Upload
bertram-marshall
View
215
Download
2
Tags:
Embed Size (px)
Citation preview
•Project Overview and Release notes
•New Concepts and Quick Deploy
• Installation with Quick Deploy
•Components and Architecture
•Hosting Management
•Machine Creation Services
Agenda (1 of 2)
•Virtual Desktop Agent 5
•Desktop Studio
•Desktop Director
•Active Directory-based Policies
•VM-hosted Applications
•Scalability and Best Practices
Agenda (2 of 2)
• Simplified Install – Quick Deploy
• Simplified Desktop Deployment and Machine Creation
• Fewer Management Consoles
• Active Directory-based Policies
• Printing Optimizations
Key new features
• Release to Web (RTW) Dec 3, 2010
• General Availability (GA) Dec 17, 2010
XenDesktop 5 release schedule
Licensing Express VDI Enterprise PlatinumNamed User 10 Included Included IncludedDevice based Included Included IncludedConcurrent User IncludedComponents Express VDI Enterprise PlatinumController Included Included Included IncludedXenServer XenServer XenServer ENT XenServer ENT XenServer ENTMachine Creation Services Included Included IncludedPVS for desktops Included IncludedPVS for servers Included IncludedWorkflow Studio Included Included IncludedProfile Management Included Included IncludedStorage Link Included Included IncludedAccess Gateway ICA ICA FullXenApp ENT PLATHDX 3D Included IncludedEdgeSight for VDA IncludedRepeater plug-in IncludedSingle Sign on IncludedXenClient Included Included
Citrix Confidential - Do Not Distribute
Features and editions “Eye Chart”
Sites•XenDesktop deployment in single geographical location
•Previously known as a Farm in XD4
Hosts•Infrastructure comprised of hypervisors (resource pools or clusters), storage and other virtualization components
•Each site can have multiple host connections
New Concepts in XenDesktop 5
Catalogs•A grouping of similar desktop machines from 1 or more hypervisors
Desktop Groups•Desktops from one or more catalogs - not limited to a single hypervisor pool - assigned to users
•Single user may access multiple desktops in the group or a single desktop may be assigned for use by multiple users
•Similar to the concept of Desktop Groups in XD4
New Concepts in XenDesktop 5
Citrix Confidential - Do Not Distribute
XenDesktop 4 vs XenDesktop 5
In XenDesktop 4 In XenDesktop 5
• Farm
• Desktop Group
• DDC / broker /controller
• IMA data store
• AD Config Wizard
• Idle Pool Settings
• Site
• Desktop group (assignment)
• DDC / broker /controller
• SQL database
• Registry-based
• Desktop Group / Power Mgmt
Site Hosts, Catalogs, Desktop Groups
Site
Host (s)
Catalogs
Desktop Groups
Host (s)
Catalogs
Desktop Groups
• Pooled - direct copies of the master VM, no customization
• Dedicated - permanently assigned to individual users, with customization
• Existing – previously created virtual machines
• Physical - desktops hosted on dedicated blade servers; no centralized power control
• Streamed - vDisk imaged from a master target device with Provisioning Services
Machine Type Definitions
Catalog
Desktop Group
1
Desktop Group 2 Desktop
Group 3
Catalog design increases scale and resilience
HypervisorHypervisor
Hypervisor Hypervisor
• No IMA in XenDesktop 5 Controller
• No IMA data store or local host cache
• No XML Blob
• No AD Configuration Wizard or Farm OU
• No Terminal Services requirement
• New SQL database – no support for Oracle or Access
*NEW* Installation – Server Side
• XenDesktop Controller supports Windows Server 2008 and 2008 R2 only
• To use “Quick Deploy” all components must be on same box
• Quick Deploy assumes SQL Express on same machine
• Uses the same License Server as XenDesktop 4 (11.6.1)
• PowerShell 2.0 is downloaded during the installation• GOTCHA : Manually install PowerShell if you don’t have internet access
Installation – Server Side
• Microsoft Windows Server 2008, Standard or Enterprise Edition, with Service Pack 2
• Microsoft Windows Server 2008 R2, Standard or Enterprise Edition• Service Pack 1 will be supported
• Microsoft .NET Framework, Version 3.5, with Service Pack 1
• Microsoft Internet Information Services (IIS) and ASP.NET 2.0• IIS is required only if you are installing the Web Interface, the License Server, or
Desktop Director
Controller – System Requirements
• Microsoft SQL Server 2008 R2
• Microsoft SQL Server 2008 R2 Express Edition
• Microsoft SQL Server 2008, with Service Pack 2 installed
• Microsoft SQL Server 2008 Express Edition, with Service Pack 1 installed• We will ship with SQL Server Express 2008 R2
Windows integration authentication required
Controller – Database Requirements
• VDA now uses “registry based” registration.• Broker details are stored in the registry of the desktop
• PowerShell scripts can be run to set up registry based VDA registration
• VDA command line options• FORCEWDDMREMOVE – For physical machines or VMware• NOWINRM – for WinXP• GPO install of VDA is documented here
http://support.citrix.com/article/CTX127301
• In place VDA upgrade is supported
Installation – Client Side
• Proven to scale
• Single image management workflows
• Actively being developed
• Additional console - PVS console
• Infrastructure requirements
Provisioning Services with XenDesktop 4
XenDesktop 4 with PVS
SA N
XenServer
XenApp
PVS
Active Directory with roaming
profiles
DesktopDelivery Controller
Virtual Machines
“desktop proxy stream”
• New: Machine Creation Services• Benefits of Provisioning Services• Optimized for Hypervisor environments• Low Deployment Investment
• Machine Creation Services:1.Citrix Machine Creation Service
• Creates new Virtual Machines2.Citrix AD Identity Service
• Manages Active Directory Computer Accounts
3.Citrix Machine Identity Service• Manages Virtual Machine Storage
New Option with XenDesktop 5.0
Storage Configuration
Provisioning Services:Provisioning
ServicesStorage
Machine Creation Service:
Hypervisor(s)
• Caches ‘base image’ in RAM for fast delivery
StorageHypervisor(s)RAM
Cache
• Caches ‘base image’ in RAM for fast delivery
• Rack-friendly, 0U hit for RAM cache
High-level Service-Oriented Architecture
Desktop Broker
Broker Service
Machine CreationService
AD Identity Service
Machine Identity Service
Host Service
Central Config Service
SQL Server
Desktop StudioDesktop Director
PowerShell WCFSDK available for automation
Virtual Desktop
WinRM(WMI)
hypervisor
storage
A
Master VM
Master VMimage
A A A A A A A
identitydiff disk
Provisioning Services for VDI (MCS)
Machine Creation Service: How it works
VM
Master Disk
VM VM
Diff DiskId Disk
Diff DiskId Disk
Diff DiskId Disk
Storage
• One copy of the base image shared by all VMs
• Space reclaimed every boot
• Persistent Identity uses little space
Provisioning / Update / Rollback
Master VM
Snapshot
Snapshot
Snapshot
Snapshot
Golden Image
#1. Consolidate
Base ImagePat
ches
Diff Diff
VM VM
#2. Provision
• Patch history kept as snapshots (deep chain)
• Flatten chain for best performance• Can take time
• Rapid provisioning of VMs
Citrix Confidential - Do Not Distribute
• Update the master vm
• Modify the pooled machine catalog in Desktop Studio by choosing the “Update” option
• Specify the strategy as immediate or next login
Updating the master VM for pooled desktops
Citrix Confidential - Do Not Distribute
• User changes are persistent and kept in diff disk
• Updates must be managed on a individual basis or using 3rd party EDS tools
Dedicated Catalog Updates
Recommended
• Almost any shared storage will work, but...
Machine Creation Service: Compatible Storage
• NFS
• Low Scale:• VMFS
ESX
• NFS
• Low Scale:• FC• iSCSI• DAS
XenServer
• CSV(Clustered Shared Volume)
Hyper-V
High-level Service-Oriented Architecture
Desktop Broker
Broker Service
Machine CreationService
AD Identity Service
Machine Identity Service
Host Service
Central Config Service
SQL Server
Desktop StudioDesktop Director
PowerShell WCFSDK available for automation
Virtual Desktop
WinRM(WMI)
Citrix Confidential - Do Not Distribute
AD Account Management
Pool
VMId
Disk
Provision
De-provision
Reset
AD Admin
Create
XD AdminImport
Combined Admin
Create
Import
• New in XD 5!
• Active Directory accounts tracked at all times
• Image Optimizer• PVS component used to adjust OS parameters
• Encryption support for the database
• CDF tracing enabled on machine creation services
MCS – Additional Information
Citrix Confidential - Do Not Distribute
MCS isn’t linked clones…..
Linked Clones MCS
• Sysprep thrashes storage
• Doesn’t manage AD accounts
• Store credentials in DB
• No sysprep, PVS identity management
• Active AD account management and re-use
• AD Account import
Citrix Confidential - Do Not Distribute
When to use which …..
MCS PVS
• POC / Pilots / Demos
• Smaller scale VDI• To start with• Scale will be proved with
testing
• VDI Only
• POC / Pilots for mixed
• Large scale VDI
• FlexCast• Mixed desktops
1) Create a virtual machine (Win7, WinXP or Vista) and install the VDA and other basic applications
2) Install XenDesktop 5 and select all components
3) Select Quick Deploy configuration and use the virtual machine as the master vm
Concept of “Quick Deploy” Using MCS
• All components must be on same box
• Assumes SQL Express on same machine
• Works with XenServer, Hyper-V or ESX
• Choice of Pooled or Assigned (VDI) desktops only with single Desktop Group
• Uses limited desktop naming convention
Quick Deploy Installation & Configuration
Quick Deploy. The wizard does all of this…
Site
•Creates the XD Site with db, WI sites
Host
•Connects to the Hosting Infrastructure
Resources
•Connects to the Storage Infrastructure
Master
Image
•Determines the Master VM Image
VM Information
•Specifies the VM Information
Users
•Defines which users can access desktops
…and does this
Configuring Services• Obtain schema creation SQL scripts from
services• Create database and apply schema
creation SQL scripts• Point services at newly created database• Register and join services with config
serviceConfiguring Machine Creation• Create machine accounts in the identity
pool• Create a provisioning scheme by copying
master VM• Create machines using the provisioning
scheme• Add machines to the broker catalog
Configuring Host• Identify and configure specified hypervisor
connection and hosting unit (via ‘Hyp’ service)
• Create broker catalog and hypervisor connection
• Configure ’Acct’ service identity pool
Configuring Desktop Group• Create broker desktop group (including
access policy rule, entitlement policy rule, power time schemes etc)
• Add machines from catalog to the desktop group
High-level Service-Oriented Architecture
Desktop Delivery Controller
Broker Service
Machine CreationService
AD Identity Service
Machine Identity Service
Host Service
Central Config Service
SQL Server
Desktop StudioDesktop Director
PowerShell WCFSDK available for automation
Virtual Desktop
WinRM(WMI)
• Each service is informed of the database connection details
• Each service is registered with the central config service
• Each service has specific database tables created by scripts
SQL Database SQL Server
Worker Endpoints
Worker Registrations
Worker Index
Worker Names
DiagWorker
Workers
Workers
Brokered Sessions Sessions WI Sessions
Desktop Groups
Desktops
Catalogs
Licenses
Configuration Schema:
chb_Config
State Schema:chb_State
SQL Database: Broker Service Schema
Soft Registrations
• Reads/Writes to SQL Database
• Interacts with WI & AG & NetScaler during launch requests• Uses XML component rewritten in .NET
• License Server• Licensing wrapper written in .NET uses License Policy Engine DLL
• SDK - WCF to PowerShell snap-in
• Hosting unit – ‘HCL’ and plugins with connection details
• VDA agent service – WCF/CBP
• Machine Identity Service• ResetVM
Main Broker Interactions
Citrix Confidential - Do Not Distribute
Broker Service DetailedInteractions
Administration Machine
PowerShell Snap-in
Hypervisor & Storage
VDA
VDA
Workstation Agent
Broker Service
IIS
WI Sites Desktop Director Site
Infrastructure & Machine
Creation Services
Hosting Management
License Server Database
SDK (WCF)
CBP (WCF)
Active Directory
Http or PS (via HCL)
WCF
XML (http)
LDAP
WCF
XML Service SDK Admin service
License Management
Database Access
VDA Management
Service Control
WCF
High-level Service-Oriented Architecture
Desktop Delivery Controller
Broker Service
Machine CreationService
AD Identity Service
Machine Identity Service
Host Service
Central Config Service
SQL Server
Desktop StudioDesktop Director
PowerShell WCFSDK available for automation
Virtual Desktop
WinRM(WMI)
• Stores ‘Global’ meta-data about all services • Service configuration information
• Minimizes configuration (avoid WI/XML service situation in future)
• Minimize dependencies on Active Directory
Central Configuration Service
• Functionality modules that run in the broker service
• Runs on only one broker per site (configurable)
• There is a heartbeat from other brokers so failover will take place if it goes down
• PS C:\> Get-BrokerSite
Site Services
• Reaper services - finds and marks failed controllers, finds and kills expired launch sessions
• Cache Refresh - does async AD lookups of DDC, VDA and user names
• Licensing - communicates with license server to manage ‘permanent’ licenses
• Registration Hardening – completes soft registered machines
• Power Policy - manages idle pool levels and initiates policy power actions
• Group Usage - monitors how many desktops are in use in each group
What does Site Services do?
High-level Service-Oriented Architecture
Desktop Delivery Controller
Broker Service
Machine CreationService
AD Identity Service
Machine Identity Service
Host Service
Central Config Service
SQL Server
Desktop StudioDesktop Director
PowerShell WCFSDK available for automation
Virtual Desktop
WinRM(WMI)
•Creates and manages hypervisor connections and hosting units
•Broker service polls the host service for hypervisor credentials and passes them on to the HCL for access to VMs
•Hypervisor Communication Library (HCL) is a wrapper around the plugins (XS, ESX, HyperV)• Does machine cloning• Stops and starts VMs
Hosting Unit Service
Host ConnectionsXenDesktop 5 Site
Virtual Center -ESX
XenServer Pool 2
XenServer Pool 1
SCVMM – HyperV
Desktop Groups
CatalogCatalog
Catalog
• Idle Pool Count is configured under "Power Management" in the properties of Desktop Groups
• Stops/starts performed on hypervisor are queued in the SQL database
• Throttling is configurable with SDK
Power Action Queues
• Time scheme defines which hours are peak or off peak
• Time scheme defines the pool size and pool size is the number of machines in the running state
• Buffer size is the % of machines in the pool to keep in the IDLE state
• Power Policy Actions are defined for each desktop group
Power Time Schemes and Policy Actions
VDA 5 Architecture
Back-end Components
Hosting Components
PortICA
Desktop Service
WCF
WCF(CBP)
Machine Personality Service Client
Creation
Group Policy Processing
(FullArmor support)
Group Policy
Registry
“Virtual Desktop Agent”
RDP Plug-In
WCF
Admin Components
DCOM or WinRM
Identity Disk (VHD)
Use andupdate datathrough file
system access
** New Services:Group Policy EnginePvs for VMs Service
• Registry based VDA registration with FQDN of brokers in the registry during install
• PowerShell script can be run to set up registry based VDA registration for full desktop deployments
• Port 80 is default registration port
• VDA command line options• FORCEWDDMREMOVE (for physical or VMware)• NOWINRM (for WinXP only)
VDA Installation
• Post-install configuration•“ConfigRemoteMgmt.exe” tool turns on Remote Access and WinRM
•“ConfigurationApp.exe” runs a desktop optimization for virtual machines
• Upgrade the VDA first Not backward compatible VDA 4.0 cannot register with XenDesktop 5VDA 5.0 can register with XD4 DDC * In place upgrade is supported for VDA
VDA Installation
• Printing enhancements require 12.1 client and VDA 5
• Webcam Redirection - Supports OCS
• New popup welcome screen (can be disabled via GPO)
• MediaStream disconnect/reconnect - Media Player can now continue playing (pause/resume) after a reconnected session.
• All XD4 SP1 fixes (Project Medoc) are in the VDA 5
VDA features
• MMC console for XenDesktop Configuration and Administration
• Read/writes to DDC, AD and PVS
• Replaces the Delivery Services Console
Desktop Studio
Desktop Studio Architecture
Desktop StudioXD Services
Scripts
Broker
MCS
Host
AD Identity
Configuration
WCF
The rest of the
environmentXenServer,
VDAs
Active Directory
LDAP(S)
PvS
54321
UI
PoSH
Interface
• PowerShell scripts interact with the broker
• Uses the public XD API PowerShell SDK
• Unity.config file controls the layout of DesktopStudio console
• Logging is enabled through mmcsnapin.dll.config file (disabled by default)
• PowerShell scripts also interact directly with PVS
Desktop Studio runs on PowerShell
• Configurable alerts to the dashboard
• Can use SDK to get email alerts
• Categories are not configurable
• Hypervisor may be bottleneck on backend when large amounts of data are collected
• Same dashboard is part of Desktop Director
Desktop Studio Dashboard
• Red X can mean that it cannot display correct data – It does a best effort
• Press CTRL-C for pop up messages to get error details and paste into notepad (when Details>> is not present)
• PowerShell scripts will be the better way in many cases for large environments
Error popups in Desktop Studio
• Web based administration for real time data
• Designed for Help Desk to monitor and manage
• Displays session details• Search per user / desktop
• No SSO support at present
Desktop Director
Administration Components – Desktop Director
Windows Metrics
PortICA
Workstation Agent
WCF
WMI/WBEMXD Services
Broker
MCS
Host
AD Identity
Configuration
DD website
WCF
HTTPS
WCF
• Full administrator - Full administration rights. Only local administrators have this role by default and can create further full or delegated administrators
• Read-only administrator – View all but no changes. Attempted edits will not be saved
• Machine administrator - owns the catalogs, builds the virtual desktops and specify which Desktop Group administrators can consume the images created
• Desktop Group administrator – creates desktop groups from catalogs and assigns them to users. Can specify which helpdesk administrators are permitted to support these users
• Help desk administrator - performs day-to-day monitoring and maintenance tasks, such as restarting a desktop or logging off a session
Management through Workflow
• Provides rich WMI data from VDA such as perfmon, event logs, hardware data and policy reports
• WinRM is on Windows 7 by default but must be manually installed on WinXP
• Must have local admin rights on VDA to view in Desktop Director
• WinRM 2.0 uses port 5985 and is a SOAP service
Viewing WinRM data
• Shadowing is done in Desktop Director
• Uses MS Remote Assistance, not ICA shadowing
• VDA install turns on Remote Assist by default
• Remote Assist must be enabled via Group Policy
• Client side Flash rendering cannot be shadowed
• Uses DCOM – potential firewall issues, browser settings
• Can be hidden in the UI and disabled via GPO
Shadowing Virtual Desktops
Administration Components – Summary
Management Workstation
Delivery Controllers
Desktop
Web Browser
MMC 3
PowerShell
Back-endServices
DMC Web App
Windows Metrics
PortICA
Workstation Agent
HTTPS
WCF
WCF
WCF
WMI/WBEM
WCF
ADGPMC Full Armor
Client
Registry
Registry,File System
• Full Armor implementation same as with XenApp 6
• Configured in Desktop Studio and stored in SQL database or configured and stored in Active Directory
• Desktop Studio will show both GPO and HDX policies
• Machine policies are reapplied at logon with user policies
• User policies evaluated at login and re-evaluated on reconnects
• Backward compatible with XD4 – VDA 5 will translate the XML blob
Active Directory based HDX policies
• Site policies, machine policies and user policies are all GPO based so gpupdate /force will update all policies
• GPO is processed by Windows and Site Policy is processed by Citrix Group Policy service – resultant set of policies is written to the registry
• Session based policies: HKLM\Software\Policies\Citrix\<session>\...
• Machine based policies: HKLM\Software\Policies\Citrix\...
• Machine based defaults (settings): HKLM\Software\Citrix\Group Policy\Defaults\...
Active Directory based HDX policies
Administration Components – Global HDX Policy
PortICA
ADDesktop Studio
Group Policy Service
Virtual DesktopRegistry
• Configure resolution, color depth and compression
• Optimize for better print quality or faster printing
• Users can also modify print quality by adjusting DPI settings
Printing Optimization Policies
VM-hosted Apps
• Fully integrated with XenDesktop 5 in Desktop Studio
• Apps can be launched from same desktop every time
• App is associated with a desktop and the Access Policy Rule associates an application with a user
• Provides persistent data and experience for user
• Checks out a XA license (must be ENT or PLAT XD)
• Content Redirection - must manually import file types with VDA in maintenance mode with “update file types”
• SharedApp – pooled desktop group will launch the app
• PrivateApp – assigned desktop to run the app. Can be pre-assigned or AoFU (App of first use)
• User initiates RequestAppData which starts with XMLservice BrokerDAL DB stored procedure which enumerates resources for user
• AppResoluiton then processes credentials, creates a ticket, ….. gets a brokered session and then launches the VM-hosted app and checks out a license.
VM hosted apps
Scalability, Tips and Tidbits
• No more bottleneck with farm master (XD4)
• All DDCs load balance launch requests
• All DDCs load balance VDA registration
• All DDCs talk to SQL database
• Single server scalability - disk I/O could be the bottleneck and logon rate plays a role here
• DDCs should be close to SQL Server
• DB failure = Broker failure = Site failure
• SQL Mirror – best option for HA
• Database sizing -150 MB for 20,000 VDAs - more to follow on sizing and scaling
• SQL transaction log is required for mirroring and could get very large
• Broker log is enabled in CDSController config – same as in XD4
Scalability, Tips and Tidbits
• Multi-site deployment is same as with XD4 (Use WI to aggregate sites)
• Site services - runs on only one broker per site but there is a heartbeat from other brokers so failover will take place if it goes down
• AG needs 'TrustRequestsSenttoXMLport=TRUE' (default is FALSE)
Scalability, Tips and Tidbits
Resources
Product Documentationhttp://support.citrix.com/proddocs/index.jsp XenDesktop 5 Reference Architecturehttp://support.citrix.com/article/CTX127587 CXD-101-2 Citrix XenDesktop 5 Overviewhttp://citrixtraining.com/courses/course_view.cfm/course_id:276?cgroup_id=30&cpn_id=281 XenDesktop 5 Quick PoC Kit (requires mycitrix login)http://www.citrix.com/xendesktop/pockit XenDestop Setup Wizard Workaround for XenDesktop 5 and Provisioning Services 5.6http://support.citrix.com/article/CTX128283