Deploy the Simple XenApp and XenDesktop Proof of Concept blueprint to AWS

This page has moved to You can now find all Smart Tools documentation at the Citrix Product Documentation site. Please update any page links to the new URL:



This topic describes how to deploy the Simple XenApp and XenDesktop Proof of Concept blueprint with a cloud-based NetScaler Gateway on Amazon Web Services (AWS).

If you want to deploy a XenApp and XenDesktop proof-of-concept with an on-premises NetScaler VPX appliance, use the XenApp and XenDesktop Proof of Concept blueprint.

What does this blueprint do?

When you deploy this blueprint, Smart Tools performs the following tasks:

  • Creates a virtual private cloud (VPC) with public and private subnets. A NAT instance is also deployed to enable provisioned machines to access the Internet.
  • Provisions a domain controller and creates a domain.
  • Provisions a XenApp and XenDesktop Delivery Controller and Server VDA and joins them to the domain.
  • Installs XenApp and XenDesktop and creates a database and Site.
  • Deploys a NetScaler Gateway using a NetScaler VPX appliance to which you subscribe, through the AWS Marketplace. The default NetScaler hostname is xd-poc-ns.

Note: This blueprint deploys NetScaler Gateway by default. If you don't want to include NetScaler in your proof-of-concept, use the XenApp and XenDesktop Proof of Concept blueprint instead. For a guided walkthrough, refer to the Getting Started with Smart Tools and AWS guide.

Provisioned machine configurations

By default, Smart Tools provisions new VMs during blueprint deployment. The following AWS instance recommendations are the default selections when you configure the VM for each machine tier in the deployment.

Operating system: Windows Server 2012 R2 (all machines)

Machine Type AWS Instance Type Root Volume Storage (GB)
Domain controller M3 Medium 3.75 GB 48
Delivery Controller M3 Large 7.5 GB 64
Server VDA M3 Large 7.5 GB 64

Important: This blueprint includes conditions for deploying the components above on supported resource locations. When configuring the VMs for each machine tier, you must allow Smart Tools to provision new VMs during deployment. Using existing machines with this blueprint is not supported and will cause the deployment to fail.

Back to top


Before deploying the blueprint, you need the following items:

  • An AWS account. If you have an account, you can use your credentials to log on to AWS. If you don't have an account, you can create one at
  • A NetScaler VPX subscription. To deploy NetScaler Gateway, you need to subscribe to Citrix NetScaler VPX Enterprise Edition through the AWS Marketplace. To subscribe, visit the Citrix NetScaler VPX Enterprise Edition page on the AWS Marketplace web site. After you subscribe, Amazon sends you an email notification that NetScaler is ready to use.
    Important: NetScaler is a required component for the blueprint. If this subscription is missing, Smart Tools cannot deploy the proof-of-concept successfully.

Resource location setup

To deploy this blueprint to your AWS account, you will need to add your AWS account to Smart Tools as a resource location. You can set up the resource location before or during blueprint deployment.

To perform the tasks in this topic with minimal interruption, Citrix recommends setting up the resource location before you begin the deployment. To do this, follow the steps described in Add an Amazon Web Services resource location.

VPC requirements

When you deploy this blueprint, you have the option of allowing Smart Tools to create a new VPC or selecting an existing VPC in your AWS account. Citrix recommends creating the VPC during deployment to ensure the required subnets are created and the default security group is configured appropriately. However, if you want to use an existing VPC, verify it has the following configurations:

  • The VPC has three subnets: a public subnet, a private subnet, and a Management subnet for the NetScaler VPX.
  • The VPC and subnets have valid CIDR blocks assigned. For example, you might specify the following following CIDR ranges:
    • VPC:
    • Public subnet:
    • Private subnet:
    • Management subnet:
  • The subnets in the VPC are named or tagged with the role they assume within the VPC. This helps Smart Tools identify the appropriate subnet for each machine in the blueprint.
    For this subnet role... Assign this name... Or assign this tag...
    Public subnet Public Subnet CLM-Role="Public Subnet"
    Private subnet Private Subnet CLM-Role="Private Subnet"
    Management subnet Management Subnet CLM-Role="Management Subnet"
  • The VPC has a NAT instance in the Public subnet with an Elastic IP address assigned. The NAT instance enables the machines in the Private subnet to access the Internet.
  • The default security group for the VPC has the following inbound rules and ports configured:
    • HTTPS: 443
    • RDP: 3389
    • Custom IMCP Rule: Echo Request

Elastic IP requirements

When you deploy this blueprint, Smart Tools will assign public Elastic IP addresses to the following machines:

  • NAT instance (if you create a new VPC)
  • Bastion server
  • NetScaler VPX

By default your AWS account has a limit of five (5) Elastic IP addresses per region. Before you deploy this blueprint, Citrix recommends you verify that your limit allows you to use three Elastic IP addresses in the region where you intend to to deploy this blueprint. For more information about AWS resource limits, see AWS Service Limits on the AWS web site.

Back to top

Deploy the blueprint

  1. From Smart Tools, click Checks and Blueprints and add the Simple XenApp and XenDesktop Proof of Concept blueprint to your account.
  2. Click Smart Build, click Actions > Deploy, then click Start deployment setup.
  3. On the Overview page, enter a Deployment Name and then click Next.
  4. On the Resource Location page, select your AWS resource location and then click Next.
  5. On the Pre-deployment Checklist, click Continue.
  6. On the Size page, ensure Create new VMs is selected.
  7. For the Domain Controller machine tier, perform the following actions:
    1. In the Select a Resource Location field, select your AWS resource location. The Configure VM dialog box appears. If you have not yet set up a resource location, click Add New Resource location and follow the steps described in Add an Amazon Web Services resource location.
    2. On the Choose a Region page, select the AWS region where you want Smart Tools to deploy the machines in the blueprint. Click Next.
    3. On the Choose an AMI page, select the Windows Server 2012 R2 base machine image.
    4. On the Instance Details page, configure the following settings and then click Next:
      1. In Network, create a new VPC or select an existing one. To create a new VPC, select Create VPC with public and private subnet. On the Create VPC page, enter a VPC name. In Key pair, create a new key pair (making sure to save your private key) or select an existing key pair. Click Create VPC. The key pair enables you to log on to the VPC's NAT instance if necessary.
      2. In Subnet, ensure the Private subnet is selected.
    5. On the Credentials page, enter your key pair details by uploading an existing AWS private key or click Create Key Pair to create a new key pair through Smart Tools. The key pair enables you to log on to the machines that Smart Tools deploys. Click Next.
    6. On the Networking page, ensure the default security group is selected and click Next.
      Note: If you created a new VPC in Step 4-1 and receive an error indicating an Elastic IP address is required for the NAT instance, wait a few moments and click Next again. This error occurs if AWS has not yet completed deploying the NAT instance for your new VPC. AWS automatically assigns an Elastic IP address to the NAT instance, so there is no need to assign one manually.
    7.  On the Summary page, leave Copy this configuration to other VM tiers selected and then click Finish.
    8. Click Next to return to the Size page.
  8. For the Bastion machine tier, perform the following actions:
    1. Click Edit. The Configure VM dialog box appears.
    2. On the Choose a region and Choose an AMI pages, click Next.
    3. On the Instance Details page, in Subnet, ensure the Public subnet is selected.
    4. On the Credentials page, click Next.
    5. On the Networking page, under Elastic IP, select Allocate new Elastic IP address for this instance. Click Next.
    6. On the Summary page, click Finish to save your settings and return to the Size page.
  9. On the Size page, click Next to continue the deployment.
  10. On the Configuration page, enter the following settings and then click Next:
    • In DomainName, enter a fully-qualified domain name for your XenDesktop deployment.
    • In AdministratorPassword, enter a password for the local administrator account.
    • In SafeModePassword, enter a password to allow administrators to repair Active Directory in safe mode.
    • In ServerVdi, select yes to configure the Server VDA machine to support Server VDI. Select no (the default) to configure the Server VDA machine to support shared RDS desktops.
  11. (Optional) Enter a deployment profile name and then click Save to save your blueprint deployment settings. Otherwise, click Cancel.
  12. Click Deploy.

Smart Tools displays the Deployment Details page, showing the progress of your deployment. On this page, you can see the status of your deployment as Smart Tools executes each step.

Back to top