This page has moved to docs.citrix.com. You can now find all Smart Tools documentation at the Citrix Product Documentation site. Please update any page links to the new URL: https://docs.citrix.com/en-us/smart-tools/deploy-citrix-cloud-resource-locations/deploy-xenapp-xendesktop-resource-location-blueprint-aws.html.
- Deployment overview
- Deploy the blueprint
- Post-deployment information
The XenApp and XenDesktop Service of Citrix Cloud helps you deliver virtual applications and desktops using XenApp and XenDesktop technology. As with on-premises XenApp and XenDesktop deployments, the XenApp and XenDesktop Service requires you have a supported hypervisor or cloud provider environment. The XenApp and XenDesktop service provides the functions that would otherwise be provided by the XenApp and XenDesktop Delivery Controllers in an on-premises deployment.
This topic describes the required tasks for creating a Citrix Cloud resource location on Amazon Web Services (AWS). You can use this resource location with the XenApp and XenDesktop Service.
What does the blueprint do?
The XenApp and XenDesktop Resource Location Setup blueprint enables you to create a resource location on AWS that you can use with the XenApp and XenDesktop service to deliver applications and desktops to your users. Similar to resource locations in Smart Tools, a resource location for the XenApp and XenDesktop Service is where the machines reside that provide the applications and desktops you make available to your users. These are machines that you manage through the AWS management console.
To create the resource location, this blueprint performs the following actions:
- Create a virtual private cloud (VPC) with public and private subnets, configures security groups, and deploys a NAT instance with a public IP address. The NAT instance enables machines in the private subnet to access the Internet.
- Create a bastion host instance so you can administer machines in the private subnet using RDP. This instance resides in the public subnet of the VPC.
- Deploy an Active Directory domain controller and create a domain. This machine resides in the private subnet of the VPC.
- Deploy two Cloud Connector machines, joined to the domain and added to the private subnet of the VPC.
- (Optional) Deploy two Server VDA machines, one configured for RDS and one configured for VDI, joined to the domain and added to the private subnet of the VPC.
- (Optional) Deploy a StoreFront server, if you don't want to use the Citrix-hosted StoreFront that comes with the XenApp and XenDesktop Service. This machine is joined to the domain and added to the private subnet of the VPC.
- (Optional) Configure a NetScaler VPX instance and configure NetScaler Gateway for secure external access. The default hostname is xd-rl-ns, but you can change this when you configure the deployment.
By default, the blueprint deploys these machines to the default resource location in your Citrix Cloud account. If you have multiple resource locations in your account, you can deploy the blueprint to one of them by supplying its Resource Location ID in the blueprint configuration. See Step 11 in Deploy the blueprint in this topic.
Provisioned machine configurations
The blueprint includes recommended configurations for each machine that Smart Tools provisions to the deployment. The following recommendations are displayed when you configure the VM for each machine tier in the deployment.
Operating system (for all machines): Windows Server 2016
|Machine Type||AWS Instance Type||Memory (GB)||Disk Size (GB)|
|Domain controller||M3 Medium||3.75||32|
|Cloud Connectors||M3 Medium||3.75||32|
|Server VDA (RDS)||M3 Large||7.5||64|
|Server VDA (Server VDI)||M3 Medium||3.75||32|
Important: This blueprint includes conditions for deploying the components above on supported resource locations. When configuring the VMs for each machine tier, you must allow Smart Tools to provision new VMs during deployment. Using existing machines with this blueprint is not supported and will cause the deployment to fail.
Before you deploy this blueprint, perform the following actions:
- Create an AWS account. To sign up for AWS, visit http://aws.amazon.com.
- Request access to the XenApp and XenDesktop Service. To request access, visit https://citrix.cloud.com, log on to your account, and click Request Trial from the Citrix Cloud home page.
- Using the AWS Management Console, create access keys for your AWS account. These keys allow Smart Tools to deploy VMs to AWS on your behalf. Afterward, you also use these keys to set up the XenApp and XenDesktop Service. As a security best practice, Citrix recommends using the access keys of a specific IAM user with AmazonEC2FullAccess and AmazonVPCFullAccess policies assigned.
- Subscribe to NetScaler VPX in Amazon Marketplace.
When you deploy this blueprint, you have the option of allowing Smart Tools to create a new VPC or selecting an existing VPC in your AWS account. Citrix recommends creating the VPC during deployment to ensure the required subnets are created and the default security group is configured appropriately. However, if you want to use an existing VPC, verify it has the following configurations:
- The VPC has three subnets: a public subnet, a private subnet, and a Management subnet for the NetScaler VPX.
- The VPC and subnets have valid CIDR blocks assigned. For example, you might specify the following following CIDR ranges:
- VPC: 10.0.0.0/16
- Public subnet: 10.0.0.0/24
- Private subnet: 10.0.1.0/24
- Management subnet: 10.0.2.0/24
- The subnets in the VPC are named or tagged with the role they assume within the VPC. This helps Smart Tools identify the appropriate subnet for each machine in the blueprint.
For this subnet role... Assign this name... Or assign this tag... Public subnet Public Subnet CLM-Role="Public Subnet" Private subnet Private Subnet CLM-Role="Private Subnet" Management subnet Management Subnet CLM-Role="Management Subnet"
- The VPC has a NAT instance in the Public subnet with an Elastic IP address assigned. The NAT instance enables the machines in the Private subnet to access the Internet.
- The default security group for the VPC has the following inbound rules and ports configured:
- HTTPS: 443
- RDP: 3389
- Custom IMCP Rule: Echo Request
To include NetScaler in your deployment, you must subscribe to NetScaler VPX in the Amazon Marketplace before you deploy the blueprint:
- If you don't have your own NetScaler license, subscribe to the Standard, Enterprise, or Platinum editions. These editions provide a fully licensed "pay-as-you-go" NetScaler deployment you can use with this blueprint.
- If you want to use your own license, select the Customer Licensed edition. You will need to supply your license file during the blueprint configuration. The default hostname in the blueprint configuration is xd-rl-ns, but you can change this value to match your license file.
When you log on to your Citrix Cloud account and click Get Started for the XenApp and XenDesktop Service, Citrix Cloud gives you the option of using Smart Tools to deploy your resource location. When you choose the Smart Tools option, Citrix Cloud transitions you to Smart Tools to complete the blueprint deployment process. After completion, you can return to Citrix Cloud to set up the XenApp and XenDesktop Service.
When you deploy this blueprint, Smart Tools adds the blueprint to your library. Additionally, all Administrator users in your Smart Tools account will have access to the blueprint.
Download the walkthrough
For complete step-by-step deployment instructions, download Setting Up a Resource Location for Apps and Desktops with Citrix Smart Tools (PDF). The guide walks you through the following tasks:
- Setting up your AWS account keys for use with the XenApp and XenDesktop service and Smart Tools
- Subscribing to NetScaler VPX in the Amazon Marketplace
- Configuring and deploying the XenApp and XenDesktop Resource Location Setup blueprint
Deploy the blueprint
- Log on to the Citrix Cloud web site and then, from the Control Center, click Get Started for the XenApp and XenDesktop Service.
- From the XenApp and XenDesktop Service home page, click Use Smart Tools. XenApp and XenDesktop Service directs you to Smart Tools so you can configure your resource location. This might take a few minutes to complete.
- On the Overview page, enter a deployment name. The default deployment name is XenApp and XenDesktop Service: Resource Location Setup. Click Next.
- On the Resource Location page, specify your AWS account details and then click Next:
- Name: Enter a friendly name for your AWS account.
- Access Key ID: Copy and paste the Access Key ID for the IAM account you want to use with Smart Tools.
- Secret Access Key: Copy and paste the Secret Access Key from the IAM account you want to use with Smart Tools.
- In Resource Location, select Add New Resource Location.
- Select Amazon Web Services and then click Next.
- On the Amazon Web Services setup page, enter the following details and then click Add:
- Click Done. Smart Tools returns you to the deployment configuration.
- On the Architecture page, configure the following options and then click Next:
- Deploy Storefront: Select yes to add a Storefront server to your deployment. By default, Smart Tools does not deploy an additional Storefront server.
- Create RDS Template: By default, Smart Tools deploys a VDA machine and configures it for RDS. If you don't this VDA included in your deployment, select no.
- Create Server VDI Template: By default, Smart Tools deploys a VDA machine and configures it for Server VDI. If you don't want this VDA included in your deployment, select no.
- Create NetScaler Gateway: By default, Smart Tools includes NetScaler Gateway in your deployment. If you don't want to include NetScaler, select no.
- Under VM Tiers, select the AWS deployment location you set up earlier. Smart Tools connects to your AWS account and the Configure VM wizard appears.
- On the Choose a Region page, select the AWS region where you will deploy your resource location.
- On the Choose an AMI page, select the Windows Server 2016 base image.
- On the Instance Details page, in Network, select Create VPC with public and private subnets. When prompted, enter a VPC name and then click Create VPC. Click Next.
- On the Credentials page, in Key Pair, select Create new key pair. When prompted, type a friendly name for the key pair and then click Create Key. Save a copy of the key as a PEM file. You will need this key to access the machines in your resource location later. Click Next.
- On the Networking page, accept all the default values and click Next.
- On the Summary page, leave Copy this configuration to other VM tiers. This allows Smart Tools to copy the VM settings for the Domain Controller to the other machines that Smart Tools will provision.
- Click Finish. Smart Tools returns you to the Size page.
- On the Size page, click Edit.
- Click Next on each page until you arrive at the Networking page.
- On the Networking page, under Elastic IP, select Allocate new Elastic IP address for this instance. Click Next.
- On the Summary page, click Finish to save your settings and return to the Size page.
- AdministratorName: Enter a username for the domain administrator. The default username is Administrator.
- AdministratorPassword: Enter a password for the domain administrator.
- DomainName: Enter the fully qualified domain name you want to use for the domain controller Smart Tools provisions. Example: XDDomain.com
- Test User Password: Enter a default password to assign to the User1 and User2 accounts that Smart Tools creates in the Cloud Users group.
- Resource Location Id: (Optional) If you have multiple resource locations available in Citrix Cloud and you want to specify the resource location Smart Tools uses to deploy the Cloud Connectors specified in the blueprint, enter the ID for the resource location. The resource location ID is located on the Resource Locations page in Citrix Cloud.
- VPX Password: Enter the administrator password you want to use for the NetScaler VPX appliance. Smart Tools will use your entry to change the default NetScaler password during deployment.
- VPX Hostname: Enter the hostname you want to use for the NetScaler VPX. The license file you supply must have this hostname listed. The default hostname is xd-rl-ns.
- NetScaler VPX Edition: If you subscribed to the "pay-as-you-go" NetScaler VPX in the Amazon Marketplace, select the edition you chose. To use your own license, select Customer Licensed.
- License for Customer Licensed Edition: If you subscribed to the Customer Licensed edition of NetScaler VPX, click Upload File to supply the license file for the appliance.
Smart Tools displays the Deployment Details page which shows the progress of your deployment. From here, you can see the status of your deployment as Smart Tools executes each step.
How long does the blueprint take to finish?
Deploying a resource location can take up to five hours. Be aware that some steps take longer than others to complete.
How do I know when the resource location is ready to use?
- Verify the Cloud Connectors have registered with Citrix Cloud. To do this, click the menu button in the upper-left corner of the page and select Resource Locations. Each of the Cloud Connectors that Smart Tools deployed displays a green check mark to indicate it registered successfully.
- Verify the domain you specified has registered successfully with Citrix Cloud. To do this, click the menu button in the upper-left corner of the page and select Identity and Access Management. The Domains tab displays the domain for your new resource location with a green indicator showing the domain is online.
What do I do next?
When your resource location is ready, you can set up the XenApp and XenDesktop Service. To do this, you perform the following tasks:
- Create a host connection.
- Set up machine provisioning.
- Create a Delivery Group.
For instructions, see Getting Started with the XenApp and XenDesktop Service on the Citrix Product Documentation web site.