XD-220-E-P-XenDesktop 5-TechnicalCompreshensivev1.5x
Download
Report
Transcript XD-220-E-P-XenDesktop 5-TechnicalCompreshensivev1.5x
XenDesktop 5
Comprehensive Technical
Worldwide Technical Readiness
February 28, 2011
Agenda (1 of 2)
• Project Overview and Release notes
• New Concepts and Quick Deploy
• Installation with Quick Deploy
• Components and Architecture
• Hosting Management
• Machine Creation Services
Agenda (2 of 2)
• Virtual Desktop Agent 5
• Desktop Studio
• Desktop Director
• Active Directory-based Policies
• VM-hosted Applications
• Scalability and Best Practices
Project Overview and
Release Notes
Key new features
• Simplified Install – Quick Deploy
• Simplified Desktop Deployment and Machine Creation
• Fewer Management Consoles
• Active Directory-based Policies
• Printing Optimizations
XenDesktop 5 release schedule
• Release to Web (RTW)
Dec 3, 2010
• General Availability (GA)
Dec 17, 2010
Features and editions “Eye Chart”
Licensing
Named User
Device based
Concurrent User
Components
Controller
XenServer
Machine Creation Services
PVS for desktops
PVS for servers
Workflow Studio
Profile Management
Storage Link
Access Gateway
XenApp
HDX 3D
EdgeSight for VDA
Repeater plug-in
Single Sign on
XenClient
Express
10
Express
Included
XenServer
VDI
Included
Included
Included
VDI
Included
XenServer ENT
Included
Included
Included
Included
ICA
Enterprise
Included
Included
Platinum
Included
Included
Enterprise
Included
XenServer ENT
Included
Included
Included
Included
Included
Included
ICA
ENT
Included
Platinum
Included
XenServer ENT
Included
Included
Included
Included
Included
Included
Full
PLAT
Included
Included
Included
Included
Included
Included
Citrix Confidential - Do Not Distribute
New Concepts and Quick Deploy
New Concepts in XenDesktop 5
Sites
•XenDesktop deployment in single geographical
location
•Previously known as a Farm in XD4
Hosts
•Infrastructure comprised of hypervisors (resource pools
or clusters), storage and other virtualization
components
•Each site can have multiple host connections
New Concepts in XenDesktop 5
Catalogs
•A grouping of similar desktop machines from 1 or
more hypervisors
Desktop Groups
•Desktops from one or more catalogs - not limited to a
single hypervisor pool - assigned to users
•Single user may access multiple desktops in the
group or a single desktop may be assigned for use by
multiple users
•Similar to the concept of Desktop Groups in XD4
XenDesktop 4 vs XenDesktop 5
In XenDesktop 4
In XenDesktop 5
• Farm
• Site
• Desktop Group
• Desktop group (assignment)
• DDC / broker /controller
• DDC / broker /controller
• IMA data store
• SQL database
• AD Config Wizard
• Registry-based
• Idle Pool Settings
• Desktop Group / Power Mgmt
Citrix Confidential - Do Not Distribute
Site Hosts, Catalogs, Desktop Groups
Site
Host
Host (s)
(s)
Catalogs
Catalogs
Desktop
Desktop
Groups
Groups
Machine Catalog Types
Desktop
Catalogs
•
•
•
•
•
Pooled
Dedicated
Existing
Physical Machines
Streamed
Machine Type Definitions
• Pooled - direct copies of the master VM, no
customization
• Dedicated - permanently assigned to individual
users, with customization
• Existing – previously created virtual machines
• Physical - desktops hosted on dedicated blade
servers; no centralized power control
• Streamed - vDisk imaged from a master target
device with Provisioning Services
Catalog design increases scale and resilience
Desktop
Group
1
Hypervisor
Hypervisor
Desktop
Group 2
Catalog
Desktop
Group 3
Hypervisor
Hypervisor
Machines and Desktop Groups
• 5 machines
• 3 assigned
Users can run multiple desktops in a group
Desktop2
Desktop3
Desktop1
User1
Desktops assigned to user or client IP
User2
User1
Desktop
Client IP
Address
Installation with Quick Deploy
*NEW* Installation – Server Side
• No IMA in XenDesktop 5 Controller
• No IMA data store or local host cache
• No XML Blob
• No AD Configuration Wizard or Farm OU
• No Terminal Services requirement
• New SQL database – no support for Oracle or Access
Installation – Server Side
• XenDesktop Controller supports Windows Server 2008 and
2008 R2 only
• To use “Quick Deploy” all components must be on same box
• Quick Deploy assumes SQL Express on same machine
• Uses the same License Server as XenDesktop 4 (11.6.1)
• PowerShell 2.0 is downloaded during the installation
• GOTCHA : Manually install PowerShell if you don’t have internet access
Controller – System Requirements
• Microsoft Windows Server 2008, Standard or Enterprise
Edition, with Service Pack 2
• Microsoft Windows Server 2008 R2, Standard or Enterprise
Edition
• Service Pack 1 will be supported
• Microsoft .NET Framework, Version 3.5, with Service Pack 1
• Microsoft Internet Information Services (IIS) and ASP.NET
2.0
• IIS is required only if you are installing the Web Interface, the License Server, or
Desktop Director
Controller – Database Requirements
• Microsoft SQL Server 2008 R2
• Microsoft SQL Server 2008 R2 Express Edition
• Microsoft SQL Server 2008, with Service Pack 2 installed
• Microsoft SQL Server 2008 Express Edition, with Service
Pack 1 installed
• We will ship with SQL Server Express 2008 R2
Windows integration authentication required
Installation – Client Side
• VDA now uses “registry based” registration.
• Broker details are stored in the registry of the desktop
• PowerShell scripts can be run to set up registry based VDA
registration
• VDA command line options
• FORCEWDDMREMOVE – For physical machines or VMware
• NOWINRM – for WinXP
• GPO install of VDA is documented here
http://support.citrix.com/article/CTX127301
• In place VDA upgrade is supported
**New Concept**
Machine Creation Services Provisioning Services for VDI
Provisioning Services with XenDesktop 4
• Proven to scale
• Single image management workflows
• Actively being developed
• Additional console - PVS console
• Infrastructure requirements
“desktop proxy stream”
Desktop
Delivery Controller
Virtual Machines
Active Directory
with roaming
profiles
PVS
XenServer
XenApp
SAN
New Option with XenDesktop 5.0
• New: Machine Creation Services
• Benefits of Provisioning Services
• Optimized for Hypervisor environments
• Low Deployment Investment
• Machine Creation Services:
1.Citrix Machine Creation Service
• Creates new Virtual Machines
2.Citrix AD Identity Service
• Manages Active Directory Computer Accounts
3.Citrix Machine Identity Service
• Manages Virtual Machine Storage
Storage Configuration
Provisioning Services:
Hypervisor(s)
Provisioning
Services
Storage
• Caches ‘base image’ in RAM for fast
delivery
Machine Creation Service:
Hypervisor(s)
• Rack-friendly, 0U hit for RAM cache
RAM
Cache
Storage
• Caches ‘base image’ in RAM for fast
delivery
High-level Service-Oriented Architecture
Desktop
Director
Desktop Studio
PowerShell
SDK available for automation
Machine
Creation
Service
AD Identity
Service
WinRM
(WMI)
WCF
Desktop Broker
Host
Service
Machine
Identity
Service
SQL
Server
Broker
Service
Central
Config
Service
Virtual
Desktop
Provisioning Services for VDI (MCS)
A
Master VM
A
A
A
A
A
A
hypervisor
A
Master VM
image
diff disk
identity
storage
Machine Creation Service: How it works
VM
VM
VM
Storage
Id Disk
Diff
Disk
Id Disk
Diff
Disk
• Persistent Identity
uses little space
• Space reclaimed
every boot
Master Disk
• One copy of the base
image shared by all VMs
Id Disk
Diff
Disk
Identity disk and diff disks
Citrix Confidential - Do Not Distribute
Identity Disk – Hidden by default
Protected by ACLs
Citrix Confidential - Do Not Distribute
Provisioning / Update / Rollback
Master VM
• Patch history kept as snapshots (deep chain)
Snapshot
• Flatten chain for best performance
• Can take time
Patches
Snapshot
Snapshot
#1. Consolidate
• Rapid provisioning of VMs
Base Image
Snapshot
Golden Image
Diff
Diff
VM
VM
#2. Provision
Updating the master VM for pooled desktops
• Update the master vm
• Modify the pooled machine catalog in Desktop Studio by
choosing the “Update” option
• Specify the strategy as immediate or next login
Citrix Confidential - Do Not Distribute
Dedicated Catalog Updates
• User changes are persistent and kept in diff disk
• Updates must be managed on a individual basis or using 3rd
party EDS tools
Citrix Confidential - Do Not Distribute
Machine Creation Service: Compatible Storage
• Almost any shared storage will work, but...
XenServer
Recommended
• NFS
• Low Scale:
• FC
• iSCSI
• DAS
ESX
• NFS
• Low Scale:
• VMFS
Hyper-V
• CSV
(Clustered Shared
Volume)
High-level Service-Oriented Architecture
Desktop
Director
Desktop Studio
PowerShell
SDK available for automation
Machine
Creation
Service
AD Identity
Service
WinRM
(WMI)
WCF
Desktop Broker
Host
Service
Machine
Identity
Service
SQL
Server
Broker
Service
Central
Config
Service
Virtual
Desktop
AD Account Management
Create
AD Admin
• Active Directory accounts tracked at all times
XD Admin
Import
Pool
Provision
Id
Disk
De-provision
Combined Import
Admin
• New in XD 5!
Create
Reset
Citrix Confidential - Do Not Distribute
VM
MCS – Additional Information
• Image Optimizer
• PVS component used to adjust OS parameters
• Encryption support for the database
• CDF tracing enabled on machine creation services
MCS isn’t linked clones…..
Linked Clones
MCS
• Sysprep thrashes storage
• Doesn’t manage AD
accounts
• Store credentials in DB
• No sysprep, PVS identity
management
• Active AD account
management and re-use
• AD Account import
Citrix Confidential - Do Not Distribute
When to use which …..
MCS
PVS
• POC / Pilots / Demos
• POC / Pilots for mixed
• Smaller scale VDI
• Large scale VDI
• To start with
• Scale will be proved with
testing
• FlexCast
• Mixed desktops
• VDI Only
Citrix Confidential - Do Not Distribute
Concept of “Quick Deploy” Using MCS
1) Create a virtual machine (Win7,
WinXP or Vista) and install the VDA
and other basic applications
2) Install XenDesktop 5 and select all
components
3) Select Quick Deploy configuration
and use the virtual machine as the
master vm
Quick Deploy Installation & Configuration
• All components must be on same box
• Assumes SQL Express on same
machine
• Works with XenServer, Hyper-V or
ESX
• Choice of Pooled or Assigned (VDI)
desktops only with single Desktop
Group
• Uses limited desktop naming
convention
Quick Deploy. The wizard does all of this…
Site
• Creates the XD Site with db, WI sites
Host
• Connects to the Hosting Infrastructure
Resourc
es
Master
Image
VM
Informat
ion
Users
• Connects to the Storage Infrastructure
• Determines the Master VM Image
• Specifies the VM Information
• Defines which users can access desktops
…and does this
Configuring Host
Services
• Identify
Obtain schema
and configure
creation
specified
SQL scripts
hypervisor
from
services and hosting unit (via ‘Hyp’
connection
• service)
Create database and apply schema
• Create
creationbroker
SQL scripts
catalog and hypervisor
• connection
Point services at newly created database
• Configure
Register and
’Acct’
joinservice
services
identity
with config
pool
service
Configuring Machine
Desktop Group
Creation
• Create broker
machine
desktop
accounts
group
in the
(including
identity
pool
access
policy rule, entitlement policy rule,
• power
Createtime
a provisioning
schemes etc)
scheme by copying
• Add
master
machines
VM
from catalog to the
• desktop
Create machines
group
using the provisioning
scheme
LAB Exercise 1: Quick Deploy
LAB Exercise 2: Observe the Installation
Components and Architecture
High-level Service-Oriented Architecture
Desktop
Director
Desktop Studio
PowerShell
SDK available for automation
Machine
Creation
Service
AD Identity
Service
WinRM
(WMI)
WCF
Desktop Delivery Controller
Host
Service
Machine
Identity
Service
SQL
Server
Broker
Service
Central
Config
Service
Virtual
Desktop
SQL Database
• Each service is informed
of the database
connection details
• Each service is registered
with the central config
service
• Each service has specific
database tables created
by scripts
SQL
Server
SQL Database: Broker Service Schema
Desktop
Groups
Catalogs
Desktops
Workers
DiagWorker
Workers
Worker
Names
Brokered
Sessions
Sessions
WI Sessions
Licenses
Worker
Index
Configuration
Schema:
chb_Config
Worker
Registrations
Worker
Endpoints
Soft Registrations
State Schema:
chb_State
Main Broker Interactions
• Reads/Writes to SQL Database
• Interacts with WI & AG & NetScaler during launch requests
• Uses XML component rewritten in .NET
• License Server
• Licensing wrapper written in .NET uses License Policy Engine DLL
• SDK - WCF to PowerShell snap-in
• Hosting unit – ‘HCL’ and plugins with connection details
• VDA agent service – WCF/CBP
• Machine Identity Service
• ResetVM
License
Server
Hypervisor & Storage
Infrastructure
& Machine
Creation
Services
Database
WCF
VDA
VDA
Broker
Service
Detailed
Interactions
WCF
Workstation Agent
Database Access
Service Control
License
Management
Hosting
Management
Http or PS
(via HCL)
CBP (WCF)
VDA Management
LDAP
Active Directory
SDK (WCF)
XML Service
SDK Admin service
Administration Machine
Broker Service
PowerShell Snap-in
WCF
XML (http)
WI Sites
IIS
Desktop Director Site
Citrix Confidential - Do Not Distribute
High-level Service-Oriented Architecture
Desktop
Director
Desktop Studio
PowerShell
SDK available for automation
Machine
Creation
Service
AD Identity
Service
WinRM
(WMI)
WCF
Desktop Delivery Controller
Host
Service
Machine
Identity
Service
SQL
Server
Broker
Service
Central
Config
Service
Virtual
Desktop
Central Configuration Service
• Stores ‘Global’ meta-data about all services
• Service configuration information
• Minimizes configuration (avoid WI/XML service situation in
future)
• Minimize dependencies on Active Directory
Site Services
• Functionality modules that run in the broker service
• Runs on only one broker per site (configurable)
• There is a heartbeat from other brokers so failover will take
place if it goes down
• PS C:\> Get-BrokerSite
What does Site Services do?
• Reaper services - finds and marks failed controllers, finds and kills
expired launch sessions
• Cache Refresh - does async AD lookups of DDC, VDA and user names
• Licensing - communicates with license server to manage ‘permanent’
licenses
• Registration Hardening – completes soft registered machines
• Power Policy - manages idle pool levels and initiates policy power
actions
• Group Usage - monitors how many desktops are in use in each group
Hosting Management
High-level Service-Oriented Architecture
Desktop
Director
Desktop Studio
PowerShell
SDK available for automation
Machine
Creation
Service
AD Identity
Service
WinRM
(WMI)
WCF
Desktop Delivery Controller
Host
Service
Machine
Identity
Service
SQL
Server
Broker
Service
Central
Config
Service
Virtual
Desktop
Host Management Overview
Hosting Unit Service
•Creates and manages hypervisor
connections and hosting units
•Broker service polls the host
service for hypervisor credentials
and passes them on to the HCL
for access to VMs
•Hypervisor Communication
Library (HCL) is a wrapper around
the plugins (XS, ESX, HyperV)
• Does machine cloning
• Stops and starts VMs
Host Connections
SCVMM – HyperV
Virtual Center -ESX
XenServer Pool 1
XenServer Pool 2
Desktop
Groups
Power Action Queues
• Idle Pool Count is configured
under "Power Management" in
the properties of Desktop
Groups
• Stops/starts performed on
hypervisor are queued in the
SQL database
• Throttling is configurable with
SDK
Power Time Schemes and Policy Actions
• Time scheme defines which hours are peak or off peak
• Time scheme defines the pool size and pool size is the
number of machines in the running state
• Buffer size is the % of machines in the pool to keep in the
IDLE state
• Power Policy Actions are defined for each desktop group
Virtual Desktop Agent 5
VDA 5 Architecture
Back-end
Components
WCF
(CBP)
Creation
Group Policy
Desktop Service
WCF
PortICA
Registry
Group Policy
Processing
(FullArmor support)
Machine Personality
Service Client
WCF
RDP Plug-In
“Virtual Desktop Agent”
Use and
update data
through file
system access
DCOM or WinRM
Admin
Components
Hosting
Components
Identity Disk (VHD)
** New Services:
Group Policy Engine
Pvs for VMs Service
VDA Installation
• Registry based VDA registration with FQDN of brokers in
the registry during install
• PowerShell script can be run to set up registry based VDA
registration for full desktop deployments
• Port 80 is default registration port
• VDA command line options
• FORCEWDDMREMOVE (for physical or VMware)
• NOWINRM
(for WinXP only)
VDA Installation
• Post-install configuration
•“ConfigRemoteMgmt.exe” tool turns on Remote Access and
WinRM
•“ConfigurationApp.exe” runs a desktop optimization for
virtual machines
• Upgrade the VDA first Not backward compatible
VDA 4.0 cannot register with XenDesktop 5
VDA 5.0 can register with XD4 DDC
* In place upgrade is supported for VDA
VDA features
• Printing enhancements require 12.1 client and VDA 5
• Webcam Redirection - Supports OCS
• New popup welcome screen (can be disabled via GPO)
• MediaStream disconnect/reconnect - Media Player can now
continue playing (pause/resume) after a reconnected
session.
• All XD4 SP1 fixes (Project Medoc) are in the VDA 5
LAB Exercise 3
LAB Exercise 4
Desktop Studio
Desktop Studio
• MMC console for
XenDesktop
Configuration and
Administration
• Read/writes to DDC,
AD and PVS
• Replaces the Delivery
Services Console
Desktop Studio Architecture
XD Services
Configuration
Desktop Studio
UI
Broker
Interface
MCS
Scripts PoSH
WCF
Host
AD Identity
LDAP(S)
Active Directory
54321
PvS
The rest of
the
environment
XenServer,
VDAs
Desktop Studio runs on PowerShell
• PowerShell scripts interact with the broker
• Uses the public XD API PowerShell SDK
• Unity.config file controls the layout of DesktopStudio console
• Logging is enabled through mmcsnapin.dll.config file
(disabled by default)
• PowerShell scripts also interact directly with PVS
Desktop Studio Dashboard
• Configurable alerts to the
dashboard
• Can use SDK to get email alerts
• Categories are not configurable
• Hypervisor may be bottleneck on
backend when large amounts of
data are collected
• Same dashboard is part of
Desktop Director
Error popups in Desktop Studio
• Red X can mean that it cannot display
correct data – It does a best effort
• Press CTRL-C for pop up messages
to get error details and paste into
notepad (when Details>> is not
present)
• PowerShell scripts will be the better
way in many cases for large
environments
Desktop Director
Desktop Director
• Web based
administration for real
time data
• Designed for Help Desk
to monitor and manage
• Displays session details
• Search per user / desktop
• No SSO support at
present
Administration Components – Desktop Director
HTTPS
XD Services
WMI/WBEM
DD website
Windows
Metrics
WCF
Configuration
Broker
MCS
Host
AD Identity
WCF
Workstation
Agent
WCF
PortICA
Management through Workflow
• Full administrator - Full administration rights. Only local administrators
have this role by default and can create further full or delegated
administrators
• Read-only administrator – View all but no changes. Attempted edits will
not be saved
• Machine administrator - owns the catalogs, builds the virtual desktops
and specify which Desktop Group administrators can consume the
images created
• Desktop Group administrator – creates desktop groups from catalogs
and assigns them to users. Can specify which helpdesk administrators
are permitted to support these users
• Help desk administrator - performs day-to-day monitoring and
maintenance tasks, such as restarting a desktop or logging off a session
Viewing WinRM data
• Provides rich WMI data from VDA
such as perfmon, event logs,
hardware data and policy reports
• WinRM is on Windows 7 by default
but must be manually installed on
WinXP
• Must have local admin rights on VDA
to view in Desktop Director
• WinRM 2.0 uses port 5985 and is a
SOAP service
Shadowing Virtual Desktops
• Shadowing is done in Desktop Director
• Uses MS Remote Assistance, not ICA shadowing
• VDA install turns on Remote Assist by default
• Remote Assist must be enabled via Group Policy
• Client side Flash rendering cannot be shadowed
• Uses DCOM – potential firewall issues, browser settings
• Can be hidden in the UI and disabled via GPO
Administration Components – Summary
Web Browser
HTTPS
DMC Web
App
WCF
WMI/WBEM
WCF
MMC 3
PowerShell
WCF
Back-end
Services
Workstation
Agent
WCF
PortICA
Delivery Controllers
GPMC
Management
Workstation
Windows
Metrics
AD
Registry
Full Armor
Client
Desktop Registry,
File System
Active Directory-based Policies
Active Directory based HDX policies
• Full Armor implementation same as with XenApp 6
• Configured in Desktop Studio and stored in SQL database or
configured and stored in Active Directory
• Desktop Studio will show both GPO and HDX policies
• Machine policies are reapplied at logon with user policies
• User policies evaluated at login and re-evaluated on
reconnects
• Backward compatible with XD4 – VDA 5 will translate the
XML blob
Active Directory based HDX policies
• Site policies, machine policies and user policies are all
GPO based so gpupdate /force will update all policies
• GPO is processed by Windows and Site Policy is
processed by Citrix Group Policy service – resultant set of
policies is written to the registry
•
Session based policies: HKLM\Software\Policies\Citrix\<session>\...
•
Machine based policies: HKLM\Software\Policies\Citrix\...
•
Machine based defaults (settings): HKLM\Software\Citrix\Group Policy\Defaults\...
Administration Components – Global HDX Policy
PortICA
Desktop Studio
AD
Group Policy
Service
Virtual Desktop
Registry
Printing Optimization Policies
• Configure resolution, color
depth and compression
• Optimize for better print
quality or faster printing
• Users can also modify print
quality by adjusting DPI
settings
VM-hosted Applications
VM-hosted Apps
• Fully integrated with XenDesktop 5 in Desktop Studio
• Apps can be launched from same desktop every time
• App is associated with a desktop and the Access Policy Rule
associates an application with a user
• Provides persistent data and experience for user
• Checks out a XA license (must be ENT or PLAT XD)
• Content Redirection - must manually import file types with
VDA in maintenance mode with “update file types”
VM hosted apps
• SharedApp – pooled desktop group will launch the app
• PrivateApp – assigned desktop to run the app. Can be preassigned or AoFU (App of first use)
• User initiates RequestAppData which starts with XMLservice
BrokerDAL DB stored procedure which enumerates
resources for user
• AppResoluiton then processes credentials, creates a ticket,
….. gets a brokered session and then launches the VMhosted app and checks out a license.
LAB Exercise 5
LAB Exercise 6
Scalability and Best Practices
Scalability, Tips and Tidbits
• No more bottleneck with farm master (XD4)
• All DDCs load balance launch requests
• All DDCs load balance VDA registration
• All DDCs talk to SQL database
• Single server scalability - disk I/O could be the
bottleneck and logon rate plays a role here
• DDCs should be close to SQL Server
Scalability, Tips and Tidbits
• DB failure = Broker failure = Site failure
• SQL Mirror – best option for HA
• Database sizing -150 MB for 20,000 VDAs - more
to follow on sizing and scaling
• SQL transaction log is required for mirroring and
could get very large
• Broker log is enabled in CDSController config –
same as in XD4
Scalability, Tips and Tidbits
• Multi-site deployment is same as with XD4 (Use WI to
aggregate sites)
• Site services - runs on only one broker per site but there is a
heartbeat from other brokers so failover will take place if it
goes down
• AG needs 'TrustRequestsSenttoXMLport=TRUE' (default is
FALSE)
Resources
Product Documentation
http://support.citrix.com/proddocs/index.jsp
XenDesktop 5 Reference Architecture
http://support.citrix.com/article/CTX127587
CXD-101-2 Citrix XenDesktop 5 Overview
http://citrixtraining.com/courses/course_view.cfm/course_id:276?cgroup_id=
30&cpn_id=281
XenDesktop 5 Quick PoC Kit (requires mycitrix login)
http://www.citrix.com/xendesktop/pockit
XenDestop Setup Wizard Workaround for XenDesktop 5 and Provisioning
Services 5.6
http://support.citrix.com/article/CTX128283
LAB Exercise 7
LAB Exercise 8
LAB Exercise 9