Citrix Cloud XL - Running Ctirix in Public Cloud

© 2017 Citrix User Group Community
Sensitivity: Internal
Running Citrix
Virtual Desktop in
Public Clouds
Azure VS Google vs AWS
Marius Sandbu

About Marius
• Cloud Tech lead at EVRY
• Working with mostly DevOps, AWS, Google and Azure
• MYCUGC Networking SIG Leader
• Blogging at msandbu.org
• Twitter @msandbu
• Email: Marius.sandbu@evry.com

Agenda
• Properties with Public Cloud
• Overview of the landscape
• Intro to Google Cloud, Amazon Web Services and Microsoft Azure
• Comparison of the different vendors
• Deep-dive into the platforms
• Running Citrix in Public Cloud
• Supported Architecture
• Considerations and design

So what happened in Cloud the
last weeks?

Properties with Public Cloud
• Automation
• Pay-as-you-go
• Self-Service
• Scalability and Capacity
• Elasticity
Automation using CLI or IaC with
Terraform, Packer, Ansible or Native
Per second billing for IaaS and usage for PaaS combined with
troughput
Setup Cluster of Machines or other PaaS using simple self-service
portals
Get up VM’s with 4 TB Memory, 128 vCPU and RDMA Backbone
Scale up and down, both scale horizontally and vertically based
upon demand or schedule

Overview of the landscape
• Market dominated by three
vendors on IaaS
• Similiar layout for vendors in
PaaS market
• Microsoft and Google focused
also on Collaboration and SaaS
offerings
• AWS has been mostly on
IaaS and PaaS moving a bit towards
SaaS model

Introduction to Google Cloud Platform
Pros:
• Robust and Flexible IaaS
• Simple yet Powerful
• Cheapest*
• Fastest**
Strategy and Roadmap:
• DevOps
• Machine Learning
• IoT and PaaS
• Hybrid and Partnership
with Nutanix
Properties:
• 16 Regions
• All regions contains
multiple Availability Zones
• Customizable Virtual
Machines
• KVM Based Hypervisor
* Cheapest with IaaS with non-commited resources
** Based upon current benchmarks

Introduction to Google Cloud Platform
• Automation layer Cloud Deployment
Manager based upon YAML
• Flexible virtual machine sizing on both
CPU/CPU Type/GPU
• Role based access control based upon
by Google Identity
• Grouping of resources is based upon
projects and organizations
• Networking can be configured to be
global which split across regions but
can also be used using peering

Example Architecture – Google Cloud

Introduction to Amazon Web Services
Pros:
• Large Service Catalogue of
IaaS and PaaS services
• Robust and Scaleable
Infrastructure
Strategy and Roadmap:
• DevOps
• IoT
• Hybrid and Partnership
with VMware
Properties:
• 17 Regions
• All regions contains
multiple Availability Zones
• Xen Based Hypervisor*
*Will be replaced with KVM, already implemented for certain instances

Introduction to Amazon Web Services
• Automation layer Cloudformation
based upon YAML or JSON
• Flexible virtual machine sizing on both
CPU/CPU Type/GPU
by AWS Identity
• Grouping of resources is based region
but can be placed into a resource
group
• Networking is spilt up into a VPC but
multple VPC can be peered.

Example Architecture – Amazon Web Services

Introduction to Microsoft Azure
Pros:
• Integrations with on-
prem workloads
• Azure Identity
Strategy and Roadmap :
• DevOps
• End-User Computing
• Big Data and Analytics
• Hybrid with Azure Stack
• VMware
Properties:
• 52 Regions worldwide
• Availability Zones in
Preview
• Hyper-V based
hypervisor

Introduction to Microsoft Azure
• Automation Manager Azure Resource
Manager uses JSON Syntax
• Long list of different instances types
with different levels of disk and GPU
and other components such as RDMA
by Azure Active Directory
• Grouping of resources is based
resource group within an Subscription
• Networking is isolated within a region
but can be peered

Example Architecture – Microsoft Azure

Some things to consider…
• Ensure that provider has support for the workload (For instance Oracle or SAP)
• Ensure that supported region has the features and infrastructure needed ( For
instance GPU)
• For large projects ensure that you have enough capacity before doing deployment
(Check subscription quota)
• Try to build required infrastructure using IaC (such as Native providers or
Terraform)
• Look at combining use of pay-as-you go and reserved capacity to reduce cost
• Find the closest region to place workloads or use dedicated connections
• http://azurespeed.com ( Azure )
• http://www.gcping.com/ (Google )
• http://www.cloudping.info/ (AWS )

Some things to consider…
• Public IP ranges for cloud providers are available makes it attractive for
botnets/scanners
• Identity with MFA is crucial to lockdown access to enviroment
• Role Based Access to different services, implement custom roles and service
principal users
• Implement Cloud monitoring of platform health (Stackdriver, Azure Monitor,
CloudWatch)
• Use Built-in Optimization tools (Cost Advisor tools, Security Advisor)

Comparison of vendors - Infrastructure
Feature Microsoft Azure Google Cloud Platform Amazon Web Services
HPC Services Azure Batch Amazon Batch
Reserved Instances Reserved Instances Commited Use EC2 Reserved Instances
Dedicated Instances EC2 Dedicated Instances
Bare Metal hosts EC2 Dedicated Hosts
Burstable Instances Yes Yes Yes
Custom Instance Size No Yes No
Compute Service Identity Yes Yes Yes

Infrastructure
High Performance Disk Premium Disk, Standard SSD SSD Persistent Disk,
LocalDisk
SSD EBS
GPU Instances N-series Flexible P2,3/G3 Instances and
FlexibleGPU
GPU Support M60,K80,P40, P100, V100 K80, P100 and V100 K80, M60, V100 and Flexible
GPU
Godzilla VM Standard_M128 128vCPU, 4
TB (12 TB coming)
N1-Ultramem (160 vCPU, 4
TB memory)
X1.32large 128vCPU, 4 TB
(12 TB coming)
CPU Architecture Skylake, Broadwell, Haswell Skylake, Broadwell, Haswell Skylake, Broadwell, Haswell
Automatic Scaling Scale Set Autoscaling Groups Auto Scaling Groups
VMware Support Coming Only trough Container
partnership
Yes (VMware on AWS)

Migration and backup services
VM Migration Services Azure Site Recovery, Azure
Migrate
Third party (CloudEndure) VM import, VM migration
service
Storage Migration
Services
Online Data Import Cloud Storage Transfer Service
Offline data Migration Offline Data Import, Azure
Data Box
Cloud Data Transfer Appliance Snowmobile, SnowBall
On-prem to Cloud DR Azure Site Recovery
Cloud to Cloud DR Azure Site Recovery
Backup IaaS Azure Backup Snapshot Disk Snapshot EBS
Other offerings Storage migration, PowerShell UI migration UI migration

Storage Services
Max disk size 4 TB (Managed Disk 64 TB (Persistent Disk) 16 TB (EBS)
Max troughput and IOPS 250 MBps / 7500 IOPS 800 MBps / 40000 IOPS 500 MBps / 32000 IOPS
Customizeable IOPS No Yes Yes
Network File Storage Azure Files (SMB 3.0) File Storage (Announced
Yesterday!)
Amazon EFS (NFS)
Object Level Storage Azure Blob Google Cloud Storage Amazon S3
Hybrid Storage StorSimple, Azure File Sync Storage Gateway, Snowball
Edge
Storage tiering policy Yes(In Preview) Lifecycle Management S3 Lifecycle policy
Encryption at REST Yes (Default) Yes (Default) Yes (EFS and S3 )

Identity and MDM
AD based Services Azure Active Directory
Domain Services
AWS Active Directory Service
Web based Identity
Service
Azure Active Directory Google IAM Amazon IAM & Amazon SSO
SAML (SP and iDP
Support)
Yes Yes Yes
MFA support Yes Yes Yes
Key (Secret) Storage Key Vault Cloud KMS Key Management Service
Role based access control Yes Yes Yes
MDM Support Yes (Intune) Yes (Google MDM) No

Networking & Security
TCP load balancing Yes Yes Yes
HTTP load balancing Yes Yes Yes
DNS load balancing Yes No Yes
Security Monitoring Azure Security Center Cloud Security Scanner &
Command Center
Amazon Inspector
VPN S2S Yes Yes Yes
Peering Yes Yes Yes

Networking and Security
Accelerated Networking Yes Yes Yes
DNS Hosting Yes Yes Yes
Direct Connectivity Yes Yes Yes
CDN Solutions Yes Yes Yes
Web Application Firewall Application Gateway Google Cloud Armor
(Beta)
AWS WAF
DDoS Shield Yes Yes

Management and Automation
Deployment and
Automation
Azure Resource Manager Google Deployment Manager Cloudformation
CLI tools PowerShell, AzureCLI GCloud CLI, Google Cloud
PowerShell
AWS CLI, AWS Powershell
Monitoring and Logging Microsoft Log Analytics, Azure
Monitor
StackDriver CloudWatch, Cloudtrail
Optimization Azure Advisor Native Service Trusted Advisor
Automation Tools Azure Automation Amazon CloudOps for Chef
and Puppet
Third Party CM support Chef, Puppet, Terraform,
Ansible, SaltStack
Chef, Puppet, Terraform,
Ansible, SaltStack
Chef, Puppet, Terraform,
Ansible, SaltStack
EDI Tools Azure Logic Apps

Cloud Prising Comparison
NB: Price differs from region to region
Feature Microsoft Azure
(West Europe)
Google Cloud Platform
(Frankfurt)
Amazon Web Services
(Frankfurt)
Virtual Machines 10x 4vCPU, 16 GB
Memory, Windows 10 Hours
$1272 $1018 $1171
Memory, Windows 24/7
$3095 $2418 $3103
Memory, Windows 3 Years reserved
$2111 $1971 $2226
OS Storage 512 GB Per Month,
Standard Disk
$21,7 $24.5 $27
OS Storage 512 GB Per Month,
Premium Storage
$80.5 (IOPS 2300, 150 MB/S) $104 (IOPS 15300, 230 MB/S) $60.9 (160 MB/S
Network Bandwidth 10 GB Per Month $0.87 $1.20 $0.81

Running Citrix in Public Cloud

Running Citrix Cloud in Public Cloud
XenApp Essentials
• Azure Only
• Only Applications
• Only NGaaS
• No Studio Access (Web UI)
XenDesktop Essentials
• Azure Only (EA or CSP
• Only Desktops
• NGaaS or NetScaler
• Limited Studio Access
XenApp & XenDesktop
Service
• On-premises and Cloud
• Apps and Desktops
• NGaaS or NetScaler
• Smart Tools included
• Full Studio access
• App Layering
• Remote PC
Citrix Workspace Service
• XenApp and XenDesktop Service
• XenMobile Service
• Sharefile Service
• NetScaler Gateway Servce

MCS provisioning Yes No* Yes
App layering Yes No No
GPU support Yes No Yes
Power Control Yes No* Yes
ADC support VPX Yes No Yes
SD-WAN Yes No Yes
NGaaS support** Yes Yes Yes
Identity Support using FAS Yes (Azure AD) Yes (Google Identity) Yes (AWS SSO)
Identity Support using Citrix
Cloud
Yes No No
• *Coming later this year and more I hope!
• **NGaaS PoPs are distributed between Azure and AWS http://bit.ly/2tkDpnt

Windows 10 Licensing EA or CSP using VDA rights No No
RDSH 2012 R2 Yes (HUB*) Yes (License Mobility) Yes (License Mobility)
RDSH 2016 Yes (HUB*) Yes (License Mobility) Yes (License Mobility)
PaaS ServiceS Support No No No
Smart Scale support Yes No*** Yes
Support Goverment Region Yes (**) Changed today NA Yes
• * Is applicable for Windows Server (Not SQL, RDS etc)
• ** In Preview
• *** Soon!

• Citrix Cloud has many different offerings specifically against Microsoft Azure
• XenDesktop and XenApp Essentials
• Azure QuickDeploy
• Citrix has built specific integration with Microsoft and EMS
• NetScaler and Graph API for integration
• NetScaler and VPN Profile deployment using Microsoft EMS
• NetScaler has support for autoscaling backend instances in AWS and Azure (12.1)
release (Only for load balancing web services
• If using Citrix Cloud: Backend uses many Microsoft Azure Native services such as
Service Bus, Web Apps, Blob Storage and IaaS

• Utilizing Collaboration tools like Google Gsuite and Office 365 affect performance
if chosen the same platform
• Limits when it comes to layer two networking features such as
Gratuitous ARP(GARP)
L2 mode
Tagged VLAN
Dynamic Routing
Virtual MAC (VMAC)
• RDS licenses still needs to be part of the equation
• No Support for provisioning Azure Stack og VMware on AWS

Running Citrix in Google Cloud
• Distribute resources across availability Zones for redundancy purposes
• Setup Citrix Cloud with NetScaler Gateway as a Service
• N1-Standard-4 (4 vCPU, 15 GB Memory) as VDA
• 2.6 GHz Intel Xeon E5 (Sandy Bridge)
• 2.5 GHz Intel Xeon E5 v2 (Ivy Bridge)
• 2.3 GHz Intel Xeon E5 v3 (Haswell)
• 2.2 GHz Intel Xeon E5 v4 (Broadwell)
• 2.0 GHz Intel Xeon (Skylake)
• GitHub Repository for Deployment Scripts 
https://github.com/GoogleCloudPlatform/citrix-on-gcp (Trial setup or PoC)
• Uses Start-up scripts in Deployment Manager to install components
• Stay tuned for .Next Announcements next month 
https://cloud.withgoogle.com/next18

Running Citrix in Amazon Web Services
• Setup IAM user for MCS provisioning
• http://bit.ly/2lDZ4CV
• Use default VPC and default Subnet for Preperation instance
• Deleting these might result into MCS failure
• If you have deleted these resources, recreate them to make MCS work again
• MCS requires an AMI image available to do provisioning
• NetScaler available as AMI in Marketplace
• NetScaler’s should have at least 3 IP subnets
• NetScaler supports SR-IOV on AWS (M4.10x Large or C4.8x Large) for up to 5 Gbps
• Requires NetScaler 12.0.57
• NetScaler HA achieved by using ENI
• AWS RDS (For SQL Server) is Citrix Ready Verified  yay! Also Amazon AD Service

Running Citrix in Microsoft Azure
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-compute
Instance type CPU Architecture CPU / RAM ratio Use-case Extra info
Av2-Series May differ 1 / 2 Web (Cloud Connector
A2V2)
(A8 – A11) RDMA
Dv2-Series E5-2673 v3 @ 2.4 GHz 1 / 3,5 RDSH/Citrix Dv3 (Nested)
E-Series E5-2673 v4 @ 2.3 GHz 1 / 8 RDMS
F-Series E5-2673 v3 @ 2.4 GHz 1 / 2 RDSH/Citrix
G-Series E5-2698B v3 @ 2 GHz 1 / 14 RDMS
H-Series E5-2667 v3 @ 3.2 GHz 1 / 7 HPC
L-Series E5-2698B v3 @ 2 GHz 1 / 8 Big Data
M-Series 1 / 27 HPC Opptil 128 vCPU
N-Series E5-2690 v3 @ 2,6 GHZ 1 / 9,3 Remote Graphics GPU NVIDIA

• Azure Active Directory Domain Services
• Requires own service
• Doesn’t work with Hybrid Model
• https://support.citrix.com/article/CTX224111
• Setup redudant IaaS services within Availability Sets
• Future reference  Availability Zones (Currently in Preview)
• NetScaler, Storefront, DDC, Active Directory, CCC
• Use Managed Disks
• Avoid IOPS limit on IaaS
• Use Accelerated Networking on non MCS machines
• Not available in MCS Wizard
• Not yet supported on Citrix NetScaler
• Consider using Azure Backup for IaaS workloads
• Upgrade service within the portal
Domain or Enterprise
administrator privileges
✕ ✓
Domain join ✓ ✓
Domain authentication
using NTLM and
Kerberos
✓ ✓
Kerberos constrained
delegation
resource-
based
resource-based &
account-based
Custom OU structure ✓ ✓
Schema extensions ✕ ✓
AD domain/forest trusts ✕ ✓
LDAP write ✕ ✓
Group Policy ✓ ✓
Geo-distributed
deployments
✕ ✓

• Considering GPU in Microsoft Azure
• NV-series comes with GRID licensing included
• Doesn’t provide SSD disk for OS and data disks
• Do not touch Resource Group created by the MCS wizard
• This will break the connection between MCS and Resources
• Add local user accounts on each machine and seperate user in Azure AD
• Azure AD Users in case of ADFS outage
• Local Computer User in case of AD outage
• Use AzCopy or Azure Storage Explorer for backup of Image
• Used to copy image from one storage account to another
• Setup Log Analytics Free Tier with Sample logging with Azure Security Center
• Can be used to monitor and log infrastructure
• Combine with Citrix FAS and Azure AD for SSO
• http://bit.ly/2JXIPLt

• Setting up Citrix NetScaler in Azure
• Deploy NetScaler from Marketplace
• Limitations  http://bit.ly/2K819W5
• ARM templates  https://github.com/citrix/netscaler-azure-templates
• VPX 10 up to VPX 3000 Support
• Requires Azure Load Balancer in front to handle failover
• Use basic SKU and not standard
• Setup Load Balancing logging for Log Analytics
• With HA setup HA-INC
• Address Pools with VPN Requires multiple IP Configurations
• Get-AzureRmMarketplaceTerms -Publisher "citrix" -Product "netscalervpx-120" -Name "netscalerbyol" | Set-AzureRmMarketplaceTerms -Accept
• Or use NetScaler Gateway as a Service

Smart Scale and Citrix Cloud
• Smart Scale
• Allows for automatic power on & off of instances
• Supported for AWS and Microsoft Azure
• Requires Agent installed on DDC or Citrix Cloud
• Rules are defined on Delivery Groups basis
http://bit.ly/2N1OCl4

Considerations
• Build master Image using native automation tools
• Azure Resource Manager
• Cloud-init (Linux)
• PowerShell DSC
• Custom Script Extension
• Google Cloud Deployment Manager
• Start-up Script
• Amazon Cloudformation
• Shell Script
• Cloud-Init
• EC2Launch
• Packer or Terraform
• Chef, Puppet or Ansible
{
"builders": [{
"type": "azure-arm",
"os_type": "Windows",
"image_publisher": "MicrosoftWindowsServer",
"image_offer": "WindowsServer",
"image_sku": "2016-Datacenter",
},
"location": "West_Europe",
"vm_size": "Standard_DS2_v2"
}],
"provisioners": [{
"type": "powershell",
"inline": [
"Add-WindowsFeature Web-Server",
"& $env:SystemRootSystem32SysprepSysprep.exe /oobe /generalize /quiet /quit"
]
}]
}

Third party tools and Cloud Support
• FSLogix – Cloud Cache (Azure Page Blob first, coming (AWS and Google to follow)
• Liquidware – (AWS S3, Google Cloud or Azure Page Blob)
• ControlUp – (AWS Support)

Running Citrix in Cloud - Summary
Microsoft Azure
• Citrix has most integrations with Microsoft Azure
• Much of the backend and NGaaS Points are running in Microsoft Azure
• Running VDI and Office 365 makes Azure the logical choice
• Combination of EMS (Security, Mobility and Application Delivery)
Amazon Web Services
• Little news to AWS integrations from Citrix
Google Cloud Platform
• Google will probably be the next «big» platform for Citrix moving forward
• More features to come available soon, 90 days announcements from Synergy!

Citrix Cloud XL - Running Ctirix in Public Cloud

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Citrix Cloud XL - Running Ctirix in Public Cloud

Similar to Citrix Cloud XL - Running Ctirix in Public Cloud (20)

More from Marius Sandbu

More from Marius Sandbu (7)

Recently uploaded

Recently uploaded (20)

Citrix Cloud XL - Running Ctirix in Public Cloud