Deploying a Multi-Zone Global XenDesktop 7.7 Site on the Microsoft Azure Public Cloud

Deploying a Multi-Zone Global XenDesktop 7.7 Site on the Microsoft Azure Public Cloud

Deploying a Multi-Zone Global XenDesktop 7.7 Site on the Microsoft Azure Public Cloud

This post has already been read 3845 times!

In a previous article I wrote about deploying Citrix XenDesktop 7.7 in the Microsoft Azure public cloud and securing that deployment using a Citrix NetScaler VPX appliance also hosted in Azure.  In this follow up post I will guide you through setting up XenDesktop 7.7 in Azure spanning multiple global azure locations.  The implementation of Zones in XenDesktop 7.7 will allow you to run applications closer to the users without the need for multiple XenDesktop sites.

The below is what I will be describing in this article.  Please note that this is not a production scale install as there is no StoreFront, NetScaler or Controller fail-over but it will describe the process of setting up the networking and XenDesktop Zoning to get a global multi site XenDesktop 7.7 deployment up and running.

overview

NOTE: This article assumed you have already followed my previous post and have an existing Azure Region set up and have StoreFront, NetScaler, Licensing, Controller and an App Server running in a single Azure Region.

The existing set-up

bmuk-dc

  • Domain Controller
  • Citrix Licensing

bmuk-xd

  • XenDesktop 7.7 Controller and Database host
  • StoreFront (Store and Receiver for Web configured to point to the XenDesktop 7.7 controller in Azure)
  • Director

bmuk-2012

  • XenDesktop 7.7 Server worker with the VDA and Office 2016 installed and published to Citrix Studio

bmuk-ns

  • Citrix NetScaler Gateway providing secure access to the Apps and Desktops hosted in the cloud

Lets get going…

Step 1 – Create the Azure Cloud Service

Log into your Azure Portal Classic Interface (https://manage.windowsazure.com)

Navigate to “Cloud Services” on the left

01 - cloud service

Click “New – Cloud Service – Custom Create”

02 - custom create

Give the Cloud Service a unique name and select the Region you want to host your additional XenDesktop 7.7 site in

03 - cloud service details

Click the tick and wait for the Cloud Service to be created

04 - cloud service created

Step 2 – Create the Azure Storage Account

Navigate to “Storage” on the Left

01 - storage

Click “New – Data Services – Storage – Quick Create”

02 - storage create

Give your Storage container a name, make sure you select the SAME Azure Region as your Cloud Service, select your required redundancy option and click “Create Storage Account”

03 - storage details

Wait for the Storage Account to be created

04 - storage created

Step 3 – Create the Azure Network

Navigate to “Networks” on the left

01 - networks

Click “New – Network – Virtual Network – Custom Create”

02 - new network

Give your Network a name and select the SAME Azure Region as your Cloud Service and Storage Account

03 - network name

Click next and add the DNS Servers from your existing region.  NOTE: You would normally build a local DNS Service in the new Region but for this example we are going to use the existing DNS Server in the Europe Region.

04 - dns

Click next and add your new Network Address Space details.  This MUST NOT overlap with the existing subnet you have set up for any of your other regions.  In this example I am going to use 192.168.0.0/16 for the Europe Region with the servers on 192.168.1.0/24 and 10.12.0.0/16 for the USA Region with the servers on 10.20.1.0/24

05 - network range

Click ok and wait for the new vNet to be created

06 - network created

Step 4 – Create XenDesktop 7.7 Controller and App Server

For this step I’m not going to guide you step by step through deploying a new virtual machine instance in Azure as that is not the focus of this article.  There are plenty of guides out there already about deploying machines in Azure.  Here is the official guide: https://azure.microsoft.com/en-gb/documentation/articles/virtual-machines-windows-tutorial/

Just a couple of points to follow however.

Give both new virtual machines a meaningful name and wait for them to be created

01 - new machines

Once they are up and running log into the controller and download the Citrix XenDesktop 7.7 media from your Citrix Portal in prep for installing XenDesktop later on.

Step 5 – Create the Local Networks

At this point you have 2 vNet’s running.  One in Europe (192.168.0.0/16) and one in East USA (10.20.0.0/16)

In order to create a Site to Site VPN between Azure vNet’s you will need to add each of these subnets as a local network and link it to the other vNet.

NOTE: You will need to repeat this step twice – once for each subnet you have created

Navigate to “Networks” on the left

01 - networks

Click on “Local Networks” on the top

01 - site to site vpn

 

Click “Add – Network Services – Virtual Network – Add Local Network”

02 - add local network

Give you Local Network a meaningful name and enter any (Public) IP Address.  NOTE: This public IP Address is not relevant at the moment and DOES NOT need to be a “real” address as we will change this at a later time once we have created the new Gateways

03 - local network

Click next and add the relevant Subnet details (either 192.168.0.0 or 10.20.0.0)

04 - vpn address space

Click ok and wait for the Local Network to be created.  Once done repeat this step for the other vNet.

Once complete you should have 2 Local Networks ready

05 - local networks

Step 6 – Connect Azure vNet’s to Local Networks

You now need to link the Azure vNet’s and the Local Networks you have created.  As with the last step this will need to be repeated for each vNet.

Navigate to “Networks” on the left

01 - networks

Select your vNet that you want to link the Local Network to and then select “Configure”, in this case we are doing bmuk-net

01 - select vnet

Put a tick in the box for “Connect to the local network” and select the opposite network to the one you are configuring

For example:

bmuk-net (192.168.0.0/16) –> Local Network l-bmus-net (10.20.0.0/16)

bmus-net (10.20.0.0/16) –> Local Network l-bmuk-net (192.168.0.0/16)

02 - link to local

Click on Save and wait for the networks to be linked

Repeat this step for the other Regional vNet

Step 7 – Create the Azure Gateways

You will now need to create a gateway for each of the vNet’s you have created in your Azure Subscription

Navigate to “Networks” on the left

01 - networks

Select the vNet that you wish to configure and select “Dashboard”

01 - select dashboard

You will notice that on the Dashboard that it says that there is no gateway created for the network yet

02 - no gateway

At the bottom click “Create Gateway” and select “Dynamic Routing”

03 - new gateway

This will create the gateway for you.  At this point you may as well go and grab a coffee as this process can take up to 15 minutes to complete.  NOTE: You don’t need to wait until one gateway has finished being created before you can create the gateway on the other vNet

04 - creating gateway

Once the Gateway is created the status will change to the below

gateway created

Step 8 – Edit the vNet Gateway IP Addresses

You now need to change the “dummy” IP Address you put into the Local Network earlier to a “real” address.

Navigate to “Networks” on the left

01 - networks

Select each vNet in turn and navigate to Dashboard

01 - select dashboard

Make a note of the Gateway IP Address for that vNet

02 - gateway ip

Navigate to “Networks” then “Local Networks”

01 - site to site vpn

Select each Local Network in turn and select Edit from the bottom menu.  Then update the IP Address for the Gateway IP Address to reflect the true IP Address for that Local Network / vNet

03 - local network ip

Click ok and wait for the Local Networks to update

Step 9 – Update the IPsec/IKE Pre-Shared Keys

For the Site to Site VPN to initialize the pre-shared keys need to be the same on both ends.  To update these open up “Windows Powershell for Azure” (You may need to install this on an admin machine)

Run the following commands (substituting the vNet names for your own)

SetAzureVNetGatewayKey VNetName bmuk-net LocalNetworkSiteName l-bmus-net SharedKey A1b2C3D4

SetAzureVNetGatewayKey VNetName bmus-net LocalNetworkSiteName l-bmuk-net SharedKey A1b2C3D4

Once you have run these commands you should see your vNet’s initialize and show as connected

04 - connected

You should now be able to login to a server in your remote Azure Region and ping a server in your local region

In the below example you can see that I am logged into a US hosted Server on the 10.20.1.0 subnet pinging a Europe hosted server with the IP Address 192.168.1.4

01 - ping test

Step 10 – Install XenDesktop 7.7 onto the remote Region servers

Log into your 2 servers you built earlier in the addition Azure Region and install Xendesktop 7.7.  Again, I am not going to walk you through installing Citrix software onto servers as Citrix have done a good job of that already.

To see the install guide for XenDesktop 7.7 look here.

http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-7/install-configure.html

Couple of points here:

  • Once you have installed the Citrix XenDesktop 7.7 Controller make sure you also install Studio and add the controller to the existing site by pointing it to the existing controller you have in the other Region.
  • Install the VDA on the other server in the Region – these servers can and should in future be provisioned using Studio and MCS

Step 11 – Create Hosting

You will need to add the new Azure hosting location to Studio as a hosting option.  Navigate to Configuration – Hosting and click Add Connection and Resources from the Actions

Select “Create a new Connection” select “Microsoft Azure Classic”, import your publishing settings file, select the Zone you want the hosting to be in (Azure USA), leave the Machine Creation to MCS and give the connection a Name

01 - add hosting

Click next and select the Region that you created your new Cloud Service in earlier

02 - region

Click next and select the Virtual Network you want this hosting profile to use, also select the subnet for the new VM’s

03 - network

Click next and Finish then you should see 2 hosting platforms in Studio

04 - hoasting platforms

Step 12 – Configure the XenDesktop 7.7 Zones

Log into your Citrix XenDesktop Controller in your first Azure Region and open up Citrix Studio

Navigate to “Configuration – Zones”

Here you will see your Primary Zone and any resources that you already have in the XenDesktop 7.7 site as well as the new Controller you have just build in the additional Zone.

Rename the Primary Zone by selecting it from the list and clicking “Edit”.  In this case i am going to rename it “Azure Europe”

01 - rename primary

Next click “Create Zone” from the Actions on the right

02 - create zone

Give the Zone a name and select the resources that you want to assign to the new zone

03 - add zone

In the above example I am moving my hosting into the zone as well but don’t worry if you do not have that in your list, just add the new Controller.  Click “Yes” to the message that Studio displays

04 - zone conf

You should now have 2 Zones displayed in Studio

05 - zones done

Step 13 – Create the Machine Catalog

Navigate to Machine Catalogs in Studio and click on Create Machine Catalog from the Actions

Click Next for the Introduction and select “Server OS” for the Operating System

01 - server os

Click next and select “Another Service or Technology.  NOTE: I know normally you would use MCS or PVS here but for this example I have manually built a VM in Azure and installed the VDA onto it.

02 - another service

Click next and click the “Add VM’s” button.  Then navigate to your Server 2012 App Server VM and select it

03 - add vm

Click ok and locate the corresponding Active Directory Machine Account for the server

04 - ad account

Select ok and select the Zone that you want to Machine Catalog to be in

05 - select zone

In this case it will be in Azure USA. Click next and give the Catalog a name, then click Finish

06 - catalog created

You will now see 2 Machine Catalog’s, one in Europe and one in the USA

06 - catalog created

Step 14 – Create the Delivery Group and Apps

Navigate to Delivery Groups and select Create Delivery Group. Click next and select the USA App Servers Machine Catalog and allocate the machine to the delivery group

01 - new dg

Click next and select Applications as a delivery type (This obviously does not have to be just Applications if you require full desktops)

02 - apps

Click next and add the users whom you wish to grant access to the applications

03 - users

Click next and select the applications you want to publish (I am just going to publish Command Prompt) – You can also select a folder for the apps here if you wish

04 - apps

Click next and select the StoreFront service you wish to use with the delivery group

05 - storefront

Click next, give the delivery group a name and description and click finish

056 - naming

You should now see your delivery group created

dg complete

Step 15 – Test

Navigate to your NetScaler Gateway in Azure and log into it as a user that has rights to apps in both regions

01 - storefront

As you can see I have Word and Command Prompt added to my Fav’s.  Word is running from the Europe Region and Command Prompt from the USA Region.  Launch Word

progress

02 - word

Launch Command Prompt

progress

Show its in Region by doing an “ipconfig” note the 10.20.1.0 address

03 - cmd

Ping something in the Europe Region

04 - cmd ping

Show the Active Connections in Studio

05 - studio

That’s it, hopefully you find this useful.

Laters,

b@m

 

Leave a Reply

Your email address will not be published. Required fields are marked *