web Sites – WWLabsStore window.
On NYC-STF-001.workspacelab.com, open Internet Explorer and browse to the StoreFront Store to
experience the new custom Workspace App appearance.
Start Internet Explorer and browse to https://storefront.workspacelab.com
Notice the WW Labs logo.
222
Log on to the StoreFront page using the following credentials:
•
•
User name: HR1
Password: Password1
Notice the new customized changes.
223
Close Internet Explorer.
Key Takeaways:
•
•
•
Customizations to the Workspace appearance take effect immediately.
Supported formats for graphics include JPEG, JPG, or PNG.
If there is a published desktop, it will start automatically for the user when they
authenticate to the StoreFront portal, unless it is manually disabled under the Receiver
for Web Settings.
Exercise 5-7: Start Resources from On-Premises StoreFront
Scenario:
Following the creation of the Store and adjusting the Store to bring it in line with WW Labs
requirements, your task is to verify that you can successfully start resources from the new onpremises Store.
Step
1.
Action
From the Student Desktop, start Internet Explorer and browse to
https://storefront.workspacelab.com.
Log on using the following credentials:
•
•
User name: HR1
Password: Password1
224
Note: If you receive a Citrix Systems add-on prompt at the bottom of the page, select Allow.
2.
Note: If prompted by Citrix Workspace App to add an account, select the ‘Do not show this window
automatically at logon’ check box and click Close.
Click the DESKTOPS tab and click the Windows 2016 Server Desktop icon.
Verify that the Windows 2016 Server Desktop starts.
3.
From the Internet Explorer window, click the APPS tab and click the Notepad icon.
225
Interact with the Windows 2016 Server Desktop and the Notepad sessions.
4.
When finished, log off the Windows 2016 Server Desktop and click File > Exit on the Notepad session.
Log off Workspace App for Web.
Click HR1 and select Log Off. Close Internet Explorer.
Key Takeaways:
•
•
•
Resources published for each user are listed under specific tabs across the top of the
Workspace App window; DESKTOPS, APPS or FAVORITES if the user had customized
them.
An Administrator can customize specific applications to be Mandatory or Featured using
keywords in the published Application Settings.
Featured App Groups can be created via StoreFront if an administrator wants to group
similar or related applications together, such as Microsoft Office.
Exercise 5-8: Enable Remote Access to the On-Premises
StoreFront
Scenario:
After enabling the Cloud Citrix ADC, your Citrix Lead Architect has tasked you to prepare the onpremises StoreFront deployment for remote access through the on-premises Citrix ADC.
226
Step
Action
Integrate on-premises StoreFront with Citrix ADC
1. Using Remote Desktop Connection Manager, connect to NYC-STF-001.
To log on to NYC-STF-001, right-click this machine and select Connect server.
2.
Note: The following credentials are used to make the connection: user name:
WORKSPACELAB\Administrator with Password1 as the password.
Using the StoreFront Management Console, configure authentication.
In the left pane, click Stores. Select WWLabsStore in the middle pane. In the right pane, under
WWLabsStore, select Manage Authentication Methods.
3.
Select Pass-through from NetScaler Gateway and click OK.
227
4.
Note: This enables pass-through from Citrix Gateway authentication.
Under the Actions pane on the right, click Manage Citrix Gateways.
5.
Click Add.
228
6.
On the Add NetScaler Gateway Appliance window, configure the following settings:
•
•
•
Display name: ADC
Citrix Gateway URL: https://adc.workspacelab.com
Usage or role: Authentication and HDX Routing
229
7.
Click Next.
On the Secure Ticket Authority page, click Add under Secure Ticket Authority URLs.
Type https://NYC-CON-001.workspacelab.com and click OK.
Click Add again, type https://NYC-CON-002.workspacelab.com and click OK.
8.
On the Secure Ticket Authority (STA) page, verify that both connectors are added as Secure Ticket
Authorities, then click Next.
9.
On the Authentication Settings page, add the following information:
•
•
VServer IP address: 192.168.10.102
Logon type: Domain
230
•
Callback URL: https://adc.workspacelab.com
Click Create.
10. To finalize the Add Citrix Gateway Appliance setting, click Finish.
231
11. On the Manage Citrix Gateways window, click Close.
12. In the left pane, click Stores.
232
Select WWLabsStore in the middle pane. In the right pane, under WWLabsStore, click Configure
Remote Access Settings.
13. On Configure Remote Access Settings – WWLabsStore, select the checkbox for Enable Remote Access.
Click the Allow users to access all resources delivered through StoreFront (No VPN tunnel) radio
button.
Select ADC in the NetScaler Gateway appliances section, and make sure ADC is defined in the Default
appliance drop-down list.
233
Click OK.
Key Takeaways:
•
•
Many customizations can be applied to on-premises StoreFront.
On-premises StoreFront communicates with the Cloud Connector server, which further
communicates with Citrix Virtual Apps and Desktops in Citrix Cloud.
Exercise 5-9: Configure On-Premises Citrix ADC
Scenario:
WW Labs is concerned about the limited feature set in the cloud-hosted Citrix Gateway service,
so you have been tasked with configuring an on-premises Citrix ADC to handle the Gateway
functionality.
A Citrix ADC virtual appliance has already been configured on the network, and the
workspacelabs.com wildcard certificate has been imported.
Step
Action
234
1.
On a new tab of Google Chrome on the Student Desktop, enter the NSIP (Management IP address) of
the Citrix ADC VPX appliance that has been installed on your Microsoft Hyper-V host:
• URL: 192.168.10.100
2.
Log on to the Citrix ADC using the following credentials:
•
•
User Name: nsroot
Password: nsroot
3.
Click Log On.
Click the Configuration tab.
4.
In the Integrate with Citrix Products section, click XenApp and XenDesktop.
235
5.
Scroll down and click Get Started.
6.
Verify that the StoreFront radio button is selected and click Continue.
236
7.
Enter the following:
•
•
•
•
Gateway FQDN: adc.workspacelab.com
Gateway IP Address: 192.168.10.102
Port: 443
Select check box for Redirect requests from port 80 to secure port.
Click Continue.
237
8.
9.
The wildcard.workspacelab.keypair server certificate has been pre-installed on Citrix ADC for you.
Leave the wildcard.workspacelab.keypair server certificate selected and click Continue.
For the StoreFront settings, enter/select the following:
•
•
•
10.
StoreFront URL: https://storefront.workspacelab.com
Click Retrieve Stores and verify that the Receiver for Web Path is set to
/Citrix/WWLabsStoreWeb
Default Active Directory Domain: workspacelab.com
Enter both connectors as Secure Ticket Authority Servers.
In the Secure Ticket Authority URL box, type https://nyc-con-001.workspacelab.com and click the “+”
sign.
In the second Secure Ticket Authority URL box, type https://nyc-con-002.workspacelab.com
11.
Verify that the Use this StoreFront for Authentication checkbox is not enabled, then click Continue.
238
12.
In the Authentication settings section, confirm that Choose Authentication Type is set to Domain.
Select the Use existing server radio button.
Under Select Domain Server, click the arrow next to Click to select.
239
13.
Select the radio button next to 192.168.10.11, then click Select.
14.
Back on the Citrix Gateway Settings screen, click Continue.
Click Done.
15.
Start the Internet Explorer browser on Student Desktop and enter the Citrix Gateway URL
https://adc.workspacelab.com.
•
•
User name: auditor1
Password: Password1
Click Log On.
240
16.
You should be redirected to StoreFront using Pass-through authentication from the Citrix Gateway.
17.
Log off Workspace App for Web.
Click Auditor1 and select Log Off. Click X to close Internet Explorer.
Key Takeaways:
Citrix Gateway can easily be integrated with an existing Citrix Virtual Apps and Desktops
infrastructure using the built-in wizard.
•
Exercise 5-10: Customize On-Premises Citrix ADC Logon Point
Scenario:
Your task is to investigate how to customize the logon page on Citrix ADC. WW Labs’ CIO has
expressed the importance that this page looks identical to StoreFront and uses the WW Labs
graphics.
Step
1.
2.
Action
Switch back to Google Chrome on the Student Desktop and access the Citrix ADC management
console.
Select Citrix Gateway > Virtual Servers on the left.
241
3.
4.
Note: In the previous exercise, you logged into the Citrix ADC management console using the
following credentials: user name: nsroot with nsroot as the password.
Select _XD_192.168.10.102_443 from the Citrix Gateway Virtual servers in the middle pane and click
Edit.
From the Advanced Settings menu on the right, select Portal Themes.
242
5.
The Portal Theme settings should now appear on the lower part of the VPN Virtual Server settings
page.
On the Portal Theme drop-down menu, select X1 and click OK.
243
Click Done to exit from the _XD_192.168.10.102_443 virtual server settings.
6.
Click the Floppy disk, on the upper right-hand corner.
7.
Click Yes to save changes on the confirmation prompt.
8.
Click nsroot, on the upper right-hand corner, then click Logout.
Close the Citrix ADC tab on the Google Chrome browser.
Key Takeaways:
•
Citrix ADC has improved the ability to make changes to the look and feel by integrating
default and custom themes, and by allowing GUI-based configuration of basic
appearance settings.
244
The Citrix Gateway logon page can be adjusted to more closely resemble the look and
feel of StoreFront. The GreenBubbles theme corresponds to StoreFront 2.x deployments
(and 3.x deployments running in classic mode). The X1 theme corresponds to StoreFront
3.x deployments.
Custom themes can be created from any of the default themes, making it easier for an
administrator to modify just the settings that interest them, while still preserving the
overall look and feel of the original themes where desired.
•
•
Exercise 5-11: Start Resources through On-Premises Citrix ADC
Scenario:
After configuring StoreFront and Citrix ADC to support external connections, your task is to test
and verify that sessions can be launched and that Citrix ADC is encrypting the traffic.
Step
1.
2.
Action
On the Student Desktop open Internet Explorer and browse to https://adc.workspacelab.com.
Log on using the HR1 account.
•
•
3.
4.
User name: HR1
Password. Password1
Note: If prompted, Select I agree with the Citrix license agreement and click Log on.
Click the APPS tab and start the Notepad application.
From the system tray, right-click Citrix Workspace App and open Connection Center.
Click the session NYC-SRV-002 and then click Properties. Review your session details to make sure the
connection is using 256-bit DTLSv1 as the encryption level.
245
5.
6.
Click OK.
Close Connection Center and Notepad.
Log off Workspace for Web.
Click HR1 and select Log Off. Close Internet Explorer.
Key Takeaways:
With Citrix ADC version 12.x, the DTLS protocol is now supported for UDP traffic, such as
when Enlightened Data Transport (EDT) is being used.
The Citrix ADC CLI or the Citrix ADC GUI can be used to configure the DTLS back-end
service.
UDP is the preferred protocol for audio and video applications.
Enlightened Data Transport (EDT) and DTLS must be enabled to encrypt the UDP
connection used by EDT. The DTLS parameter must be enabled at the Gateway VPN
virtual server level.
•
•
•
•
Exercise 5-12: Configuring On-premises Citrix ADCs in
Workspace Experience
Scenario:
Your Lead Citrix Architect has now tasked you with verifying that connections made via the onpremises Citrix ADC are successful and that active sessions can be verified.
You are tasked with configuring the on-premises Citrix ADC as a Gateway for the New York Data
Center Resource Location within the Citrix Cloud interface.
Step
1.
2.
Action
Using the Google Chrome browser on the Student Desktop, confirm you are still connected to the
Citrix Cloud Homepage.
Note: If the browser was closed, then relaunch Google Chrome from the taskbar on Student Desktop
and browse to https://citrix.cloud.com and Sign in.
At the top left of the Citrix Cloud page, click the Fly-out menu and select Resource Locations.
246
3.
In the Resource Locations page, click the + Gateway button in the New York Data Center resource
location.
4.
In the Configure Connectivity window, select the option Traditional Gateway.
247
5.
In the Traditional Gateway window, enter adc.workspacelab.com in the External FQDN box.
Click Add.
Click Save.
248
6.
At the top left of the Citrix Cloud page, click the Fly-out menu and select Workspace Configuration.
7.
On the Workspace Configuration page, find the Workspace URL.
249
8.
Note: The actual URL will vary in your lab.
Right-click the Workspace URL link and select Open link in new tab to browse to the Workspace site.
9.
Browse to the Workspace site and use the following credentials to log on:
•
•
10.
User name: workspacelab.com\Auditor1
Password: Password1
Note: These credentials may be entered for you if they were saved during a previous exercise.
Click the Apps node and then All Apps.
Start the Calculator application by clicking on the Calculator Icon.
250
11.
Verify that the Calculator application launches.
12.
Do not close the Calculator application.
Switch back to the Citrix Cloud site, click the Fly-out menu, and select My Services > Virtual Apps and
Desktops.
251
13.
Select the Full Configuration option from the Manage drop-down menu to open Citrix Studio.
14.
Click Search underneath Citrix Studio (cloudxdsite).
15.
Click the Sessions tab within the search view to view the active session.
252
16.
17.
Note: If the Sessions tab is showing information from an earlier session, in the right-hand Actions
pane, click Refresh.
View the details of Auditor1’s active session in the lower pane.
Verify that the Connected Via: IP address is 192.168.10.101. The 192.168.10.101 IP address is the
subnet IP address (SNIP) of the NYC-ADC-001 Citrix ADC.
You have verified that user sessions are connecting through the on-premises Citrix ADC.
18.
19.
20.
Note: A subnet IP address (SNIP) is a Citrix ADC owned IP address that is used by Citrix ADC to
communicate with the servers.
Switch to the Calculator application and click X to close the application.
At the top left of the Citrix Cloud page, click the Fly-out menu and select Resource Locations.
On the Resource Locations page, click the 1 Gateway button in the New York Data Center resource
location.
253
21.
On the adc.workspacelab.com:443 card, click three dots and select Remove.
22.
On the Are you sure you want to remove this Gateway? prompt, click Yes.
Key Takeaways:
•
HDX sessions established through Citrix Gateway will show the SNIP (Subnet IP Address)
of the Citrix Gateway instance in the session’s Details screen.
254
Exercise 5-13: Aggregate Cloud and On-premises Resources
using On-premises StoreFront
Scenario:
Your Lead Citrix Architect has now tasked you with configuring the StoreFront located onpremise that it is capable of managing user requests for resources from both on-premises and
Citrix Cloud Sites.
To accomplish this, you are tasked with configuring Delivery Controllers to go along with the
Citrix Connectors that are already set within the StoreFront management console.
Step
1.
Action
Using Remote Desktop Connection Manager, connect to NYC-STF-001.
To log into NYC-STF-001, right-click this machine and select Connect server.
2.
3.
Note: The following credentials are used to make the connection: user name:
WORKSPACELAB\Administrator with Password1 as the password.
Click Start > Citrix > and click Citrix StoreFront to start the StoreFront Management Console.
In the left pane, select Stores. In the right pane, under WWLabsStore, click Manage Delivery
Controllers.
255
4.
In the Manage Delivery Controllers – WWLabsStore window, click Add.
5.
On the Add Delivery Controller dialog box, enter the following:
• Display Name: On Prem Virtual Desktops
• Type: XenDesktop (7.0 or Higher) XenApp (7.5 or Higher)
• Below the Servers box, click Add.
o Server name: NYC-VDC-001.workspacelab.com
o Click OK. (The Delivery Controller should now appear in the Servers box).
• Transport type: HTTPS
• Port: 443
256
Click OK to close the Add Delivery Controller dialog box.
6.
In the Manage Delivery Controllers – WWLabsStore window, click OK.
257
7.
Log off NYC-STF-001.
Right-click Start, select Shut down or sign out, and click Sign out.
8.
From the Student Desktop, start Internet Explorer and browse to
https://storefront.workspacelab.com.
Log on using the following credentials:
9.
• User name: workspacelab.com\HR1
• Password: Password1
Click the DESKTOPS tab.
10.
Verify that there are two published Server 2016 Desktops.
The Windows 2016 Server Desktop is published from the Citrix Virtual Apps and Desktops Site in Citrix
Cloud.
The On-Prem Windows 2016 Server Desktop is published from the on-premises Virtual Apps and
Desktops Site within the lab.
11.
Note: In case On-Prem Windows 2016 Server Desktop is not visible, restart the Citrix Broker Service
on NYC-VDC-001 and then try to log on again.
At the top-right of the StoreFront page, click HR1 and select Log Off.
258
Key Takeaways:
•
On-premises Stores in Citrix StoreFront can be configured to have both Controllers and
Cloud Connectors, which allows resources to be enumerated from local on-premises
Virtual Apps and Desktops Sites as well as Citrix Cloud Virtual Apps and Desktops
deployments.
Module 6: Operations and Support in Citrix Cloud
Overview:
This module presents the functionalities and features of Smart Tools and monitoring options for
Citrix Cloud. You will examine the Citrix Cloud deployment during simulated outages. You will
also be introduced to monitoring tools used to verify the health of a Citrix Cloud site.
Before you begin:
Estimated time to complete Module 6 lab exercises: 75 minutes
Exercise 6-1: Cloud Connector Session failover
Scenario:
The WW Labs team, in accordance with Citrix leading practices, has pre-configured the Citrix
Cloud infrastructure with 2 Cloud Connectors to allow for failover capabilities in a disaster
recovery situation.
Your Lead Citrix Architect has tasked you with testing the Virtual Apps and Desktops Cloud
Connectors session failover configuration.
Step
1.
Action
The following VMs are required before beginning the exercises for this Module; all others may be
powered down.
To power manage your VMs, switch to Hyper-V Manager, right-click the VM in the left pane and
select Start or Shut Down. If prompted, click Yes.
259
2.
• NYC-ADC-001
• NYC-ADS-001
• NYC-CON-001
• NYC-CON-002
• NYC-FSR-001
• NYC-SQL-001
• NYC-SRV-001
• NYC-SRV-002
• NYC-STF-001
• NYC-VDC-001
• NYC-WRK-001
On the Student Desktop, switch to Hyper-V Manager.
In Hyper-V Manager, right-click the NYC-CON-002 virtual machine and select Shut Down. Click
Shutdown on the Shutdown VM warning.
3.
Using the Google Chrome browser on the Student Desktop, confirm that you are still connected to
the Citrix Cloud home page.
If you are on some other page of the cloud console, click Citrix Cloud to return to the Citrix Cloud
home page.
4.
Note: In a previous exercise, you had logged into Citrix Cloud console. If you closed Google Chrome or
signed out, Start Google Chrome browser and type https://citrix.cloud.com in the Address bar. Sign
in using your cloud credentials.
At the top left of the Citrix Cloud page, click the Fly-out menu and select Workspace Configuration.
260
5.
6.
7.
On the Workspace Configuration page, find the Workspace URL.
Note: The actual URL will vary in your lab.
Right-click the Workspace URL link and select Open link in new tab to browse to the Workspace site.
Browse to the Workspace site and use the following credentials to log on:
• User name: workspacelab.com\Auditor1
• Password: Password1
261
8.
Note: These credentials may have been saved during a previous exercise.
Start the Calculator application by clicking on the Calculator icon.
9.
Verify that the Calculator application launches.
262
10.
Do not exit out of the Calculator application.
On the Student Desktop, switch to Hyper-V Manager.
In Hyper-V Manager, right-click the NYC-CON-002 virtual machine in the left pane and select Start.
11.
Switch back to the Citrix Cloud administration site, click the Fly-out menu, and select Resource
Locations.
263
12.
On the New York Data Center Resource Location card, click 2 Cloud Connectors.
13.
Click the three dots menu to the right of nyc-con-002.workspacelab.com and select Run Health
Check.
264
14.
Verify both connectors appear online.
15.
Switch back to the previously launched Calculator application and verify that you are able to interact
with the Calculator application.
16.
On the Student Desktop, switch to Hyper-V Manager.
In Hyper-V Manager, right-click the NYC-CON-001 virtual machine in the left pane and select Shut
Down.
265
17.
Switch back to the Citrix Cloud website within Google Chrome.
Click the three dots menu to the right of nyc-con-001.workspacelab.com and select Run Health
Check.
18.
19.
Wait for the health check to complete and verify that the connector, NYC-CON-001, has lost
communication with Citrix Cloud site.
Note: Running the Health Check may take 2-3 minutes.
Switch back to the previously launched Calculator application and verify that you are able to interact
with the Calculator application.
266
20.
On the Student Desktop, switch to Hyper-V Manager.
In Hyper-V Manager, right-click the NYC-CON-002 virtual machine in the left pane and select Shut
Down.
21.
Switch back to the Citrix Cloud website within Google Chrome.
Click the three dots menu to the right of nyc-con-002.workspacelab.com and select Run Health
Check.
22.
Verify that both Connectors appear offline.
267
23.
24.
Switch back to the previously launched Calculator application, on the Student Desktop, and verify that
you are not able to interact with the Calculator application.
With both connectors offline, you have lost communication with the machine hosting the application,
which has caused your session to malfunction.
On the Student Desktop, right-click the Workspace App icon within the taskbar and select Exit.
When prompted by the Exit Receiver dialog box, select Exit.
268
25.
On the Student Desktop, switch to Hyper-V Manager.
In Hyper-V Manager, right-click the NYC-CON-001 virtual machine in the left pane and select Start.
26.
Log off any disconnected sessions on NYC-SRV-002 by restarting the NYC-SRV-002 virtual machine.
In Hyper-V Manager, right-click the NYC-SRV-002 virtual machine in the left pane and select Reset.
Key Takeaways:
269
HDX sessions connecting to a Citrix Cloud Virtual Apps and Desktops Site require at least
one Cloud Connector to be operational to maintain a session.
Cloud Connector servers are stateless and do not store any information. Therefore,
there is no need to configure any load balancing function. It is completely automated.
•
•
Exercise 6-2: Cloud Connector Outage Monitoring
Scenario:
You are a Citrix Administrator for your company, WW Labs. You are tasked with verifying the
result of all configured Citrix Cloud Connectors becoming unavailable at the same time. This will
show the value of having multiple connectors configured within the Citrix Cloud Virtual Apps
and Desktops infrastructure.
Step
1.
Action
In Hyper-V Manager, verify that NYC-CON-002 is shut down.
If NYC-CON-002 is powered on, right-click the NYC-CON-002 virtual machine in the left pane and
select Shut Down.
2.
Note: NYC-CON-002 needs to remain shut down to complete the steps in this exercise successfully.
Using Remote Desktop Connection Manager, connect to NYC-CON-001.
To log into NYC-CON-001, right-click this machine and select Connect server.
3.
Note: The following credentials are used to make the connection: user name:
WORKSPACELAB\Administrator with Password1 as the password.
Double-click the Breaker icon on the desktop of NYC-CON-001.
4.
Type Connector into the text box and click the Break button.
270
5.
You will lose connectivity to NYC-CON-001 as a result of the Break script.
Using the Google Chrome browser on the Student Desktop, confirm you are still connected to the
Citrix Cloud home page.
6.
Note: In a previous exercise, you had logged into Citrix Cloud console. If you closed Google Chrome or
signed out, start Google Chrome browser and type https://citrix.cloud.com in the Address bar. Sign
in using your cloud credentials.
Click the Fly-out menu and select Resource Locations.
7.
On the New York Data Center Resource Location card, click 2 Cloud Connectors.
271
8.
9.
10.
11.
12.
Click the three dots menu to the right of nyc-con-001.workspacelab.com and select Run Health
Check.
Wait for the health check to complete and verify that the connector, NYC-CON-001, has lost
communication with the Citrix Cloud Site.
At the top left of the Citrix Cloud page, click the Fly-out menu and select Workspace Configuration.
Right-click the Workspace URL link and select Open link in new tab to browse to the Workspace site.
Browse to the Workspace site and use the following credentials to log on:
• User name: workspacelab.com\Auditor1
• Password: Password1
Click Log On.
13.
Note: These credentials may have been saved during a previous exercise.
Verify that your logon attempt has failed.
272
14.
Close the Workspace site tab.
On the Student Desktop, Start Internet Explorer and browse to
https://storefront.workspacelab.com.
15.
Use the following credentials to log on:
•
•
User name: workspacelab.com\Auditor1
Password: Password1
17.
Click the APPS tab.
Verify only the On-Prem MS Paint application has enumerated, and no cloud-hosted applications have
been enumerated.
18.
Log off the Workspace site, then close Internet Explorer.
16.
273
Key Takeaways:
•
HDX sessions connecting to a Citrix Cloud Virtual Apps and Desktops Site require at least
one Cloud Connector to be operational to establish or maintain a session.
Exercise 6-3: Cloud Connector CDF tracing
Scenario:
Your Lead Citrix Architect has tasked you to run CDF traces on one of the Citrix Cloud
Connectors as a result of issues that it is experiencing with failed communication.
You are tasked with reviewing the output results of the traces and then taking the appropriate
actions to correct any issues found.
Step
1.
Action
Using Hyper-V Manager, connect to NYC-CON-001.
In Hyper-V Manager right-click NYC-CON-001 and click Connect to open a console window.
On the top-left corner of the console, click Ctrl+Alt+Del, then enter the domain administrator
credentials to log in.
274
Note: The following credentials are used to make the connection:
user name: WORKSPACELAB\Administrator with Password1 as the password.
2.
Note: You are connecting to NYC-CON-001 using the Hyper-V Manager console because the Break
script has prevented connectivity from Remote Desktop Connection Manager.
Right-click Start and select File Explorer.
3.
4.
In File Explorer, navigate to C:\Logs.
Within the C:\Logs folder, double-click Rotate CDF.
5.
6.
Note: Running Rotate CDF does not start an application; however, a .zip file is generated in a separate
folder.
In the File Explorer, navigate to C:\Logs\CDF.
Right-click the most recently generated CdfCapture.2xxxx.zip file and select Extract All.
275
7.
Right-click the folder destination path, within the Files will be extracted to this folder: box, and select
Copy.
8.
On the Select a Destination and Extract Files dialog box, click Extract.
276
9.
Using File Explorer, navigate to C:\CDFControl and double-click CDFControl.exe.
10.
Click File and select Load CSV (CDF) File.
11.
In the Address bar, paste the previously copied destination folder and double-click the
CdfCapture.2xxxx.csv file.
277
12.
The results of the CDF Trace are displayed within the CDFControl Application.
Interact with the results and verify that you are able to see messages pertaining to a service outage.
13.
14.
Note: You can use View > Find to do a keyword search for specific terms.
Click X in the top-right corner to close the CDFControl application.
Right-click Start and click Command Prompt (Admin).
15.
In the Command Prompt Type:
netsh interface ip set address "Ethernet" static 192.168.10.41 255.255.255.0 192.168.10.254 1
278
Press Enter.
16.
17.
Note: The command will reset the IP Configuration of NYC-CON-001 and restore Internet connectivity.
Close the Command Prompt and any open applications or folders, then sign out of NYC-CON-001.
Using the Google Chrome browser on the Student Desktop, confirm you are still connected to the
Citrix Cloud home page.
18.
Note: In a previous exercise, you had logged into Citrix Cloud console. If you closed Google Chrome or
signed out, start Google Chrome browser and type https://citrix.cloud.com in the Address bar. Sign
in using your cloud credentials.
Click the Fly-out menu and select Resource Locations.
19.
On the New York Data Center Resource Location card, click 2 Cloud Connectors.
20.
Click the three dots menu to the right of nyc-con-001.workspacelab.com and select Run Health
Check.
279
21.
Wait for the health check to complete and verify that the connector, NYC-CON-001, has established
communication with the Citrix Cloud Site.
Key Takeaways:
Tracing utilities in Citrix Cloud are always running by default
Trace output is listed in a clear text format.
•
•
Exercise 6-4: Monitor the Site with Cloud Director and
Application Analytics
Scenario:
As your task in the WW Labs Citrix Cloud POC, your Lead Citrix Architect has asked you to
investigate how Cloud Director functions. In the on-premises environment, all administrators
have the ability to assist end-users with ending rogue applications and providing support via
remote control of a user’s session. Prior to a Citrix Cloud migration, you need to prove that this
functionality is present in Cloud Director.
Step
1.
Action
Using the Google Chrome browser on the Student Desktop, confirm you are still connected to the
Citrix Cloud Homepage.
2.
Note: If the browser was closed, then relaunch Google Chrome from the taskbar on Student Desktop,
browse to https://citrix.cloud.com and Sign in.
At the top left of the Citrix Cloud page, click the Fly-out menu.
3.
Select My Services > Virtual Apps and Desktops.
280
4.
Click the Monitor tab.
5.
After a few seconds, you are automatically logged into Citrix Director.
6.
From the Student Desktop, start Internet Explorer and browse to
https://storefront.workspacelab.com.
Log on using the following credentials:
• User name: HR1
• Password: Password1
281
7.
Click the DESKTOPS tab.
8.
Click to start Windows 2016 Server Desktop.
Once the Server Desktop is launched, click Start and select Paint within the ICA session.
Shadow this session using Cloud Director
282
9.
Switch back to the Citrix Cloud Director webpage in Google Chrome and validate that it now shows 1
session is now connected.
Click the numeric 1 above Sessions Connected to view the session details.
Note: If the connected session doesn’t appear, click the Refresh icon in the upper-right corner of
Cloud Director. It may take a few minutes for the new session to appear.
10. Under the Sessions node, click HR1 to view the details of this session.
283
11. Click the Shadow button on the left.
This will download invite.msrcinsident.
12. Click invite.msrcindent at the bottom-left of the Chrome browser and select Open.
284
13. A Windows Remote Assistance window opens up, indicating that it is waiting on a response from the
remote user.
14. Switch back to the Windows 2016 Server Desktop launched as the HR1 user.
Click Yes on the Windows Remote Assistance prompt.
285
15. Return back to Windows Remote Assistance – Helping HR1 window and validate that you can shadow
the desktop session of the HR1 user.
Click Request Control on top of the Windows Remote Assistance window.
16. Switch back to Windows 2016 Server Desktop launched as the HR1 user.
Click Yes on the Windows Remote Assistance prompt inside the Windows 2016 Server Desktop.
286
17. Return back to Windows Remote Assistance – Helping HR1 window and validate that you can control
the HR1 user’s session.
18. Click X to close the Windows Remote Assistance-Helping HR1 window and release the control on the
HR1 user’s session.
19. Switch back to the Google Chrome browser, on the top-right corner click the Details button.
Note: If your screen resolution is limited, you may need to scroll sideways in the browser to see the
Details button.
20. Within the Details view, click Processes. Navigate to find mspaint.exe and click to select it.
287
21. After selecting mspaint.exe, the End Process button becomes active. Click End Process to stop the
Paint application running inside HR1 Server Desktop.
Click Yes on the End Process Confirmation.
22. Switch back to the Windows 2016 Server Desktop and verify that Paint was successfully terminated by
the Cloud Director.
23. On the Google Chrome browser, click the Session Control button under Session Details and select Log
Off.
288
24. Wait for the log off to complete.
Verify the information message: User is currently not connected.
25. In Cloud Director, click the Applications tab to open Application Analytics.
26. Review the Application Analytics page.
289
Note: Application Analytics is a new feature that allows you to validate the health of your published
applications in real-time.
Key Takeaways:
The cloud-hosted Director provides the same functionality as the on-premises Director
in terms of supporting the end-users.
Application Analytics provides an overall picture of the health and real-time usage of all
published applications.
•
•
Exercise 6-5: Determine hourly usage of VDAs
Scenario:
As your final task in the WW Labs Citrix Cloud POC, your Lead Citrix Architect has asked you to
investigate the hourly usage of each Server OS VDA machine. In the on-premises environment,
all administrators can directly log into the SQL server and run SQL queries on the Monitoring
database to get the required information. However, due to security constraints, administrators
do not have access to the database in the Citrix Cloud Virtual Apps and Desktops.
As a Citrix Administrator, you are tasked to find out hourly usage of VDA machines using Citrix
Cloud Director.
Step
1.
Action
Using a browser on your local device, connect to the Citrix Cloud Homepage.
Type https://citrix.cloud.com in the Address bar of Google Chrome.
2.
Type your Citrix Cloud Lab Credentials and click Sign In.
At the top left of the Citrix Cloud page, click the Fly-out menu.
290
3.
Select My Services > Virtual Apps and Desktops.
4.
Click the Monitor tab.
5.
Select the Trends tab.
6.
Click Custom Reports and select Create Reports.
291
7.
Verify that Custom Query is selected, and enter the following information:
•
•
•
•
8.
Report Name: VDA Usage
Type: Sessions
Conditions: Custom; From: Month-Start-Date; To: Month-End-Date
Output Columns: Session State, Machine Name, Session Start Time, Session End Time,
Catalog Name
Scroll down and select Preview to view the output of the above query.
Click X at the top after you see the preview.
Note: The above screenshot is an example; results may vary in your lab.
9. Click the Save button at the bottom to save the custom report.
10. On the saved query page, then click Run and Download to download the data in a CSV file.
292
11. Wait for the file to download.
Click the VDA Usage.csv file at the bottom-left corner to open the file using MS Excel.
Note: Microsoft Excel or an alternative spreadsheet application (such as Google Sheets) can be used to
perform the following steps. The lab exercise is written to use Excel.
12. Click the Select All button on the top left of the worksheet.
13. Within the Home menu, click the Sort and Filter drop-down menu and select Filter.
14. In the Session State column select Terminated sessions.
In the Machine Name column select WORKSPACELAB\NYC-SRV-002.
In the Catalog Name column select NYC-CAT-ServerOS.
The filtered output looks like:
293
Note: The above screenshot is an example; results may vary in your lab.
15. Type the following information in Cells F1, G1, and H1
• F1: Start Time
• G1: End Time
• H1: Time Difference
16. Select Columns F and G. Change the Number format to Time.
Click the Number format drop-down menu and select Time.
294
17. Select column H, right-click and select Format Cells.
18. Select Custom under category and select h:mm:ss under type:
295
Click OK.
19. Type formulas for calculation in each of the cells.
In cell F2 type: =TIMEVALUE(C2)
In cell G2 type: =TIMEVALUE(D2)
In cell H2 type: =G2-F2
Note: =TIMEVALUE converts string data type to time.
=G2-F2 is used to calculate the difference between the two time values.
20. Double-click on the bottom right corner of F2, G2, H2 to apply the formula to the entire column and
get the respective output for each column.
21. Select all values in the Time Difference column and click AutoSum.
296
Note: Do not select the entire Time Difference column but only the values.
AutoSum will add all the selected values and show the result at the bottom. The AutoSum result
shows the actual usage of the machine (NYC-SVR-001) for the entire month. You could also use pivot
tables to view the usage data for each machine or create graphs.
22. Close the VDA usage.csv file by clicking X on the top-right corner.
297
Click Don’t Save, when prompted.
Key Takeaways:
•
•
Citrix Cloud Director allows you to query the Monitoring database and manipulate the data as
needed.
Custom queries can be either created using the GUI in the Custom Report page on the Trends
tab or using the OData Query section.
Module 7: Public Clouds
Overview:
This module presents considerations for hosting resource locations in a public cloud. The
exercises in this module will help you to calculate the expected costs of public cloud
deployment and will introduce the Autoscale feature.
Before you begin:
Estimated time to complete Module 7 lab exercises: 90 minutes
Exercise 7-1: Complete a cost calculation on your preferred
Cloud vendor
In this exercise, the Azure or AWS calculator is used to estimate the costs of a sample
deployment. Please refer to the Student Manual for more details; the lab environment is not
needed to complete the cost calculation.
Exercise 7-2: Configure Autoscale for Delivery Groups
Scenario:
Your CIO has determined that per-machine costs for running machines can be reduced
substantially by utilizing the capacity management scaling capabilities within Citrix Cloud.
298
Your task is to implement and configure the Autoscale feature of Citrix Cloud for the
Cloudxdsite deployment, taking into account the level of demand for sessions on specific
machines.
Step
1.
Action
The following VMs are required before beginning the exercises for this Module; all others may be
powered down.
To power manage your VMs, switch to Hyper-V Manager, right-click the VM in the left pane and
select Start or Shut Down. If prompted, click Yes.
2.
• NYC-ADC-001
• NYC-ADS-001
• NYC-CON-001
• NYC-CON-002
• NYC-FSR-001
• NYC-SQL-001
• NYC-SRV-001
• NYC-SRV-002
• NYC-SRV-003
• NYC-STF-001
• NYC-VDC-001
• NYC-WRK-001
• NYC-WRK-002
Using the Google Chrome browser on the Student Desktop, confirm you are still connected to the
Citrix Cloud home page.
If you are on some other page of the cloud console, click Citrix Cloud to return to the Citrix Cloud
home page.
3.
Note: In a previous exercise, you had logged into Citrix Cloud console. If you closed Google Chrome or
signed out, Start Google Chrome browser and type https://citrix.cloud.com in the Address bar. Sign
in using your cloud credentials.
In the middle pane, in the Virtual Apps and Desktops section, click Manage.
299
4.
In the upper left hand corner, click Manage.
5.
In the Studio navigation pane, on the Manage tab, select Delivery Groups.
300
Right-click Delivery Group NYC-DG-ServerOS, and then click View Machines
Under Multi-session OS Machines tab confirm you see NYC-SRV-002 and NYC-SRV-003 in powered
on and registered state
6.
In the Studio navigation pane, on the Manage tab, click Delivery Groups.
301
7.
Select the Delivery Group NYC-DG-ServerOS, right-click and then click Edit Delivery Group.
8.
Select Autoscale option within Edit Delivery Group.
On the top of the Autoscale page, select the Autoscale option to enable Autoscale.
302
9.
Note: After you enable Autoscale, the options on the page are enabled for further configuration.
Click Edit and keep peak hours as 7am to 7pm.
303
10.
Click OK.
Enter the following configuration details:
• Capacity buffer (During peak times): 0%
• Capacity buffer (During off-peak times): 0%
• Delay powering off machines by: 0 mins
• Machine instance cost per hour: $1 (a test figure)
304
Note: We have entered these values as 0 purely for test purposes.
We are setting capacity buffer values to 0 as we are testing with 2 VDA’s. If we keep buffer then the
second VDA won’t be turned off to cater buffer.
Delay powering off machine option is minimum number of minutes that must elapse after a machine
is powered on before Autoscale powers it off. Doing so keeps machines from “flip-flopping” on and
off during volatile session demands. By default, the power-off delay is 30 minutes. You can set it in a
range of 0–60 minutes. We are keeping value 0 so that we don’t have to wait for 30 minutes for
changes to kick in.
11.
Note: Hover your mouse over blue question marks to know more about the respective options.
Click Apply. A pop-up window will appear, click Yes.
12.
Click OK and you will be prompted with exact same window.
Click Yes to exit the Edit Delivery Group window.
Right-click Delivery Group NYC-DG-ServerOS and select View Machines.
305
Verify that one machine is powered off and the other one is in a powered on state in Citrix Studio.
Note: In step 5 we confirmed both machines were powered on & registered.
13.
Note: It may take 2-3 minutes for the power state and registration state to get updated.
Click the Monitor option on the upper left-hand corner, then click Trends > Machine Usage.
On the Machine Usage page, select Server OS Machines.
14.
Note: This screen gives details of the machines which are managed through Autoscale. It also gives
details of Estimated Savings based on the per-machine cost entered in Delivery Group properties.
In the Studio navigation pane, go to Delivery Groups.
Right-click Delivery Group NYC-DG-ServerOS, and then click Edit Delivery Group.
306
Select Autoscale, then edit the machines needed during peak hours, setting it to 0 throughout.
15.
Click Apply. A pop-up window will appear, click Yes.
Click OK and you will be prompted with exact same window again.
Click Yes to exit the Edit Delivery Group window.
16.
Right-click Delivery Group NYC-DG-ServerOS and select View Machines.
307
Verify that both machines should be in powered off and unregistered state in Citrix Studio.
17.
Right click Delivery Group NYC-DG-ServerOS, and select Edit Delivery Group.
Return the Autoscale settings to the default values:
•
•
•
Capacity buffer (During peak times): 10%
Capacity buffer (During off-peak times): 10%
Delay powering off machines by: 30 mins
308
18.
Click Apply and then OK to exit the Edit Delivery Group window.
On the top-right of the Citrix Cloud webpage click the drop-down arrow next to user name and select
Sign Out.
Click X to close the Google Chrome browser.
Key Takeaways:
•
•
Autoscale is a feature exclusive to the Citrix Virtual Apps and Desktops service that
provides a consistent, high-performance solution to proactively power manage your
machines. It aims to balance costs and user experience. Autoscale incorporates the
deprecated Smart Scale technology into the Studio power management solution.
Autoscale enables proactive power management of all registered Server and
Desktop OS machines in a Delivery Group.
Module 8: On-Premises Migration to Citrix Virtual
Apps and Desktops in Citrix Cloud
Overview:
This module presents the migration from a traditional on-premises Citrix Virtual Apps and
Desktops infrastructure to Citrix Cloud. The migration of VDA machines can quickly be
completed by changing the ListOfDDCs registry entry to point to the Cloud Connectors instead
of the Delivery Controllers. However, there are some manual steps involved in the migration,
such as creating new machine catalogs and Delivery Groups (can be done using the MCS or PVS
Wizards), converting on-premises Studio policies to Cloud Studio or Active Directory policies,
and finally, assigning users to the new resources. You will also be introduced to the Citrix
Secure Browser Service.
Before you begin:
Estimated time to complete Module 8 lab exercises: 40 minutes
309
Exercise 8-1: Re-register VDA Machines and add them to an
Existing Catalog.
Scenario:
After much consideration, your company had made the decision to migrate the existing onpremises Citrix Virtual Apps and Desktops environment to Citrix Cloud Virtual Apps and
Desktops. As part of this process, a WW Labs Citrix Cloud POC has been put into operation.
Your Lead Citrix Architect has tasked you with performing the needed policy and catalog
configurations to move an existing VDA machines to the Citrix Cloud POC.
Step
1.
Action
The following VMs are required before beginning the exercises for this Module; all others may be
powered down.
To power manage your VMs, switch to Hyper-V Manager, right-click on the VM in the left pane and
select Start or Shut Down.
2.
• NYC-ADC-001
• NYC-ADS-001
• NYC-CON-001
• NYC-CON-002
• NYC-FSR-001
• NYC-SQL-001
• NYC-SRV-001
• NYC-SRV-002
• NYC-STF-001
• NYC-VDC-001
• NYC-WRK-001
• NYC-WRK-002
Using Remote Desktop Connection Manager, connect to NYC-VDC-001.
To log into NYC-VDC-001, right-click this machine and select Connect server.
3.
Note: The following credentials are used to make the connection:
User Name: WORKSPACELAB\Administrator
Password: Password1
Start the Group Policy Management console.
Click Start > Server Manager. Wait for Server Manager to start.
Click Tools and click Group Policy Management to start the Group Policy Management Console
(GPMC).
310
4.
Expand Forest: workspacelab.com > Domains > workspacelab.com > Citrix > New York > VDA >
Desktops_OnPremisesSite to view the Desktops OU.
Right-click the Desktops_OnPremisesSite OU and select Create a GPO in this domain, and Link it
here.
5.
In the New GPO dialog box, type MigrateOnPremDesktop for the Name.
6.
Click OK.
Right-click the MigrateOnPremDesktop GPO just created and select Edit.
311
7.
In the Group Policy Management Editor dialog box that opens, in the left pane, expand Computer
Configuration > Policies > Citrix Policies.
8.
In the Citrix Computer Policies center pane, click New.
9.
On the Identity page, enter MigrateOnPremDesktop in the Name box.
312
Click Next.
10. On the Settings page, locate the Search box on the top-right and type Controllers.
11. Under Settings, next to the Controllers setting, click Add.
313
12. In the Add Setting dialog box, enter NYC-CON-001.workspacelab.com NYC-CON002.workspacelab.com as the value.
Click OK.
Note: If more than one Delivery Controller or Cloud Connector is being used, input the list separating
the FQDN names with a space. The VDA machine requires the information provided by these settings
to register.
13. Under Settings, next to the Enable auto update of Controllers setting, click Add.
14. In the Add Setting dialog box, change the radio button to the left of Prohibited.
314
Click OK.
15. On the Settings page, click Next.
16. On the Filters page, under Filters and next to the Delivery Group setting, click Add.
315
17. On the New Filter dialog box, click Add.
18. In the New Filter Element dialog box, click the Delivery Group drop-down menu and select NYC-DGExisting-DesktopOS.
316
Click OK.
19. On the New Filter dialog box, click OK.
20. On the Filters page, Click Next.
317
21. On the Summary page, verify that the checkbox next to Enable this policy is selected.
Click Create.
22. In the middle pane under Policies, select MigrateOnPremDesktop, and in the menu above, click
Higher until this policy appears first in the list.
318
23. Close the Group Policy Management Editor by clicking X on the top-right corner.
24. Using Hyper-V Manager, right-click NYC-WRK-002 and select Reset.
319
25. Wait approximately 1 minute while NYC-WRK-002 reboots.
Using the Remote Desktop Connection Manager, connect to NYC-WRK-002.
To log into NYC-WRK-002, right-click this machine and select Connect server.
Note: The following credentials are used to make the connection: user name:
WORKSPACELAB\Administrator with Password1 as the password.
26. Right-click Start and select Event Viewer. Browse to Windows Logs > Application.
27. Look for Event ID 1012 for Citrix Desktop Service.
Verify that the Citrix Desktop Service has successfully registered with either NYC-CON-001 or NYCCON-002.
320
28. Log off NYC-WRK-002. To log off, right-click Start, select Shut down or sign out, then click Sign out.
29. Switch to the Google Chrome browser on the Student Desktop and confirm that you are still
connected to the published Citrix Studio on https://citrix.cloud.com.
30. At the top left of the Citrix Cloud page, click the fly-out menu and select My Services > Virtual Apps
and Desktops.
321
31. Click the Manage drop-down menu and select the Full Configuration option to open Citrix Studio.
32. Using Studio, expand Citrix Studio (cloudxdsite) and click Machine Catalogs.
From the Actions menu in the right pane, click Create Machine Catalog.
33. On the Introduction page, click Next to continue the Machine Catalog Setup wizard.
34. On the Operating System page, verify that Single session OS is selected and click Next.
322
35. On the Machine Management page, verify that the following options are selected:
• Machines that are not power managed (for example, physical machines)
• Another service or technology
Click Next to continue the Machine Catalog Creation wizard.
36. On the Desktop Experience page, verify that the following option is selected:
323
•
I want users to connect to a new (random) desktop each time they log on.
Click Next.
37. On the Machines page, click Add computers.
38. In the Enter the object names to select box, type NYC-WRK-002 and click Check Names.
324
Click OK.
39. On the Machines page, verify that the following options are selected:
•
•
For the Zone select New York Data Center.
For the Select the minimum functional level for this catalog: select 1811 (or newer).
Click Next.
40. On the Summary page, review the configuration and enter the following information:
325
•
•
Machine Catalog name: NYC-CAT-Migrated-DesktopOS
Machine Catalog description for administrators: On-premises to Cloud Migrated Windows 10
Desktops
Click Finish.
41. Click Delivery Groups in the left pane.
42. From the Actions pane on the right side of the console, click Create Delivery Group.
43. On the Introduction page, click Next to continue the Delivery Group creation wizard.
44. On the Machines page, verify that the previously created machine catalog is listed.
326
Select NYC-CAT-Migrated-DesktopOS.
Select the number of machines for this Delivery Group: set to 1 in the box.
Click Next to continue with Delivery Group creation wizard.
45. On the Users page, select Leave user management to Citrix Cloud. This makes the Delivery Group
available as a library offering you can assign to users.
327
Click Next.
46. On the Applications page, leave the default selections and click Next.
47. On the Summary page, verify the configuration information and enter the following:
•
•
Delivery Group name: NYC-DG-Migrated-Win10
Display name: Migrated Windows 10 Desktop
328
Click Finish.
48. Switch back to Google Chrome on the Student Desktop.
49. At the top left of the Citrix Cloud page, click the Fly-out menu and select Library.
50. Click the three dots menu on the NYC-DG-Migrated-Win10 (Desktops) Library Offerings card and
select Manage Subscribers.
329
51.
52.
Select workspacelab.com as the domain underneath the Step 1: Choose a domain drop-down menu.
Type Auditors in the Search for AD Group / User and select the Auditors group from the search
results.
53. Wait for the status to show Subscribed.
330
Click X to close the Manage subscribers for | NYG-DG-Migrated-Win10 (Desktops) window.
54. At the top left of the Citrix Cloud page, click the Fly-out menu and select Workspace Configuration.
55. Right-click the Workspace URL link and select Open link in new tab to browse to the Workspace site.
56. Use the following credentials to logon:
•
•
User name: workspacelab.com\Auditor1
Password: Password1
Click Log On.
57. Click Desktops > All Desktops and click the Migrated Windows 10 Desktop icon.
331
58. Switch back to the Citrix Cloud Administration site on Google Chrome.
59. At the top left of the Citrix Cloud page, click the fly-out menu and select My Services > Virtual Apps
and Desktops.
60. Click the Manage drop-down menu and select the Full Configuration option to open Citrix Studio.
61. Click Delivery Groups in the left pane.
62. Right-click the NYC-DG-Migrated-Win10 Delivery Group and select View Machines.
63. Highlight the NYC-WRK-002 machine and review the details of the current session on the lower pane.
332
The NYC-WRK-002 machine has been migrated to the Cloudxdsite.
Note: To finalize the VDA migration, it is recommended to remove the VDA from the on-premises
Citrix Virtual Apps and Desktops Site.
64. Switch back to the Migrated Windows 10 Desktop and log off.
To log off, right-click Start, select Shut down or sign out, then click Sign out.
Key Takeaways:
The process of moving existing on-premises VDA machines to a Citrix Cloud Virtual Apps
and Desktops Site is a multi-step manual process.
Migrated VDA machines will need to be manually added to machine catalogs and
Delivery Groups after they successfully register with the Cloud Connectors.
•
•
Exercise 8-2: Convert Studio Policies to AD Policies
Scenario:
The Lead Citrix Architect has tasked you to investigate how the existing Citrix policies defined in
on-premises Studio can be converted to work with Citrix Cloud. You decide the easiest path is
to migrate the policies from Studio to Active Directory.
Step
1.
2.
Action
Using Remote Desktop Connection Manager, connect to NYC-VDC-001.
To log into NYC-VDC-001, right-click this machine and select Connect server.
Note: The following credentials are used to make the connection: user name:
WORKSPACELAB\Administrator with Password1 as the password.
Start Citrix Studio.
Click Start > Citrix > Citrix Studio.
In the left pane, click Policies.
333
3.
Click Close on the Welcome page for Citrix Policies.
In the middle pane, select VDA_Baseline Policy, right-click and select Save as Template.
4.
5.
On the Settings page, leave the settings as is and click Next.
Name the template as Template_Prod and click Finish.
334
6.
Start the Group Policy Management console.
Click Start > Server Manager. Wait for Server Manager to start.
Click Tools > and click Group Policy Management to start the GPMC.
7.
Expand the OU structure to the VDA OU you have been tasked to create this baseline policy in.
Expand Forest: workspacelab.com > Domains > workspacelab.com > Citrix > New York > VDA to view
the VDA OU. Right-click the VDA OU and select Create a GPO in this domain, and Link it here.
335
8.
In the New GPO dialog box, type CitrixPolicy Baseline-Computer for the Name.
9.
Click OK.
Right-click the CitrixPolicy Baseline-Computer Group Policy Object (GPO) just created and select Edit.
336
10. In the Group Policy Management Editor dialog box that opens, in the left pane, expand the Computer
Configuration > Policies > Citrix Policies.
In the center pane, click Templates.
Note: There is a Citrix Policies element under the Policies container for both Computer Configuration
and User Configuration.
11. On the Citrix Policy Templates page, select Template_Prod.
337
Click New Policy.
12. In the New Policy window, type the policy name as Citrix_Prod.
Click Next.
13. On the Customization page, leave the defaults and click Next.
338
14. On the Filters page, leave the defaults and click Next.
15. On the Summary page, verify that the checkbox next to Enable this policy is selected.
339
Click Create.
16. Click the Policies tab in the middle pane.
Validate that the Citrix_Prod policy is successfully created.
Note: If the policy does not appear, in the Group Policy Management Editor window, click Action >
Refresh.
17. In the middle pane under Policies, select Citrix_Prod and in the menu above, click Higher until this
policy appears first in the list.
340
18. Click X in the top-right corner to close the Group Policy Management Editor dialog box.
Note: The Citrix Policy is now successfully migrated from the on-premises Citrix Virtual Desktops site
to Active Directory Group Policy Management Engine.
Click X to close the Group Policy Management window.
Click X to close the Server Manager window.
19. Log off NYC-VDC-001.
To log off, right-click Start, select Shut down or sign out, then select Sign out.
Key Takeaways:
•
•
•
Studio policies only work within the existing Site and cannot be easily migrated from
one site to another.
Active Directory policies will work across multiple Citrix Sites, providing more flexibility.
If you do not have permissions to manage Active Directory policies, you can use
PowerShell to export policies from the on-premises Delivery Controllers and import the
policies to Citrix Cloud using the Remote PowerShell SDK.
Exercise 8-3: Citrix Secure Browser Service
Scenario:
You are a Citrix Administrator for your company, WW Labs. Your CIO has received muchreported information regarding a cyber web-based attack taking place on the WWW. They
would like to implement a pilot for one of the more common websites used within the
Workspacelab.com domain.
Your task is to configure Secure Browser Service for Facebook, to be accessed by the HR group
within the Workspacelab.com domain.
Step
1.
Action
Using the Google Chrome browser on the Student Desktop, confirm you are still connected to the
Citrix Cloud home page.
If you are on some other page of the cloud console, click Citrix Cloud to return to the Citrix Cloud
home page.
341
2.
3.
Note: In a previous exercise, you had logged into Citrix Cloud console. If you closed Google Chrome or
signed out, Start Google Chrome browser and type https://citrix.cloud.com in the Address bar. Sign
in using your cloud credentials.
At the top left of the Citrix Cloud page, click the Fly-out menu and select My Services > Secure
Browser.
On the Welcome to Secure Browser page, click Let’s Get Started.
342
4.
On the Publish Secure Browser window, select External Authenticated then click Continue.
5.
On the Publish Secure Browser window, enter the following:
•
•
•
Name: Facebook
Start URL: http://www.facebook.com
Region: West US
343
6.
Click Publish.
A new published secure browser should appear on your screen. You will now need to assign users to
this new resource.
Click Library within the Facebook secure browser.
7.
Click the three dots menu on the Facebook Library Offerings card and select Manage Subscribers.
8.
In Step 1: Chose a domain box, use the drop-down menu and select workspacelab.com.
344
9.
In Step 2: Choose a group or user box, type HR and select the HR group from the search results.
10.
Verify that the HR group has been added to the list of subscribers, and that the status is Subscribed.
11.
Close the Manage Subscribers for | Facebook dialog box by clicking the X on the upper right-hand
corner.
At the top left of the Citrix Cloud page, click the Fly-out menu and select My Services > Secure
Browser.
345
12.
Click the three dots menu on the Facebook secure browser card and select Launch Published
Browser.
13.
Use the following credentials to logon:
•
•
User name: workspacelab.com\HR1
Password: Password1
346
Note: If prompted by Google Chrome to save your password for this site, select Never.
14.
Verify that you are able to browse facebook.com within the Secure Browser.
15.
Click the Workspace icon at the top of the Facebook Secure Browser window and select the three
dots menu, then select Log Off.
347
16.
Close the Facebook secure browser by clicking X on the Facebook tab within Google Chrome.
Note: If prompted with a Leave site? dialog box, select Leave.
Key Takeaways:
•
•
•
Citrix Secure Browser protects the corporate network from browser-based attacks by
isolating web browsing.
It delivers consistent, secure remote access to internet hosted web applications, with no
need for user device configuration.
IT administrators can offer end-users safe Internet access without compromising
enterprise security.
348
Related documents
Citrix Server Reboot Schedule
Citrix Server Reboot Schedule
Citrix on two monitors
Citrix on two monitors
One of the lead activities assigned to ITU-T Study Group... presentation gives an overview on the ongoing work of Study... SG13 Activities and Achievements Related to Cloud Computing
One of the lead activities assigned to ITU-T Study Group... presentation gives an overview on the ongoing work of Study... SG13 Activities and Achievements Related to Cloud Computing
Download
advertisement