App Orchestration 2 - Citrix.com Orchestration 2.6 Integrated Provisioning Deployment Guide Version: 1.0 Last Updated: July 8, 2015 . App Orchestration 2.6: Integrated Provisioning

© 2015 Citrix Systems, Inc. All rights reserved.

App Orchestration 2.6

Integrated Provisioning Deployment Guide

Version: 1.0

Last Updated: July 8, 2015

App Orchestration 2.6: Integrated Provisioning Deployment Guide

Page 2 © 2015 Citrix Systems, Inc. All rights reserved.

Contents Overview ........................................................................................................................................................... 3

What is Integrated Provisioning and how does it work? ..................................................................................... 3

System Requirements ....................................................................................................................................... 4

Hosts ............................................................................................................................................................. 4

Session Machines .......................................................................................................................................... 5

Applications and desktops ............................................................................................................................. 5

Step 1: Create a compute resource ................................................................................................................... 6

Step 2: Create a Session Machine Catalog ..................................................................................................... 13

Step 3: Create an offering ................................................................................................................................ 19

Step 4: Import a tenant .................................................................................................................................... 21

Step 5: Adjust capacity .................................................................................................................................... 26

Step 6: Create a subscription........................................................................................................................... 28

VMware SSL certificate installation .................................................................................................................. 31

Hyper-V implementation .................................................................................................................................. 35

Virtual Machine Manager installation tips ..................................................................................................... 35

Multi DNS environments workaround ........................................................................................................... 37

Sample script ............................................................................................................................................... 39

Additional information ............................................................................................................................... 40

SMB 3.0 Support .......................................................................................................................................... 40

Common Errors ............................................................................................................................................... 40

Frequently asked questions ............................................................................................................................. 40



Overview

This document describes basic deployment of the App Orchestration Integrated Provisioning feature. In

addition to introducing the feature, it describes:

Creating a Compute Resource, Integrated Provisioning Session Machine Catalog and Offering

Tenant Import

Capacity adjustments

Tenant Subscription to the Offering.

Before you begin, make sure the following is complete:

App Orchestration Group Policy Objects (GPOs) in place

A master image (a.k.a. template VM) is prepared and the NIC configuration points to the desired DNS

server.

Any machines you are going to use are located in an App Orchestration OU/sub-OU where these policies

are properly applied.

This guide does not describe how to create Delivery Sites or StoreFront Server Groups.

What is Integrated Provisioning and how does it work?

Integrated Provisioning lets you automatically deploy both single-user and multi-user Session Machines from

an existing virtual machine (VM) or snapshot. This VM or snapshot is known as a template.

The administrator is responsible for installing the VDA on the template. After the VDA is installed, Session

Machine Catalog creation can begin. Machine Creation Services (MCS) on the App Orchestration configuration

server generates a temporary provisioned machine of the template VM in its current state. This temporary

machine is scanned for applications that will be made available as offerings. Finally, the temporary machine is

deleted and an offering can be created.

The Delivery Controllers initiate provisioning of multiple machines only after an offering is created from the

catalog and a delivery group is created. Delivery groups are created by subscribing tenants to offerings or by

allocating capacity to an offering.



System Requirements

Hosts

Product Name Supported Versions

Citrix CloudPlatform CloudPlatform 4.2

CloudPlatform 4.3

Note: For more information about using

CloudPlatform with App Orchestration, see the

document CloudPlatform Provisioning with App

Orchestration 2.5

Citrix XenServer XenServer 6.2

XenServer 6.1

XenServer 6.0.2

Microsoft System Center Virtual Machine Manager SCVMM 2012 R2

SCVMM 2012 SP1

Any version of Hyper-V that can register with the

above SCVMM versions

VMware vSphere VMware vSphere 5.5

VMware vSphere 5.1 Update 1

VMware vSphere 5.0 Update 2

Note: vSphere vCenter Linked Mode operation is not

supported.



Session Machines

Machine Type Supported Operating Systems

Single-user machines Microsoft Windows 8 and 8.1, Professional and

Enterprise editions

Microsoft Windows 7 SP1, Professional,

Enterprise, and Ultimate editions

Multi-user machines Microsoft Windows Server 2012 and 2012 R2,

Standard and Datacenter editions

Microsoft Windows Server 2008 R2 SP1,

Standard, Enterprise, and Datacenter editions

Applications and desktops

Product Name Supported Versions

Citrix XenApp XenApp 7.6

XenApp 6.5

Citrix XenDesktop XenDesktop 7.6



Step 1: Create a compute resource

Before performing this step, review the sections “Hyper-V implementation” on page 35 and “VMware SSL

certificate installation” on page 31 if you intend to use Hyper-V or VMware.

1. From the App Orchestration web console home page, in Compute Resource, click the plus (+) sign to add

a new compute resource.

2. On the Add Compute Resource page, in Compute resource type, select the hypervisor type.

3. In Connection URL, enter the appropriate URL and credentials for connecting to the selected hypervisor.



4. Enter the hypervisor connection string in Address / URL using the following formats:

VMware https://FQDN-of-vCenter-server

Note: If you have not installed the vCenter SSL certificate already, you

must do so now before proceeding. After installing the SSL certificate, you

must close all instances of the browser before proceeding. See VMware

SSL Certificate Installation to complete this process.

Hyper-V IP Address or FQDN



XenServer Host or Pool Master IP

5. In User name and Password, enter the credentials of the account that connects to the compute resource.

After you complete the information, the App Orchestration configuration server attempts to validate the

compute resource.



6. When the discovery process completes, in Maximum # of machines, enter the maximum number of

machines that can be hosted on this compute resource. Click Next.

Note: You can use the same configuration multiple times for different Compute Resource names, so this number

does not represent a limit to the entire hypervisor infrastructure.



7. On the Cluster Selection screen, select the datacenter, pool, or cluster on which to create your Session

Machines.

8. On the Advanced Settings screen, enter the Name for the compute resource. You can also modify the

short name and various storage and tenant related settings.



9. In Storage, click Edit to modify the storage configuration as required by the implementation. Keep in mind

that shared storage is required to support personal vDisks. Click Save.

10. In Tenant Settings, click Edit to modify the setting depending on your deployment requirements and then

click Save.



11. After modifying the storage and tenant settings, click Save.



Step 2: Create a Session Machine Catalog

Using the template you created, create an Session Machine Catalog that uses on-demand provisioning.

1. In the App Orchestration web console, in Session Machine Catalog, click the plus sign (+) and then select

Provisioned on-demand.



2. On the Session Machine Catalog page, specify the Name, OS Type, and Type of Desktop.



3. In Instance Configuration, select a configuration from the displayed list of available configurations in the

App Orchestration deployment. In the illustration below, the Single-User – Medium configuration is

selected, which will give the VMs two vCPUs and 2 GB of memory.

Note: Instance configurations identify how many vCPUs and how much memory to allocate to VMs created from a

catalog. By default, App Orchestration comes pre-populated with 5 configurations. Instance configurations can be

viewed by clicking Define > Instance Configurations.



4. In Master Image, click Browse.

5. In Find a compute resource, select a compute resource from the list of displayed resources. All non-

MCS-created VMs appear.

6. Click on a VM to expand its snapshots. Either a VM, snapshot, or checkpoint can be chosen as the base

image, the VM/snaphost which has duplicated name will not show in the list, App Orchestration can use

any snapshot in the chain, up to the amount supported by the hypervisor, in order to provision machines.



7. Select a base VM or snapshot and then click Save.

8. Confirm all fields are completed appropriately and click Next.



9. Modify the short name or naming convention as required. Optionally, you can specify the Session Machine

Catalog use only private compute resources. Click Save upon completion.

Note: In this guide, the Require private compute resources option has not been modified from the default setting.

Configuring No for this setting means that Session Machines will be provisioned on shared compute resources. If the

tenant requires that any number of compute resources are only made available to them for provisioned machines,

configure Yes for this setting.



Step 3: Create an offering

After creating the Session Machine catalog, create an offering using that catalog.

1. In the App Orchestration web console, in Offerings, click the plus (+) sign and then select Create a

Desktop Offering.

2. If you have multiple catalogs, select the on-demand catalog and then click Next.

3. On the Advanced Settings screen, leave the default Isolation mode (Private Delivery Group) and click

Save.





Step 4: Add a tenant

After creating an offering, you add a tenant so that you can later subscribe the tenant to the offering.

Subscriptions grant users access to the desktop or application offered to the tenant.

Before you begin this step, make sure you created a Delivery Site and a StoreFront Server Group to provide

offerings.

1. From the home page of App Orchestration web console, in Tenant, click the plus (+) sign.



2. On the Basic Settings screen, enter a Name for the tenant, accept the default Resource Domain and

User Domain settings, and then click Next.

3. On the Location Settings page, type in the name of an Active Directory group and click Add.

4. After the group is validated and added successfully, click Next.



5. On the Isolation Settings page, in StoreFront isolation, click Edit.



6. Select Shared site from the list.

7. Clear the Use private network isolation check box.

Note: For more information about private network isolation, see the document Isolation Methods in App Orchestration

2.6

http://docs.citrix.com/content/dam/docs/en-us/app-orchestration/app-orchestration-2-6/cao-isolation-methods.pdf

http://docs.citrix.com/content/dam/docs/en-us/app-orchestration/app-orchestration-2-6/cao-isolation-methods.pdf



8. Click Save.



Step 5: Adjust capacity

Before subscribing a tenant to an offering, and before making machines available through StoreFront, adjust

the capacity so that the required number of VMs is available. Otherwise, members of the tenant group can only

access a single machine.

1. From the home page of the App Orchestration web console, in Capacity Allocation, click the pencil icon to

modify the capacity for an offering.



2. On the Select Offering screen, select the offering you created and then click Next.

3. On the Select a Tenant page, select the tenant you created and click Next.



4. On the Capacity Settings page, in New capacity, enter the number of desktops you want to allocate and

then click Save.

Step 6: Create a subscription

Before creating a subscription, make sure you completed the following tasks:

Designate a virtual machine as a template

Create a compute resource

Create a Session Machine Catalog that uses integrated provisioning

Create an offering

Add a tenant

Create a Delivery Site and StoreFront server group (preferably one that is not in use)

Create a delivery group by adjusting capacity



1. From the home page of the App Orchestration web console, in Subscriptions, click the plus (+) sign to

add a new subscription.



2. Select the offering you created and click Next.

3. On the Select a Tenant screen, select the tenant you created and click Next.



4. Enter the tenant’s user group and click Save.

VMware SSL certificate installation

This section describes how to install the vCenter server SSL certificate on App Orchestration Configuration

Servers for Windows Server 2012 R2 machines. The process is slightly different for Windows Server 2008

servers.

1. On an App Orchestration configuration server, or on a Delivery Controller deployed from the Delivery Sites,

launch a browser and connect to the vCenter server website using https://FQDN.

2. In the address bar, click the Certificate Error warning message.



3. Click View certificates.

4. On the Certificate screen, click Install Certificate.

5. In the Certificate Import Wizard, set the Store Location to Local Machine and then click Next.



6. Select Place all certificates in the following store and then click Browse.

7. On the Select Certificate Store page, select the Show physical stores option and then select the top level

Trusted People store as shown in the following example, and then click OK.



8. On the Certificate Store page click Next.

9. On the Completing the Certificate page, click Finish.



10. On the verification dialog, click OK.

Hyper-V implementation

Virtual Machine Manager installation tips

Make sure you have installed Virtual Machine Manager on all App Orchestration Configuration Servers and

Delivery Controllers you want to use for Integrated Provisioning. After installing the Virtual Machine

Manager console, whether you are working with the App Orchestration Configuration servers or the

XenDesktop Delivery Controllers, you must reboot.

When running the Virtual Machine Manager Setup Wizard, you only need to select VMM console.



Use the default port 8100 for Communication with the VMM management server.

Confirm that the console connects to your Virtual Machine Manger server or Hyper-V cluster and that it

displays an accurate depiction of your VMs.

After completing these tasks, you can add a Hyper-V Compute Resource by specifying the FQDN as the

address or URL.



Multi DNS environments workaround

When using Machine Creation Services to provision VDA machines with Microsoft System Center Virtual

Machine Manager 2012 SP1, the provisioned machines DNS properties reset. This is not an issue if a single

DNS server registers the machine’s FQDN. However, a problem can result if multiple authorities DNS servers

exist in the environment. The newly provisioned VDA machine cannot resolve the XenDesktop Domain

Controllers’ FQDN to an IP address. Therefore, the VDA cannot join the XenDesktop site.

To resolve this problem, create a Group Policy Object that pushes out a startup script that sets the NIC’s DNS

settings to point to the correct DNS servers. With the policy applied, newly provisioned machines can register

with the correct DNS server, resolve the FQDN of the Delivery Controllers, and successfully join the

XenDesktop site.

1. Make sure that PowerShell 3.0 is installed on the template or master image.

2. Copy the script that sets the DNS setting of NIC to the following folder on the template to

C:\Windows\Systems32\GroupPolicy\Machine\Scripts\Startup\.

3. Run Gpedit.msc on the template to open the Local Group Policy Editor.

4. In Computer Configuration, expand Windows Settings.

5. Select the Scripts (Startup/Shutdown) node.

6. Right-click the Startup node on the right pane and select Properties.

7. Select the PowerShell Scripts tab.



8. In the Add a Script dialog box, select Add and then click Browse.

9. Select the script that was just copied to this location.

10. Click Open.



11. In the Add a Script dialog, click OK.

12. In the Startup Properties dialog box, select Run Windows PowerShell scripts first and click OK.

13. Close the Group Policy editor.

Sample script

Use the following sample script to create a PowerShell script that you can use as a startup script.

$niccard = Get-DnsClient | ? ConnectionSpecificSuffixSearchlist | get-netadapter

set-netadapterbinding -name $niccard.name -ComponentID ms_tcpip6 -Enabled $false -

verbose

Set-DnsClientServerAddress -InterfaceAlias $niccard.name -ServerAddresses ("[your

own DNS server]")

set-dnsclient -InterfaceAlias $niccard.name -ConnectionSpecificSuffix "[your own

DNS domain suffix]" -RegisterThisConnectionsAddress $true -

UseSuffixWhenRegistering $true

restart-service dnscache

register-dnsclient

new-eventlog -logname Application -Source startupscript

write-eventlog -logname Application -source startupscript -eventID 3001 -entrytype Information -message "we set the DNS" -category 1 -rawdata 10,20

gpupdate /force



Additional information

Replace the [your own DNS server] string with the actual DNS server in the environment. The DNS server

should be the server that the base VM uses to join the correct domain, and the VM was able to resolve the

DDC’s FQDN.

Replace the [your own DNS domain suffix] string with the environment’s DNS domain suffix.

SMB 3.0 Support

SMB 3.0 is a supported storage configuration for Hyper-V compute resources implemented as part of an App

Orchestration deployment. To successfully use SMB 3.0, you must enable CredSSP on each Hyper-V host.

To enable CredSSP, follow the instructions in the article CTX137465, “Machine Creation Fails When Creating

Remote PowerShell Session” on the Citrix Support web site.

Common Errors

Issue: No compute resource is available that matches the criteria of Virtual Machine Template VM-Name and

Network Network-Name.

In the case that network isolation is not used, App Orchestration will use the network defined in Global

Settings. If that named network does not exist on the compute resource, then the Get-ComputeResource

workflow step will fail. The network name is case sensitive.

Frequently asked questions

Can I use different hypervisors to support the same catalog?

Yes. You can use multiple or different hypervisors for the same catalog. Note that when using multiple

hypervisors, the VM Name/Snapshot combination and Network Name must be identical and they are case

sensitive.

http://support.citrix.com/article/CTX137465



Does App Orchestration support SMB 3.0 with System Center Virtual Machine Manager deployments?

It does. As with XenDesktop, CredSSP needs to be enabled. To do this, follow the instructions in the article

CTX137465, “Machine Creation Fails When Creating Remote PowerShell Session” on the Citrix Support web

site.

Can I update a Session Machine Catalog using a previously used template?

No. Currently you must create a new template for each Session Machine catalog and each new update.

Can I use Integrated Provisioning for XenApp servers?

No. You can only provision XenDesktop Single-user and Multi-user Session Machines.

What happens if I need to delete a compute resource after I have used it to deploy Session Machines?

If you attempt to delete a compute resource that is being used to deploy Session Machines, App Orchestration

displays a warning message indicating that all the machines using the compute resource will be deleted as

well. However, the delivery groups to which the Session Machines belong are not deleted.

If you still want to delete the compute resource, ensure there is an alternate compute resource that can service

the delivery groups that are associated with the compute resource you want to delete. This compute resource

should have the same label and VM template as the compute resource you want to delete.

If you have only one compute resource in your deployment and you have used it to deploy Session Machines,

deleting the compute resource will fail because there are no other compute resources with which to associate

the existing delivery groups.

If you delete a compute resource that has not yet been used to deploy Session Machines, App Orchestration

deletes the compute resource without further warning.

http://support.citrix.com/article/CTX137465

Documents

App Orchestration 2 - Citrix.com Orchestration 2.6 Integrated Provisioning Deployment Guide Version: 1.0 Last Updated: July 8, 2015 . App Orchestration 2.6: Integrated Provisioning