Citrix Cloud XenApp and XenDesktop service will now allow native Azure Resource Manager integration. It will be labeled as just “Microsoft Azure” in our hypervisor drop down list.

This document has information on the setup and delivery of desktops and applications.

In this example, a VPN connection has been setup from an on-premise NetScaler to the Azure West datacenter.

This VPN configuration allows access on premise company resources from Azure-provisioned workloads. Additionally, it also allows all Azure resources domain to be joined.

When it comes to providing Active Directory services in a cloud resource zone, there are three options;

1. Domain joining all Azure resources to on-premise domain.

2. Deploy a domain controller in Azure as a separate AD site for on-premise domain.

3. Deploy a completely separate Active Directory in Azure, and establish a trust with respective on-premise domain.

Scenario: Configuration details of a Gateway and lab setup:

1. Running NetScaler 11.0.66.11.nc for Cloud Connector appliance.

2.  Azure VNET is 10.100.0.0/16.

3. On-premise network is 192.168.89.0/24.

4. A bastion or jump serverwas created in Azure to perform configuration work. This server has a public IP and the port for RDP (3389) was open via a single Network Security Group. It is placed in the subnet of 10.100.1.0/24

5. All machines were created in the US West region with the “Resource Manager” method via the web portal.

6. The server that has the Cloud Connector and the VDA installed are part of the 10.100.2.0 subnet.

7. A Citrix Cloud account with 3 resource locations; 1 for on-premise, 1 for Azure Classic (Central) and 1 for Azure ARM (West).

8. All resources in Azure are domain joined.

9. All resource zone servers are secured by leveraging Network Security groups (NSGs) within Azure

10. GUI was used for everything, and did not use PowerShell or the NetScaler CLI. The GUI for a CloudBridge Connection to Azure is simple once Azure supplies the Public IP to use.

11. This Microsoft Azure article was the main reference point to verify that the address space and Azure configuration was correct.

Once the VPN in Azure was configured, configuring local ports and running through the NetScaler Azure wizard was quick and easy.

The Connector in Citrix Cloud

When using Cloud Connectors to access a resource zone, a minimum of two Cloud Connectors are recommended.

The “Azure ARM – West” zone was created prior to the install of the Cloud Connector. Then a low cost Basic A1 instance was created in the Azure Region. This computer will be used as the Cloud Connector for this zone.

During the Cloud Connector installation you are prompted for your Citrix Online user credentials for Citrix Cloud. After a successful authentication, you are asked to select your location. This must be created prior to installation because you cannot create one from the installer. Chose the appropriate resource location for your environment.

As a best practice, leverage Availability Sets for your deployments. This spreads your computer load across fault and update domains to limit you downtime and provide the 99.95% SLA that Azure stands by. Refer to the Microsoft KB Article on Manage the availability of Virtual Machines for more information.

Create your zone first in Studio

Before moving forward. Make sure you have created a new Azure zone in Studio and place the correct Azure Resource Zone Cloud Connectors into that zone. To avoid host creation errors, ensure at least one of the Cloud Connectors is powered on and accessible.

Creating the Hosting location

1. Right click on the Hosting node and create a new Host Connection. When you add a new connection, additional drop options are available.
   

2. The initial setup for Azure Resource Manager and Azure Classic varies slightly. With Azure Classic, you need to import a publishing file while in Azure Resource Manager you need to create a Service Principal.
   Scenario : Leverage MCS for provisioning method and create resource groups.

3. We need our subscription ID. Copying this into the console is a two-step process. First, copy it to your clipboard on your local machine. Second, select the clipboard icon on the HTML5 client bar and paste your information into the window. This can now be pasted into the subscription ID field.
   
   

4. The zone name entered during a previous step will be available to you when you click the drop down arrow. Select the appropriate zone, uniquely name your connection and click “Create New…”. This will open a new window that will ask for authentication into Azure to create the Service Principal.
   

5. A listing of the requested access will be displayed.
   

6. After you click Accept, it will create the Service Principal.

7. If you want to verify, log into your Azure Portal and select Active Directory. After it loads, click applications, you will see XenDesktop listed below.
   
   

8. Click next and select Region.
   

9. Name your resource and select the proper subnet available in your selected virtual network based up on your region, then click next.
   
   

10. If you are accessing multiple regions, you will need to create multiple host entries.
    

Create your golden image

During the VDA install, you will be prompted for the DDC you want to register with. Make sure to place all of your Cloud Connectors FQDN when you reach this step. It also helps if they are on to limit error messages and solidify installation.

Once you have the machine set up, shut it down . Then, proceed to the console or Azure Portal and stop the image machine. This places the machine in a “stop deallocated” state. It is limiting the charges and will be used for replication during the image creation process. The size of the instance that you select is dependent on the workload.

Moving on up to Machine Catalogs

1. When you create the machine catalog for this newly created host, ensure to choose the option from the drop down.
   

2. After you click on next, you will see some new options. You are presented with a complete list of all your Resource Zones to find your gold image. The hierarchy flows as follows:

3. Resource Zone -> Storage Account -> Container->vhds -> then the VHD you want to use

4. Ensure you note the proper Resource Zone and Storage account you want to use to select your gold image for deployment.
   

5. Select the appropriate storage target for this machine catalog. Premium storage can offer you some improved performance.
   

6. Select the appropriate machine size and quantity for this group.
   

7. Next is the network card selection.

8. Now name the resources and select the appropriate OU within AD.

9. Input the domain credentials, preferably a service account that can interact with your Active Directory for machine creations, etc.
   
   

10. Upon completion of the build process, you’ll see your virtual machines listed and in a stopped state:
    

Delivery Group creation

1. These steps are fairly similar to the on-premise deployment.
   

2. We will ensure Citrix Cloud manage access to the Delivery Group.

3. Add any applications that you want/need.

4. After you have provided a company appropriate Group and Display name, launch web console and setup access and add the service to your workspace. After you click on “add”, don’t forget to select “Update Workspace”.  It ensures the new service will appear when users who are subscribed to this workspace, log in.

5. Time to start a VM and test your deployment. The XenApp and XenDesktop Services Cloud StoreFront site provided to your company will follow the URL of “https://<your company.xendesktop.net/”. Login with the appropriate user credentials for your domain and launch.