One of the features of XenApp 7.11 is the support for Azure Resource Manager, which allows you to extend your existing XenApp deployment to Microsoft Azure right from Citrix Studio.

Note: This feature was introduced “Cloud First” in the XenApp and XenDesktop service a few months ago.

Azure’s global footprint can be utilised to deploy virtual apps and desktops from any of the Azure data centers closest to where your users are, so they get the best interactivity and performance at lowest latency.

As Citrix admin, you need to know how Azure accounts, subscriptions, Azure Resource Manager and Azure Active Directory are linked together. 

Type of Accounts

There are two types of accounts you can login to access Microsoft services:

• Microsoft accounts (also known as personal accounts).

• Azure Active Directory accounts (Work or School accounts) .These are usually of the form user@org.onmicrosoft.com.

Azure AD is a massive multi-tenant directory system. If you are the administrator of an Azure AD tenant directory and that tenant contains about 30 or more accounts which are a combination of Microsoft accounts considered “Guests” and Azure AD accounts which are “Members”.

Azure subscriptions are linked to one Azure AD tenant. By “linked” it means the subscription trusts the authentication provided by that Azure AD tenant for resources contained within that subscription (like VMs, storage accounts, virtual networks etc.).

Azure Resource Manager uses Azure AD for authentication. If you need to provision machines into your Azure subscription, first you would need to successfully authenticate against the Azure AD tenant that the subscription is linked to.

Azure AD Account Setup

An Azure AD account and an Azure subscription is required to create a host connection in Citrix Studio. The key requirement for the account is that it needs to be a member of the Azure AD associated with the subscription.

To meet this requirement, let’s take an example. Alex wants to provision XenApp on Azure. Pras is the Azure account owner. Here’s what Alex needs to do.

1. Identify the subscription’s directory: Alex logs in to the new Azure portal using his  Microsoft account credentials and not an Azure AD account. Alex will see his subscription’s directory at the top right.

2. Ask your Azure AD admin to create an Azure AD account for you: Alex requests Pras, the Azure AD admin to create an Azure AD account for him. To do this, Pras has to login to the old Azure portal as the admin and create an Azure AD user for Alex as described here.

3. Ask your Azure AD admin to make you a subscription admin: After adding Alex to the directory, Pras grants access to the target that Alex wishes to use to provision XenApp on Azure (Refer to the Microsoft KB article How to add or change Azure administrator roles.)

• How Azure subscriptions are associated with Azure Active Directory

• Azure availability Regions

• Citrix Announcement - XenApp/Xendesktop 7.11 Availability

• How to use Azure Active Directory and Resource Manager to manage a customer’s resources