Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Citrix Cloud XL - Running Ctirix in Public Cloud

457 views

Published on

Citrix on AWS, Azure and Google Cloud

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Citrix Cloud XL - Running Ctirix in Public Cloud

  1. 1. © 2017 Citrix User Group Community Sensitivity: Internal Running Citrix Virtual Desktop in Public Clouds Azure VS Google vs AWS Marius Sandbu
  2. 2. © 2017 Citrix User Group Community Sensitivity: Internal About Marius • Cloud Tech lead at EVRY • Working with mostly DevOps, AWS, Google and Azure • MYCUGC Networking SIG Leader • Blogging at msandbu.org • Twitter @msandbu • Email: Marius.sandbu@evry.com
  3. 3. © 2017 Citrix User Group Community Sensitivity: Internal Agenda • Properties with Public Cloud • Overview of the landscape • Intro to Google Cloud, Amazon Web Services and Microsoft Azure • Comparison of the different vendors • Deep-dive into the platforms • Running Citrix in Public Cloud • Supported Architecture • Considerations and design
  4. 4. © 2017 Citrix User Group Community Sensitivity: Internal So what happened in Cloud the last weeks?
  5. 5. © 2017 Citrix User Group Community Sensitivity: Internal Properties with Public Cloud • Automation • Pay-as-you-go • Self-Service • Scalability and Capacity • Elasticity Automation using CLI or IaC with Terraform, Packer, Ansible or Native Per second billing for IaaS and usage for PaaS combined with troughput Setup Cluster of Machines or other PaaS using simple self-service portals Get up VM’s with 4 TB Memory, 128 vCPU and RDMA Backbone Scale up and down, both scale horizontally and vertically based upon demand or schedule
  6. 6. © 2017 Citrix User Group Community Sensitivity: Internal Overview of the landscape • Market dominated by three vendors on IaaS • Similiar layout for vendors in PaaS market • Microsoft and Google focused also on Collaboration and SaaS offerings • AWS has been mostly on IaaS and PaaS moving a bit towards SaaS model
  7. 7. © 2017 Citrix User Group Community Sensitivity: Internal Introduction to Google Cloud Platform Pros: • Robust and Flexible IaaS • Simple yet Powerful • Cheapest* • Fastest** Strategy and Roadmap: • DevOps • Machine Learning • IoT and PaaS • Hybrid and Partnership with Nutanix Properties: • 16 Regions • All regions contains multiple Availability Zones • Customizable Virtual Machines • KVM Based Hypervisor * Cheapest with IaaS with non-commited resources ** Based upon current benchmarks
  8. 8. © 2017 Citrix User Group Community Sensitivity: Internal Introduction to Google Cloud Platform • Automation layer Cloud Deployment Manager based upon YAML • Flexible virtual machine sizing on both CPU/CPU Type/GPU • Role based access control based upon by Google Identity • Grouping of resources is based upon projects and organizations • Networking can be configured to be global which split across regions but can also be used using peering
  9. 9. © 2017 Citrix User Group Community Sensitivity: Internal Example Architecture – Google Cloud
  10. 10. © 2017 Citrix User Group Community Sensitivity: Internal Introduction to Amazon Web Services Pros: • Large Service Catalogue of IaaS and PaaS services • Robust and Scaleable Infrastructure Strategy and Roadmap: • DevOps • Machine Learning • IoT • Hybrid and Partnership with VMware Properties: • 17 Regions • All regions contains multiple Availability Zones • Xen Based Hypervisor* *Will be replaced with KVM, already implemented for certain instances
  11. 11. © 2017 Citrix User Group Community Sensitivity: Internal Introduction to Amazon Web Services • Automation layer Cloudformation based upon YAML or JSON • Flexible virtual machine sizing on both CPU/CPU Type/GPU • Role based access control based upon by AWS Identity • Grouping of resources is based region but can be placed into a resource group • Networking is spilt up into a VPC but multple VPC can be peered.
  12. 12. © 2017 Citrix User Group Community Sensitivity: Internal Example Architecture – Amazon Web Services
  13. 13. © 2017 Citrix User Group Community Sensitivity: Internal Introduction to Microsoft Azure Pros: • Integrations with on- prem workloads • Machine Learning • Azure Identity Strategy and Roadmap : • DevOps • End-User Computing • Big Data and Analytics • Hybrid with Azure Stack • VMware Properties: • 52 Regions worldwide • Availability Zones in Preview • Hyper-V based hypervisor
  14. 14. © 2017 Citrix User Group Community Sensitivity: Internal Introduction to Microsoft Azure • Automation Manager Azure Resource Manager uses JSON Syntax • Long list of different instances types with different levels of disk and GPU and other components such as RDMA • Role based access control based upon by Azure Active Directory • Grouping of resources is based resource group within an Subscription • Networking is isolated within a region but can be peered
  15. 15. © 2017 Citrix User Group Community Sensitivity: Internal Example Architecture – Microsoft Azure
  16. 16. © 2017 Citrix User Group Community Sensitivity: Internal Some things to consider… • Ensure that provider has support for the workload (For instance Oracle or SAP) • Ensure that supported region has the features and infrastructure needed ( For instance GPU) • For large projects ensure that you have enough capacity before doing deployment (Check subscription quota) • Try to build required infrastructure using IaC (such as Native providers or Terraform) • Look at combining use of pay-as-you go and reserved capacity to reduce cost • Find the closest region to place workloads or use dedicated connections • http://azurespeed.com ( Azure ) • http://www.gcping.com/ (Google ) • http://www.cloudping.info/ (AWS )
  17. 17. © 2017 Citrix User Group Community Sensitivity: Internal Some things to consider… • Public IP ranges for cloud providers are available makes it attractive for botnets/scanners • Identity with MFA is crucial to lockdown access to enviroment • Role Based Access to different services, implement custom roles and service principal users • Implement Cloud monitoring of platform health (Stackdriver, Azure Monitor, CloudWatch) • Use Built-in Optimization tools (Cost Advisor tools, Security Advisor)
  18. 18. © 2017 Citrix User Group Community Sensitivity: Internal Comparison of vendors - Infrastructure Feature Microsoft Azure Google Cloud Platform Amazon Web Services HPC Services Azure Batch Amazon Batch Reserved Instances Reserved Instances Commited Use EC2 Reserved Instances Dedicated Instances EC2 Dedicated Instances Bare Metal hosts EC2 Dedicated Hosts Burstable Instances Yes Yes Yes Custom Instance Size No Yes No Compute Service Identity Yes Yes Yes
  19. 19. © 2017 Citrix User Group Community Sensitivity: Internal Infrastructure Feature Microsoft Azure Google Cloud Platform Amazon Web Services High Performance Disk Premium Disk, Standard SSD SSD Persistent Disk, LocalDisk SSD EBS GPU Instances N-series Flexible P2,3/G3 Instances and FlexibleGPU GPU Support M60,K80,P40, P100, V100 K80, P100 and V100 K80, M60, V100 and Flexible GPU Godzilla VM Standard_M128 128vCPU, 4 TB (12 TB coming) N1-Ultramem (160 vCPU, 4 TB memory) X1.32large 128vCPU, 4 TB (12 TB coming) CPU Architecture Skylake, Broadwell, Haswell Skylake, Broadwell, Haswell Skylake, Broadwell, Haswell Automatic Scaling Scale Set Autoscaling Groups Auto Scaling Groups VMware Support Coming Only trough Container partnership Yes (VMware on AWS)
  20. 20. © 2017 Citrix User Group Community Sensitivity: Internal Migration and backup services Feature Microsoft Azure Google Cloud Platform Amazon Web Services VM Migration Services Azure Site Recovery, Azure Migrate Third party (CloudEndure) VM import, VM migration service Storage Migration Services Online Data Import Cloud Storage Transfer Service Offline data Migration Offline Data Import, Azure Data Box Cloud Data Transfer Appliance Snowmobile, SnowBall On-prem to Cloud DR Azure Site Recovery Cloud to Cloud DR Azure Site Recovery Backup IaaS Azure Backup Snapshot Disk Snapshot EBS Other offerings Storage migration, PowerShell UI migration UI migration
  21. 21. © 2017 Citrix User Group Community Sensitivity: Internal Storage Services Feature Microsoft Azure Google Cloud Platform Amazon Web Services Max disk size 4 TB (Managed Disk 64 TB (Persistent Disk) 16 TB (EBS) Max troughput and IOPS 250 MBps / 7500 IOPS 800 MBps / 40000 IOPS 500 MBps / 32000 IOPS Customizeable IOPS No Yes Yes Network File Storage Azure Files (SMB 3.0) File Storage (Announced Yesterday!) Amazon EFS (NFS) Object Level Storage Azure Blob Google Cloud Storage Amazon S3 Hybrid Storage StorSimple, Azure File Sync Storage Gateway, Snowball Edge Storage tiering policy Yes(In Preview) Lifecycle Management S3 Lifecycle policy Encryption at REST Yes (Default) Yes (Default) Yes (EFS and S3 )
  22. 22. © 2017 Citrix User Group Community Sensitivity: Internal Identity and MDM Feature Microsoft Azure Google Cloud Platform Amazon Web Services AD based Services Azure Active Directory Domain Services AWS Active Directory Service Web based Identity Service Azure Active Directory Google IAM Amazon IAM & Amazon SSO SAML (SP and iDP Support) Yes Yes Yes MFA support Yes Yes Yes Key (Secret) Storage Key Vault Cloud KMS Key Management Service Role based access control Yes Yes Yes MDM Support Yes (Intune) Yes (Google MDM) No
  23. 23. © 2017 Citrix User Group Community Sensitivity: Internal Networking & Security Feature Microsoft Azure Google Cloud Platform Amazon Web Services TCP load balancing Yes Yes Yes HTTP load balancing Yes Yes Yes DNS load balancing Yes No Yes Security Monitoring Azure Security Center Cloud Security Scanner & Command Center Amazon Inspector VPN S2S Yes Yes Yes Peering Yes Yes Yes
  24. 24. © 2017 Citrix User Group Community Sensitivity: Internal Networking and Security Feature Microsoft Azure Google Cloud Platform Amazon Web Services Accelerated Networking Yes Yes Yes DNS Hosting Yes Yes Yes Direct Connectivity Yes Yes Yes CDN Solutions Yes Yes Yes Web Application Firewall Application Gateway Google Cloud Armor (Beta) AWS WAF DDoS Shield Yes Yes
  25. 25. © 2017 Citrix User Group Community Sensitivity: Internal Management and Automation Feature Microsoft Azure Google Cloud Platform Amazon Web Services Deployment and Automation Azure Resource Manager Google Deployment Manager Cloudformation CLI tools PowerShell, AzureCLI GCloud CLI, Google Cloud PowerShell AWS CLI, AWS Powershell Monitoring and Logging Microsoft Log Analytics, Azure Monitor StackDriver CloudWatch, Cloudtrail Optimization Azure Advisor Native Service Trusted Advisor Automation Tools Azure Automation Amazon CloudOps for Chef and Puppet Third Party CM support Chef, Puppet, Terraform, Ansible, SaltStack Chef, Puppet, Terraform, Ansible, SaltStack Chef, Puppet, Terraform, Ansible, SaltStack EDI Tools Azure Logic Apps
  26. 26. © 2017 Citrix User Group Community Sensitivity: Internal Cloud Prising Comparison NB: Price differs from region to region Feature Microsoft Azure (West Europe) Google Cloud Platform (Frankfurt) Amazon Web Services (Frankfurt) Virtual Machines 10x 4vCPU, 16 GB Memory, Windows 10 Hours $1272 $1018 $1171 Virtual Machines 10x 4vCPU, 16 GB Memory, Windows 24/7 $3095 $2418 $3103 Virtual Machines 10x 4vCPU, 16 GB Memory, Windows 3 Years reserved $2111 $1971 $2226 OS Storage 512 GB Per Month, Standard Disk $21,7 $24.5 $27 OS Storage 512 GB Per Month, Premium Storage $80.5 (IOPS 2300, 150 MB/S) $104 (IOPS 15300, 230 MB/S) $60.9 (160 MB/S Network Bandwidth 10 GB Per Month $0.87 $1.20 $0.81
  27. 27. © 2017 Citrix User Group Community Sensitivity: Internal Running Citrix in Public Cloud
  28. 28. © 2017 Citrix User Group Community Sensitivity: Internal Running Citrix Cloud in Public Cloud XenApp Essentials • Azure Only • Only Applications • Only NGaaS • No Studio Access (Web UI) XenDesktop Essentials • Azure Only (EA or CSP • Only Desktops • NGaaS or NetScaler • Limited Studio Access XenApp & XenDesktop Service • On-premises and Cloud • Apps and Desktops • NGaaS or NetScaler • Smart Tools included • Full Studio access • App Layering • Remote PC Citrix Workspace Service • XenApp and XenDesktop Service • XenMobile Service • Sharefile Service • NetScaler Gateway Servce
  29. 29. © 2017 Citrix User Group Community Sensitivity: Internal Running Citrix in Public Cloud Feature Microsoft Azure Google Cloud Platform Amazon Web Services MCS provisioning Yes No* Yes App layering Yes No No GPU support Yes No Yes Power Control Yes No* Yes ADC support VPX Yes No Yes SD-WAN Yes No Yes NGaaS support** Yes Yes Yes Identity Support using FAS Yes (Azure AD) Yes (Google Identity) Yes (AWS SSO) Identity Support using Citrix Cloud Yes No No • *Coming later this year and more I hope! • **NGaaS PoPs are distributed between Azure and AWS http://bit.ly/2tkDpnt
  30. 30. © 2017 Citrix User Group Community Sensitivity: Internal Running Citrix in Public Cloud Feature Microsoft Azure Google Cloud Platform Amazon Web Services Windows 10 Licensing EA or CSP using VDA rights No No RDSH 2012 R2 Yes (HUB*) Yes (License Mobility) Yes (License Mobility) RDSH 2016 Yes (HUB*) Yes (License Mobility) Yes (License Mobility) PaaS ServiceS Support No No No Smart Scale support Yes No*** Yes Support Goverment Region Yes (**) Changed today NA Yes • * Is applicable for Windows Server (Not SQL, RDS etc) • ** In Preview • *** Soon!
  31. 31. © 2017 Citrix User Group Community Sensitivity: Internal Running Citrix in Public Cloud • Citrix Cloud has many different offerings specifically against Microsoft Azure • XenDesktop and XenApp Essentials • Azure QuickDeploy • Citrix has built specific integration with Microsoft and EMS • NetScaler and Graph API for integration • NetScaler and VPN Profile deployment using Microsoft EMS • NetScaler has support for autoscaling backend instances in AWS and Azure (12.1) release (Only for load balancing web services • If using Citrix Cloud: Backend uses many Microsoft Azure Native services such as Service Bus, Web Apps, Blob Storage and IaaS
  32. 32. © 2017 Citrix User Group Community Sensitivity: Internal Running Citrix in Public Cloud • Utilizing Collaboration tools like Google Gsuite and Office 365 affect performance if chosen the same platform • Limits when it comes to layer two networking features such as Gratuitous ARP(GARP) L2 mode Tagged VLAN Dynamic Routing Virtual MAC (VMAC) • RDS licenses still needs to be part of the equation • No Support for provisioning Azure Stack og VMware on AWS
  33. 33. © 2017 Citrix User Group Community Sensitivity: Internal Running Citrix in Google Cloud • Distribute resources across availability Zones for redundancy purposes • Setup Citrix Cloud with NetScaler Gateway as a Service • N1-Standard-4 (4 vCPU, 15 GB Memory) as VDA • 2.6 GHz Intel Xeon E5 (Sandy Bridge) • 2.5 GHz Intel Xeon E5 v2 (Ivy Bridge) • 2.3 GHz Intel Xeon E5 v3 (Haswell) • 2.2 GHz Intel Xeon E5 v4 (Broadwell) • 2.0 GHz Intel Xeon (Skylake) • GitHub Repository for Deployment Scripts  https://github.com/GoogleCloudPlatform/citrix-on-gcp (Trial setup or PoC) • Uses Start-up scripts in Deployment Manager to install components • Stay tuned for .Next Announcements next month  https://cloud.withgoogle.com/next18
  34. 34. © 2017 Citrix User Group Community Sensitivity: Internal Running Citrix in Amazon Web Services • Setup IAM user for MCS provisioning • http://bit.ly/2lDZ4CV • Use default VPC and default Subnet for Preperation instance • Deleting these might result into MCS failure • If you have deleted these resources, recreate them to make MCS work again • MCS requires an AMI image available to do provisioning • NetScaler available as AMI in Marketplace • NetScaler’s should have at least 3 IP subnets • NetScaler supports SR-IOV on AWS (M4.10x Large or C4.8x Large) for up to 5 Gbps • Requires NetScaler 12.0.57 • NetScaler HA achieved by using ENI • AWS RDS (For SQL Server) is Citrix Ready Verified  yay! Also Amazon AD Service
  35. 35. © 2017 Citrix User Group Community Sensitivity: Internal Running Citrix in Microsoft Azure https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-compute Instance type CPU Architecture CPU / RAM ratio Use-case Extra info Av2-Series May differ 1 / 2 Web (Cloud Connector A2V2) (A8 – A11) RDMA Dv2-Series E5-2673 v3 @ 2.4 GHz 1 / 3,5 RDSH/Citrix Dv3 (Nested) E-Series E5-2673 v4 @ 2.3 GHz 1 / 8 RDMS F-Series E5-2673 v3 @ 2.4 GHz 1 / 2 RDSH/Citrix G-Series E5-2698B v3 @ 2 GHz 1 / 14 RDMS H-Series E5-2667 v3 @ 3.2 GHz 1 / 7 HPC L-Series E5-2698B v3 @ 2 GHz 1 / 8 Big Data M-Series 1 / 27 HPC Opptil 128 vCPU N-Series E5-2690 v3 @ 2,6 GHZ 1 / 9,3 Remote Graphics GPU NVIDIA
  36. 36. © 2017 Citrix User Group Community Sensitivity: Internal Running Citrix in Microsoft Azure • Azure Active Directory Domain Services • Requires own service • Doesn’t work with Hybrid Model • https://support.citrix.com/article/CTX224111 • Setup redudant IaaS services within Availability Sets • Future reference  Availability Zones (Currently in Preview) • NetScaler, Storefront, DDC, Active Directory, CCC • Use Managed Disks • Avoid IOPS limit on IaaS • Use Accelerated Networking on non MCS machines • Not available in MCS Wizard • Not yet supported on Citrix NetScaler • Consider using Azure Backup for IaaS workloads • Upgrade service within the portal Domain or Enterprise administrator privileges ✕ ✓ Domain join ✓ ✓ Domain authentication using NTLM and Kerberos ✓ ✓ Kerberos constrained delegation resource- based resource-based & account-based Custom OU structure ✓ ✓ Schema extensions ✕ ✓ AD domain/forest trusts ✕ ✓ LDAP write ✕ ✓ Group Policy ✓ ✓ Geo-distributed deployments ✕ ✓
  37. 37. © 2017 Citrix User Group Community Sensitivity: Internal Running Citrix in Microsoft Azure • Considering GPU in Microsoft Azure • NV-series comes with GRID licensing included • Doesn’t provide SSD disk for OS and data disks • Do not touch Resource Group created by the MCS wizard • This will break the connection between MCS and Resources • Add local user accounts on each machine and seperate user in Azure AD • Azure AD Users in case of ADFS outage • Local Computer User in case of AD outage • Use AzCopy or Azure Storage Explorer for backup of Image • Used to copy image from one storage account to another • Setup Log Analytics Free Tier with Sample logging with Azure Security Center • Can be used to monitor and log infrastructure • Combine with Citrix FAS and Azure AD for SSO • http://bit.ly/2JXIPLt
  38. 38. © 2017 Citrix User Group Community Sensitivity: Internal Running Citrix in Microsoft Azure • Setting up Citrix NetScaler in Azure • Deploy NetScaler from Marketplace • Limitations  http://bit.ly/2K819W5 • ARM templates  https://github.com/citrix/netscaler-azure-templates • VPX 10 up to VPX 3000 Support • Requires Azure Load Balancer in front to handle failover • Use basic SKU and not standard • Setup Load Balancing logging for Log Analytics • With HA setup HA-INC • Address Pools with VPN Requires multiple IP Configurations • Get-AzureRmMarketplaceTerms -Publisher "citrix" -Product "netscalervpx-120" -Name "netscalerbyol" | Set-AzureRmMarketplaceTerms -Accept • Or use NetScaler Gateway as a Service
  39. 39. © 2017 Citrix User Group Community Sensitivity: Internal Smart Scale and Citrix Cloud • Smart Scale • Allows for automatic power on & off of instances • Supported for AWS and Microsoft Azure • Requires Agent installed on DDC or Citrix Cloud • Rules are defined on Delivery Groups basis http://bit.ly/2N1OCl4
  40. 40. © 2017 Citrix User Group Community Sensitivity: Internal Considerations • Build master Image using native automation tools • Azure Resource Manager • Cloud-init (Linux) • PowerShell DSC • Custom Script Extension • Google Cloud Deployment Manager • Start-up Script • Amazon Cloudformation • Shell Script • Cloud-Init • EC2Launch • Packer or Terraform • Chef, Puppet or Ansible { "builders": [{ "type": "azure-arm", "os_type": "Windows", "image_publisher": "MicrosoftWindowsServer", "image_offer": "WindowsServer", "image_sku": "2016-Datacenter", }, "location": "West_Europe", "vm_size": "Standard_DS2_v2" }], "provisioners": [{ "type": "powershell", "inline": [ "Add-WindowsFeature Web-Server", "& $env:SystemRootSystem32SysprepSysprep.exe /oobe /generalize /quiet /quit" ] }] }
  41. 41. © 2017 Citrix User Group Community Sensitivity: Internal Third party tools and Cloud Support • FSLogix – Cloud Cache (Azure Page Blob first, coming (AWS and Google to follow) • Liquidware – (AWS S3, Google Cloud or Azure Page Blob) • ControlUp – (AWS Support)
  42. 42. © 2017 Citrix User Group Community Sensitivity: Internal Running Citrix in Cloud - Summary Microsoft Azure • Citrix has most integrations with Microsoft Azure • Much of the backend and NGaaS Points are running in Microsoft Azure • Running VDI and Office 365 makes Azure the logical choice • Combination of EMS (Security, Mobility and Application Delivery) Amazon Web Services • Little news to AWS integrations from Citrix Google Cloud Platform • Google will probably be the next «big» platform for Citrix moving forward • More features to come available soon, 90 days announcements from Synergy!

×