SlideShare a Scribd company logo
1 of 48
© 2017 Citrix User Group Community
Delivering and
Optimizing Citrix
from
Microsoft Azure
© 2017 Citrix User Group Community
Marius Sandbu
• Microsoft Azure MVP, Citrix CTP, VMware EUC Champion,
Vmware vExpert NSX, NVIDIA GRID Advisor, Veeam
Vanguard, Nutanix NTC, Networking SIG leader
• Blog: msandbu.org
• Twitter: @msandbu
© 2017 Citrix User Group Community
Dave Brett
• Citrix CTP, myCUGC Networking SIG Leader and DABCC.com
Community Contributor
• Blog: bretty.me.uk
• Twitter: @dbretty
© 2017 Citrix User Group Community
• Basic building blocks and options for delivering Citrix in Azure
• Designing and deploying Citrix in Azure
• Automation and monitoring
• Compute, Networking and high-availability
• Example Architectures
• Tips and tuning
• Scripts & Automation
Agenda
© 2017 Citrix User Group Community
Basic building blocks in Azure
• Azure Resource Manager
Provisioning layer used for deployment of resources in Azure
using different Resource Providers
• Resource Groups
Logical grouping of objects in Azure used for lifecycle management
and role based access control and cost control
• Azure Active Directory
Web based identity service in Microsoft Azure used to
control access to resources in Azure and other third party SaaS
Application Insights
Azure
Active Directory
Azure
Automation
Backup Service Batch
Azure cache
Data Factory
Data Lake
DocumentDB DNS Event Hubs
HDInsight
Azure Key Vault IoT Hub
Azure load balancer
Logic App Media
Services
Machine Learning
Notification
Hubs
Operational Insights Azure
Search Service Bus
Scheduler Azure SQL database
Service Fabric Storage Traffic Manager Virtual machine
VPN Gateway
Stream Analytics
ExpressRoute
AzureContainer
Service
StorSimple
AzureCDN Azure
Security
Center
Cosmos DB
AzureData
Catalog
Web App
Intune
Azure
Container
Registry
AzureApplication Gateway
Site Recovery
Cognitive
Services
AzureData LakeAnalytics
Bot Service
AzureFunctions
PostegreSQL
MySQL
AzureSQL
Datawarehouse
AzureSearch
AzureAdvisor
© 2017 Citrix User Group Community
Where can I deploy?
© 2017 Citrix User Group Community
Azure Resource Manager (ARM)
• Unified orchestration layer against Azure
• Role Based Access Control
Azure AD which defines which type of access an user has to interact or deploy
resources
• Resource Providers
Different providers depending on what kind of resource we want to manage for
instance compute, Network or Storage
• Deployment of ARM Templates
JSON based templates which allows for deployment of all objects in Azure
• Accessed using REST or using UI
© 2017 Citrix User Group Community
Azure Resource Manager - Templates
AzureRM PowerShell deployment
New-​Azure​Rm​Resource​Group​Deployment –ResourceGroup –Templatefile –TemplateParameterfile
Also works in Azure Stack!
© 2017 Citrix User Group Community
Planning deployment of Citrix in Azure
• Meet user demands
Will a deployment in Azure meet user demands to performance and functionality?
• Cost
What will a deployment of Citrix in Azure Actually cost us? And is cloud cheaper?
• Features
Logical grouping of objects in Azure used for lifecycle management
and role based access control and cost control
• Management and provisioning
How to do smart management of infrastructure and what kind of deployment model to use?
• Responsibility model when moving to the cloud
Security still our responsibility – Patching, Maintance & Management
© 2017 Citrix User Group Community
Some limitations in Azure
• GPU support
Supports GPU-passtrough only with NV-series – limited support for high-end storage
NVIDIA and Microsoft announced new N series
• Specific VM sizes
No custom VM sizes need to have specific VM instance types
• Specific IOPS or Disk sizes
Standard storage or Premium Storage – Max 4 TB disk size
• Hypervisor and provisioning options
No access to hypervisor limited to MCS setup
• Network limitation
Azure uses network virtualization and therefore no layer two support
• Initial subscription default limit
https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits
• Supported virtual machine workloads  http://bit.ly/2thxIEF
• Lacking support for platform services in Azure for Citrix
© 2017 Citrix User Group Community
On-premises vs Citrix Cloud
Citrix Cloud
Active
Directory
Hypervisor
VDAs
Cloud Connector
IdentityProvisioningProxyAuthentication
NetScaler
(Optional)
Storefront
(Optional)
Active
Directory
Hypervisor
VDAs
Desktop Delivery Controller
IdentityProvisioningAuthentication
NetScaler
Storefront
SQL
Database
On-premises
XenDesktop
• Both On-premises and Citrix Cloud supports Azure provisioning
• Citrix Cloud can be used against
• XenApp Essentials
• XenDesktop Essentials
• Apps and Desktop Service
• NetScaler and Storefront as a service
optional
• Storefront as a service
• No Optimal Gateway Routing
• No UI customization
• No MFA
• No HTML5 Receiver
© 2017 Citrix User Group Community
Deployment options
XenApp Essentials
• Azure only service
• Apps only
• NGaaS only
• Uses Azure MCS
• Smart Scale included
• No Studio Access
• Citrix monthly subscription
XenDesktop Essentials
• Azure only Service
• Desktops only
• NGaaS or NetScaler
• Uses Azure MCS
• Smart Scale included
• Limited Studio Access
• Citrix monthly subscription
• Microsoft EA only
• Windows 10 CBB Enterprise
User mode
Citrix Cloud
• Multiple Clouds
• Apps and Desktops
• NGaaS or NetScaler
• Use Azure MCS
• Smart Tools included
• Full Studio Access
• Citrix monthly subscription
• Can be used to deploy VDI
• 12$ User/month
• Does include from Microsoft RDS
• Minimum 25 users
• 12$ User/month
• Does not include RDS
• Minimum 25 users
• 270$ year
• Does not include RDS
• Minimum 25 users
https://blogs.windows.com/business/2017/07/10/windows-
virtualization-use-rights-coming-to-csp/
© 2017 Citrix User Group Community
Remote Access options
NetScaler Gateway as a Service
• Fully Managed NetScaler Service
• No need to Public IP or Certificate
• Need 2x CWC Connector for HA
• Limited to ICA Proxy
• No support for AppFlow or Storefront options
such as Optimal Gateway Routing
• No Support for MFA
POP’s in Azure: Azure South Central US ii. Azure West Europe iii. Azure
Australia East iv. Azure East US v. Azure West US vi. Azure North Europe
vii. Azure Japan East viii. Azure Brazil South ix. Azure Southeast Asia
NetScaler Gateway IaaS
• Available from Marketplace in Azure with
BYOL
• Maintained as regular VPX
• Requires 2x in the same availability
groups for HA
• L2 capabilities limited because of network
architecture in Azure (GARP, Bridge Mode,
VLAN, L2 Mode, USIP)
• NB: Enlightened data transport not working in
Azure yet Will be fixed soon!
• NetScaler in Azure? More info on the previous
webinar 
NB: Want to deploy it using ARM? Look at http://bit.ly/2ue9ejW
© 2017 Citrix User Group Community
Identity options
• Active Directory on IaaS
• Azure Active Directory
Web based identity service with support for web based
authentication protocols
• Pass-trough or Federation?
• Office365
• Enable modern authentication
• Use with Windows 10 Azure AD join and Citrix FAS
• Setup  http://bit.ly/2rzPWRJ
• Can also be used with Citrix Cloud Admin
• Not end-users
© 2017 Citrix User Group Community
Identity options
• Azure Active Directory Domain Services
• “AD-as-a-service” with Azure AD Currently only supported in
Classic mode using VNET Peering
• Cannot be used in Hybrid model
• Preview now in ARM  http://bit.ly/2vzyX2E
Domain or Enterprise
administrator privileges
✕ ✓
Domain join ✓ ✓
Domain authentication using
NTLM and Kerberos
✓ ✓
Kerberos constrained
delegation
resource-
based
resource-based &
account-based
Custom OU structure ✓ ✓
Schema extensions ✕ ✓
AD domain/forest trusts ✕ ✓
LDAP write ✕ ✓
Group Policy ✓ ✓
Geo-distributed deployments ✕ ✓
© 2017 Citrix User Group Community
Role based access control for helpdesk
• Azure AD supports role based access
• Has a number of built-in custom roles
• Access can be given to a resource group or object
• Custom roles can be created using PowerShell or REST
• NOTE: Does not affect access inside Guest OS
• Built-in roles  http://bit.ly/2uwxk8J
• Example: Create Helpdesk operator role to restart VM’s
$role = Get-AzureRmRoleDefinition “Virtual Machine Contributor”
$role.Id = $null
$role.Name = “Reboot Helpdesk Operator”
$role.Description = “Can restart virtual machines.”
$role.Actions.Clear()
$role.Actions.Add(“Microsoft.Compute/virtualMachines/read”)
$role.Actions.Add(“Microsoft.Compute/virtualMachines/restart/action”)
$role.AssignableScopes.Clear()
$role.AssignableScopes.Add(“/subscriptions/subscriptionID”)
New-AzureRmRoleDefinition -Role $role
© 2017 Citrix User Group Community
Azure Resource Locks and Resource Policies
• Azure Resource Locks
• Allows to lock single resources or resource groups
• Ensure that no one deletes or overwrites resources
• Or using PowerShell
• New-AzureRmResourceLock -LockName LockGroup
-LockLevel CanNotDelete ` -ResourceGroupName example
• Resource Policies
• Restrict usage of certain resources
• Disallow certain locations
• Disallow certain resource types
• Disallow virtual machine SKU’s
• Enforcing tags and value
© 2017 Citrix User Group Community
• Virtual Network
• Contained within a single region and Vnet peering
• Contains one or more subnets
• DHCP and DNS controlled by Azure
• Network Security Groups
• Dynamic IP’s & Public IP’s
• First three IP’s and last IP reserved in each subnet are reserved
• Forwarder DNS  168.63.129.16
• VPN or Direct Connectivity
• S2S VPN for Hybrid Scenario
• S2S VPN Requires specific MSS = 1350
• Cannot have overlapping IP addresses
• Software based VPN now supports up to 1,25 Gbps
• Max 30 Site-to-site VPN w/Multi-site
• Active / Active
• BGP
Networking
Virtual Network 10.0.0.0/23
Default Subnet 10.0.0.0/24
Region = North Europe
10.0.0.4 10.0.0.5 10.0.0.6
Network Security
Group
Public IP
Gateway
10.0.0.1
DNS
IP-forwarding
Static or Dynamic
Multi IP
DNS
specified
Internal Subnet 10.0.1.0/24
10.0.1.4 10.0.1.5
© 2017 Citrix User Group Community
Highly available services in Azure
• Load Balancer
• Deals with L4 traffic both internally and externally
• It’s free
• Basic Health Monitoring
• Application Gateway
• Deals with HTTP/HTTPS/Web Socket traffic L7
• Application Load Balancing, SSL Offloading
• WAF – OWASP top 10
• Traffic Manager
• DNS based load balancing
• Performance, Geographic, Priority, Weighted
© 2017 Citrix User Group Community
• Disk layout
• Built-in drives
• Premium Storage vs Standard (DS vs D series)
• One or more data disks
• Standard 99,95% and Premium Disk 99,99%
• One Storage Account for 40 VM’s
• High-availability
• Availability Sets to manage updates and fault domains
• Create Availability sets before creating machines
• Managed disks vs Storage Accounts
• Running a Cluster in Azure
• Storage Spaces Direct for user profile disks with cloud witness
• Storage Spaces Direct for SQL Failover Cluster with cloud witness
• Backup using either Agent based or Azure Backup Services
Compute
© 2017 Citrix User Group Community
• Different compute instance have different restrictions
• Type of NIC Bandwidth
• Check if RSS is enabled inside your VM
• Amount of Data Disks (x 4 TB Standard or Storage Premium)
• Not always SSD on local drive
• List of instance sizes --> http://bit.ly/2tmcpWy
• Citrix recommends D2v2 series
• Av2 series an alternative
• Note: A series can use a series of different
hardware types and processors
Compute instances
Instance type Bandwidth
High D2_v2 1500 Mbps
A2 500 Mbps
Extremely high D5_v2 15000 mbps
Moderate D1_v2 750 Mbps
D12_v2 3000 mbps
© 2017 Citrix User Group Community
Provisioning with MCS
Requirements:
• Requires an existing Azure subscription
• An Azure AD Account which has Contributer rights
to the subscription (Script on last slide for narrow
service principle configuration
• ARM virtual network and subnet in the preferred
region, uses either a LRS or Premium Storage
• Can support HUB (Hybrid Use Benefits) and
different instance types available in the region
• Master image created from a snapshot VHD blob
on a stopped VM
• Maximum of 800 virtual machines in a resource
group, will automatically create a new storage
account per 40 VM's
Use Azure Files to upload software you need for
easy access between on-premises and guest-os
© 2017 Citrix User Group Community
Provisioning with MCS
Use Azure based image
• Setup virtual machine in Azure using ARM automation
• Stop virtual machine to be deallocated
• Copy VHD to image Storage Container
• Used for Rollback purposes
• Update Machine Catalog
Automate image process using Packer or ARM
Use On-premises VHD file
• Install Azure Agent on base image
(https://go.microsoft.com/fwlink/?LinkID=394789&clcid=0x409)
• Upload VHD using PowerShell, using Azure Storage Explorer or
AzCopy
• Remember limitations: VHD only and disk size
• Add-AzureRMVHD -ResourceGroupName OnPremVHDStore -Destination
“https://example.blob.core.windows.net/example/example.vhd” -
LocalFilePath “D:xa-vda.vhd”
Storage blobStorage blobStorage blob Storage blobStorage blob
Base image
Copy VHD Update Machine
Catalog
Storage
Account Images
Container
XenApp Hosts
© 2017 Citrix User Group Community
Wizard setup
© 2017 Citrix User Group Community
Provisioning with MCS – Managed disks
Managed Disk
• Default option when setting up VM’s in Azure in ARM
• No longer limited by IOPS in a Storage Account
• Up to 10,000 VM’s in a subscription
• Better reliability
• Only support for LRS
• Support for Managed Disk Snapshot copy
• Encrypted by default
• Not supported by MCS yet
• Supported by Azure Backup
• Building Golden image using Managed Disks?
Copy script on last slide
© 2017 Citrix User Group Community
Setting up environment for XenApp Essentials in Azure
 Have an active Azure Subscription
 Create an virtual network in the closest region
 Active user in Azure Active Directory that can
be used for provisioning
 Add the user as owner/contributer to
subscription
 Create a Active Directory Domain in the
virtual network
 Change the virtual network DNS to point
to your Active Directory DNS
© 2017 Citrix User Group Community
• Log Analytics – OMS
• Azure Monitor
All Azure related notification, changes and health
• Base Metrics in Azure
Monitoring basic metrics using Agent and triggers alerts
• Logic Apps
UI based integration services using Connectors
Try it! Tweet #azure #citrix #CTPpower
• Azure Automation
Allows for runbooks based upon PowerShell or PowerShell DSC
• Status notification from Azure and Citrix Cloud
https://azure.microsoft.com/en-us/status/ Azure Service Health Dashboard
https://status.cloud.com/ - Webhook notification
• Octoblu – Mr Dave “Octoblu” Brett
Automation and Monitoring
© 2017 Citrix User Group Community
• Log gathering based upon packs and source
• Can be used with free tier
• Sources
• Linux / Windows / Syslog / Azure / Office 365 / REST API
• Event Logs, Custom Files, Network, Performance Counters and such
• Intelligence Packages
• Security and Audit
• Network Performance Monitor, Service Map
• Citrix packages in tech preview
• Triggers – Webhook or Azure Automation
• Example, block incoming connection attempts http://bit.ly/2segwAh
Automation and Monitoring – Log Analytics
© 2017 Citrix User Group Community
• Delivers Citrix information and events to Log Analytics
• Based on ComTrade
• Requires to have OMS agent and then Citrix agent
• Delivers real-time information
• Logon count per Site
• Average logon duration per Site
• Delivery Groups sorted by number of desktops
• Availability of Delivery Groups as a percentage
• Delivery Groups that are in maintenance mode
• Server OS machines by highest load index
• Number of unique users per Delivery Group
• Users with slow logon time detection
• Setup  http://bit.ly/2oNeoge
• Or Community based Free OMS agent  http://bit.ly/2tAsSll
Log Analytics – Citrix
© 2017 Citrix User Group Community
• Smart Scale
Allow for automatic scaling up and down on resources
based upon schedule and load.
• Only support for XenApp hosts
• Support for VDI desktops is currently in "preview."
• Follow news and updates --> http://bit.ly/2veM5es
• Azure Advisor
Microsoft Azure optimizer feature which can advise on
low utilization and recommend optimization tips
• Free Service and useable using REST API
• Does not scan applications running inside guest OS
• Pay Attention to updates
• https://azure.microsoft.com/en-us/roadmap/
• Use the Citrix Azure Cost calculator
https://costcalculator.azurewebsites.net/
Optimizing cost
© 2017 Citrix User Group Community
• Check the latency to your closest region  http://azurespeed.com/
• Check if you can optimize routing to another peer to get lower latency to that region
• Web Facing servers in Azure should have other TCP profile “Set-NetTCPProfile”
• Windows Server 2016 RS3 makes a lot of difference on this part!
• Microsoft publishes Azure’s public IP ranges here  https://www.microsoft.com/en-
us/download/confirmation.aspx?id=41653
• Also makes the IP addresses quite popular for hackers 
• Add local user accounts to your virtual machines, in case of failure
• If already using regular (non premium) Storage run this to enable TRIM support
fsutil behavior set DisableDeleteNotify 0
• Moving public facing DNS to Azure DNS also allows for automated deployment
• Do not install SQL based applications on C: or D:
• Look at what kind of storage redundancy you are using
• Do not rename the resource groups that MCS creates or that will break the connection
Tips and tuning
© 2017 Citrix User Group Community
• Scheduled Maintance?
curl -H Metadata:true http://169.254.169.254/metadata/instance?api-version=2017-04-02
• Not all services are available in all regions so check before starting
• Enable Boot Diagnostics on virtual machines to see what is going on in the VM
• XenDesktop Essentials Microsoft VDI optimization  https://docs.microsoft.com/en-us/windows-
server/remote/remote-desktop-services/rds-vdi-recommendations
• Citrix VDI optimization  https://support.citrix.com/article/CTX216252
• Using a consistent naming standard for resource groups
• Environment-Location-Role-RG as an example for resource groups
• Start learning ARM templates and building your own templates
• https://github.com/Azure/azure-quickstart-templates
Tips and tuning
© 2017 Citrix User Group Community
• Trouble with Citrix Cloud Connector?  https://support.citrix.com/article/CTX221535
• Check C:ProgramDataCitrixWorkspacecloudLogs
• Hybrid? Check time sync https://support.citrix.com/article/CTX206522
Azure Guests by default sync with Hypervisor time
• Using Proxy with Cloud Connector? Configure Browser Proxy “Netsh winhttp import proxy source =ie
• Trouble provisioning? Check the Activity Log under the Resource Group in the Azure Portal
• Trouble provisioning? Check that the service principal has access to create resources in the subscription
• Trouble provisioning? Check that you have sufficient quota in Azure
• Trouble finding the VHD in the Wizard? Not supported with Managed disks
• Trouble provisioning? Check that the virtual machine containing the master image is shut down
• Networking not working? Enable Network Watcher in Azure or check NSG rules flow in Log Analytics
• Network Watcher needs to be enabled on subscription level
• Can download PCAP file and do packet trace
• Does not support Azure LB
Troubleshooting
© 2017 Citrix User Group Community
• Use of Managed disks for non MCS resources
• Use Log Analytics free tier to do alerting and react
• Using Azure DNS for automation of external DNS
• Smart scale used to manage VDA’s
• A2v2 for Cloud Connectors
• Azure Recovery Services used to backup critical
Components
• Azure AD connect configured user lifecycle management
• NetScaler setup behind Azure LB for HA purposes
• 168.63.129.16 used to probe from Azure LB
Example architecture – Cloud only
Citrix Cloud
Microsoft Azure
Availability Set
Domain Controllers
Availability Set
Cloud Connectors
Azure Recovery
Services
Server VDA s XenDesktop
MCS provisioned
Azure Active
Directory
Authentication &
Management
IT-Administrators
Sync
Availability Set
Azure AD Connect
Primary and Staged
Public IP
Availabilty Set
NetScaler VPX
ICA
SESSION
Azure load balancer
Availabilty Set
Storefront
Azure Log
Analytics
Azure DNS
msandbu.org
Scale up or
Scale down
Endusers
Azure
Automation
© 2017 Citrix User Group Community
Example architecture - Hybrid
• Use of Zones (Primary on-premises and Satelitte Zone in Azure)
• Optimal Gateway Routing
• Each Zone has its own Hypervisor Connection (Azure)
• Be aware of latency between Primary and Satelitte Zone
© 2017 Citrix User Group Community
Example architecture – Multi Region Self Managed
• NetScaler and Unified Gateway running in both regions
with Multiple IP Addresses
• ADNS Service in both regions
• DNS Delegated to ADNS Servive
• StoreFront Clusters in both regions in Availability set
with NetScaler Load Balancer
• Controllers in both regions for both Zones in
Availability set
• Apps and Desktops split across both regions
• Highly available SQL Instance split across regions
© 2017 Citrix User Group Community
• XenApp Essentials deployment guide
http://bit.ly/2uqiJvW
• Active Directory Deployment in Azure
http://bit.ly/2twYY18
• XenDesktop Essentials deployment guide
http://bit.ly/2twhsip
• Customize deployment into specific Resource Groups
http://bit.ly/2u19sI0
• Using Citrix with Azure ASR
http://bit.ly/2u0v2MG
• Deployment guide for Citrix in Azure
http://bit.ly/2uqhkW9
• Advanced Concepts Citrix Cloud and Azure
http://bit.ly/2uFmptj
More reading material
© 2017 Citrix User Group Community
Citrix and Azure – Getting Started
• Bunch of Marketplace items already
available in Azure
• A lot of ARM templates for automating
deployment of Citrix in Azure here 
• https://github.com/citrix/Citrix-Cloud-
ResourceLocation-Arm-Template
• Auto shutdown feature
• Build, Destroy and repeat!
Remove-AzureRmResourceGroup
• Citrix & Azure Whitepaper coming soon!
© 2017 Citrix User Group Community
Citrix and Azure – Moving forward roadmap
• Improved Provisioning performance
• Support for Linux VDA in Azure
• Support for Azure Goverment*
• Support for Managed Disks
• Support for Azure Disk Encryption
#SYN318  https://www.youtube.com/watch?v=jnnZTKBy18c
© 2017 Citrix User Group Community
Scripting and working with Azure PowerShell?
# Install the Azure Resource Manager modules from the PowerShell Gallery
Install-Module AzureRM
#Import Module to PowerShell Session
Import-Module AzureRM
# Login to Azure Account
Login-AzureRmAccount
# or we can use the Add-AzureRMaccount with a lokal AccessToken if we have older version of Azure cmdlets
Save-AzureRmProfile -path c:mydirmyprofile.json
Select-AzureRmProfile -Path c:mydirmyprofile.json
Latest Azure PowerShell cmdlets
Save-AzureRmContext -Path c:mydirmyprofile.json
Import-AzureRmContext -Path c:mydirmyprofile.json
© 2017 Citrix User Group Community
Competition!
How many times did this guy appear in
the webinar? (Excluding on this slide….)
© 2017 Citrix User Group Community
© 2017 Citrix User Group Community
Scripts for update VHD
Update VHD
Login-AzureRmAccount
# VHD blob to copy #
$blob = «xaimage.vhd"
# Source Storage Account Information #
$sourceStorageAccountName = "rdshwesteuropestorage1"
$sourceKey = AccessKey
$sourceContext = New-AzureStorageContext –StorageAccountName $sourceStorageAccountName -StorageAccountKey $sourceKey
$sourceContainer = "vhds"
# Destination Storage Account Information #
$destinationStorageAccountName = " rdshwesteuropestorage1 "
$destinationKey = AccessKey
$destinationContext = New-AzureStorageContext –StorageAccountName $destinationStorageAccountName -StorageAccountKey $destinationKey
# Create the destination container #
$destinationContainerName = "basevhd"
New-AzureStorageContainer -Name $destinationContainerName -Context $destinationContext
# Copy the blob #
$blobCopy = Start-AzureStorageBlobCopy -DestContainer $destinationContainerName -DestContext `
$destinationContext -SrcBlob $blob -Context $sourceContext -SrcContainer $sourceContainer
© 2017 Citrix User Group Community
Scripts to create service principal
Create Service Principal for Azure AD use
Login-AzureRmAccountparam(
[string]$applicationName = "CitrixAccess",
[Parameter(Mandatory=$true)][string]$applicationPassword,
[Parameter(Mandatory=$true)][string]$subscriptionId
)
## Just to create a AzureAD Application to act as a service principal
$application = New-AzureRmADApplication -DisplayName $applicationName -HomePage "https://localhost/$applicationName" `
-IdentifierUris "https://$applicationName" -Password $applicationPassword
New-AzureRmADServicePrincipal -ApplicationId $application.ApplicationId
# Wait for the service principal to become available
Start-Sleep -s 60
New-AzureRmRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $application.ApplicationId `
-scope "/subscriptions/$subscriptionId"
Write-Host ("Application ID: " + $application.ApplicationId)
https://support.citrix.com/article/CTX219243
© 2017 Citrix User Group Community
Scripts to create hypervisor connection
Create Hypervisor Connection in Citrix Studio
param(
[string]$connectionName = "AzureConnection",
[Parameter(Mandatory=$true)][string]$applicationId,
[Parameter(Mandatory=$true)][string]$applicationPassword,
[Parameter(Mandatory=$true)][string]$subscriptionId,
[Parameter(Mandatory=$true)][string]$subscriptionName,
[Parameter(Mandatory=$true)][string]$tenantId
)
Add-PsSnapin Citrix*
$customProperties = @"
<CustomProperties xmlns="http://schemas.citrix.com/2014/xd/machinecreation" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Property xsi:type="StringProperty" Name="AuthenticationAuthority" Value="https://login.microsoftonline.com/"/>
<Property xsi:type="StringProperty" Name="ManagementEndpoint" Value="https://management.azure.com/"/>
<Property xsi:type="StringProperty" Name="StorageSuffix" Value="core.windows.net"/>
<Property xsi:type="StringProperty" Name="TenantId" Value="$tenantId"/>
<Property xsi:type="StringProperty" Name="SubscriptionId" Value="$subscriptionId"/>
<Property xsi:type="StringProperty" Name="SubscriptionName" Value="$subscriptionName"/>
</CustomProperties>
"@
$connection = New-Item -ConnectionType "Custom" -CustomProperties $customProperties -HypervisorAddress @("https://management.azure.com/") `
-Path @("XDHyp:Connections$connectionName") -Persist -PluginId "AzureRmFactory" -Scope @() `
-SecurePassword (ConvertTo-SecureString -AsPlainText -Force $applicationPassword) -UserName $applicationId
New-BrokerHypervisorConnection -HypHypervisorConnectionUid $connection.HypervisorConnectionUid
© 2017 Citrix User Group Community
Scripts to create OMS workspace
Create OMS worksapce
$ResourceGroup = "oms-example"
$WorkspaceName = "log-analytics-" + (Get-Random -Maximum 99999) # workspace names need to be unique - Get-Random helps with this for the example code
$Location = "westeurope"
# List of solutions to enable
$Solutions = "Security", "Updates", "SQLAssessment"
# Create the resource group if needed
try {
Get-AzureRmResourceGroup -Name $ResourceGroup -ErrorAction Stop
} catch {
New-AzureRmResourceGroup -Name $ResourceGroup -Location $Location
}
# Create the workspace
New-AzureRmOperationalInsightsWorkspace -Location $Location -Name $WorkspaceName -Sku Standard -ResourceGroupName $ResourceGroup
# List all solutions and their installation status
Get-AzureRmOperationalInsightsIntelligencePacks -ResourceGroupName $ResourceGroup -WorkspaceName $WorkspaceName
# Add solutions
foreach ($solution in $Solutions) {
Set-AzureRmOperationalInsightsIntelligencePack -ResourceGroupName $ResourceGroup -WorkspaceName $WorkspaceName -IntelligencePackName $solution -Enabled $true
}
#List enabled solutions
(Get-AzureRmOperationalInsightsIntelligencePacks -ResourceGroupName $ResourceGroup -WorkspaceName $WorkspaceName).Where({($_.enabled -eq $true)})
© 2017 Citrix User Group Community
Scripts to create custom helpdesk role in Azure
Create custom role Azure AD
$role = Get-AzureRmRoleDefinition “Virtual Machine Contributor”
$role.Id = $null
$role.Name = “Reboot Helpdesk Operator”
$role.Description = “Can restart virtual machines.”
$role.Actions.Clear()
$role.Actions.Add(“Microsoft.Compute/virtualMachines/read”)
$role.Actions.Add(“Microsoft.Compute/virtualMachines/restart/action”)
$role.AssignableScopes.Clear()
$role.AssignableScopes.Add(“/subscriptions/subscriptionID”)
New-AzureRmRoleDefinition -Role $role
© 2017 Citrix User Group Community
Scripts to create snapshot managed disk and copy
# Take Snapshot of Managed Disks# Source VM Details START $resourceGroupName = 'MSANDBUtest'
$location = 'westeurope'
$dataDiskName = 'msandbu_OsDisk_1_e10a5ca28e6546c2b3c58634ae0b5916' $snapshotName = 'vm01_snapshot'$disk =
Get-AzureRmDisk -ResourceGroupName $resourceGroupName -DiskName $dataDiskName$snapshot =
New-AzureRmSnapshotConfig -SourceUri $disk.Id -CreateOption Copy -Location $locationNew-AzureRmSnapshot -Snapshot
$snapshot -SnapshotName $snapshotName -ResourceGroupName $resourceGroupName
# Copy snapshotGet-AzureRmSnapshot -Name $snapshotName -ResourceGroupName $resourcegroupName$sasExpiryDuration =
"3600«
$storageAccountName = "msandbutest2"$storageContainerName = "vhd«
$storageAccountKey
='wIVvedHPhTASHCyZpCZkC/FtXVR94BXnTCpi42pEpa3IX9qzuruwiVoSvKQkEhSFqrk4zMOcQGBS9jGWnyRLag=='$destinationVHDFileName
= "updatevhd"$sas = Grant-AzureRmSnapshotAccess -ResourceGroupName $ResourceGroupName -SnapshotName $SnapshotName
-DurationInSecond $sasExpiryDuration -Access Read $destinationContext = New-AzureStorageContext –
StorageAccountName $storageAccountName -StorageAccountKey $storageAccountKey #Copy the snapshot to the storage
account Start-AzureStorageBlobCopy -AbsoluteUri $sas.AccessSAS -DestContainer $storageContainerName -DestContext
$destinationContext -DestBlob $destinationVHDFileName

More Related Content

What's hot

Application layering vs Application Isolation
Application layering vs Application IsolationApplication layering vs Application Isolation
Application layering vs Application IsolationMarius Sandbu
 
Azure Networking - The First Technical Challenge
Azure Networking  - The First Technical ChallengeAzure Networking  - The First Technical Challenge
Azure Networking - The First Technical ChallengeAidan Finn
 
Digitally Transform (And Keep) Your On-Premises File Servers
Digitally Transform (And Keep) Your On-Premises File ServersDigitally Transform (And Keep) Your On-Premises File Servers
Digitally Transform (And Keep) Your On-Premises File ServersAidan Finn
 
Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataTrust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataAidan Finn
 
Microsoft azure - the cloud for modern business
Microsoft azure - the cloud for modern businessMicrosoft azure - the cloud for modern business
Microsoft azure - the cloud for modern businessVinh Nguyen Quang
 
Cisco integrated system for microsoft azure stack
Cisco integrated system for microsoft azure stackCisco integrated system for microsoft azure stack
Cisco integrated system for microsoft azure stackAymen Mami
 
Azure SQL Database
Azure SQL Database Azure SQL Database
Azure SQL Database nj-azure
 
ITCamp 2018 - Thomas Maurer - Azure Stack - Everything you need to know!
ITCamp 2018 - Thomas Maurer - Azure Stack - Everything you need to know!ITCamp 2018 - Thomas Maurer - Azure Stack - Everything you need to know!
ITCamp 2018 - Thomas Maurer - Azure Stack - Everything you need to know!ITCamp
 
Adelaide Global Azure Bootcamp 2018 - Azure 101
Adelaide Global Azure Bootcamp 2018 - Azure 101Adelaide Global Azure Bootcamp 2018 - Azure 101
Adelaide Global Azure Bootcamp 2018 - Azure 101Balabiju
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsBizTalk360
 
Azure Saturday: Security + DevOps + Azure = Awesomeness
Azure Saturday: Security + DevOps + Azure = AwesomenessAzure Saturday: Security + DevOps + Azure = Awesomeness
Azure Saturday: Security + DevOps + Azure = AwesomenessKarl Ots
 
Azure Compute, Networking and Storage Overview
Azure Compute, Networking and Storage OverviewAzure Compute, Networking and Storage Overview
Azure Compute, Networking and Storage OverviewAzure Riyadh User Group
 
Scott Guthrie's Windows Azure Overview
Scott Guthrie's Windows Azure Overview Scott Guthrie's Windows Azure Overview
Scott Guthrie's Windows Azure Overview Michael Meagher
 
70 533 - Module 01 - Introduction to Azure
70 533 - Module 01 - Introduction to Azure70 533 - Module 01 - Introduction to Azure
70 533 - Module 01 - Introduction to AzureGeorges-Emmanuel TOPE
 
Azure News Slides for October2017 - Azure Nights User Group
Azure News Slides for October2017 - Azure Nights User GroupAzure News Slides for October2017 - Azure Nights User Group
Azure News Slides for October2017 - Azure Nights User GroupMichael Frank
 
Introduction to Azure
Introduction to AzureIntroduction to Azure
Introduction to AzureRobert Crane
 
Deploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWSDeploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWSAmazon Web Services
 

What's hot (20)

Application layering vs Application Isolation
Application layering vs Application IsolationApplication layering vs Application Isolation
Application layering vs Application Isolation
 
Azure Networking - The First Technical Challenge
Azure Networking  - The First Technical ChallengeAzure Networking  - The First Technical Challenge
Azure Networking - The First Technical Challenge
 
Digitally Transform (And Keep) Your On-Premises File Servers
Digitally Transform (And Keep) Your On-Premises File ServersDigitally Transform (And Keep) Your On-Premises File Servers
Digitally Transform (And Keep) Your On-Premises File Servers
 
Azure Administrator
Azure AdministratorAzure Administrator
Azure Administrator
 
Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataTrust No-One Architecture For Services And Data
Trust No-One Architecture For Services And Data
 
Microsoft azure - the cloud for modern business
Microsoft azure - the cloud for modern businessMicrosoft azure - the cloud for modern business
Microsoft azure - the cloud for modern business
 
Cisco integrated system for microsoft azure stack
Cisco integrated system for microsoft azure stackCisco integrated system for microsoft azure stack
Cisco integrated system for microsoft azure stack
 
Azure SQL Database
Azure SQL Database Azure SQL Database
Azure SQL Database
 
ITCamp 2018 - Thomas Maurer - Azure Stack - Everything you need to know!
ITCamp 2018 - Thomas Maurer - Azure Stack - Everything you need to know!ITCamp 2018 - Thomas Maurer - Azure Stack - Everything you need to know!
ITCamp 2018 - Thomas Maurer - Azure Stack - Everything you need to know!
 
Adelaide Global Azure Bootcamp 2018 - Azure 101
Adelaide Global Azure Bootcamp 2018 - Azure 101Adelaide Global Azure Bootcamp 2018 - Azure 101
Adelaide Global Azure Bootcamp 2018 - Azure 101
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s Assets
 
Azure Saturday: Security + DevOps + Azure = Awesomeness
Azure Saturday: Security + DevOps + Azure = AwesomenessAzure Saturday: Security + DevOps + Azure = Awesomeness
Azure Saturday: Security + DevOps + Azure = Awesomeness
 
Azure Compute, Networking and Storage Overview
Azure Compute, Networking and Storage OverviewAzure Compute, Networking and Storage Overview
Azure Compute, Networking and Storage Overview
 
Scott Guthrie's Windows Azure Overview
Scott Guthrie's Windows Azure Overview Scott Guthrie's Windows Azure Overview
Scott Guthrie's Windows Azure Overview
 
70 533 - Module 01 - Introduction to Azure
70 533 - Module 01 - Introduction to Azure70 533 - Module 01 - Introduction to Azure
70 533 - Module 01 - Introduction to Azure
 
Azure security
Azure  securityAzure  security
Azure security
 
Azure News Slides for October2017 - Azure Nights User Group
Azure News Slides for October2017 - Azure Nights User GroupAzure News Slides for October2017 - Azure Nights User Group
Azure News Slides for October2017 - Azure Nights User Group
 
Introduction to Azure
Introduction to AzureIntroduction to Azure
Introduction to Azure
 
Azure WAF
Azure WAFAzure WAF
Azure WAF
 
Deploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWSDeploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWS
 

Similar to Delivering and optimizing citrix from microsoft azure

Perth Azure Usergroup Build 2018 updates
Perth Azure Usergroup Build 2018 updatesPerth Azure Usergroup Build 2018 updates
Perth Azure Usergroup Build 2018 updatesNirmal Thewarathanthri
 
Azure Stack - Azure Nights User Group
Azure Stack - Azure Nights User GroupAzure Stack - Azure Nights User Group
Azure Stack - Azure Nights User GroupMichael Frank
 
ArchitectNow - Migrating Legacy .NET Apps to Azure
ArchitectNow - Migrating Legacy .NET Apps to AzureArchitectNow - Migrating Legacy .NET Apps to Azure
ArchitectNow - Migrating Legacy .NET Apps to AzureKevin Grossnicklaus
 
Microsoft Azure Stack
Microsoft Azure StackMicrosoft Azure Stack
Microsoft Azure StackTudor Damian
 
Microsoft Azure News - Oct 2016
Microsoft Azure News - Oct 2016Microsoft Azure News - Oct 2016
Microsoft Azure News - Oct 2016Daniel Toomey
 
Tokyo azure meetup #8 azure update, august
Tokyo azure meetup #8   azure update, augustTokyo azure meetup #8   azure update, august
Tokyo azure meetup #8 azure update, augustTokyo Azure Meetup
 
Tokyo azure meetup #8 - Azure Update, August
Tokyo azure meetup #8 - Azure Update, AugustTokyo azure meetup #8 - Azure Update, August
Tokyo azure meetup #8 - Azure Update, AugustKanio Dimitrov
 
Azure vs AWS Best Practices: What You Need to Know
Azure vs AWS Best Practices: What You Need to KnowAzure vs AWS Best Practices: What You Need to Know
Azure vs AWS Best Practices: What You Need to KnowRightScale
 
Azure Stack Fundamentals
Azure Stack FundamentalsAzure Stack Fundamentals
Azure Stack FundamentalsCenk Ersoy
 
[Rakuten TechTalk] Microsoft Azure (August 20, 2014)
[Rakuten TechTalk] Microsoft Azure (August 20, 2014)[Rakuten TechTalk] Microsoft Azure (August 20, 2014)
[Rakuten TechTalk] Microsoft Azure (August 20, 2014)Naoki (Neo) SATO
 
Building Azure RemoteApp - Microsoft Campus Days 2014
Building Azure RemoteApp - Microsoft Campus Days 2014Building Azure RemoteApp - Microsoft Campus Days 2014
Building Azure RemoteApp - Microsoft Campus Days 2014Morgan Simonsen
 
Microsoft Azure News - 2018 June
Microsoft Azure News - 2018 JuneMicrosoft Azure News - 2018 June
Microsoft Azure News - 2018 JuneDaniel Toomey
 
ArchitectNow - Designing Cloud-Native apps in Microsoft Azure
ArchitectNow  -  Designing Cloud-Native apps in Microsoft AzureArchitectNow  -  Designing Cloud-Native apps in Microsoft Azure
ArchitectNow - Designing Cloud-Native apps in Microsoft AzureKevin Grossnicklaus
 
Tokyo Azure Meetup #7 - Introduction to Serverless Architectures with Azure F...
Tokyo Azure Meetup #7 - Introduction to Serverless Architectures with Azure F...Tokyo Azure Meetup #7 - Introduction to Serverless Architectures with Azure F...
Tokyo Azure Meetup #7 - Introduction to Serverless Architectures with Azure F...Tokyo Azure Meetup
 
Microsoft certified azure developer associate
Microsoft certified azure developer associateMicrosoft certified azure developer associate
Microsoft certified azure developer associateGaurav Singh
 
Introducing Azure Arc
Introducing Azure ArcIntroducing Azure Arc
Introducing Azure ArcMohamed Wali
 
Building Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stackBuilding Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stackWinWire Technologies Inc
 

Similar to Delivering and optimizing citrix from microsoft azure (20)

Perth Azure Usergroup Build 2018 updates
Perth Azure Usergroup Build 2018 updatesPerth Azure Usergroup Build 2018 updates
Perth Azure Usergroup Build 2018 updates
 
Microservices in Azure
Microservices in AzureMicroservices in Azure
Microservices in Azure
 
Microservices in Azure
Microservices in AzureMicroservices in Azure
Microservices in Azure
 
Azure Stack - Azure Nights User Group
Azure Stack - Azure Nights User GroupAzure Stack - Azure Nights User Group
Azure Stack - Azure Nights User Group
 
ArchitectNow - Migrating Legacy .NET Apps to Azure
ArchitectNow - Migrating Legacy .NET Apps to AzureArchitectNow - Migrating Legacy .NET Apps to Azure
ArchitectNow - Migrating Legacy .NET Apps to Azure
 
Microsoft Azure Stack
Microsoft Azure StackMicrosoft Azure Stack
Microsoft Azure Stack
 
Micro services
Micro servicesMicro services
Micro services
 
Microsoft Azure News - Oct 2016
Microsoft Azure News - Oct 2016Microsoft Azure News - Oct 2016
Microsoft Azure News - Oct 2016
 
Tokyo azure meetup #8 azure update, august
Tokyo azure meetup #8   azure update, augustTokyo azure meetup #8   azure update, august
Tokyo azure meetup #8 azure update, august
 
Tokyo azure meetup #8 - Azure Update, August
Tokyo azure meetup #8 - Azure Update, AugustTokyo azure meetup #8 - Azure Update, August
Tokyo azure meetup #8 - Azure Update, August
 
Azure vs AWS Best Practices: What You Need to Know
Azure vs AWS Best Practices: What You Need to KnowAzure vs AWS Best Practices: What You Need to Know
Azure vs AWS Best Practices: What You Need to Know
 
Azure Stack Fundamentals
Azure Stack FundamentalsAzure Stack Fundamentals
Azure Stack Fundamentals
 
[Rakuten TechTalk] Microsoft Azure (August 20, 2014)
[Rakuten TechTalk] Microsoft Azure (August 20, 2014)[Rakuten TechTalk] Microsoft Azure (August 20, 2014)
[Rakuten TechTalk] Microsoft Azure (August 20, 2014)
 
Building Azure RemoteApp - Microsoft Campus Days 2014
Building Azure RemoteApp - Microsoft Campus Days 2014Building Azure RemoteApp - Microsoft Campus Days 2014
Building Azure RemoteApp - Microsoft Campus Days 2014
 
Microsoft Azure News - 2018 June
Microsoft Azure News - 2018 JuneMicrosoft Azure News - 2018 June
Microsoft Azure News - 2018 June
 
ArchitectNow - Designing Cloud-Native apps in Microsoft Azure
ArchitectNow  -  Designing Cloud-Native apps in Microsoft AzureArchitectNow  -  Designing Cloud-Native apps in Microsoft Azure
ArchitectNow - Designing Cloud-Native apps in Microsoft Azure
 
Tokyo Azure Meetup #7 - Introduction to Serverless Architectures with Azure F...
Tokyo Azure Meetup #7 - Introduction to Serverless Architectures with Azure F...Tokyo Azure Meetup #7 - Introduction to Serverless Architectures with Azure F...
Tokyo Azure Meetup #7 - Introduction to Serverless Architectures with Azure F...
 
Microsoft certified azure developer associate
Microsoft certified azure developer associateMicrosoft certified azure developer associate
Microsoft certified azure developer associate
 
Introducing Azure Arc
Introducing Azure ArcIntroducing Azure Arc
Introducing Azure Arc
 
Building Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stackBuilding Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stack
 

More from Marius Sandbu

Securing Virtual Machines in Microsoft Azure
Securing Virtual Machines in Microsoft AzureSecuring Virtual Machines in Microsoft Azure
Securing Virtual Machines in Microsoft AzureMarius Sandbu
 
Hackcon - Ransomware
Hackcon - RansomwareHackcon - Ransomware
Hackcon - RansomwareMarius Sandbu
 
Ransomware - Hvordan beskytte seg mot slike angrep?
Ransomware - Hvordan beskytte seg mot slike angrep? Ransomware - Hvordan beskytte seg mot slike angrep?
Ransomware - Hvordan beskytte seg mot slike angrep? Marius Sandbu
 
Ransomware erfaringer 2021
Ransomware erfaringer 2021Ransomware erfaringer 2021
Ransomware erfaringer 2021Marius Sandbu
 
Windows Virtual Desktop
Windows Virtual DesktopWindows Virtual Desktop
Windows Virtual DesktopMarius Sandbu
 

More from Marius Sandbu (6)

Securing Virtual Machines in Microsoft Azure
Securing Virtual Machines in Microsoft AzureSecuring Virtual Machines in Microsoft Azure
Securing Virtual Machines in Microsoft Azure
 
Hackcon - Ransomware
Hackcon - RansomwareHackcon - Ransomware
Hackcon - Ransomware
 
Ransomware - Hvordan beskytte seg mot slike angrep?
Ransomware - Hvordan beskytte seg mot slike angrep? Ransomware - Hvordan beskytte seg mot slike angrep?
Ransomware - Hvordan beskytte seg mot slike angrep?
 
Ransomware erfaringer 2021
Ransomware erfaringer 2021Ransomware erfaringer 2021
Ransomware erfaringer 2021
 
Windows Virtual Desktop
Windows Virtual DesktopWindows Virtual Desktop
Windows Virtual Desktop
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinel
 

Recently uploaded

H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Fact vs. Fiction: Autodetecting Hallucinations in LLMs
Fact vs. Fiction: Autodetecting Hallucinations in LLMsFact vs. Fiction: Autodetecting Hallucinations in LLMs
Fact vs. Fiction: Autodetecting Hallucinations in LLMsZilliz
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 

Recently uploaded (20)

H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Fact vs. Fiction: Autodetecting Hallucinations in LLMs
Fact vs. Fiction: Autodetecting Hallucinations in LLMsFact vs. Fiction: Autodetecting Hallucinations in LLMs
Fact vs. Fiction: Autodetecting Hallucinations in LLMs
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 

Delivering and optimizing citrix from microsoft azure

  • 1. © 2017 Citrix User Group Community Delivering and Optimizing Citrix from Microsoft Azure
  • 2. © 2017 Citrix User Group Community Marius Sandbu • Microsoft Azure MVP, Citrix CTP, VMware EUC Champion, Vmware vExpert NSX, NVIDIA GRID Advisor, Veeam Vanguard, Nutanix NTC, Networking SIG leader • Blog: msandbu.org • Twitter: @msandbu
  • 3. © 2017 Citrix User Group Community Dave Brett • Citrix CTP, myCUGC Networking SIG Leader and DABCC.com Community Contributor • Blog: bretty.me.uk • Twitter: @dbretty
  • 4. © 2017 Citrix User Group Community • Basic building blocks and options for delivering Citrix in Azure • Designing and deploying Citrix in Azure • Automation and monitoring • Compute, Networking and high-availability • Example Architectures • Tips and tuning • Scripts & Automation Agenda
  • 5. © 2017 Citrix User Group Community Basic building blocks in Azure • Azure Resource Manager Provisioning layer used for deployment of resources in Azure using different Resource Providers • Resource Groups Logical grouping of objects in Azure used for lifecycle management and role based access control and cost control • Azure Active Directory Web based identity service in Microsoft Azure used to control access to resources in Azure and other third party SaaS Application Insights Azure Active Directory Azure Automation Backup Service Batch Azure cache Data Factory Data Lake DocumentDB DNS Event Hubs HDInsight Azure Key Vault IoT Hub Azure load balancer Logic App Media Services Machine Learning Notification Hubs Operational Insights Azure Search Service Bus Scheduler Azure SQL database Service Fabric Storage Traffic Manager Virtual machine VPN Gateway Stream Analytics ExpressRoute AzureContainer Service StorSimple AzureCDN Azure Security Center Cosmos DB AzureData Catalog Web App Intune Azure Container Registry AzureApplication Gateway Site Recovery Cognitive Services AzureData LakeAnalytics Bot Service AzureFunctions PostegreSQL MySQL AzureSQL Datawarehouse AzureSearch AzureAdvisor
  • 6. © 2017 Citrix User Group Community Where can I deploy?
  • 7. © 2017 Citrix User Group Community Azure Resource Manager (ARM) • Unified orchestration layer against Azure • Role Based Access Control Azure AD which defines which type of access an user has to interact or deploy resources • Resource Providers Different providers depending on what kind of resource we want to manage for instance compute, Network or Storage • Deployment of ARM Templates JSON based templates which allows for deployment of all objects in Azure • Accessed using REST or using UI
  • 8. © 2017 Citrix User Group Community Azure Resource Manager - Templates AzureRM PowerShell deployment New-​Azure​Rm​Resource​Group​Deployment –ResourceGroup –Templatefile –TemplateParameterfile Also works in Azure Stack!
  • 9. © 2017 Citrix User Group Community Planning deployment of Citrix in Azure • Meet user demands Will a deployment in Azure meet user demands to performance and functionality? • Cost What will a deployment of Citrix in Azure Actually cost us? And is cloud cheaper? • Features Logical grouping of objects in Azure used for lifecycle management and role based access control and cost control • Management and provisioning How to do smart management of infrastructure and what kind of deployment model to use? • Responsibility model when moving to the cloud Security still our responsibility – Patching, Maintance & Management
  • 10. © 2017 Citrix User Group Community Some limitations in Azure • GPU support Supports GPU-passtrough only with NV-series – limited support for high-end storage NVIDIA and Microsoft announced new N series • Specific VM sizes No custom VM sizes need to have specific VM instance types • Specific IOPS or Disk sizes Standard storage or Premium Storage – Max 4 TB disk size • Hypervisor and provisioning options No access to hypervisor limited to MCS setup • Network limitation Azure uses network virtualization and therefore no layer two support • Initial subscription default limit https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits • Supported virtual machine workloads  http://bit.ly/2thxIEF • Lacking support for platform services in Azure for Citrix
  • 11. © 2017 Citrix User Group Community On-premises vs Citrix Cloud Citrix Cloud Active Directory Hypervisor VDAs Cloud Connector IdentityProvisioningProxyAuthentication NetScaler (Optional) Storefront (Optional) Active Directory Hypervisor VDAs Desktop Delivery Controller IdentityProvisioningAuthentication NetScaler Storefront SQL Database On-premises XenDesktop • Both On-premises and Citrix Cloud supports Azure provisioning • Citrix Cloud can be used against • XenApp Essentials • XenDesktop Essentials • Apps and Desktop Service • NetScaler and Storefront as a service optional • Storefront as a service • No Optimal Gateway Routing • No UI customization • No MFA • No HTML5 Receiver
  • 12. © 2017 Citrix User Group Community Deployment options XenApp Essentials • Azure only service • Apps only • NGaaS only • Uses Azure MCS • Smart Scale included • No Studio Access • Citrix monthly subscription XenDesktop Essentials • Azure only Service • Desktops only • NGaaS or NetScaler • Uses Azure MCS • Smart Scale included • Limited Studio Access • Citrix monthly subscription • Microsoft EA only • Windows 10 CBB Enterprise User mode Citrix Cloud • Multiple Clouds • Apps and Desktops • NGaaS or NetScaler • Use Azure MCS • Smart Tools included • Full Studio Access • Citrix monthly subscription • Can be used to deploy VDI • 12$ User/month • Does include from Microsoft RDS • Minimum 25 users • 12$ User/month • Does not include RDS • Minimum 25 users • 270$ year • Does not include RDS • Minimum 25 users https://blogs.windows.com/business/2017/07/10/windows- virtualization-use-rights-coming-to-csp/
  • 13. © 2017 Citrix User Group Community Remote Access options NetScaler Gateway as a Service • Fully Managed NetScaler Service • No need to Public IP or Certificate • Need 2x CWC Connector for HA • Limited to ICA Proxy • No support for AppFlow or Storefront options such as Optimal Gateway Routing • No Support for MFA POP’s in Azure: Azure South Central US ii. Azure West Europe iii. Azure Australia East iv. Azure East US v. Azure West US vi. Azure North Europe vii. Azure Japan East viii. Azure Brazil South ix. Azure Southeast Asia NetScaler Gateway IaaS • Available from Marketplace in Azure with BYOL • Maintained as regular VPX • Requires 2x in the same availability groups for HA • L2 capabilities limited because of network architecture in Azure (GARP, Bridge Mode, VLAN, L2 Mode, USIP) • NB: Enlightened data transport not working in Azure yet Will be fixed soon! • NetScaler in Azure? More info on the previous webinar  NB: Want to deploy it using ARM? Look at http://bit.ly/2ue9ejW
  • 14. © 2017 Citrix User Group Community Identity options • Active Directory on IaaS • Azure Active Directory Web based identity service with support for web based authentication protocols • Pass-trough or Federation? • Office365 • Enable modern authentication • Use with Windows 10 Azure AD join and Citrix FAS • Setup  http://bit.ly/2rzPWRJ • Can also be used with Citrix Cloud Admin • Not end-users
  • 15. © 2017 Citrix User Group Community Identity options • Azure Active Directory Domain Services • “AD-as-a-service” with Azure AD Currently only supported in Classic mode using VNET Peering • Cannot be used in Hybrid model • Preview now in ARM  http://bit.ly/2vzyX2E Domain or Enterprise administrator privileges ✕ ✓ Domain join ✓ ✓ Domain authentication using NTLM and Kerberos ✓ ✓ Kerberos constrained delegation resource- based resource-based & account-based Custom OU structure ✓ ✓ Schema extensions ✕ ✓ AD domain/forest trusts ✕ ✓ LDAP write ✕ ✓ Group Policy ✓ ✓ Geo-distributed deployments ✕ ✓
  • 16. © 2017 Citrix User Group Community Role based access control for helpdesk • Azure AD supports role based access • Has a number of built-in custom roles • Access can be given to a resource group or object • Custom roles can be created using PowerShell or REST • NOTE: Does not affect access inside Guest OS • Built-in roles  http://bit.ly/2uwxk8J • Example: Create Helpdesk operator role to restart VM’s $role = Get-AzureRmRoleDefinition “Virtual Machine Contributor” $role.Id = $null $role.Name = “Reboot Helpdesk Operator” $role.Description = “Can restart virtual machines.” $role.Actions.Clear() $role.Actions.Add(“Microsoft.Compute/virtualMachines/read”) $role.Actions.Add(“Microsoft.Compute/virtualMachines/restart/action”) $role.AssignableScopes.Clear() $role.AssignableScopes.Add(“/subscriptions/subscriptionID”) New-AzureRmRoleDefinition -Role $role
  • 17. © 2017 Citrix User Group Community Azure Resource Locks and Resource Policies • Azure Resource Locks • Allows to lock single resources or resource groups • Ensure that no one deletes or overwrites resources • Or using PowerShell • New-AzureRmResourceLock -LockName LockGroup -LockLevel CanNotDelete ` -ResourceGroupName example • Resource Policies • Restrict usage of certain resources • Disallow certain locations • Disallow certain resource types • Disallow virtual machine SKU’s • Enforcing tags and value
  • 18. © 2017 Citrix User Group Community • Virtual Network • Contained within a single region and Vnet peering • Contains one or more subnets • DHCP and DNS controlled by Azure • Network Security Groups • Dynamic IP’s & Public IP’s • First three IP’s and last IP reserved in each subnet are reserved • Forwarder DNS  168.63.129.16 • VPN or Direct Connectivity • S2S VPN for Hybrid Scenario • S2S VPN Requires specific MSS = 1350 • Cannot have overlapping IP addresses • Software based VPN now supports up to 1,25 Gbps • Max 30 Site-to-site VPN w/Multi-site • Active / Active • BGP Networking Virtual Network 10.0.0.0/23 Default Subnet 10.0.0.0/24 Region = North Europe 10.0.0.4 10.0.0.5 10.0.0.6 Network Security Group Public IP Gateway 10.0.0.1 DNS IP-forwarding Static or Dynamic Multi IP DNS specified Internal Subnet 10.0.1.0/24 10.0.1.4 10.0.1.5
  • 19. © 2017 Citrix User Group Community Highly available services in Azure • Load Balancer • Deals with L4 traffic both internally and externally • It’s free • Basic Health Monitoring • Application Gateway • Deals with HTTP/HTTPS/Web Socket traffic L7 • Application Load Balancing, SSL Offloading • WAF – OWASP top 10 • Traffic Manager • DNS based load balancing • Performance, Geographic, Priority, Weighted
  • 20. © 2017 Citrix User Group Community • Disk layout • Built-in drives • Premium Storage vs Standard (DS vs D series) • One or more data disks • Standard 99,95% and Premium Disk 99,99% • One Storage Account for 40 VM’s • High-availability • Availability Sets to manage updates and fault domains • Create Availability sets before creating machines • Managed disks vs Storage Accounts • Running a Cluster in Azure • Storage Spaces Direct for user profile disks with cloud witness • Storage Spaces Direct for SQL Failover Cluster with cloud witness • Backup using either Agent based or Azure Backup Services Compute
  • 21. © 2017 Citrix User Group Community • Different compute instance have different restrictions • Type of NIC Bandwidth • Check if RSS is enabled inside your VM • Amount of Data Disks (x 4 TB Standard or Storage Premium) • Not always SSD on local drive • List of instance sizes --> http://bit.ly/2tmcpWy • Citrix recommends D2v2 series • Av2 series an alternative • Note: A series can use a series of different hardware types and processors Compute instances Instance type Bandwidth High D2_v2 1500 Mbps A2 500 Mbps Extremely high D5_v2 15000 mbps Moderate D1_v2 750 Mbps D12_v2 3000 mbps
  • 22. © 2017 Citrix User Group Community Provisioning with MCS Requirements: • Requires an existing Azure subscription • An Azure AD Account which has Contributer rights to the subscription (Script on last slide for narrow service principle configuration • ARM virtual network and subnet in the preferred region, uses either a LRS or Premium Storage • Can support HUB (Hybrid Use Benefits) and different instance types available in the region • Master image created from a snapshot VHD blob on a stopped VM • Maximum of 800 virtual machines in a resource group, will automatically create a new storage account per 40 VM's Use Azure Files to upload software you need for easy access between on-premises and guest-os
  • 23. © 2017 Citrix User Group Community Provisioning with MCS Use Azure based image • Setup virtual machine in Azure using ARM automation • Stop virtual machine to be deallocated • Copy VHD to image Storage Container • Used for Rollback purposes • Update Machine Catalog Automate image process using Packer or ARM Use On-premises VHD file • Install Azure Agent on base image (https://go.microsoft.com/fwlink/?LinkID=394789&clcid=0x409) • Upload VHD using PowerShell, using Azure Storage Explorer or AzCopy • Remember limitations: VHD only and disk size • Add-AzureRMVHD -ResourceGroupName OnPremVHDStore -Destination “https://example.blob.core.windows.net/example/example.vhd” - LocalFilePath “D:xa-vda.vhd” Storage blobStorage blobStorage blob Storage blobStorage blob Base image Copy VHD Update Machine Catalog Storage Account Images Container XenApp Hosts
  • 24. © 2017 Citrix User Group Community Wizard setup
  • 25. © 2017 Citrix User Group Community Provisioning with MCS – Managed disks Managed Disk • Default option when setting up VM’s in Azure in ARM • No longer limited by IOPS in a Storage Account • Up to 10,000 VM’s in a subscription • Better reliability • Only support for LRS • Support for Managed Disk Snapshot copy • Encrypted by default • Not supported by MCS yet • Supported by Azure Backup • Building Golden image using Managed Disks? Copy script on last slide
  • 26. © 2017 Citrix User Group Community Setting up environment for XenApp Essentials in Azure  Have an active Azure Subscription  Create an virtual network in the closest region  Active user in Azure Active Directory that can be used for provisioning  Add the user as owner/contributer to subscription  Create a Active Directory Domain in the virtual network  Change the virtual network DNS to point to your Active Directory DNS
  • 27. © 2017 Citrix User Group Community • Log Analytics – OMS • Azure Monitor All Azure related notification, changes and health • Base Metrics in Azure Monitoring basic metrics using Agent and triggers alerts • Logic Apps UI based integration services using Connectors Try it! Tweet #azure #citrix #CTPpower • Azure Automation Allows for runbooks based upon PowerShell or PowerShell DSC • Status notification from Azure and Citrix Cloud https://azure.microsoft.com/en-us/status/ Azure Service Health Dashboard https://status.cloud.com/ - Webhook notification • Octoblu – Mr Dave “Octoblu” Brett Automation and Monitoring
  • 28. © 2017 Citrix User Group Community • Log gathering based upon packs and source • Can be used with free tier • Sources • Linux / Windows / Syslog / Azure / Office 365 / REST API • Event Logs, Custom Files, Network, Performance Counters and such • Intelligence Packages • Security and Audit • Network Performance Monitor, Service Map • Citrix packages in tech preview • Triggers – Webhook or Azure Automation • Example, block incoming connection attempts http://bit.ly/2segwAh Automation and Monitoring – Log Analytics
  • 29. © 2017 Citrix User Group Community • Delivers Citrix information and events to Log Analytics • Based on ComTrade • Requires to have OMS agent and then Citrix agent • Delivers real-time information • Logon count per Site • Average logon duration per Site • Delivery Groups sorted by number of desktops • Availability of Delivery Groups as a percentage • Delivery Groups that are in maintenance mode • Server OS machines by highest load index • Number of unique users per Delivery Group • Users with slow logon time detection • Setup  http://bit.ly/2oNeoge • Or Community based Free OMS agent  http://bit.ly/2tAsSll Log Analytics – Citrix
  • 30. © 2017 Citrix User Group Community • Smart Scale Allow for automatic scaling up and down on resources based upon schedule and load. • Only support for XenApp hosts • Support for VDI desktops is currently in "preview." • Follow news and updates --> http://bit.ly/2veM5es • Azure Advisor Microsoft Azure optimizer feature which can advise on low utilization and recommend optimization tips • Free Service and useable using REST API • Does not scan applications running inside guest OS • Pay Attention to updates • https://azure.microsoft.com/en-us/roadmap/ • Use the Citrix Azure Cost calculator https://costcalculator.azurewebsites.net/ Optimizing cost
  • 31. © 2017 Citrix User Group Community • Check the latency to your closest region  http://azurespeed.com/ • Check if you can optimize routing to another peer to get lower latency to that region • Web Facing servers in Azure should have other TCP profile “Set-NetTCPProfile” • Windows Server 2016 RS3 makes a lot of difference on this part! • Microsoft publishes Azure’s public IP ranges here  https://www.microsoft.com/en- us/download/confirmation.aspx?id=41653 • Also makes the IP addresses quite popular for hackers  • Add local user accounts to your virtual machines, in case of failure • If already using regular (non premium) Storage run this to enable TRIM support fsutil behavior set DisableDeleteNotify 0 • Moving public facing DNS to Azure DNS also allows for automated deployment • Do not install SQL based applications on C: or D: • Look at what kind of storage redundancy you are using • Do not rename the resource groups that MCS creates or that will break the connection Tips and tuning
  • 32. © 2017 Citrix User Group Community • Scheduled Maintance? curl -H Metadata:true http://169.254.169.254/metadata/instance?api-version=2017-04-02 • Not all services are available in all regions so check before starting • Enable Boot Diagnostics on virtual machines to see what is going on in the VM • XenDesktop Essentials Microsoft VDI optimization  https://docs.microsoft.com/en-us/windows- server/remote/remote-desktop-services/rds-vdi-recommendations • Citrix VDI optimization  https://support.citrix.com/article/CTX216252 • Using a consistent naming standard for resource groups • Environment-Location-Role-RG as an example for resource groups • Start learning ARM templates and building your own templates • https://github.com/Azure/azure-quickstart-templates Tips and tuning
  • 33. © 2017 Citrix User Group Community • Trouble with Citrix Cloud Connector?  https://support.citrix.com/article/CTX221535 • Check C:ProgramDataCitrixWorkspacecloudLogs • Hybrid? Check time sync https://support.citrix.com/article/CTX206522 Azure Guests by default sync with Hypervisor time • Using Proxy with Cloud Connector? Configure Browser Proxy “Netsh winhttp import proxy source =ie • Trouble provisioning? Check the Activity Log under the Resource Group in the Azure Portal • Trouble provisioning? Check that the service principal has access to create resources in the subscription • Trouble provisioning? Check that you have sufficient quota in Azure • Trouble finding the VHD in the Wizard? Not supported with Managed disks • Trouble provisioning? Check that the virtual machine containing the master image is shut down • Networking not working? Enable Network Watcher in Azure or check NSG rules flow in Log Analytics • Network Watcher needs to be enabled on subscription level • Can download PCAP file and do packet trace • Does not support Azure LB Troubleshooting
  • 34. © 2017 Citrix User Group Community • Use of Managed disks for non MCS resources • Use Log Analytics free tier to do alerting and react • Using Azure DNS for automation of external DNS • Smart scale used to manage VDA’s • A2v2 for Cloud Connectors • Azure Recovery Services used to backup critical Components • Azure AD connect configured user lifecycle management • NetScaler setup behind Azure LB for HA purposes • 168.63.129.16 used to probe from Azure LB Example architecture – Cloud only Citrix Cloud Microsoft Azure Availability Set Domain Controllers Availability Set Cloud Connectors Azure Recovery Services Server VDA s XenDesktop MCS provisioned Azure Active Directory Authentication & Management IT-Administrators Sync Availability Set Azure AD Connect Primary and Staged Public IP Availabilty Set NetScaler VPX ICA SESSION Azure load balancer Availabilty Set Storefront Azure Log Analytics Azure DNS msandbu.org Scale up or Scale down Endusers Azure Automation
  • 35. © 2017 Citrix User Group Community Example architecture - Hybrid • Use of Zones (Primary on-premises and Satelitte Zone in Azure) • Optimal Gateway Routing • Each Zone has its own Hypervisor Connection (Azure) • Be aware of latency between Primary and Satelitte Zone
  • 36. © 2017 Citrix User Group Community Example architecture – Multi Region Self Managed • NetScaler and Unified Gateway running in both regions with Multiple IP Addresses • ADNS Service in both regions • DNS Delegated to ADNS Servive • StoreFront Clusters in both regions in Availability set with NetScaler Load Balancer • Controllers in both regions for both Zones in Availability set • Apps and Desktops split across both regions • Highly available SQL Instance split across regions
  • 37. © 2017 Citrix User Group Community • XenApp Essentials deployment guide http://bit.ly/2uqiJvW • Active Directory Deployment in Azure http://bit.ly/2twYY18 • XenDesktop Essentials deployment guide http://bit.ly/2twhsip • Customize deployment into specific Resource Groups http://bit.ly/2u19sI0 • Using Citrix with Azure ASR http://bit.ly/2u0v2MG • Deployment guide for Citrix in Azure http://bit.ly/2uqhkW9 • Advanced Concepts Citrix Cloud and Azure http://bit.ly/2uFmptj More reading material
  • 38. © 2017 Citrix User Group Community Citrix and Azure – Getting Started • Bunch of Marketplace items already available in Azure • A lot of ARM templates for automating deployment of Citrix in Azure here  • https://github.com/citrix/Citrix-Cloud- ResourceLocation-Arm-Template • Auto shutdown feature • Build, Destroy and repeat! Remove-AzureRmResourceGroup • Citrix & Azure Whitepaper coming soon!
  • 39. © 2017 Citrix User Group Community Citrix and Azure – Moving forward roadmap • Improved Provisioning performance • Support for Linux VDA in Azure • Support for Azure Goverment* • Support for Managed Disks • Support for Azure Disk Encryption #SYN318  https://www.youtube.com/watch?v=jnnZTKBy18c
  • 40. © 2017 Citrix User Group Community Scripting and working with Azure PowerShell? # Install the Azure Resource Manager modules from the PowerShell Gallery Install-Module AzureRM #Import Module to PowerShell Session Import-Module AzureRM # Login to Azure Account Login-AzureRmAccount # or we can use the Add-AzureRMaccount with a lokal AccessToken if we have older version of Azure cmdlets Save-AzureRmProfile -path c:mydirmyprofile.json Select-AzureRmProfile -Path c:mydirmyprofile.json Latest Azure PowerShell cmdlets Save-AzureRmContext -Path c:mydirmyprofile.json Import-AzureRmContext -Path c:mydirmyprofile.json
  • 41. © 2017 Citrix User Group Community Competition! How many times did this guy appear in the webinar? (Excluding on this slide….)
  • 42. © 2017 Citrix User Group Community
  • 43. © 2017 Citrix User Group Community Scripts for update VHD Update VHD Login-AzureRmAccount # VHD blob to copy # $blob = «xaimage.vhd" # Source Storage Account Information # $sourceStorageAccountName = "rdshwesteuropestorage1" $sourceKey = AccessKey $sourceContext = New-AzureStorageContext –StorageAccountName $sourceStorageAccountName -StorageAccountKey $sourceKey $sourceContainer = "vhds" # Destination Storage Account Information # $destinationStorageAccountName = " rdshwesteuropestorage1 " $destinationKey = AccessKey $destinationContext = New-AzureStorageContext –StorageAccountName $destinationStorageAccountName -StorageAccountKey $destinationKey # Create the destination container # $destinationContainerName = "basevhd" New-AzureStorageContainer -Name $destinationContainerName -Context $destinationContext # Copy the blob # $blobCopy = Start-AzureStorageBlobCopy -DestContainer $destinationContainerName -DestContext ` $destinationContext -SrcBlob $blob -Context $sourceContext -SrcContainer $sourceContainer
  • 44. © 2017 Citrix User Group Community Scripts to create service principal Create Service Principal for Azure AD use Login-AzureRmAccountparam( [string]$applicationName = "CitrixAccess", [Parameter(Mandatory=$true)][string]$applicationPassword, [Parameter(Mandatory=$true)][string]$subscriptionId ) ## Just to create a AzureAD Application to act as a service principal $application = New-AzureRmADApplication -DisplayName $applicationName -HomePage "https://localhost/$applicationName" ` -IdentifierUris "https://$applicationName" -Password $applicationPassword New-AzureRmADServicePrincipal -ApplicationId $application.ApplicationId # Wait for the service principal to become available Start-Sleep -s 60 New-AzureRmRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $application.ApplicationId ` -scope "/subscriptions/$subscriptionId" Write-Host ("Application ID: " + $application.ApplicationId) https://support.citrix.com/article/CTX219243
  • 45. © 2017 Citrix User Group Community Scripts to create hypervisor connection Create Hypervisor Connection in Citrix Studio param( [string]$connectionName = "AzureConnection", [Parameter(Mandatory=$true)][string]$applicationId, [Parameter(Mandatory=$true)][string]$applicationPassword, [Parameter(Mandatory=$true)][string]$subscriptionId, [Parameter(Mandatory=$true)][string]$subscriptionName, [Parameter(Mandatory=$true)][string]$tenantId ) Add-PsSnapin Citrix* $customProperties = @" <CustomProperties xmlns="http://schemas.citrix.com/2014/xd/machinecreation" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Property xsi:type="StringProperty" Name="AuthenticationAuthority" Value="https://login.microsoftonline.com/"/> <Property xsi:type="StringProperty" Name="ManagementEndpoint" Value="https://management.azure.com/"/> <Property xsi:type="StringProperty" Name="StorageSuffix" Value="core.windows.net"/> <Property xsi:type="StringProperty" Name="TenantId" Value="$tenantId"/> <Property xsi:type="StringProperty" Name="SubscriptionId" Value="$subscriptionId"/> <Property xsi:type="StringProperty" Name="SubscriptionName" Value="$subscriptionName"/> </CustomProperties> "@ $connection = New-Item -ConnectionType "Custom" -CustomProperties $customProperties -HypervisorAddress @("https://management.azure.com/") ` -Path @("XDHyp:Connections$connectionName") -Persist -PluginId "AzureRmFactory" -Scope @() ` -SecurePassword (ConvertTo-SecureString -AsPlainText -Force $applicationPassword) -UserName $applicationId New-BrokerHypervisorConnection -HypHypervisorConnectionUid $connection.HypervisorConnectionUid
  • 46. © 2017 Citrix User Group Community Scripts to create OMS workspace Create OMS worksapce $ResourceGroup = "oms-example" $WorkspaceName = "log-analytics-" + (Get-Random -Maximum 99999) # workspace names need to be unique - Get-Random helps with this for the example code $Location = "westeurope" # List of solutions to enable $Solutions = "Security", "Updates", "SQLAssessment" # Create the resource group if needed try { Get-AzureRmResourceGroup -Name $ResourceGroup -ErrorAction Stop } catch { New-AzureRmResourceGroup -Name $ResourceGroup -Location $Location } # Create the workspace New-AzureRmOperationalInsightsWorkspace -Location $Location -Name $WorkspaceName -Sku Standard -ResourceGroupName $ResourceGroup # List all solutions and their installation status Get-AzureRmOperationalInsightsIntelligencePacks -ResourceGroupName $ResourceGroup -WorkspaceName $WorkspaceName # Add solutions foreach ($solution in $Solutions) { Set-AzureRmOperationalInsightsIntelligencePack -ResourceGroupName $ResourceGroup -WorkspaceName $WorkspaceName -IntelligencePackName $solution -Enabled $true } #List enabled solutions (Get-AzureRmOperationalInsightsIntelligencePacks -ResourceGroupName $ResourceGroup -WorkspaceName $WorkspaceName).Where({($_.enabled -eq $true)})
  • 47. © 2017 Citrix User Group Community Scripts to create custom helpdesk role in Azure Create custom role Azure AD $role = Get-AzureRmRoleDefinition “Virtual Machine Contributor” $role.Id = $null $role.Name = “Reboot Helpdesk Operator” $role.Description = “Can restart virtual machines.” $role.Actions.Clear() $role.Actions.Add(“Microsoft.Compute/virtualMachines/read”) $role.Actions.Add(“Microsoft.Compute/virtualMachines/restart/action”) $role.AssignableScopes.Clear() $role.AssignableScopes.Add(“/subscriptions/subscriptionID”) New-AzureRmRoleDefinition -Role $role
  • 48. © 2017 Citrix User Group Community Scripts to create snapshot managed disk and copy # Take Snapshot of Managed Disks# Source VM Details START $resourceGroupName = 'MSANDBUtest' $location = 'westeurope' $dataDiskName = 'msandbu_OsDisk_1_e10a5ca28e6546c2b3c58634ae0b5916' $snapshotName = 'vm01_snapshot'$disk = Get-AzureRmDisk -ResourceGroupName $resourceGroupName -DiskName $dataDiskName$snapshot = New-AzureRmSnapshotConfig -SourceUri $disk.Id -CreateOption Copy -Location $locationNew-AzureRmSnapshot -Snapshot $snapshot -SnapshotName $snapshotName -ResourceGroupName $resourceGroupName # Copy snapshotGet-AzureRmSnapshot -Name $snapshotName -ResourceGroupName $resourcegroupName$sasExpiryDuration = "3600« $storageAccountName = "msandbutest2"$storageContainerName = "vhd« $storageAccountKey ='wIVvedHPhTASHCyZpCZkC/FtXVR94BXnTCpi42pEpa3IX9qzuruwiVoSvKQkEhSFqrk4zMOcQGBS9jGWnyRLag=='$destinationVHDFileName = "updatevhd"$sas = Grant-AzureRmSnapshotAccess -ResourceGroupName $ResourceGroupName -SnapshotName $SnapshotName -DurationInSecond $sasExpiryDuration -Access Read $destinationContext = New-AzureStorageContext – StorageAccountName $storageAccountName -StorageAccountKey $storageAccountKey #Copy the snapshot to the storage account Start-AzureStorageBlobCopy -AbsoluteUri $sas.AccessSAS -DestContainer $storageContainerName -DestContext $destinationContext -DestBlob $destinationVHDFileName

Editor's Notes

  1. Marius introduces himself :P
  2. dave
  3. dave
  4. Dave does this
  5. Discuss customer cases such as GPU Big data in Azure, so need to have applications close to the data Geo based setup Still need to worry about security and management
  6. Marius
  7. Marius does
  8. Marius does
  9. Dave does
  10. Marius does
  11. Marius does
  12. Dave does
  13. Dave does
  14. Marius does this
  15. Dave does
  16. Marius Does this
  17. Marius Does this
  18. Marius this
  19. Marius this
  20. Marius this
  21. Marius this
  22. Marius does
  23. Marius does
  24. Marius does
  25. Marius
  26. Dave does
  27. Marius does this
  28. Marius does this
  29. Marius
  30. Single region, citrix cloud with one region
  31. On-prem with single region in Azure
  32. Double-region with GSLB in Azure