Nutanix Calm – Creating Your First Citrix Blueprint

Nutanix Calm – Creating Your First Citrix Blueprint

Nutanix Calm – Creating Your First Citrix Blueprint

This post has already been read 3802 times!

It’s been a while! There are a number of reasons for that – family, house renovations, CTP and Community commitments and work.  I thought it was about time I put another post out there and was thinking about what one of the hundreds of topics I could look at.

In steps Nutanix!

As many of you will already know I run a pretty decent lab at home.  One of the challenges of this and the ever changing EUC space if keeping it up to date and the amount of rebuilds you have to do to make sure you keep your knowledge current and keep learning.  Automation is the key to this and where possible I like to have the ability to fully automate everything that I do in the lab.  This not only makes it fast to rebuild and test new technology but it means that these tasks are repeatable and always done in the same manner.

With this in mind I decided to rebuild my lab and move to Nutanix AHV as the hypervisor.  Coming from a relatively new position on this it was a steep but pleasurable learning curve.  The software that Nutanix provide and the interfaces you use to interact with it are tremendous, fast and extremely reliable.  Without banging on too much about how good they are I would seriously recommend taking the time to investigate what they are offering, you won’t regret it.

So onto the point of this post. In short, Nutanix Calm.

As you can see from the image above Calm is Nutanix way of offering Application Lifecycle Management, Self Service and Hybrid Cloud Management.  In essence automation and lots lots more!

First – the hardware.  I am running a 3 node Nutanix CE Cluster, you will be able to run this on a single node cluster but remember the CVM memory and the Prism Central memory alone will eat up almost all of your resources if (for example) you want to run this on a Intel NUC (limited to 32GB RAM).

Firstly you will need to install and configure Nutanix CE and set up your cluster.  I will not walk you through all of this as there are already many good blogs out there on how to do this.

Find out about Nutanix CE here:

https://portal.nutanix.com/#/page/docs/details?targetId=Nutanix-Community-Edition-Getting-Started:Nutanix-Community-Edition-Getting-Started

For a good Nutanix CE Install guide check out this post:

Building a HCI Lab with Nutanix Community Edition

Once you have everything set up and running you will be able to log into your Prism Element Console and deploy Prism Central (this is a requirement to using Calm). When you have Prism Central up and running, log in and setup a directory and enable Calm in the Apps tab.

Nutanix have a great article on setting up Calm here:

https://portal.nutanix.com/#/page/docs/details?targetId=Nutanix-Calm-Admin-Operations-Guide-v10:nuc-install-configure-nutanix-calm-t.html

And this is where I am going to take over and continue this post.

For my first blueprint I want to create a Citrix License Server fully configured. The following list shows what I will cover and how we can achieve this.

  • Create the Karan Service and Configure the Karan (This is required to execute PoSH scripts on the targets)
  • Create a Server 2016 Template to use for Calm
  • Upload the 2016 Template to the Prism Central Image Store
  • Upload the XenDesktop ISO to the Prism Central Image Store
  • Create Blueprint
  • Create Credentials
  • Configure Deployment Share
  • Create Application Profile
  • Create Service
  • Create Tasks
  • Test

Create the Karan Service and Configure the Karan

Karan is a service that runs to execute PowerShell scripts on the remote machines that Calm will deploy.  It is important that this machine is always on when running your Windows blueprints or the deployments will fail.  It is fairly straightforward to install the software but there are some pre reqs that can be found here:

https://portal.nutanix.com/#/page/docs/details?targetId=Nutanix-Calm-Admin-Operations-Guide-v10:nuc-installing-karan-service-t.html

First you will need to run this on your Karan Server to enable PSRemoting

enable-psremoting -force

Then you will have to run this to allow the scripts to be executed

set-executionpolicy remotesigned

Then finally this command to add the hosts to the trusted list

set-Item wsman:\localhost\Client\TrustedHosts -Value *

NOTE: I tried all sorts of combinations here as per the documentation (* or *.bretty.me.uk) but only found regular success with *. I think this is because some of my blueprints were not domain joined and therefore the *.bretty.me.uk host list was not working right.

Next Install the Karan Software as described in the link above, setting your Prism Central IP and the GUID.

NOTE: Make sure you change the Prism Central IP from https:// to http:// or it will not register correctly.

Not you want to set up Credential Security Support Provider on the Karan Server.  This is so that the credentials can be passed to the targets to execute the scripts.

Run the following

Enable-WSManCredSSP -Role "Client" -DelegateComputer "wsman/*"

NOTE: Again here you have the option for * or *.bretty.me.uk (*.domain.com) but I found most success with *

Finally you need to set up the Security policies on the Karan Server to allow those credentials to be used by Karan.  You can do this with either local gpedit.msc or by creating a Group Policy and linking it to the OU that the Karan Server is in.

Click Computer Configuration > Administrative Templates > System > Credentials Delegation > Allow delegation default credentials with NTLM-only server authentication

Select Enabled and add wsman/*

I also set the same for Allow Delegation Default Credentials in the same area of the GPO

Now you need to set the Account You Run The Karan Service as to have the correct security rights as you will be using Karan in Local mode.  Again this can be done using the local secpol.msc or by creating a Group Policy and linking it to the OU that the Karan Server is in.

Click Security Settings > Local Policies > User Rights Assignment

Add the user or group account which you have used to run Karan service in the Adjust memory quotas for a process field

Also add the same user to the Replace a process level token field

 

NOTE: I had issues with this (well me not checking the details!) when running the service as the local administrator on the Karan Server.  By default when you add an account to these policies it will add the domain account.  I thought I was adding my local administrator but in fact I was adding the domain Administrator.  Please check that the SAME account is in here as is running your Karan Service.

Finally I check that WinRM is working as expected by running the following command

winrm quickconfig

This should display the following – if it does not then fix the errors first THEN RESTART THE KARAN SERVER to apply the settings (this I also missed and it caused me quite a bit of pain)

Thats it for Karan Service – its all set up and ready to roll!

Create a Server 2016 Template to use for Calm

Next you will need an Operating System Template to base your blueprint servers from.  Go ahead and install an OS and load the Nutanix Guest Tools onto it.  Make sure you specify SCSI as the HDD type and load all the Nutanix VirtIO drivers into the image.

Don’t add the machine to the domain as Calm will do this for us.

Once the machine is built and has the guest tools on it you need to prep the target OS for Karan.

Run the following command to enable PSRemoting

enable-psremoting -force

Then run the following to enable remote signed scripts to be run

set-executionpolicy remotesigned -force

Finally Run the following to enable CredSSP on the target

Enable-WSManCredSSP -Role Server -Force

NOTE: We do also do this in the blueprint but I found it easier and more thorough to also do this in the image before uploading it to Prism Central

Also run the following to ensure that WinRM is working and configured correctly – if you have errors then fix them before continuing

winrm quickconfig

Next install and pre req software you think the base image may require (for example .Net Framework 4.7.1 for the XenDesktop 7.18 installer etc)

Finally sysprep your image, generalise it and shut it down.

Upload the 2016 Template to the Prism Central Image Store

Now you have a nice base image to use for your blueprints – time to get that into Prism Central and start playing about with Calm.

The way you have to get the image into Prism Central differers from Prism Element in that you cannot use the create template commands to convert the VM disk to a template.  You have to upload the image to Prism Central using a URL.

To get the URL log into any of the CVM’s you have running

type

acli

then type

vm.list

this will list all the vm’s you have on AHV

take a note of your template vm and type in the following to show the vm disks

vm.get "template name" include_vmdisk_paths=true

Take a note of the vm disk path for the SCSI disk you created for the template

Next head over to Prism Central and click images – add image

Select URL and type in NFS://<CVM CLUSTER IP> and then paste the path to the vmdisk image you got earlier

Click Upload Image, give it a name and upload it to the Image Service

Upload the XenDesktop ISO to the Prism Central Image Store

In order for your blueprint to install XenDesktop we are going to upload the XenDesktop 7.18 ISO to the image service also.

To do this use the same imaging service as before but this time select the XenDesktop ISO from a file and upload it instead of using a URL

Create Blueprint

ok – so we are ready to start to create our blueprints now.  Head over to Prism Central and click the Apps tab

Then click the Blueprints Icon on the left and Create Application Blueprint

This will give you a default empty blueprint

Give it a name in the top left

Update the Application Profile Name on on the right of the screen

NOTE: You may be tempted to click save now but you won’t be able to as we have not added any credentials yet.  Lets sort that out in the next section.

Create Credentials

Click the Credentials option at the top of the screen

 

Then click add to add some new credentials

I will add 2 sets of creds here.  Once for the local admin account of the target server and once for my domain admin account to install and configure software using domain credentials

Then click back and Save.

Configure Deployment Share

This step is not necessary if you are not using a deployment location to configure your servers but in my case I do not want to have to touch the servers at all so when setting up a license server I would typically do the following:

  • Install Software
  • Add Licensing Admin Group
  • Replace Self Signed Certs
  • Install License Files

With this in mind – I don’t want to have to create an ISO with all these certs and license files and present it to Calm as a drive.  I would rather save them on my network and have Calm pull them from there.

I have a DFS share set up with the directories set up for both Citrix License Files as well as the Certificate to replace the self signed one

Create Application Profile

Next we want to set up an application profile.  This will be a bunch of settings that we will be able to reference from within our scripts in Calm.  Things such as where the certificate file is saved on the network (see where I am going with this?)

On the right fill out your application profile variable names and values.  If you want your users to have the ability to change them at run time then click on the little running man (runtime) and this will enable this.  As you can see I have the cert file locations, admin group, license files and switches to enable me to turn these on and off at runtime (we will cover this in the scripts later on)

Create Service

Next you need to create your Service (or VM).  Click the blue + sign by the services on the left

Next give your service a Name, the Cloud Platform you want to deploy it to (in my case Nutanix) and the OS that you want to deploy.

Next you can fill out your VM specifics.  Make sure to select your image you uploaded with Karan enabled as the bootable disk, also add a second disk as a CR-ROM and select the XenDesktop ISO.  As with the service profile you can enable these to be changed by clicking the little running man icon.

Give your VM the relevant CPU and Memory Settings and also add a NIC.

Here is where you will add your XML Answer File for your VM.  There are plenty of answer file generators out there on line so just jump on one of those and create a file then paste it in here.  In this case I an using the answer file to do an unattended domain join at provisioning time so I know the servers will be on the domain right from the start.

There is also an auto login option.  If you enable this Calm will try to log into the server once its provisioned to ensure it is up and running correctly.  I tend to leave this enabled as its a useful check post deployment.

Thats it – your Service is done.  At this point if you saved and deployed this blueprint you would end up with a nice domain joined Server delivered from Calm.  But what use is that without and software or configuration.

Onto Tasks

Create Tasks

Tasks are where you start to layer out your software and config to the server, these will all run post deployment.  To create a task expand your service on the left and click on the Create Node.

This will enable you to add a task in the central design window

Click on + Task and then move over to the right.  This will allow you to name the task, select Execute to Set Variable and pick the credentials you want to run the task as.  It will also allow you to enter your powershell script to execute on the target.

NOTE: The FIRST task if you are using execution mode local (you are here) will need to be SetExecutionModeLocal.  To set this up see this link:

https://portal.nutanix.com/#/page/docs/details?targetId=Nutanix-Calm-Admin-Operations-Guide-v10:nuc-executing-karan-local-mode-t.html

Straight forward right?  Lets just have a look at the script

As you can see I have set up a script block and put the script I want to run on the target in there.  This is then executed using invoke-command on the target.  This is how to get these working in Calm as far as I know – if you know otherwise please feel free to let me know!

What about all the @@ signs?

These are how Calm references your variables in your blueprint.  Remember when we set up the Application Profile and put in the File Location for the certs?  If we take a look at that script you can see I am referencing those variables put in at run time to pull the files from my local network using Calm and copy them to the target server

You can also see by the below image that all these tasks are set to run in sequence.  You can change this but for the purpose of this post I will leave them at that.

So, what am I doing here.  Calm is deploying me a VM and adding it to the domain using my answer file.  Then I am doing the following:

  • Setting Local Execution Mode
  • Installing Citrix Licensing
  • Installing the Citrix Licensing PoSH CmdLets
  • Adding the Admin Group to Licensing
  • Replacing the Self Signed Certs with my own Certs
  • Importing my License Files
  • Restarting the Licensing Service
  • Renaming and restarting the Server (Not needed but my OCD cant handle not doing it)

Thats it.  I am not going to paste all the PowerShell in here for the various tasks as that is already available out there by other community folk and also thats not the point of this post.  I wanted to show you how easy it is to get Nutanix Calm up and running and start to use it to automate some of your Nutanix workloads.

Test

All done – lets test it – here is a video of the deploymnent in action!

 

3 thoughts on “Nutanix Calm – Creating Your First Citrix Blueprint

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.