- What does the blueprint do?
- Prepare for deployment (optional)
- Deploy the blueprint
- Perform post-deployment tasks
This topic describes how to deploy the XenApp and XenDesktop with SQL blueprint to a Microsoft Azure Classic resource location.
Important: Although this blueprint includes options for adding Provisioning Services and NetScaler Gateway to the blueprint deployment, these options are not supported with resource locations using Microsoft Azure Classic. If you want to add both Provisioning Services and NetScaler Gateway to your deployment, you must deploy this blueprint to a Citrix XenServer resource location.
After you complete the tasks in this topic, your deployment will include the following components:
- A domain controller.
- A staging server, joined to the domain.
- Three SQL servers: A primary SQL server, a secondary SQL server, and a witness SQL server, all joined to the domain.
- Two XenApp and XenDesktop Delivery Controllers, joined to the domain.
- Two Storefront servers, joined to the domain.
- A Citrix Licensing server, joined to the domain.
What does the blueprint do?
The XenApp and XenDesktop with SQL blueprint includes scripts that perform the following tasks:
- Install XenApp and XenDesktop 7.6 LTSR or 7.11, including Citrix Licensing Server and StoreFront.
- Install SQL Server and configure database mirroring.
- Create a XenApp and XenDesktop Site and StoreFront cluster.
- Join the provisioned machines to the domain.
- (Optional) Provision a virtual desktop that you can access for testing purposes.
Provisioned machine configurations
The blueprint includes recommended configurations for each machine that Smart Tools provisions to the deployment. The following recommendations are displayed when you configure the VM for each machine tier in the deployment.
For all machines:
- Operating system: Windows Server 2012 R2
- Storage available in the resource location: 50 GB
|Machine Type||Azure Machine Size|
|Staging Server||A3 (4 Core, 7 GB Memory)|
|Citrix License Server||A3 (4 Core, 7 GB Memory)|
|SQL Server 1||A3 (4 Core, 7 GB Memory)|
|SQL Server 2||A3 (4 Core, 7 GB Memory)|
|SQL Server Witness||A3 (4 Core, 7 GB Memory)|
|Delivery Controller 1||A3 (4 Core, 7 GB Memory)|
|Delivery Controller 2||A3 (4 Core, 7 GB Memory)|
|StoreFront 1||A3 (4 Core, 7 GB Memory)|
|StoreFront 2||A3 (4 Core, 7 GB Memory)|
|Test VDA||A4 (8 Core, 14 GB Memory)|
Prepare for deployment (optional)
To deploy this blueprint with minimal interruption, Citrix recommends performing the tasks in this section before you begin the deployment. If you prefer to get started quickly, you can perform these tasks during the blueprint deployment process instead.
- In Smart Tools, add your Azure account as a resource location. To do this, follow the steps described in Add a Microsoft Azure Classic resource location.
- In Smart Tools, add the XenApp and XenDesktop with SQL blueprint in the Blueprint Catalog to your library, as described in Add a blueprint to your library.
- Using the Azure portal, create a virtual network, cloud service, and storage account in the location where you want to deploy the blueprint.
Important: Be sure to specify the same virtual network and cloud service for the domain controller and the VMs that Smart Tools will provision.
Deploy the blueprint
- From Smart Tools, click Blueprint Catalog and add the XenApp and XenDesktop with SQL blueprint to your account.
- Click Smart Build, click Actions > Deploy, then click Start deployment setup.
- On the Overview page, enter a Deployment Name and then click Next.
- On the Resource Location page, select your Azure Classic resource location and then click Next. If you have not yet set up a resource location, select Add New Resource Location and follow the steps described in Add a Microsoft Azure Classic resource location.
- On the Architecture page, configure the following options:
- In Deploy Test Virtual Desktop, select Yes (default).
- In Deploy Provisioning Services, select No. Provisioning Services is not supported on Azure Classic resource locations.
- In Deploy NetScaler Gateway, select No. NetScaler Gateway is not supported on Azure resource locations.
- In the Select a Resource Location field, select your Azure Classic resource location. The Configure VM dialog box appears.
- On the Choose An Image page, select the most recent image of Windows Server 2012 R2 Datacenter.
- On the Instance Details page, configure the following settings and then click Next:
- In Virtual Network, select an existing virtual network or create a new one. To create a new virtual network, select Create new virtual network and subnet and then enter a Virtual Network Name and a Subnet Name. Click Create Virtual Network. The key pair enables you to log on to the VPC's NAT instance if necessary.
Note: Virtual Network names must start with a letter and end with a letter, number, or underscore. Both Virtual Network and Subnet names can contain only letters, numbers, underscores, periods, and hyphens.
- In Cloud Service, select an existing cloud service or create a new one. To create a new cloud service, select Create a new cloud service. On the Create Cloud Service page, enter a Cloud Service DNS Name and then press TAB to validate the name's format. Click Create Cloud Service.
- In Storage Account, select an existing storage account or create a new one. To create a new storage account, select Create a new storage account. On the Create Storage Account page, click Create Storage Account.
- On the Security and Network page, enter the Username and Password for the Administrator account. Click Next.
Important: Do not use "Administrator" or "Admin" as the username for these VMs. As a security best practice, Azure requires distinct usernames for administrator accounts.
- On the Summary page, leave Copy this configuration to other VM tiers selected and then click Finish.
The Deployment Details page includes the real-time progress of each step in your blueprint. Depending on machine availability and the complexity of the blueprint, the deployment might take some time to complete, and some blueprint steps might take longer than others.
During deployment, Smart Tools sends you email notifications when each machine in the blueprint is successfully provisioned. When the deployment is finished, Smart Tools sends you a final email notification.
Perform post-deployment tasks
This section describes the tasks you should perform after deploying one of the XenApp and XenDesktop blueprints.
Secure your deployment
Securing your XenApp and XenDesktop deployment is important. If you choose to do so using the Secure Sockets Layer (SSL) security protocol, you must generate, distribute, and install SSL certificates to secure the communication within the deployment. This may include the following tasks, none of which is implemented by the blueprints.
|Secure this component...||By establishing...|
|XML||SSL communication between StoreFront servers and Delivery Controllers|
|Virtualization infrastructure||SSL communication between the virtualization infrastructure and the Delivery Controllers|
|Virtual desktops||SSL communication between users’ endpoints and the Virtual Delivery Agent on virtual desktops|
|StoreFront||SSL communication between users’ endpoints and StoreFront servers|
|Database||SSL communication between the servers running the XenApp and XenDesktop databases and the Delivery Controllers|
For more information about SSL in XenApp and XenDesktop deployments, see http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-6/xad-security-article/xad-ssl.html.
Remove temporary objects
For security and good housekeeping, consider removing any objects such as media locations and reverting any temporary changes (for example, GPO policies and database permissions) that you created or put in place during blueprint design and deployment. Also, consider disabling the general service account for a period of time (for example, 1-2 weeks) before deleting. If no issues arise in your deployment during that time, you can delete the account. Additionally, if you disabled Group Policy inheritance to ensure unimpaired blueprint deployment, re-enable it after you have completed testing of the deployment.
Additionally, remove the following items from your completed deployment:
- Staging VM
- TestVDA, including the associated Machine Catalog and Delivery Group
To remove these items, uninstall the Smart Tools Agent from each machine and then decommission the machines. If you decommission the machines with the agent still installed, Smart Tools reports the machines are unresponsive, but still counts them as part of the deployment.
Add users to Active Directory security groups for the deployment
Before you can use Studio or Citrix License Server to administer your new Site, add the appropriate users to the XenDesktop, Licensing, and SQL security groups that the blueprint creates during deployment. When you deploy the blueprint, you can specify these group names or you can allow the blueprint to use the default group name. The following table shows the blueprint input parameters and the default names for each group.
|Group Type||Blueprint input parameter for specifying the group name||Default group name created by blueprint|
|SQL Server (if using "with SQL" blueprint)||SQLAdminGroup||CTX_RES_SQL_Admins|
Refine application and desktop access and behavior
After deploying the blueprint, users can work with the applications and virtual desktops that you create. At this stage, you can configure XenApp and XenDesktop Machine Catalogs and Delivery Groups to refine the access, scope, and behavior of the applications and desktops.
Apply Citrix and Microsoft updates
Apply the following updates to the appropriate machines in your deployment:
- Citrix hotfixes and feature packs
- Windows operating system updates
- SQL updates (if you deployed the "with SQL" blueprint)