This post has already been read 7018 times!
It’s been a while! There are a number of reasons for that – family, house renovations, CTP and Community commitments and work. I thought it was about time I put another post out there and was thinking about what one of the hundreds of topics I could look at.
In steps Nutanix!
As many of you will already know I run a pretty decent lab at home. One of the challenges of this and the ever changing EUC space if keeping it up to date and the amount of rebuilds you have to do to make sure you keep your knowledge current and keep learning. Automation is the key to this and where possible I like to have the ability to fully automate everything that I do in the lab. This not only makes it fast to rebuild and test new technology but it means that these tasks are repeatable and always done in the same manner.
With this in mind I decided to rebuild my lab and move to Nutanix AHV as the hypervisor. Coming from a relatively new position on this it was a steep but pleasurable learning curve. The software that Nutanix provide and the interfaces you use to interact with it are tremendous, fast and extremely reliable. Without banging on too much about how good they are I would seriously recommend taking the time to investigate what they are offering, you won’t regret it.
So onto the point of this post. In short, Nutanix Calm.
As you can see from the image above Calm is Nutanix way of offering Application Lifecycle Management, Self Service and Hybrid Cloud Management. In essence automation and lots lots more!
First – the hardware. I am running a 3 node Nutanix CE Cluster, you will be able to run this on a single node cluster but remember the CVM memory and the Prism Central memory alone will eat up almost all of your resources if (for example) you want to run this on a Intel NUC (limited to 32GB RAM).
Firstly you will need to install and configure Nutanix CE and set up your cluster. I will not walk you through all of this as there are already many good blogs out there on how to do this.
Find out about Nutanix CE here:
For a good Nutanix CE Install guide check out this post:
Once you have everything set up and running you will be able to log into your Prism Element Console and deploy Prism Central (this is a requirement to using Calm). When you have Prism Central up and running, log in and setup a directory and enable Calm in the Apps tab.
Nutanix have a great article on setting up Calm here:
And this is where I am going to take over and continue this post.
For my first blueprint I want to create a Citrix License Server fully configured. The following list shows what I will cover and how we can achieve this.
- Create the Karan Service and Configure the Karan (This is required to execute PoSH scripts on the targets)
- Create a Server 2016 Template to use for Calm
- Upload the 2016 Template to the Prism Central Image Store
- Upload the XenDesktop ISO to the Prism Central Image Store
- Create Blueprint
- Create Credentials
- Configure Deployment Share
- Create Application Profile
- Create Service
- Create Tasks
Create the Karan Service and Configure the Karan
Karan is a service that runs to execute PowerShell scripts on the remote machines that Calm will deploy. It is important that this machine is always on when running your Windows blueprints or the deployments will fail. It is fairly straightforward to install the software but there are some pre reqs that can be found here:
First you will need to run this on your Karan Server to enable PSRemoting
Then you will have to run this to allow the scripts to be executed
Then finally this command to add the hosts to the trusted list
set-Item wsman:\localhost\Client\TrustedHosts -Value *
NOTE: I tried all sorts of combinations here as per the documentation (* or *.bretty.me.uk) but only found regular success with *. I think this is because some of my blueprints were not domain joined and therefore the *.bretty.me.uk host list was not working right.
Next Install the Karan Software as described in the link above, setting your Prism Central IP and the GUID.
NOTE: Make sure you change the Prism Central IP from https:// to http:// or it will not register correctly.
Not you want to set up Credential Security Support Provider on the Karan Server. This is so that the credentials can be passed to the targets to execute the scripts.
Run the following
Enable-WSManCredSSP -Role "Client" -DelegateComputer "wsman/*"
NOTE: Again here you have the option for * or *.bretty.me.uk (*.domain.com) but I found most success with *
Finally you need to set up the Security policies on the Karan Server to allow those credentials to be used by Karan. You can do this with either local gpedit.msc or by creating a Group Policy and linking it to the OU that the Karan Server is in.
Select Enabled and add wsman/*
I also set the same for Allow Delegation Default Credentials in the same area of the GPO
Now you need to set the Account You Run The Karan Service as to have the correct security rights as you will be using Karan in Local mode. Again this can be done using the local secpol.msc or by creating a Group Policy and linking it to the OU that the Karan Server is in.
Add the user or group account which you have used to run Karan service in the Adjust memory quotas for a process field
Also add the same user to the Replace a process level token field
NOTE: I had issues with this (well me not checking the details!) when running the service as the local administrator on the Karan Server. By default when you add an account to these policies it will add the domain account. I thought I was adding my local administrator but in fact I was adding the domain Administrator. Please check that the SAME account is in here as is running your Karan Service.
Finally I check that WinRM is working as expected by running the following command
This should display the following – if it does not then fix the errors first THEN RESTART THE KARAN SERVER to apply the settings (this I also missed and it caused me quite a bit of pain)
Thats it for Karan Service – its all set up and ready to roll!
Create a Server 2016 Template to use for Calm
Next you will need an Operating System Template to base your blueprint servers from. Go ahead and install an OS and load the Nutanix Guest Tools onto it. Make sure you specify SCSI as the HDD type and load all the Nutanix VirtIO drivers into the image.
Don’t add the machine to the domain as Calm will do this for us.
Once the machine is built and has the guest tools on it you need to prep the target OS for Karan.
Run the following command to enable PSRemoting
Then run the following to enable remote signed scripts to be run
set-executionpolicy remotesigned -force
Finally Run the following to enable CredSSP on the target
Enable-WSManCredSSP -Role Server -Force
NOTE: We do also do this in the blueprint but I found it easier and more thorough to also do this in the image before uploading it to Prism Central
Also run the following to ensure that WinRM is working and configured correctly – if you have errors then fix them before continuing
Next install and pre req software you think the base image may require (for example .Net Framework 4.7.1 for the XenDesktop 7.18 installer etc)
Finally sysprep your image, generalise it and shut it down.
Upload the 2016 Template to the Prism Central Image Store
Now you have a nice base image to use for your blueprints – time to get that into Prism Central and start playing about with Calm.
The way you have to get the image into Prism Central differers from Prism Element in that you cannot use the create template commands to convert the VM disk to a template. You have to upload the image to Prism Central using a URL.
To get the URL log into any of the CVM’s you have running
this will list all the vm’s you have on AHV
take a note of your template vm and type in the following to show the vm disks
vm.get "template name" include_vmdisk_paths=true
Take a note of the vm disk path for the SCSI disk you created for the template
Next head over to Prism Central and click images – add image
Select URL and type in NFS://<CVM CLUSTER IP> and then paste the path to the vmdisk image you got earlier
Click Upload Image, give it a name and upload it to the Image Service
Upload the XenDesktop ISO to the Prism Central Image Store
In order for your blueprint to install XenDesktop we are going to upload the XenDesktop 7.18 ISO to the image service also.
To do this use the same imaging service as before but this time select the XenDesktop ISO from a file and upload it instead of using a URL
ok – so we are ready to start to create our blueprints now. Head over to Prism Central and click the Apps tab
Then click the Blueprints Icon on the left and Create Application Blueprint
This will give you a default empty blueprint
Give it a name in the top left
Update the Application Profile Name on on the right of the screen
NOTE: You may be tempted to click save now but you won’t be able to as we have not added any credentials yet. Lets sort that out in the next section.
Click the Credentials option at the top of the screen
Then click add to add some new credentials
I will add 2 sets of creds here. Once for the local admin account of the target server and once for my domain admin account to install and configure software using domain credentials
Then click back and Save.
Configure Deployment Share
This step is not necessary if you are not using a deployment location to configure your servers but in my case I do not want to have to touch the servers at all so when setting up a license server I would typically do the following:
- Install Software
- Add Licensing Admin Group
- Replace Self Signed Certs
- Install License Files
With this in mind – I don’t want to have to create an ISO with all these certs and license files and present it to Calm as a drive. I would rather save them on my network and have Calm pull them from there.
I have a DFS share set up with the directories set up for both Citrix License Files as well as the Certificate to replace the self signed one
Create Application Profile
Next we want to set up an application profile. This will be a bunch of settings that we will be able to reference from within our scripts in Calm. Things such as where the certificate file is saved on the network (see where I am going with this?)
On the right fill out your application profile variable names and values. If you want your users to have the ability to change them at run time then click on the little running man (runtime) and this will enable this. As you can see I have the cert file locations, admin group, license files and switches to enable me to turn these on and off at runtime (we will cover this in the scripts later on)
Next you need to create your Service (or VM). Click the blue + sign by the services on the left
Next give your service a Name, the Cloud Platform you want to deploy it to (in my case Nutanix) and the OS that you want to deploy.
Next you can fill out your VM specifics. Make sure to select your image you uploaded with Karan enabled as the bootable disk, also add a second disk as a CR-ROM and select the XenDesktop ISO. As with the service profile you can enable these to be changed by clicking the little running man icon.
Give your VM the relevant CPU and Memory Settings and also add a NIC.
Here is where you will add your XML Answer File for your VM. There are plenty of answer file generators out there on line so just jump on one of those and create a file then paste it in here. In this case I an using the answer file to do an unattended domain join at provisioning time so I know the servers will be on the domain right from the start.
There is also an auto login option. If you enable this Calm will try to log into the server once its provisioned to ensure it is up and running correctly. I tend to leave this enabled as its a useful check post deployment.
Thats it – your Service is done. At this point if you saved and deployed this blueprint you would end up with a nice domain joined Server delivered from Calm. But what use is that without and software or configuration.
Tasks are where you start to layer out your software and config to the server, these will all run post deployment. To create a task expand your service on the left and click on the Create Node.
This will enable you to add a task in the central design window
Click on + Task and then move over to the right. This will allow you to name the task, select Execute to Set Variable and pick the credentials you want to run the task as. It will also allow you to enter your powershell script to execute on the target.
NOTE: The FIRST task if you are using execution mode local (you are here) will need to be SetExecutionModeLocal. To set this up see this link:
Straight forward right? Lets just have a look at the script
As you can see I have set up a script block and put the script I want to run on the target in there. This is then executed using invoke-command on the target. This is how to get these working in Calm as far as I know – if you know otherwise please feel free to let me know!
What about all the @@ signs?
These are how Calm references your variables in your blueprint. Remember when we set up the Application Profile and put in the File Location for the certs? If we take a look at that script you can see I am referencing those variables put in at run time to pull the files from my local network using Calm and copy them to the target server
You can also see by the below image that all these tasks are set to run in sequence. You can change this but for the purpose of this post I will leave them at that.
So, what am I doing here. Calm is deploying me a VM and adding it to the domain using my answer file. Then I am doing the following:
- Setting Local Execution Mode
- Installing Citrix Licensing
- Installing the Citrix Licensing PoSH CmdLets
- Adding the Admin Group to Licensing
- Replacing the Self Signed Certs with my own Certs
- Importing my License Files
- Restarting the Licensing Service
- Renaming and restarting the Server (Not needed but my OCD cant handle not doing it)
Thats it. I am not going to paste all the PowerShell in here for the various tasks as that is already available out there by other community folk and also thats not the point of this post. I wanted to show you how easy it is to get Nutanix Calm up and running and start to use it to automate some of your Nutanix workloads.
All done – lets test it – here is a video of the deploymnent in action!