Uploaded by ebeju

Citrix Virtual Apps and Desktops Image Management

advertisement

Product Documentation
Citrix Virtual Apps and Desktops Image Management
 December 16, 2019
Contributed by:
B
C
IN THIS ARTICLE
Contributors
Audience
Objective of this document
Architectural Design Framework
Why Image Management is necessary?
Choosing the right provisioning model
Machine Creation Services
Citrix Cloud and Machine Provisioning
Best practices for MCS with Citrix Virtual Apps and Desktops
Citrix Provisioning (PVS)
Overview of Citrix Provisioning
Target Device Boot Process
Citrix Provisioning managed by Citrix Cloud
Contributors
Author: Nagaraj Manoli
Special thanks: Martin Zugec, Allen Furmanski, James Hsu
Audience
This document is intended for Citrix technical professionals, IT decision makers, partners and architects who want to explore image
management services with Citrix Virtual Apps and Desktops either in on-premises or cloud environments. The reader must have a basic
understanding of Citrix products, hypervisors and cloud frameworks.
Objective of this document
This document provides an overview of product functionality and design architecture for an image management environment to ensure
efficient delivery of application and desktop workloads for an organization. The document is focused on Citrix image management services
with conceptual deployment scenarios.
With respect to image management, there are two provisioning models that enables Citrix administrators to manage the Citrix
environment efficiently:
Machine Creation Services (MCS)
Citrix Provisioning (PVS)
Architectural Design Framework
Virtualization solutions from Citrix enables organizations to create, control and manage virtual machines, deliver applications and
implement granular security policies. The Citrix Virtual Apps and Desktops solution provides a unified framework for developing a complete
digital workspace offering. This offering enables Citrix users to access applications and desktops independent of their device’s operating
system and interface.
The Citrix architectural design framework is based on a unified and standardized layer model. The framework provides a foundation to
understand the technical architecture for most of the common Virtual Apps and Desktops deployment scenarios. These layers are depicted
in the conceptual diagram.
User Layer - This layer defines user groups and locations of the Citrix environment.
Access layer - This layer defines how users access the resources.
Resource layer - This layer defines provisioning of Citrix workloads and how resources are assigned to the given users.
Control layer - This layer defines the components that controls the Citrix solution.
Platform layer - This layer defines the physical elements where the hypervisor components and cloud service provider framework run to
host the Citrix workloads.
Operations Layer - This layer defines the tools that support the delivery of the core solutions.
Image management services, generally fit into the Control, Platform and Operations layers to manage virtual machines in the Resource
layer. The following sections will go through Citrix Machine Creation Services (MCS) and Citrix Provisioning (PVS) concepts as these are the
basic building blocks of image management in a Citrix Virtual Apps and Desktops environment.
Why Image Management is necessary?
Image Management is an approach of creating a master or golden image that contains the operating systems and all the required
applications to deliver that single virtual image to multiple target virtual machines. The key concept behind image management is
reusability and simplified management, which allow the Citrix administrator to deliver the necessary operating systems with the required
set of applications to appropriate users based on their needs.
The Citrix Virtual Apps and Desktops solution has two provisioning models for image management: Citrix Machine Creation Services and
Citrix Provisioning.
Machine Creation Services (MCS)
Citrix Machine Creation Services is a component of the Citrix Virtual Apps and Desktops solution that is coupled within the Delivery
Controller. Using application programming interfaces (APIs) from the underlying hypervisor or cloud provider, MCS builds intelligent linked
clones from a master image to provision multiple virtual desktops. The clones include a differencing disk and an identity disk linked from a
base disk.
Machine Creation Services (MCS) configures, starts, stops and deletes virtual machines using the hypervisor APIs. MCS is a disk-based
provisioning approach that works with major hypervisors and leading cloud platforms.
Why MCS?
Citrix Machine Creation Services offers a simplified approach for image management through the following features:
Simple to deploy and manage using Citrix Studio
Technology embedded into core product and no additional infrastructure required
Better suited for Cloud provisioning
Ideal for both persistent and non-persistent workloads
Citrix Provisioning (PVS)
Citrix Provisioning streams a single shared disk image to multiple individual machines rather than copying images to them. Citrix
Provisioning enables organizations to reduce the number of disk images that they have to manage, even when the number of machines
continues to grow.
Additionally, machines are streaming from a single shared image in real time, machine image consistency is ensured, while at the same
time large pools of machines can completely change their configuration, applications, and even operating systems all within the time it
takes to reboot. This best-in class approach enables organizations to install and update the security and application patches to a single
shared image in minimal time while meeting business objectives.
Why PVS?
The proper use of Citrix Provisioning allows for more efficient image management through the following features:
High scalability
Reduced storage requirements
Increased IOPS efficiency
Integrated version management capabilities
Supports for both physical and virtual targets
Choosing the right provisioning model
Citrix MCS and PVS are mature provisioning platforms proven at scale; however, there are considerations when deciding on which one to
use or if both are appropriate for a given environment. Citrix MCS is embedded into the delivery controller and is managed from within the
Citrix Studio Console. Citrix Provisioning requires separate servers, network considerations, a database and it has its own management
console.
The following table compares both the Citrix MCS and PVS models.
Capability
MCS
PVS
Support for virtual RDS and VDI workloads
X
X
Support for pooled and personal VDI desktops
X
X
Support for physical machines
X
Support for Microsoft Azure machines
X
Support for Amazon Web Services (AWS) machines
X
Support for Google Cloud Platform
X
You can read more about image management decision factors in our article Choosing the Provisioning Model for Image Management
Machine Creation Services
Citrix Machine Creation Service (MCS) plays a vital role in image management for Citrix Virtual Apps and Desktops environments. Citrix MCS
services are coupled with the Citrix Delivery Controller and Cloud Connector hence it does not require any additional servers or
infrastructure. With MCS, IT administrators simply access the Citrix Studio Console to create and deliver the virtual desktops and server
images to the enterprise users either on-premises or with Citrix Cloud.
Citrix Machine Creation Services uses Application Programming Interfaces (API’s) from the underlying hypervisor or public cloud platform
that enables Citrix MCS to create, configure, start, stop and delete virtual machines to the on-premises, hybrid, private and public cloud
environments.
The administrator creates a virtual machine with the required OS, installs the necessary applications and Citrix Virtual Delivery Agent on
the hypervisor or in the cloud. The IT administrator selects this as the master virtual machine to provision a group of virtual desktops or
servers using the Citrix Studio management console. Citrix MCS creates a snapshot of master the VM and it copies the full snapshot to the
storage repository to serve as the master image (base disk).
When provisioning multiple virtual desktops or servers, MCS includes two types of disks: a differencing disk and an identity disk for each
virtual machine.
Citrix MCS supports both server and desktops OS environment.
For desktop OS environments, Citrix administrators can create three types of virtual desktops using Citrix Machine Creation Services
Pooled-random desktops are non-persistent virtual desktops assigned to users randomly every time they start a VDI session. These
desktops erase any user-specific changes each time they reboot. With the Citrix Profile Management solution, the user specific data and
settings can be stored on centralized file servers.
Pooled-static desktops are assigned to a specific user and only the assigned user will be able to use that desktop unless changed by an
IT admin. The user’s personal data and settings do not carry over from session to session. With the Citrix Profile Management solution,
the user specific data and settings are stored on centralized file servers.
Dedicated desktops are assigned to individual users and the data and settings will persist on the desktops. Optionally, the Citrix Profile
Management solution can be used to store the user profile and data on central file servers. For dedicated desktops there is a new option
available under Desktop OS Catalogs virtual machine copy mode, “Use full copy for better data recovery and migration support, with
potentially reduced IOPS after the machines are created”.
For the Server OS environment, Citrix administrators can deploy multiple hosted shared virtual machines for a Virtual Apps environment
using the master VM image (base disk).
MCS High-level VM and Disk Architecture
The first step when using Citrix MCS is to provision a master VM that serves as a template to create clones. The IT administrator can
provision the VM with the required amount of CPU, RAM and disk space, and then install an operating system and required applications.
Using the Citrix Studio Console, the admin creates a machine catalog of clone VMs using the base image. Those VMs live in a data store,
which is different from PVS.
Citrix MCS is completely relying on storage. When the VM is provisioned two types of disks are created for each VM: a differencing disk and
an identity disk.
Citrix MCS creates the number of VMs specified in the create catalog wizard with two disks defined for each VM on the storage. A copy of
the master image is also stored in the same storage repository. If there are multiple storage repositories defined, then each one will get
the following types of disks.
Each storage repository will get one full snapshot of the master VM image, which is read-only and shared across the VMs.
A unique identity disk (16MB) for VM identity will also be created. The Delivery Controller creates the identity disks for each VM.
Each VM also gets a difference disk. A unique difference disk used to store any writes made to the VM. The disk is thin provisioned (if
supported by the storage) and will increase to the maximum size of the base disk if required.
Full Clone
In some cases, it is not desirable to create VMs with delta disks. A few reasons are mentioned below:
Some of the backup solutions don’t backup VMs that contain a delta structure
Storage migration becomes more complicated
VM migration does not work on all hypervisors
Deltas grows over time which leads to load on storage
For these reasons, MCS added a new capability in addition to creating the existing delta structure called full clones. When using persistent
VMs, Citrix MCS allows admins to select VMs to be created with a full clone of the master image.
There is no special requirement for full clones. Citrix MCS uses its identity technology to change the identity of the full clone. Full clone
machines have two disks, one for the actual VM, and one for identity including machine name, computer account and password. Full clone
VMs can be moved to a different datastore or cluster which is not possible with linked clones.
While provisioning machines through Citrix Studio, full clones is only an option for desktop OS and not for server OS.
Machine Catalog
Collections of physical or virtual machines are managed as a single entity called a Machine Catalog in Citrix environments. While creating
Machine Catalogs administrators have the option to select ways to provision VMs, and which Citrix image management tools such as Citrix
Machine Creation Services or Provisioning Services.
Reference: Citrix docs: Machine Catalogs
Host Connection
In Citrix Virtual Apps and Desktops, before creating the machine catalog it is important to create connections to hosting resources while
creating a site to integrate an underlying platform including hypervisor or cloud providers. Configuring a connection includes selecting the
connection type among the supported hypervisors and cloud services. The system requirements page lists the supported hypervisors and
cloud options.
Reference: Citrix docs: System requirements
Host storage
A storage product is supported if it can be managed by a supported hypervisor. Provisioning machines, data is classified by type:
Operating system (OS) data, which includes master images
Temporary data, which includes all non-persistent data written to MCS-provisioned machines, Windows page files, user profile data, and
any data that is synchronized with Content Collaboration (formerly ShareFile). This data is discarded each time machine restarts
Provisioning separate storage for each data type can reduce load and improves IOPS performance on each storage device.
Storage shared by hypervisors
Shared storage stores data that is retained for longer periods and provides centralized backup and management. This storage holds the OS
disks and other disks associated with virtual machines. When using shared storage, local storage to the hypervisor used for temporary data
cache, aids to reduce traffic for main OS storage. The disk is cleared after every machine restart, using local storage for temporary data; the
provisioned VDA is tied to a specific hypervisor host. If the host goes down, the VM cannot start.
The hypervisor provides optimization technologies through read caching of the disk images locally; for example, Citrix Hypervisor (formerly
XenServer) offers IntelliCache. This reduces network traffic to the central storage.
Citrix Hypervisor also supports read caching using the host’s free memory. The performance improvement can be seen whenever data is
read from disk more than once, as it gets cache in memory.
Both read-caching and IntelliCache can be enabled simultaneously. In this case, IntelliCache caches the reads from the network to a local
disk. Reads from that local disk are cached in memory with read caching.
Reference: Citrix docs: storage read-caching
Local storage
Local storage stores data locally on the hypervisor local data store. This includes, master images and other OS data that are, transferred to
all of the hypervisors in the site. This method increases network traffic along with management traffic.
When this method is selected, the option to choose whether to use shared storage to provide resilience and support for backup and
disaster recovery systems is available.
How MCS works with on-premises hypervisors
Below is the pictorial flow diagram and workflow depicting how Citrix Machine Creation Services works with on-premises hypervisors.
Citrix Machine Creation Services leverages hypervisor APIs to provision virtual machines. Each virtual machine is assigned an identity disk
that gives the machine a unique identity and a differencing disk that handles the writes for the virtual machine.
Instruction Disk: This small instruction disk contains the steps of the image preparation to run and is attached to that VM. The preparation
virtual machine is then started, the image preparation process begins and the virtual machine is shutdown.
Identity Disk: A unique Identity Disk used to provide each virtual machine with a unique identity. The functionality within the Delivery
Controller creates the identity Disks. This disk will be 16MB in size.
Differencing Disk: A unique Difference Disk is used to store any writes made to the VM. The disk is thin provisioned and will increase to the
maximum size of the base VM as required.
Cache for Temporary Data
For the pooled (not dedicated) machines in a machine catalog, administrators can enable the use of temporary data cache on the machine.
To enable this feature, the VDA on each machine in the catalog must be minimum version 7.9 and above. This feature is also referred to as
MCS-IO.
The administrator must specify the storage type for temporary data that the catalog uses. Enabling temporary cache in the catalog
includes Memory allocated to Cache (MB) and Disk cache size (GB).
The temporary data is written to the memory cache until it reaches the limit, when the temporary data reaches the configured limit, cold
data is moved to temporary data cache disk.
Memory cache is part of total memory on each machine, before enabling this option, consider increasing the total amount of memory of
each machine.
Enabling only disk cache size, temporary data is written directly to the cache disk, using a minimal amount of memory cache.
Disabling both options, temporary data is not cached and it is written to the differencing disk of each VM.
Citrix MCS with Linux VDAs
Citrix Machine Creation Services offers administrators the ability to create Linux VMs starting from Citrix XenApp and XenDesktop 7.18 and
later. Prepare a master virtual machine on the hypervisor or cloud provider and install the Linux Virtual Delivery Agent on this template VM.
Create a machine catalog in Citrix Studio using the template VM and then create a delivery group to provision the Linux VMs to enterprise
users.
Reference: Citrix docs: Linux Virtual Delivery Agent
Citrix Cloud and Machine Provisioning
Citrix Cloud manages the operation of the control plane for Citrix Virtual Apps and Desktops Service environments. Delivery controllers,
management consoles, SQL database, License Server, StoreFront and Citrix Gateway are all delivered on Citrix Cloud and completely
managed by Citrix.
The workloads hosting the apps and desktops for users remain under the customer control in the data center of their choice, either cloud
or on-premises. These components are connected to the cloud service using an agent called the Citrix Cloud Connector.
Citrix Machine Creation Service uses API’s from underlying hypervisors. These resources may come from the customer’s data center or
cloud. Citrix Cloud Connector acts as a bridge between the Citrix Cloud plane and underlying resources. The control plane has access to
metadata, such as login details, machine names and application shortcuts, restricting access to the customer’s intellectual property from
the control plane.
Data flowing between the cloud and customer premises uses secure TLS connections over port 443.
While provisioning VMs using the MCS method ensure that the hypervisor or cloud service has enough processors, memory and storage to
accommodate virtual machines.
Installing the latest hypervisor tools on the golden image is required so that applications and desktops function normally. It is advised to
not run Sysprep on master images as MCS handles machine identity itself.
Reference: Citrix docs: Citrix Cloud and Machine provisioning
Common use case
Citrix MCS is a best fit for production environments which meet the criteria as follows:
Deploying in a cloud environment
Intending to deploy NFS storage or clustered shared volumes
Availability of high IOPS storage (MCS directs more read activity to the shared storage)
Citrix MCS offers a simple management plane through Citrix Studio and easy to provision workloads from a single UI. There is no extra
infrastructure needed. Let’s assume running mixed workloads using the Citrix MCS provisioning method. This includes hosted shared
desktops, Linux VMs, full clone VMs, GPU-based workloads and a few Windows apps.
The above diagram is a conceptual deployment scenario for running mixed workloads that support task workers and power users in the
same environment. The task worker workload is deployed through hosted shared desktops while the power users are using dedicated VMs
deployed and separated into different datastores, as these VMs will be the highest in IOP usage.
In the above deployment scenario, there are more than one delivery controller deployed in the environment to achieve high availability and
load balancing. Delivery controllers are equipped with adequate processing power and memory to handle the user traffic. Microsoft SQL
Servers are deployed in a high availability model so that if any one database server goes down, delivery controller operations like fetching
the user details, responding to StoreFront requests, etc. are not impacted.
As the number of applications increases, resource consumption also goes up in the environment. It is best practice to pre-calculate the
number of users and types of workloads that are going to run in the environment. Citrix MCS is simple to manage from Citrix Studio, there
is no extra infrastructure required hence it is easy to deploy on leading hypervisors and cloud platforms.
Best practices for MCS with Citrix Virtual Apps and Desktops
There are several aspects that must be taken into account before provisioning virtual machines using Citrix Machine Creation Services.
Citrix MCS is capable of delivering virtual RDS and VDI workloads on Citrix Hypervisor, Hyper-V, vSphere, AHV and also with leading cloud
providers.
The following infrastructure considerations should be addressed before provisioning virtual machines using Citrix MCS
Storage
Temporary Cache
OS optimization
Delivery controller
Scalability
Storage
Storage configuration and sizing’s are the deciding factor when using Citrix Machine Creation Services.
Capacity Considerations: When VMs are created using Citrix MCS a minimum of two disks are created: one is the delta disk containing the
OS as copied from the master image and the other one is the identity disk (16MB) containing Active Directory identity data for each VM.
Additional disks may be added to satisfy certain use cases.
The Citrix Hypervisor IntelliCache feature, creates a read-only disk of the master VM on local storage on each host. It is recommended to
pre-calculate storage before provisioning the end user machines.
Hypervisor overhead: Different hypervisors creates specific sets of files that generate overhead on a per VM basis. For example, log files,
hypervisor specific configuration files and snapshot files are also saved on the storage.
Process overhead: Initial catalog creation requires the base disk to be copied to each storage repository. Adding a new machine to a
catalog does not require copying the base disk to each storage repository. The catalog updates process creates an additional base disk on
each storage repository and can also experience temporary storage peak.
Others: RAM sizing and thin/thick provisioning approaches are also considered for provisioning the virtual machines.
Temporary Cache / MCS storage I/O optimization
Temporary cache in a catalog includes two options, the first one with memory and the second one on disk. With memory or disk, part of the
resource is consumed for temporary cache operations, hence it is recommended to check available memory and disk space from the host
where VMs are running. In case using disk for temporary cache for better performance, SSD disks or high IOPS storage solutions are
recommended.
OS optimization
For better performance and to minimize the consumption of resources on the host, it is recommended to optimize the operating system by
running the Citrix Optimizer Tool.
Citrix Optimizer: By default, Microsoft Windows desktop images contain a lot of features that aren’t needed in a VDI environment. The Citrix
Optimizer is a Windows tool developed by Citrix to help administrators optimize various components in their environment. The tool is
PowerShell based, but also includes a graphical UI.
Citrix Optimizer provides various templates for optimization. Choose the right template for the operating system so that unnecessary
services, configuration entries, and applications are disabled or removed. Admins can expect to realize fairly significant performance gains
after optimization.
To download and install the latest Citrix Optimizer visit: https://support.citrix.com/article/CTX224676.
Delivery Controller
In Citrix MCS deployments, the Delivery Controller is the core component of the infrastructure. It is recommended to deploy delivery
controllers and Microsoft SQL Server in high availability mode so that if any one delivery controller goes down normal operations will not
be impacted.
In medium or large-scale deployments, delivery controllers must have enough memory and computing power so that there will not be any
CPU and memory bottlenecks in the environment.
While connecting to hosting resources, make sure to check the compatible version of the hypervisor so that there will be no issues while
provisioning. It is recommended to keep the master copy in the high IOPS data store /LUN on SSD or NVMe drives so that maximum
efficiency and performance can be achieved.
Scalability
The Machine Creation Services functionally is bundled within the delivery controller and this interacts with the underlying hypervisor and
cloud provider framework APIs. When it comes to expansion of the environment storage, it may become a bottleneck so it is
recommended to have additional storage clusters available so that scalability will not be impacted.
In case of medium and large-scale deployment, resource consumption will be more as end user demand grows, it is recommended to
deploy optimized images so that unwanted applications will not consume excessive resources.
Citrix Provisioning (PVS)
Citrix Provisioning is different from traditional imaging solutions, fundamentally changing the relationship between hardware and the
software that runs on it. A shared disk image is streamed over the network rather than copied to individual virtual machines. Citrix
Provisioning enables enterprises to reduce the number of images that they have to manage and also provides centralized management
with distributed processing.
A Provisioning Server is a server that has the Citrix Provisioning Soap and Citrix Stream Services installed. The Stream Service is used to
stream software from virtual disk images, or vDisks to target devices. The Soap Service is used when accessing the console. Provisioning
Servers are used to stream the contents of a vDisk file (containing a machine image) to target devices. vDisk files can reside directly on the
Provisioning Server local hard disk or Provisioning Servers can access the vDisks from a shared-storage device on the network.
The Citrix Provisioning solution requires a SQL database to store all system configuration settings that exist within a farm. Provisioning
Server advanced configuration options are available to ensure high availability and load-balancing of target device connections between
PVS Servers.
Overview of Citrix Provisioning
The below diagram depicts an overview of Citrix Provisioning and product infrastructure.
PVS Farm
A farm represents the top level of a Provisioning Services infrastructure. A farm also includes the SQL Database and a Citrix License Server,
local and/or network shared storage, and collections of target devices.
PVS Site
A site provides a method of representing and managing logical groupings of Provisioning Servers, Device Collections, and local shared
storage. One or more sites can exist within a farm. The first site is created with the Configuration Wizard and is run on the first Provisioning
Server in the farm.
Device Collection
Device collections provide the ability to create and manage logical groups of target devices. Creating device collections simplifies device
management by performing actions at the collection level rather than at the target-device level. A target device can only be a member of
one device collection.
Target Devices
A device, such as a desktop computer or a virtual machine, that boots and gets its OS image from a PVS vDisk on the network, is
considered a target device. A device that is used to create the base vDisk image is considered a master target device.
vDisks
vDisks acts like a hard disk for a target device and exists as disk image files on storage that is accessible by the PVS Servers. A vDisk
consists of a VHDX base image file, any associated properties files (.pvp), and optionally a chain of versioned VHDX differencing disks
(.avhdx).
Citrix Provisioning provides support for a full image lifecycle that takes a vDisk from initial creation, through deployment and subsequent
updates, and finally to retirement. The lifecycle of a vDisk consists of four stages:
1) Creating 2) Deploying 3) Updating 4) Retiring
Creating a vDisk
Creation of a vDisk requires preparing the master virtual machine for imaging, creating and configuring a vDisk store where the vDisks will
reside, and then imaging the master target device (VM) to that file that results in a new base vDisk image. This process is performed by the
Citrix administrator using the Imaging Wizard.
Deploying a vDisk
After the base vDisk image is created, it is deployed by assigning it to one or more target devices. When the target device starts, it boots
from an assigned vDisk. There are two boot mode options; Private Image mode (single device access, read/write), and Standard Image
mode (multiple device access, read only with write cache options).
Updating a vDisk
It is necessary to update a base vDisk image over its lifecycle so that the image contains the most current software and patches. Updates
can be made manually, or the update process can be automated using vDisk Update Management features. Each time a vDisk is updated a
new version is created. Different devices can access different versions based on the joint classification of the target device and vDisk
version: test, maintenance, or production.
A maintenance device has exclusive read/write access to the newest maintenance version, test devices have shared read-only access to
test versions, and production devices have shared read-only access to production versions.
Updating a vDisk involves the following:
Create a version of the vDisk, manually or automatically
Boot the newly created version from a device (Maintenance device or Update device), install and save any changes to the vDisk, then
shut down the device
Validate with a test target device, then promote to Production and reboot all the production target devices
Retiring a vDisk
Retiring a vDisk is the same as deleting it. The entire VHDX chain including differencing and base image files, properties files, and lock files
are deleted after being unassigned.
vDisk Store
A store is the logical name for the physical location of the folder containing vDisks. This folder exists on a PVS server or on shared storage.
When vDisk files are created in the PVS Console, they are assigned to a store. Within a PVS site, one or more Provisioning Servers are given
permission to access that store in order to serve vDisks to target devices.
Write Cache
When the vDisk is in private/maintenance mode, all data is written back to the vDisk file. When the vDisk is in standard mode or shared
mode data, cannot be written back to the base vDisk. Instead, it is written to a write cache file in one of the following locations:
Device RAM
Device RAM with overflow on hard disk
PVS Server
This write cache file is deleted on the next boot cycle so that when a target is rebooted or starts up it has a clean cache and contains
nothing from the previous sessions, thus guaranteeing the consistency of the image.
By default, the PVS target software redirects the system page file to the same disk as the write cache file so that the pagefile.sys is
allocating space on the cache drive unless it is manually set up to be redirected on a separate volume.
Cache in device RAM
Write cache can exist as part of the non-paged pool in the target device’s RAM. This functionality provides the fastest method of disk
access since memory access is always faster than disk access.
This mode is useful when the server has enough physical memory and it is faster than other cache modes. It is important to pre-calculate
workload requirements and set the appropriate RAM size, otherwise the target device may bluescreen due to insufficient space before the
write cache is exhausted.
Cache on device RAM with overflow on hard disk
This method has moderate consumption of RAM and hard disk. Citrix recommends using this cache type for Citrix Provisioning because it
combines the best of RAM with the stability of hard disk cache. The cache uses non-paged pool memory for the best performance. When
RAM utilization has reached its threshold, the oldest of RAM cache data will be written to the local disk.
Better performance and easy to scale, achieving target device reliability in high demand workloads.
Cache on PVS server
The write cache can exist as a temporary file on a Provisioning Server disk. This generally results in increased network traffic as disk writes
are redirected to a remote location from the target device.
This cache type is not recommended for a production environment as it is generally slower than the other options.
High Availability of Citrix Provisioning
The key to establishing a highly available Citrix Provisioning environment is to identify the critical components, create redundancy for the
critical components, and ensure automatic failover to the secondary component if the active component fails. Critical components for
Citrix Provisioning include:
SQL Database
Provisioning Servers
vDisks and Storage
Citrix Provisioning provides several options to consider when configuring for a highly available implementation, including:
Offline Database Support - This allows Provisioning Servers to use a local snapshot of the database if the connection to the database is
lost to allow continued functionality.
SQL AlwaysOn - Citrix Provisioning supports the SQL AlwaysOn high availability and disaster recovery solution.
Database mirroring - A high availability solution for SQL Server implemented at the database level.
Provisioning Server Failover - If one of the PVS servers becomes unavailable, another server within the site can handle the active target
device connections with the vDisk. Load balancing is enabled so the load is automatically balanced between the target devices and the
remaining servers.
vDisks and Storage - Provisioning Servers are configured to access a shared storage location. Citrix Provisioning supports various shared
storage configurations including Windows shared storage and SANs.
Reference: Citrix Docs: Managing for highly available implementations
SQL Database for Citrix Provisioning
It is best practice to install the SQL database on a separate server or cluster other than where the PVS Server is located to avoid poor
distribution during load balancing. Refer to the PVS system requirements for details on the SQL versions supported.
Database Sizing
Estimating the size of a database helps to determine the hardware configuration. This assists in achieving the performance, and storage
allocation to store the data and indexes.
Reference: Citrix Docs: Database sizing
Citrix License Server
The Citrix License Server is installed on a Windows server within the Citrix environment to communicate with all Citrix PVS servers to
activate the licenses for PVS Servers. The License Server connectivity outage grace period is 30 days (720 hours). If connectivity to the
Citrix License Server is lost, Citrix Provisioning continues to provision systems for 30 days. To achieve scalability, reliability and increase
availability of the Citrix License Server, Microsoft clustering functionality can be used to create clustered License Servers.
New license type for Citrix Cloud
Citrix introduced a new license type (PVS_CCLD_CCS) that provides a traditional PVS license entitlement to customers of the Virtual Apps
and Desktops Service in Citrix Cloud. Citrix Provisioning license options for Citrix Cloud are controlled by the options associated with Citrix
Provisioning license types, on-premises or Citrix Cloud. Using a License Server with Citrix Provisioning, Citrix Cloud licenses will be
consumed if the Cloud option is selected during initial setup. Conversely, an on-premises license is consumed if on-premises is selected
when setting up Citrix Provisioning.
Note: This new Citrix Cloud license type replaces the existing on-premises Citrix Provisioning license for Desktops and Provisioning for
Data Centers; it possesses the same license acquiring precedence as the on-premises licenses when bundling Citrix licenses.
The on-premises trade-up feature does not apply to Citrix Cloud licenses. Each Citrix Provisioning target device checks out a single Citrix
Cloud license regardless of the operating system type.
Microsoft Volume Licensing
When executing the PVS imaging wizard to create the vDisk, configure the Microsoft Key Management Service (KMS) or Multiple Activation
Key (MAK) volume licensing option that enables the Citrix Provisioning Server to activate the operating system of each target device.
KMS volume licensing utilizes a centralized activation server that runs in the data center, and serves as a local activation point (opposed to
having each system activate with Microsoft over the internet).
A MAK corresponds to a certain number of purchased OS licenses. The MAK is entered during the installation of the OS on each system,
which activates the OS and decrements the count of purchased licenses centrally with Microsoft. Alternatively, a process of ‘proxy
activation’ is done using the Volume Activation Management Toolkit (VAMT). This allows activation of systems that do not have network
access to the internet. Citrix Provisioning leverages this proxy activation mechanism for Standard Image Mode vDisks that have MAK
licensing mode selected when the vDisk is created.
Active Directory Integration and Target Device Management
Integrating Citrix Provisioning and Active Directory allows administrators to select the Active Directory Organizational Unit (OU) in which
Citrix Provisioning should create a target device computer account. It also allows to take advantage of Active Directory management
features, such as delegation of control and Group policy. Finally, configure the Provisioning Server to automatically manage the computer
account passwords of target devices.
Before integrating Active Directory within the farm, verify that the following prerequisites are met:
The Master Target Device was added to the domain before building the vDisk
The Disable Machine Account Password Changes option was selected when the image optimization wizard was run during imaging
Reference: Citrix docs: Configuring vDisks for Active Directory management
Citrix Provisioning Accelerator
Citrix Provisioning Accelerator acts as a provisioning proxy in Dom0 on a Citrix Hypervisor’s host, streaming data from the vDisk is cached
at the proxy before being forwarded to the virtual machine. This cache accelerates the boot time of other VMs residing on the same host
since it’s not necessary to stream large amounts of data from the PVS Server over the network. Citrix Hypervisor’s local resources are
consumed but this improves overall performance on the network.
Reference: Citrix docs: Citrix Provisioning Accelerator
Target Device Boot Process
When a target device is powered on, it needs to be able to find and contact a Provisioning Server to stream down the appropriate vDisk.
This information is stored in a so-called bootstrap file named ARDBP32.BIN. It contains everything that the target device needs to contact
a Citrix PVS server so that the streaming process can be initialized.
The bootstrap file will be delivered through a TFTP server, this also partly applies to the alternative BDM (Boot Device Manager) approach.
There are some distinct differences between TFTP and BDM.
TFTP
When using TFTP, the target device needs to know how and where it can find the TFTP server to download the bootstrap file before
connecting to the PVS Server. TFTP can be configured in HA through a Citrix ADC to avoid a single point of failure. Provisioning Services has
its own built-in TFTP server.
One of the most popular approaches in delivering the TFTP server address to target devices is through DHCP (though there are other
options).
BDM (Boot Device Manager)
There are two different methods to make use of the Boot Device Manager.
PVS offers a quick wizard which will generate a relatively small .ISO (around 300KB) file. Next, the administrator will configure the target
devices to boot from this .ISO file, using their virtual DVD drive. This method uses a two-stage process where the PVS server location will
be hardcoded into the bootstrap file generated by BDM. The rest of the information like the PVS device drivers is downloaded from the PVS
server using a TFTP protocol (UDP port 6969), here TFTP will still be used.
When using the Virtual Apps and Desktops Setup Wizard to provision target devices, administrator can create and assign a small BDM hard
disk partition, which will be attached to the virtual machine as a separate virtual disk. Using this method, the above mentioned two-stage
approach is no longer needed because the partition already contains all the PVS drivers. This way all the information needed will be directly
available without the need of PXE, TFTP & DHCP.
The above diagram illustrates the high level boot steps. PXE is used for getting the TFTP server IP and bootstrap file name details by the
clients and TFTP is used for downloading the bootstrap program file.
Reference: Citrix article: CTX227725
Citrix Provisioning managed by Citrix Cloud
Citrix PVS and Citrix Cloud integration is essential when an admin wants to manage their deployments from anywhere using the Citrix
Cloud portal. The Citrix Cloud Connector plays a key role and it enables the communication with provisioned VDAs to be used in the Citrix
Cloud Virtual Apps and Desktops Service providing proxy functionality for commands to remote hypervisors and clouds.
There are a few elements to be considered when using Citrix Provisioning with Citrix Cloud.
Citrix Virtual Apps and Desktops Delivery Controller in Citrix Cloud
Citrix Cloud Connector located in one or more resource locations
Provisioning Server located on-premises (v7.18 or later)
Remote PowerShell SDK used by Citrix Virtual Apps and Desktops Setup Wizard to push VDA records to the Delivery Controller in Citrix
Cloud.
To connect an existing Citrix Provisioning deployment to Citrix Cloud:
Add Cloud Connector servers
Upgrade Citrix Provisioning to version 7.18 or later
Install the Remote PowerShell SDK to be used on the Citrix Provisioning Console with Citrix Virtual Apps and Desktops.
Citrix Cloud integration enables Citrix Provisioning to add the newly provisioning VDAs to a machine catalog in the Citrix Cloud Virtual Apps
and Desktops Delivery Controller located in Citrix Cloud. This process follows one of these two methods:
Add new devices using the Virtual Apps and Desktops Setup Wizard in the Citrix Provisioning Console
Import the existing Citrix Provisioning target devices using the Machine Catalog creation in Studio
Citrix Studio uses the PvsPsSnapin to communicate with the PVS Server. This snap-in has been extended to enable communications from
the Citrix Virtual Apps and Desktops Service to the PvsMapiProxyPlugin (in Citrix Cloud Connector). Communication happens over HTTPS
(TCP 443). The PVS administrator credentials are sent over this secure channel. The credentials are then used by the proxy to emulate the
PVS administrator before contacting the PVS server.
Reference: Citrix docs: Citrix Provisioning managed by Citrix Cloud
Common Use Case
Citrix Virtual Apps and Desktops addresses a wide-ranging set of business requirements and use cases.
For example, in finance, marketing or any medical field, users are considered as normal office workers, knowledge workers or a power user.
Citrix Provisioning eases administrator work and provides the following capabilities
Fast provisioning of machines
Centralized and secure data
Consistency and a more dynamic environment based on user groups
Citrix Provisioning enables administrators to create multiple vDisks with a variety of business-oriented applications based on user groups
and their needs. For office workers, they typically require only a limited number of Windows applications for day-to-day work. For
multimedia workers, who require running animation software, medical scan reports etc. hardware-accelerated systems with virtual GPUs
from AMD, Intel or NVIDIA may be used.
Type of workloads
Descriptions
Homogeneous workers
Typically,in a call center scenario,users accessing Microsoft Office and other day-to-day applications. Deploying multiple
virtual machines using single master image that contains Microsoft Office and other required application.
Deploying Hosted Shared
Desktops or Streamed
Desktops
In a large user environment, multiple non-persistent user groups have access to desktops and applications. Scale ranges
from tens of thousands of desktops with Citrix Provisioning helping to quickly deliver the required workloads.
If environment IOPS
constrained
Citrix Provisioning is the best fit for such environments using iSCSI or less bandwidth network channel where IOPS are
constrained.
Large number of
applications
Citrix Provisioning helps to create multiple server OS instances to run all the necessary departmental applications.
High performance workloads
This is similar to power workers requiring more CPU, RAM and benefiting from GPU.
Deployment scenario for education sector
In education sectors, IT has become an integral part of their system. Growing demand and delivering applications and data for thousands of
unique users is the challenge. Secure remote access to applications such as Hyper chemistry, MATLAB, SAS, Mathematica, Office etc. are
also required.
Virtualize and stream dozens or hundreds of applications to end-user’s on any device at scale. Citrix Provisioning Server helps
administrators to overcome provisioning hurdles with the “Do more with less” concept. Assuming different sets of workloads needs to be
run and provisioned through Citrix Provisioning.
The above diagram depicts multiple workloads to run on different sections/labs in the university. vDisks contain different operating system
and applications stored in the shared storage and with the help of Citrix Provisioning, vDisks are streamed to different labs with different
sets of workloads over the network. It is easy to scale on demand with rapid deployments.
Citrix Provisioning enables a blended delivery strategy that results in supporting mixed workloads and satisfies a variety of use cases. Key
highlights are,
Enables students and faculties to learn and teach anytime
Cuts costs while increasing IT services
Enhances competitive edge in higher education, where technology is a key differentiator
In all deployments, the PVS Servers must have enough processing power and should meet all the networking needs including NIC teaming,
better bandwidth, etc.
Best Practices for Citrix Provisioning with Citrix Virtual Apps and
Desktops
While designing a Citrix Virtual Apps and Desktops solution, it is important to consider Provisioning Servers to align with business needs.
The components included in designing are Active Directory Services, network and security architecture, server hardware types, storage
infrastructure, the virtualization platform and operating systems.
This section provides generic best practices in the following areas
Networking
Storage
Delivery Controller
Network switches
Virtual desktops images/Target devices
Scalability
Networking
Domain Name System: Dynamic updates are a key feature in DNS. This eliminates the need of manual entries of names and IP addresses
into the DNS database. Securing dynamic updates will verify with Active Directory machines, which are requesting updates to the DNS. This
means only computers that have joined the Active Directory domain can dynamically update the DNS database.
Network Interfaces: Citrix recommends using multiple NICs in Provisioning Server machines. A teamed pair of NICs has to be configured
for streaming the vDisks via the PVS Stream Service and for network access to enterprise storage systems or file shares. A dedicated
network or VLANs is also suggested for deployment.
Storage
Storage requirements for PVS Servers depends upon the number of vDisk images to be created and maintained. The size of vDisks depends
on the number of applications to be installed and the operating system.
To minimize the storage space required, Citrix recommends to minimize applications on each vDisk and minimize the number of vDisks.
Each target machine contains a volatile write cache file. The size of the cache file for each VM depends on types of applications used, user
workloads and reboot frequency.
SAN/NAS: In a high availability deployment, a shared volume is required and a volume must be accessible from multiple hosts. A read-only
volume is used for storing vDisks in standard mode. Private image mode requires read/writes access.
Delivery Controller
As a best practice, production sites should always have at least two controllers on different physical servers in on-premises deployments
(within Citrix Cloud this is managed automatically). Each Controller communicates directly with the site database.
Network Switches
Disable spanning tree and enable port fast: With Spanning Tree Protocol (STP) or Rapid Spanning Tree Protocol, the ports are placed into a
blocked state while the switch transmits Bridged Protocol Data Units (BPDUs) and listens to ensure the BPDUs are not in a loopback
configuration.
The amount of time it takes to complete this convergence process depends on the size of the switched network, which might allow the
Pre-boot Execution Environment (PXE) to time out, preventing the machine from getting an IP address.
To resolve this issue, disable STP on edge-ports connected to clients or enable PortFast or Fast Link depending on the managed switch
brand. Refer to the following table:
Switch Manufacturer
Fast Link Option Name
Cisco
PortFast or STP Fast Link
Dell
Spanning Tree Fast Link
Foundry
Fast Port
3COM
Fast Port
Stream Service Isolation: If security is of primary concern, Citrix recommends isolating or segmenting the PVS stream traffic from other
production traffic.
NIC teaming: Teaming two NICs for throughput provides the server with the maximum bandwidth in turn increasing network performance
helping to alleviate this potential network bottleneck.
Optimize Virtual Desktop images/Target devices
Virtual disk images play an important role in delivering successful vDisks to target devices. Before creating an image, it is important to clear
unwanted applications and optimize as per the requirement.
Citrix Optimizer: By default, Microsoft Windows desktop images contain a lot of features that aren’t necessary in a VDI environment. The
Citrix Optimizer is a Windows tool developed by Citrix to help administrators optimize various components in their environment, most
notably the operating system with the Virtual Delivery Agent (VDA). The tool is PowerShell-based, but also includes a graphical UI.
Citrix Optimizer provides various templates for optimization. Choose the right template for the operating system so that unnecessary
services, configuration entries, and applications are disabled or removed. Admins can expect to realize fairly significant performance gains
after optimization.
Reference: Citrix blogs: Citrix Optimizer
Preparing a vDisk image: vDisk preparation is a key step in Citrix Virtual Apps and Desktops Service deployment. A few important steps
need to be taken care when preparing the master image:
Remove unused files and features from the master image
Run Citrix Optimizer to improve performance and take care to select the correct OS
Test the connectivity between controllers and VMs
Run Optimization within the Imaging Wizard
Reference: Citrix docs: Preparing a master target device for imaging
Citrix Provisioning Antivirus Best Practices: Servers and targets may experience common issues if the antivirus is not properly tuned for
the environment. It is recommended to limit antivirus definition updates to only the master target device. Avoid scanning the vDisk write
cache file and streaming disk I/O makes up the operating system for a given target.
Upgrading antivirus client software requires uninstalling PVS client software and reinstalling it. Check antivirus software specific
instructions on configuring scanning exceptions. Obtaining a performance baseline may helps in the event of troubleshooting.
Reference: Citrix article: CTX124185
Scalability
Scalability is an important factor while designing Citrix Virtual Apps and Desktops solutions. It is important to plan for the scalability of the
constituent parts of the solution rather than just viewing it in generalized ways. Scalability observed here on the Delivery Controller, Citrix
Provisioning Server and for the virtual machine infrastructure.
The number of target devices that is supported per PVS Server depends on the size of the vDisk, storage solution for vDisk placement,
write cache type and work flow of end users. The most common bottlenecks that impact scalability of PVS Servers are network I/O of the
PVS Server, disk I/O of the vDisk storage location and cache file location. Organizations have to take care of these key factors according to
their use cases and infrastructure.
Citrix recommends each organization perform scalability tests according to their environment based on infrastructure use cases. Adding
additional PVS Servers to the existing infrastructure will help in distributing the load and provide redundancy and high availability.
Summary
Delivering virtual applications and desktops to end users has been a challenge for many IT administrators due to demands in end user
experience and their work style to gain freedom of anywhere, anytime and any device access to resources.
This document demonstrates the imaging technology being used in Citrix Virtual Apps and Desktops. Image management encompasses
core components to deal with meeting end user needs providing customized and optimized virtual desktops and application delivery.
A few important points to be considered:
Image management is not only just settings for the infrastructure but it is the basic building blocks for a solution design either in onpremises or cloud
Optimizing resource consumption and providing different deployment models in terms of scalability
Application virtualization using provisioning models gives flexibility to administrators and minimizes complexity
Ensure generic best practices are addressed to make use of resources efficiently
We have gone through a holistic view of both provisioning models (Citrix Machine Creation Services and Citrix Provisioning) from Citrix.
Organizations have the option to use one of these or both provisioning models depending on the requirement.
References
Resources for Citrix Provisioning
Resources for Citrix Virtual Apps and Desktops
Endpoint Security and Antivirus Best Practices
For Best Practices and Design hand book

© 1999-2020 Citrix Systems, Inc. All rights reserved. | Terms of Use | Cookie Preferences | Consent Settings
Download