Prepared by: Citrix Solutions Lab Adding an On-Premises Enterprise Cloud to a Data Center This document is intended for IT architects who want upgrade from XenDesktop 7.1 to XenDesktop 7.5 and add an on-premises enterprise cloud to the data center using Citrix CloudPlatform. Version: 1.0 Last Updated: December 3, 2014
65
Embed
Adding an On-Premises Enterprise Cloud to a Data Center · PDF fileAdding an On-Premises Enterprise Cloud to a Data Center ... reference-architecture.pdf. ... adding an on-premises
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Prepared by: Citrix Solutions Lab
Adding an On-Premises Enterprise Cloud to a Data Center
This document is intended for IT architects who want upgrade from XenDesktop 7.1 to XenDesktop 7.5 and add an on-premises enterprise cloud to the data center using Citrix CloudPlatform.
Version: 1.0
Last Updated: December 3, 2014
Adding an On-Premises Enterprise Cloud
2 citrix.com
Table of Contents Executive Summary .................................................................................... 4
Appendix A ............................................................................................. 22
Multiple Physical Guest Networks to a Zone .............................................................. 22
Appendix B ............................................................................................. 61
Adding an On-Premises Enterprise Cloud
4 citrix.com
Executive Summary Many enterprise companies are looking for new ways to provide access to desktops and applications to partners, contractors and employees without giving away the keys to the data center. One example would be a marketing company that deals with multiple customers who need access to desktops and applications but must remain isolated from one another. An on-premises enterprise cloud enables companies to easily manage and control their environment while creating separation between customers, treating each as a tenant in the cloud. The cloud can be configured to leverage the data center’s existing Active Directory, which gives employees access to the cloud without IT having to manage multiple Active Directories. Another example is a large enterprise with multiple franchises across the country. Using an on-premises enterprise cloud, the company can treat each franchise as a tenant, maintain control over the data center and the cloud, and provide isolation between the franchises in an easy-to-manage environment.
Introduction The Citrix Solutions Engineering team recently published a reference architecture (RA) that focused on creating a data center with both XenDesktop and XenMobile users supported. You can find the document here: http://www.citrix.com/content/dam/citrix/en_us/documents/oth/xendesktop-and-xenmobile-reference-architecture.pdf. This document looks at upgrading XenDesktop 7.1 to version 7.5 and then adding an on-premises enterprise cloud to the data center using Citrix CloudPlatform.
XenDesktop Citrix XenDesktop delivers Windows apps and desktops as secure mobile services. With XenDesktop, IT can mobilize the business, while reducing costs by centralizing control and security of intellectual property. Incorporating the full power of XenApp, XenDesktop can deliver full desktops or just the apps to any device. XenDesktop with HDX technologies enables the delivery of a native touch-enabled mobile experience that is optimized for the type of device, as well as the network. XenDesktop is built on a cloud-enabled architecture that offers powerful management tools that simplify scalability, increase infrastructure flexibility, and automate the delivery of apps and desktops.
XenMobile XenMobile is the most comprehensive enterprise mobility management solution delivering mobile device, app, and content management along with business-class productivity apps (including secure email) that enhance the user experience without compromising security. Users get mail, calendar, and contact apps with Outlook-like productivity. XenMobile’s unified app store allows users to run any app, even nonmobile apps. Plus, users can access, sync, and edit files from anywhere. IT has end-to-end security including a secure container with FIPS-compliant encryption of data on the device, app-to-app security, and micro-app VPN protection. IT can easily separate business from work apps and data with XenMobile’s secure container. XenMobile helps businesses deliver custom apps by allowing developers to leverage the Worx App SDK and add enterprise features into any app with a single line of code. Or businesses can use apps from the Worx App Gallery, the largest ecosystem of secure, third-party mobile apps. XenMobile can be deployed on-premises or in the cloud. Both XenMobile on premises and XenMobile Cloud deliver the same features so you have complete flexibility to choose the deployment option that’s best for your organization.
CloudPlatform Citrix CloudPlatform, powered by Apache CloudStack, is the industry’s only future-proofed, application-centric cloud solution proven to reliably and efficiently orchestrate both traditional enterprise and cloud-native application workloads within a single unified cloud management platform. CloudPlatform combines the best private cloud foundation for enterprise workloads like CRM and ERP with true Amazon-style scale, elasticity, and operational efficiency for cloud-native workloads like social applications, Big Data and HPC. This mature, turn-key solution is based on open source Apache CloudStack and lets you leverage existing hypervisor, storage, and network investments. CloudPlatform delivers the fastest time-to-value, powers the world’s leading clouds, and is recognized as a market leader by industry experts.
Architectural Design The XenDesktop/XenMobile RA defines the design utilizing the blueprint five-layer approach: x User layer x Access layer x Resource layer x Control layer x Hardware layer
This environment will be upgraded to XenDesktop 7.5 following the Citrix upgrade process.
The enterprise cloud will be built as a separate module as shown in the following diagram:
Resource Layer – Availability Zone 2
Control Layer - DC
User Layer Resource Layer - DCAccess Layer Hardware Layer
Deploying the Environment Installation considerations and concerns The design involved leveraging existing servers and storage, and sizing them to the hardware available. The amount of memory in each physical server limited the number of VDI users per physical server. The random and static pooled VMs had 2 GB per VM; the physical servers had 192 GB; and dynamic memory was not utilized, which also limited the number of VDI sessions per physical server. Performance between XenDesktop 7.1 and XenDesktop 7.5 is very similar, with the default out-of-the-box configuration being set for the best user experience.
Upgrading the Data Center We upgraded our XenDesktop environment and existing Sites as an in-place upgrade from 7.1 to 7.5 following all the best practices by Citrix. We recommend following the procedures outlined in XenDesktop 7 Upgrade Components.
Building the Enterprise Cloud Integrating XenApp or XenDesktop with CloudPlatform gives companies the ability to take the first step into extending their data center into an on-premises cloud.
We built the on-premises cloud and integration with XenDesktop following the XenApp and XenDesktop Concepts and Deployment on CloudPlatform guide.
Our enterprise domain controllers provide Active Directory services on-premises, which means that our on-premises cloud does not have a domain controller, as all of our cloud-hosted VM instances including CloudPlatform will leverage an enterprise domain controller through a configured CloudPlatform shared network.
x CloudPlatform Management Server cluster nodes are stateless and are easily re-created. x MySQL database should be set up as either Active\Passive or Active\Active, according to the MySQL
documentation. As an added measure, we created a backup MySQL server that we could add into the cluster configuration if a primary MySQL fails.
Advanced Networking Model
x XenServer hypervisor
o Hardware must be identical o Limit of eight hosts in a cluster
x Single region x One zone x One pod x One cluster x Two networks
o Shared guest network o Private guest network
Storage (primary and secondary):
x Primary storage cannot be added to the cluster until the XenServer host has been successfully added to the zone.
x NFS used for both primary and secondary storage x Before adding secondary storage to the zone, make sure you have uploaded and installed the
System VM template to the CloudPlatform Management Server.
Virtual router for each account network:
x DHCP x DNS x FW. Client VPN, LB, Source NAT, Port Forwarding
Primary CPM Cluster Configuration
Load Balancer NetScaler MPX
CP Management Server Node 1 4 cores, 16 GB of memory, and 250 GB SSD local storage
Management Server Node 1 4 cores, 16 GB of memory, and 250 GB SSD local storage
Primary MySQL Server 4 cores, 16 GB of memory, and 250 GB SSD local storage
Backup MySQL Server 4 cores, 16 GB of memory, and 250 GB SSD local storage
Standby CPM Cluster Configuration
Load Balancer NetScaler MPX
Management Server Node 1 6 cores, 32 GB of memory, and 250 GB SSD local storage
Primary MySQL Server 6 cores, 32GB of memory, and 250GB SSD local storage
CPU: 2 x Intel(R) Xeon(R) CPU E5-2670 @ 2.60GHz (8 cores each)
Memory: 192 GB
Disk: two 300 GB HDD, Raid 1
Target number of VMs per host 60
XenServer Install and Preparation for CloudPlatform x Configure Dom0 x Time synchronization – All hosts in the same pod must be on the same time. x Disabled the open vSwitch – This is necessary for basic zones, but disabling this allowed us to add a
basic zone later if needed. x Because we used NFS, we did not need to set up any storage on our XenServers. CloudPlatform
does this completely.
Network To prepare the XenServer networks for CloudPlatform, you must first set up the network traffic labels by renaming the networks in XenServer.
Adding an On-Premises Enterprise Cloud
11 citrix.com
These network traffic labels will be mapped to virtual interfaces that are created by CloudPlatform, and then these virtual interfaces are bound to the correct physical NIC.
Important: The Name label (see above screenshot) of the XenServer network must match the XenServer traffic label specified while creating the CloudPlatform network. The name and traffic labels are case sensitive.
Advanced Networking You must decide whether to create a basic or advanced zone before you proceed because once you configure a zone as basic or advanced, it cannot be changed.
Networking can get confusing very fast, and it is best to work with the network engineers for your enterprise so everyone understands the integration of CloudPlatform within the data center.
Items that need to be reviewed and agreed upon before proceeding with CloudPlatform include:
x Number of Zone VLANs
o Each zone must have a unique guest CIDR and follow the RFC 1918 private network guidelines.
Adding an On-Premises Enterprise Cloud
12 citrix.com
x VLAN Type
o All CloudPlatform networks are tagged as layer 2 VLANs. These tagged VLANs need to be configured on all switches to which your XenServer hosts are connected.
x Guest VLAN Range
o You need to assign this VLAN range when you create the zone. CloudPlatform uses this range when creating the guest and isolated networks within the zone.
x Guest Networks
o Guest networks can be either Shared Physical or Isolated. The presence of multiple Shared Physical networks requires additional configuration using tags. See Addendum.
EC Storage Assignments Storage Unit Full Name Unit Type Storage
All the VLANs need to be shared across all the hosts in the cluster; therefore, they need to be tagged on all the switches so traffic is routed to all the hosts.
Apply a tag to the network so XenDesktop can find it.
Case-sensitive tag values:
Tag: Citrix.XenDesktop.Network.Role
Value: MachineIsolationRole
When creating the preparation VM, XenDesktop identifies a network with these tags and supplies this information when creating the VM.
Adding an On-Premises Enterprise Cloud
16 citrix.com
CloudPlatform Global Settings
When viewing the available global settings, use the search box to help narrow down the sections you require. You can also search by account, cluster or zone settings to help narrow the fields. For example, searching by zone shows you only the settings that can be applied to a zone. In our setup, we used set the following settings for our environment:
CloudPlatform Template (or ISOs)
Once your zone is up and complete, you can upload VHD templates (or ISOs), which you will use to build your CloudPlatform environment. Uploading templates to CloudPlatform requires that you provide a URL for CloudPlatform to receive the templates from an HTTP file server. The best way to handle this requirement is to set up an IIS server or use a simple http transfer software such as HFS.
Adding an On-Premises Enterprise Cloud
17 citrix.com
Instances Create an instance VM by clicking Add Instance. You may want to create your own compute offerings for your VM needs before creating an instance. If you don’t create a compute offering before, you can always change the compute offering later, but you must shut down the instance before you can change this setting.
XD Volume Worker Template and Ctxvwd service
A volume worker is a VM that works with the XenDesktop Delivery Controller to assist with the provisioning operations for Machine Creation Services. In order to provision VMs using MCS, you must set up a XenDesktop volume worker template that runs the Ctxvwd service before you create your host connections. After creating your volume worker template, you must shut down this VM and create a template using this VM. You must tag this template so the Controller is able to locate it. After you create your template, start the volume worker VM again, and make sure it is running before you create your host and resource connections from XenDesktop to CloudPlatform.
Configuring NetScaler The environment uses two NetScaler NSMPX-10500 8*CPU+2*E1K+16*E1K+8*CVM 1620 760000 configured in a high-availability configuration.
Adding an On-Premises Enterprise Cloud
18 citrix.com
StoreFront considerations We configured redundant StoreFront VMs to provide support for up to two modules and to allow for failure of one of the StoreFront VMs. We did a basic installation with the StoreFront software, and then we created a certificate to manage authentication and access. The following screenshots show the configuration for deployment:
Adding an On-Premises Enterprise Cloud
19 citrix.com
Once we deployed the store, we configured authentication with a user name and password, and the site domain as the only trusted domain. We joined the StoreFronts to a server group and selected the NetScaler Gateway appliance with no VPN tunnel.
Adding an On-Premises Enterprise Cloud
20 citrix.com
Cloud VDI Infrastructure VMs For the cloud infrastructure service VMs, we created a shared network in CloudPlatform to hold the VMs and create a high-availability environment.
Infrastructure VMs VM No. of VMS OS VDH (GB) vCPU Memory GB Purpose
XenDesktop Controller VMs
2 Windows 2012 R2
StoreFront 2 Windows 2012 R2
CP Manager 2 Centos 6.4
License Server
1 Windows 2012 R2
AD/DNS/DHCP 2 Windows 2012 R2
SQL 2 Windows 2012 R2
Hosted Shared Desktops The HSD VMs were configured as follows:
x 4 vCPU x 12 GB memory x 40 GB VHD x 25 GB write cache file
Each pod supported 32 HSD VMs: a total of 32 HSD VM instances across the eight physical XenServer/CloudPlatform servers in zone 1.
Each HSD will support 50 users; that equals 200 users per server and 1,600 users for zone 1 in our design. We installed each HSD VM with MS WS2012 R2.
XenMobile Configuration Overview XenMobile was included in the data center configuration and was upgraded to XenMobile 9. If you are running the enterprise version of XenMobile, you must upgrade both the device manager and the app controller. Steps on how to perform the upgrades and obtain the software can be found in Citrix eDocs.
It should be noted that our configuration did not cluster the device managers. There is a very specific process to upgrade a cluster, which can be found here.
This XenMobile installation does not currently follow the suggested best practices for high availability. Please refer to Citrix eDocs or ask your Citrix consultant how to configure XenMobile for HA.
One of the stumbling blocks is configuring the XenMobile certificates. Appendix B shows how to configure the SSL certificate for the device manager.
Conclusions As stated in the beginning of this document, the goal was to upgrade the existing XenDesktop and XenMobile components and then add a CloudPlatform environment to create an enterprise cloud. The upgrade process for both XenMobile and XenDesktop are documented in Citrix eDocs to ensure you have access to the most up-to-date steps in performing the upgrades. eDocs also has complete steps for new installations of both XenDesktop and XenMobile.
Our testing focused on doing the upgrade process in an existing data center. Both upgrades were completed without issue, and testing against XenMobile and XenDesktop was able to continue without interruption. This test bed has since been used for testing NetScaler products as well as large -cale storage testing without issue around the performance of the upgrades. This additional testing will be detailed in upcoming Citrix Solutions Lab documentation. Also, Appendix B addresses the issues around configuring SSL certificates for XenMobile.
As for the cloud deployment, enterprises are exploring utilizing on-premise clouds to solve different virtual desktop access issues. A cloud provides separation between the data center and the virtual desktop while still allowing access to company data through Citrix ShareFile. An on-premises cloud allows even better control and access to Active Directory and data. This document explains the steps necessary to deploy your own enterprise cloud along with hints and tips on some of the issues we encountered and how we addressed them. For example, CloudPlatform uses guest networks within the cloud, and often, more than one guest network is required. Appendix A defines how to create multiple guest networks within CloudPlatform.
Adding an On-Premises Enterprise Cloud
22 citrix.com
Appendix A
Multiple Physical Guest Networks to a Zone This configuration requires the advanced zone model. As shown in the screenshot below, you must assign a name to each physical network in XenServer. You also need to edit the Management, Public and Storage categories because this is where the actual assigned XenServer Traffic label maps to the physical network in XenServer. (By clicking Edit under each traffic type, you can ensure that the correct XenServer physical network names are assigned to appropriate traffic types.)
We wanted to use two guest networks (the green traffic type ―bubbles‖) on two different physical NICs, so we set the two XenServer Traffic Types to Guest and PVS, ensuring that each traffic type had a unique network name that matches the physical network name used in XenServer. We successfully created the zone this way, but we did not have the ability to define networks in CloudPlatform. We received an error message stating that we need to create tags for each guest network under the physical NIC properties. So we added a tag to each of the physical NICs in CloudPlatform and no longer received the error, but we still did not have the ability to create a network with this physical NIC until we created the XenServer Traffic Label that had been assigned to that network and created a network offering that had the same tag to match the XenServer Traffic Label.
When you are running two physical guest networks, you must create unique network offerings that map to the tags you entered on the physical NIC. To do this, you need to create two new
Adding an On-Premises Enterprise Cloud
23 citrix.com
―DefaultIsolatedNetworkOfferingWithSourceNatService‖ network offerings — one tagged Guest, and one tagged PVS. Once you create this new network offering, the original ―DefaultIsolatedNetworkOfferingWithSourceNatService‖ will no longer function because it has no tag assigned. You also will need to do this for the ―DefaultIsolatedNetworkOffering‖ because this is also used for the guest networks. Because the original has no tag, it will not work, as both our guest networks have tags assigned.
We have multiple physical guest networks, so network offerings need to be created and tagged. The tags need to match the XenServer Traffic Type label so that CloudPlatform knows to which interface it needs to map the network service offering.
Adding an On-Premises Enterprise Cloud
24 citrix.com
Create an isolation network in the CloudPlatform account used by XenDesktop.
C:\Program Files\Citrix\MachineCreation\Service\VolumeWorkercopy the ctxvwd-1.1-1.i386.rpm file to the VM Instance.
Install the Citrix volume worker package
yum install ctxvwd-1.1- 1.i386.rpm,
and press Y to accept the downloads and installation.
Configure the Citrix service for CloudPlatform with /etc/ctxvwd/select-platform CCP.
Remove the /etc/udev/rules.d/70-persistent-net.rules file if present.
Adding an On-Premises Enterprise Cloud
42 citrix.com
Remove the /var/lib/dhclient/dhclient-eth0.leases file if present.
Start the ctxvwd service. This initializes the service data and then shuts down the machine.
Service ctxvwd start
Adding an On-Premises Enterprise Cloud
43 citrix.com
XenApp and XenDesktop concepts and deployment
Adding an On-Premises Enterprise Cloud
44 citrix.com
Adding an On-Premises Enterprise Cloud
45 citrix.com
Add a tag using the key Citrix.XenDesktop.Template.Role and the value VolumeServiceWorkerRole.
Adding an On-Premises Enterprise Cloud
46 citrix.com
Create a machine catalog for shared hosted desktops.
Adding an On-Premises Enterprise Cloud
47 citrix.com
Adding an On-Premises Enterprise Cloud
48 citrix.com
Adding an On-Premises Enterprise Cloud
49 citrix.com
Adding an On-Premises Enterprise Cloud
50 citrix.com
Adding an On-Premises Enterprise Cloud
51 citrix.com
Adding an On-Premises Enterprise Cloud
52 citrix.com
Adding an On-Premises Enterprise Cloud
53 citrix.com
Adding an On-Premises Enterprise Cloud
54 citrix.com
Adding an On-Premises Enterprise Cloud
55 citrix.com
Adding an On-Premises Enterprise Cloud
56 citrix.com
The following are screenshots take from the configuration of the NetScaler.
Creating virtual IP address (VIP) to StoreFront for XenDesktop:
Adding an On-Premises Enterprise Cloud
57 citrix.com
Configuring Load Balance
Adding an On-Premises Enterprise Cloud
58 citrix.com
Adding an On-Premises Enterprise Cloud
59 citrix.com
Adding an On-Premises Enterprise Cloud
60 citrix.com
Adding an On-Premises Enterprise Cloud
61 citrix.com
Appendix B Prerequisites
x Include any intermediate certificates to the certificate chain x External SSL certificate file in .p12 format copied locally to the Device Manager server x Must have access to password of SSL certificate file x
Configuration
The following two XDM server files must be edited:
x pki.xml x server.xml
Instructions
Complete the following steps to configure external SSL certificate:
1. On the XDM server, browse to the pki.xml file, located at: C:\Program Files (x86)\Citrix\XenMobile Device Manager\tomcat\webapps\zdm\WEB-INF\classes\pki.xml.
2. In this file, add the bean ID (copy and paste): <bean id="externalSslCert" class="com.sparus.nps.pki.def.KeyStoreParams" p:keyStoreType="PKCS12" p:keyStorePath="C:\yoursslcert.p12" p:entryAlias="" p:keyStorePass="yourpassword" p:publiclyTrusted="true" />
Adding an On-Premises Enterprise Cloud
62 citrix.com
3. Edit the string keyStorePath to point to the location of the External SSL certificate.
4. Edit the string keyStorePass with the SSL certificate password.
5. In the same file, search for the string legacySslCert and replace with externalSslCert. Old entry:
New entry:
6. On the XDM server, browse to the server.xml file, located at C:\Program Files
(x86)\Citrix\XenMobile Device Manager\tomcat\conf\server.xml. 1. Search for the string Connector Port=”443” and then add the SSL certificate path and
password as defined in the pki.xml file (Steps 3-4).
Adding an On-Premises Enterprise Cloud
63 citrix.com
2. Search for the string Connector Port=”8443” and then add the SSL certificate path and
password as defined in the pki.xml file (Steps 3-4).
Adding an On-Premises Enterprise Cloud
64 citrix.com
7. Save and close the file.
8. Restart the Device Manager Service.
Adding an On-Premises Enterprise Cloud
65 citrix.com
Corporate Headquarters
Fort Lauderdale, FL, USA
India Development Center
Bangalore, India
Latin America Headquarters
Coral Gables, FL, USA
Silicon Valley Headquarters
Santa Clara, CA, USA
Online Division Headquarters
Santa Barbara, CA, USA
UK Development Center
Chalfont, United Kingdom
EMEA Headquarters
Schaffhausen, Switzerland
Pacific Headquarters
Hong Kong, China
About Citrix
Citrix (NASDAQ:CTXS) is a leader in mobile workspaces, providing virtualization, mobility management, networking and cloud services to enable new ways to work better. Citrix solutions power business mobility through secure, personal workspaces that provide people with instant access to apps, desktops, data and communications on any device, over any network and cloud. This year Citrix is celebrating 25 years of innovation, making IT simpler and people more productive. With annual revenue in 2013 of $2.9 billion, Citrix solutions are in use at more than 330,000 organizations and by over 100 million users globally. Learn more at www.citrix.com.