XenDesktop 5 Comprehensive Technical Worldwide Technical Readiness February 28, 2011

•Project Overview and Release notes

•New Concepts and Quick Deploy

• Installation with Quick Deploy

•Components and Architecture

•Hosting Management

•Machine Creation Services

Agenda (1 of 2)

•Virtual Desktop Agent 5

•Desktop Studio

•Desktop Director

•Active Directory-based Policies

•VM-hosted Applications

•Scalability and Best Practices

Agenda (2 of 2)

Project Overview and Release Notes

• Simplified Install – Quick Deploy

• Simplified Desktop Deployment and Machine Creation

• Fewer Management Consoles

• Active Directory-based Policies

• Printing Optimizations

Key new features

• Release to Web (RTW) Dec 3, 2010

• General Availability (GA) Dec 17, 2010

XenDesktop 5 release schedule

Licensing Express VDI Enterprise PlatinumNamed User 10 Included Included IncludedDevice based Included Included IncludedConcurrent User IncludedComponents Express VDI Enterprise PlatinumController Included Included Included IncludedXenServer XenServer XenServer ENT XenServer ENT XenServer ENTMachine Creation Services Included Included IncludedPVS for desktops Included IncludedPVS for servers Included IncludedWorkflow Studio Included Included IncludedProfile Management Included Included IncludedStorage Link Included Included IncludedAccess Gateway ICA ICA FullXenApp ENT PLATHDX 3D Included IncludedEdgeSight for VDA IncludedRepeater plug-in IncludedSingle Sign on IncludedXenClient Included Included

Citrix Confidential - Do Not Distribute

Features and editions “Eye Chart”

New Concepts and Quick Deploy

Sites•XenDesktop deployment in single geographical location

•Previously known as a Farm in XD4

Hosts•Infrastructure comprised of hypervisors (resource pools or clusters), storage and other virtualization components

•Each site can have multiple host connections

New Concepts in XenDesktop 5

Catalogs•A grouping of similar desktop machines from 1 or more hypervisors

Desktop Groups•Desktops from one or more catalogs - not limited to a single hypervisor pool - assigned to users

•Single user may access multiple desktops in the group or a single desktop may be assigned for use by multiple users

•Similar to the concept of Desktop Groups in XD4

New Concepts in XenDesktop 5

Citrix Confidential - Do Not Distribute

XenDesktop 4 vs XenDesktop 5

In XenDesktop 4 In XenDesktop 5

• Farm

• Desktop Group

• DDC / broker /controller

• IMA data store

• AD Config Wizard

• Idle Pool Settings

• Site

• Desktop group (assignment)

• DDC / broker /controller

• SQL database

• Registry-based

• Desktop Group / Power Mgmt

Site Hosts, Catalogs, Desktop Groups

Site

Host (s)

Catalogs

Desktop Groups

Host (s)

Catalogs

Desktop Groups

• Pooled• Dedicated• Existing• Physical Machines• Streamed

Desktop Catalogs

Machine Catalog Types

• Pooled - direct copies of the master VM, no customization

• Dedicated - permanently assigned to individual users, with customization

• Existing – previously created virtual machines

• Physical - desktops hosted on dedicated blade servers; no centralized power control

• Streamed - vDisk imaged from a master target device with Provisioning Services

Machine Type Definitions

Catalog

Desktop Group

1

Desktop Group 2 Desktop

Group 3

Catalog design increases scale and resilience

HypervisorHypervisor

Hypervisor Hypervisor

• 5 machines

• 3 assigned

Machines and Desktop Groups

User1

Desktop1Desktop2

Desktop3

Users can run multiple desktops in a group

Desktop

User1User2 Client IP

Address

Desktops assigned to user or client IP

Installation with Quick Deploy

• No IMA in XenDesktop 5 Controller

• No IMA data store or local host cache

• No XML Blob

• No AD Configuration Wizard or Farm OU

• No Terminal Services requirement

• New SQL database – no support for Oracle or Access

*NEW* Installation – Server Side

• XenDesktop Controller supports Windows Server 2008 and 2008 R2 only

• To use “Quick Deploy” all components must be on same box

• Quick Deploy assumes SQL Express on same machine

• Uses the same License Server as XenDesktop 4 (11.6.1)

• PowerShell 2.0 is downloaded during the installation• GOTCHA : Manually install PowerShell if you don’t have internet access

Installation – Server Side

• Microsoft Windows Server 2008, Standard or Enterprise Edition, with Service Pack 2

• Microsoft Windows Server 2008 R2, Standard or Enterprise Edition• Service Pack 1 will be supported

• Microsoft .NET Framework, Version 3.5, with Service Pack 1

• Microsoft Internet Information Services (IIS) and ASP.NET 2.0• IIS is required only if you are installing the Web Interface, the License Server, or

Desktop Director

Controller – System Requirements

• Microsoft SQL Server 2008 R2

• Microsoft SQL Server 2008 R2 Express Edition

• Microsoft SQL Server 2008, with Service Pack 2 installed

• Microsoft SQL Server 2008 Express Edition, with Service Pack 1 installed• We will ship with SQL Server Express 2008 R2

Windows integration authentication required

Controller – Database Requirements

• VDA now uses “registry based” registration.• Broker details are stored in the registry of the desktop

• PowerShell scripts can be run to set up registry based VDA registration

• VDA command line options• FORCEWDDMREMOVE – For physical machines or VMware• NOWINRM – for WinXP• GPO install of VDA is documented here

http://support.citrix.com/article/CTX127301

• In place VDA upgrade is supported

Installation – Client Side

**New Concept**Machine Creation Services - Provisioning Services for VDI

• Proven to scale

• Single image management workflows

• Actively being developed

• Additional console - PVS console

• Infrastructure requirements

Provisioning Services with XenDesktop 4

XenDesktop 4 with PVS

SA N

XenServer

XenApp

PVS

Active Directory with roaming

profiles

DesktopDelivery Controller

Virtual Machines

“desktop proxy stream”

• New: Machine Creation Services• Benefits of Provisioning Services• Optimized for Hypervisor environments• Low Deployment Investment

• Machine Creation Services:1.Citrix Machine Creation Service

• Creates new Virtual Machines2.Citrix AD Identity Service

• Manages Active Directory Computer Accounts

3.Citrix Machine Identity Service• Manages Virtual Machine Storage

New Option with XenDesktop 5.0

Storage Configuration

Provisioning Services:Provisioning

ServicesStorage

Machine Creation Service:

Hypervisor(s)

• Caches ‘base image’ in RAM for fast delivery

StorageHypervisor(s)RAM

Cache

• Caches ‘base image’ in RAM for fast delivery

• Rack-friendly, 0U hit for RAM cache

High-level Service-Oriented Architecture

Desktop Broker

Broker Service

Machine CreationService

AD Identity Service

Machine Identity Service

Host Service

Central Config Service

SQL Server

Desktop StudioDesktop Director

PowerShell WCFSDK available for automation

Virtual Desktop

WinRM(WMI)

hypervisor

storage

A

Master VM

Master VMimage

A A A A A A A

identitydiff disk

Provisioning Services for VDI (MCS)

Machine Creation Service: How it works

VM

Master Disk

VM VM

Diff DiskId Disk

Diff DiskId Disk

Diff DiskId Disk

Storage

• One copy of the base image shared by all VMs

• Space reclaimed every boot

• Persistent Identity uses little space

Citrix Confidential - Do Not Distribute

Identity disk and diff disks

Citrix Confidential - Do Not Distribute

Identity Disk – Hidden by default

Protected by ACLs

Provisioning / Update / Rollback

Master VM

Snapshot

Snapshot

Snapshot

Snapshot

Golden Image

#1. Consolidate

Base ImagePat

ches

Diff Diff

VM VM

#2. Provision

• Patch history kept as snapshots (deep chain)

• Flatten chain for best performance• Can take time

• Rapid provisioning of VMs

Citrix Confidential - Do Not Distribute

• Update the master vm

• Modify the pooled machine catalog in Desktop Studio by choosing the “Update” option

• Specify the strategy as immediate or next login

Updating the master VM for pooled desktops

Citrix Confidential - Do Not Distribute

• User changes are persistent and kept in diff disk

• Updates must be managed on a individual basis or using 3rd party EDS tools

Dedicated Catalog Updates

Recommended

• Almost any shared storage will work, but...

Machine Creation Service: Compatible Storage

• NFS

• Low Scale:• VMFS

ESX

• NFS

• Low Scale:• FC• iSCSI• DAS

XenServer

• CSV(Clustered Shared Volume)

Hyper-V

High-level Service-Oriented Architecture

Desktop Broker

Broker Service

Machine CreationService

AD Identity Service

Machine Identity Service

Host Service

Central Config Service

SQL Server

Desktop StudioDesktop Director

PowerShell WCFSDK available for automation

Virtual Desktop

WinRM(WMI)

Citrix Confidential - Do Not Distribute

AD Account Management

Pool

VMId

Disk

Provision

De-provision

Reset

AD Admin

Create

XD AdminImport

Combined Admin

Create

Import

• New in XD 5!

• Active Directory accounts tracked at all times

• Image Optimizer• PVS component used to adjust OS parameters

• Encryption support for the database

• CDF tracing enabled on machine creation services

MCS – Additional Information

Citrix Confidential - Do Not Distribute

MCS isn’t linked clones…..

Linked Clones MCS

• Sysprep thrashes storage

• Doesn’t manage AD accounts

• Store credentials in DB

• No sysprep, PVS identity management

• Active AD account management and re-use

• AD Account import

Citrix Confidential - Do Not Distribute

When to use which …..

MCS PVS

• POC / Pilots / Demos

• Smaller scale VDI• To start with• Scale will be proved with

testing

• VDI Only

• POC / Pilots for mixed

• Large scale VDI

• FlexCast• Mixed desktops

1) Create a virtual machine (Win7, WinXP or Vista) and install the VDA and other basic applications

2) Install XenDesktop 5 and select all components

3) Select Quick Deploy configuration and use the virtual machine as the master vm

Concept of “Quick Deploy” Using MCS

• All components must be on same box

• Assumes SQL Express on same machine

• Works with XenServer, Hyper-V or ESX

• Choice of Pooled or Assigned (VDI) desktops only with single Desktop Group

• Uses limited desktop naming convention

Quick Deploy Installation & Configuration

Quick Deploy. The wizard does all of this…

Site

•Creates the XD Site with db, WI sites

Host

•Connects to the Hosting Infrastructure

Resources

•Connects to the Storage Infrastructure

Master

Image

•Determines the Master VM Image

VM Information

•Specifies the VM Information

Users

•Defines which users can access desktops

…and does this

Configuring Services• Obtain schema creation SQL scripts from

services• Create database and apply schema

creation SQL scripts• Point services at newly created database• Register and join services with config

serviceConfiguring Machine Creation• Create machine accounts in the identity

pool• Create a provisioning scheme by copying

master VM• Create machines using the provisioning

scheme• Add machines to the broker catalog

Configuring Host• Identify and configure specified hypervisor

connection and hosting unit (via ‘Hyp’ service)

• Create broker catalog and hypervisor connection

• Configure ’Acct’ service identity pool

Configuring Desktop Group• Create broker desktop group (including

access policy rule, entitlement policy rule, power time schemes etc)

• Add machines from catalog to the desktop group

LAB Exercise 1: Quick DeployLAB Exercise 2: Observe the Installation

Components and Architecture

High-level Service-Oriented Architecture

Desktop Delivery Controller

Broker Service

Machine CreationService

AD Identity Service

Machine Identity Service

Host Service

Central Config Service

SQL Server

Desktop StudioDesktop Director

PowerShell WCFSDK available for automation

Virtual Desktop

WinRM(WMI)

• Each service is informed of the database connection details

• Each service is registered with the central config service

• Each service has specific database tables created by scripts

SQL Database SQL Server

Worker Endpoints

Worker Registrations

Worker Index

Worker Names

DiagWorker

Workers

Workers

Brokered Sessions Sessions WI Sessions

Desktop Groups

Desktops

Catalogs

Licenses

Configuration Schema:

chb_Config

State Schema:chb_State

SQL Database: Broker Service Schema

Soft Registrations

• Reads/Writes to SQL Database

• Interacts with WI & AG & NetScaler during launch requests• Uses XML component rewritten in .NET

• License Server• Licensing wrapper written in .NET uses License Policy Engine DLL

• SDK - WCF to PowerShell snap-in

• Hosting unit – ‘HCL’ and plugins with connection details

• VDA agent service – WCF/CBP

• Machine Identity Service• ResetVM

Main Broker Interactions

Citrix Confidential - Do Not Distribute

Broker Service DetailedInteractions

Administration Machine

PowerShell Snap-in

Hypervisor & Storage

VDA

VDA

Workstation Agent

Broker Service

IIS

WI Sites Desktop Director Site

Infrastructure & Machine

Creation Services

Hosting Management

License Server Database

SDK (WCF)

CBP (WCF)

Active Directory

Http or PS (via HCL)

WCF

XML (http)

LDAP

WCF

XML Service SDK Admin service

License Management

Database Access

VDA Management

Service Control

WCF

High-level Service-Oriented Architecture

Desktop Delivery Controller

Broker Service

Machine CreationService

AD Identity Service

Machine Identity Service

Host Service

Central Config Service

SQL Server

Desktop StudioDesktop Director

PowerShell WCFSDK available for automation

Virtual Desktop

WinRM(WMI)

• Stores ‘Global’ meta-data about all services • Service configuration information

• Minimizes configuration (avoid WI/XML service situation in future)

• Minimize dependencies on Active Directory

Central Configuration Service

• Functionality modules that run in the broker service

• Runs on only one broker per site (configurable)

• There is a heartbeat from other brokers so failover will take place if it goes down

• PS C:\> Get-BrokerSite

Site Services

• Reaper services - finds and marks failed controllers, finds and kills expired launch sessions

• Cache Refresh - does async AD lookups of DDC, VDA and user names

• Licensing - communicates with license server to manage ‘permanent’ licenses

• Registration Hardening – completes soft registered machines

• Power Policy - manages idle pool levels and initiates policy power actions

• Group Usage - monitors how many desktops are in use in each group

What does Site Services do?

Hosting Management

High-level Service-Oriented Architecture

Desktop Delivery Controller

Broker Service

Machine CreationService

AD Identity Service

Machine Identity Service

Host Service

Central Config Service

SQL Server

Desktop StudioDesktop Director

PowerShell WCFSDK available for automation

Virtual Desktop

WinRM(WMI)

Host Management Overview

•Creates and manages hypervisor connections and hosting units

•Broker service polls the host service for hypervisor credentials and passes them on to the HCL for access to VMs

•Hypervisor Communication Library (HCL) is a wrapper around the plugins (XS, ESX, HyperV)• Does machine cloning• Stops and starts VMs

Hosting Unit Service

Host ConnectionsXenDesktop 5 Site

Virtual Center -ESX

XenServer Pool 2

XenServer Pool 1

SCVMM – HyperV

Desktop Groups

CatalogCatalog

Catalog

• Idle Pool Count is configured under "Power Management" in the properties of Desktop Groups

• Stops/starts performed on hypervisor are queued in the SQL database

• Throttling is configurable with SDK

Power Action Queues

• Time scheme defines which hours are peak or off peak

• Time scheme defines the pool size and pool size is the number of machines in the running state

• Buffer size is the % of machines in the pool to keep in the IDLE state

• Power Policy Actions are defined for each desktop group

Power Time Schemes and Policy Actions

Virtual Desktop Agent 5

VDA 5 Architecture

Back-end Components

Hosting Components

PortICA

Desktop Service

WCF

WCF(CBP)

Machine Personality Service Client

Creation

Group Policy Processing

(FullArmor support)

Group Policy

Registry

“Virtual Desktop Agent”

RDP Plug-In

WCF

Admin Components

DCOM or WinRM

Identity Disk (VHD)

Use andupdate datathrough file

system access

** New Services:Group Policy EnginePvs for VMs Service

• Registry based VDA registration with FQDN of brokers in the registry during install

• PowerShell script can be run to set up registry based VDA registration for full desktop deployments

• Port 80 is default registration port

• VDA command line options• FORCEWDDMREMOVE (for physical or VMware)• NOWINRM (for WinXP only)

VDA Installation

• Post-install configuration•“ConfigRemoteMgmt.exe” tool turns on Remote Access and WinRM

•“ConfigurationApp.exe” runs a desktop optimization for virtual machines

• Upgrade the VDA first Not backward compatible VDA 4.0 cannot register with XenDesktop 5VDA 5.0 can register with XD4 DDC * In place upgrade is supported for VDA

VDA Installation

• Printing enhancements require 12.1 client and VDA 5

• Webcam Redirection - Supports OCS

• New popup welcome screen (can be disabled via GPO)

• MediaStream disconnect/reconnect - Media Player can now continue playing (pause/resume) after a reconnected session.

• All XD4 SP1 fixes (Project Medoc) are in the VDA 5

VDA features

LAB Exercise 3LAB Exercise 4

Desktop Studio

• MMC console for XenDesktop Configuration and Administration

• Read/writes to DDC, AD and PVS

• Replaces the Delivery Services Console

Desktop Studio

Desktop Studio Architecture

Desktop StudioXD Services

Scripts

Broker

MCS

Host

AD Identity

Configuration

WCF

The rest of the

environmentXenServer,

VDAs

Active Directory

LDAP(S)

PvS

54321

UI

PoSH

Interface

• PowerShell scripts interact with the broker

• Uses the public XD API PowerShell SDK

• Unity.config file controls the layout of DesktopStudio console

• Logging is enabled through mmcsnapin.dll.config file (disabled by default)

• PowerShell scripts also interact directly with PVS

Desktop Studio runs on PowerShell

• Configurable alerts to the dashboard

• Can use SDK to get email alerts

• Categories are not configurable

• Hypervisor may be bottleneck on backend when large amounts of data are collected

• Same dashboard is part of Desktop Director

Desktop Studio Dashboard

• Red X can mean that it cannot display correct data – It does a best effort

• Press CTRL-C for pop up messages to get error details and paste into notepad (when Details>> is not present)

• PowerShell scripts will be the better way in many cases for large environments

Error popups in Desktop Studio

Desktop Director

• Web based administration for real time data

• Designed for Help Desk to monitor and manage

• Displays session details• Search per user / desktop

• No SSO support at present

Desktop Director

Administration Components – Desktop Director

Windows Metrics

PortICA

Workstation Agent

WCF

WMI/WBEMXD Services

Broker

MCS

Host

AD Identity

Configuration

DD website

WCF

HTTPS

WCF

• Full administrator - Full administration rights. Only local administrators have this role by default and can create further full or delegated administrators

• Read-only administrator – View all but no changes. Attempted edits will not be saved

• Machine administrator - owns the catalogs, builds the virtual desktops and specify which Desktop Group administrators can consume the images created

• Desktop Group administrator – creates desktop groups from catalogs and assigns them to users. Can specify which helpdesk administrators are permitted to support these users

• Help desk administrator - performs day-to-day monitoring and maintenance tasks, such as restarting a desktop or logging off a session

Management through Workflow

• Provides rich WMI data from VDA such as perfmon, event logs, hardware data and policy reports

• WinRM is on Windows 7 by default but must be manually installed on WinXP

• Must have local admin rights on VDA to view in Desktop Director

• WinRM 2.0 uses port 5985 and is a SOAP service

Viewing WinRM data

• Shadowing is done in Desktop Director

• Uses MS Remote Assistance, not ICA shadowing

• VDA install turns on Remote Assist by default

• Remote Assist must be enabled via Group Policy

• Client side Flash rendering cannot be shadowed

• Uses DCOM – potential firewall issues, browser settings

• Can be hidden in the UI and disabled via GPO

Shadowing Virtual Desktops

Administration Components – Summary

Management Workstation

Delivery Controllers

Desktop

Web Browser

MMC 3

PowerShell

Back-endServices

DMC Web App

Windows Metrics

PortICA

Workstation Agent

HTTPS

WCF

WCF

WCF

WMI/WBEM

WCF

ADGPMC Full Armor

Client

Registry

Registry,File System

Active Directory-based Policies

• Full Armor implementation same as with XenApp 6

• Configured in Desktop Studio and stored in SQL database or configured and stored in Active Directory

• Desktop Studio will show both GPO and HDX policies

• Machine policies are reapplied at logon with user policies

• User policies evaluated at login and re-evaluated on reconnects

• Backward compatible with XD4 – VDA 5 will translate the XML blob

Active Directory based HDX policies

• Site policies, machine policies and user policies are all GPO based so gpupdate /force will update all policies

• GPO is processed by Windows and Site Policy is processed by Citrix Group Policy service – resultant set of policies is written to the registry

• Session based policies: HKLM\Software\Policies\Citrix\<session>\...

• Machine based policies: HKLM\Software\Policies\Citrix\...

• Machine based defaults (settings): HKLM\Software\Citrix\Group Policy\Defaults\...

Active Directory based HDX policies

Administration Components – Global HDX Policy

PortICA

ADDesktop Studio

Group Policy Service

Virtual DesktopRegistry

• Configure resolution, color depth and compression

• Optimize for better print quality or faster printing

• Users can also modify print quality by adjusting DPI settings

Printing Optimization Policies

VM-hosted Applications

VM-hosted Apps

• Fully integrated with XenDesktop 5 in Desktop Studio

• Apps can be launched from same desktop every time

• App is associated with a desktop and the Access Policy Rule associates an application with a user

• Provides persistent data and experience for user

• Checks out a XA license (must be ENT or PLAT XD)

• Content Redirection - must manually import file types with VDA in maintenance mode with “update file types”

• SharedApp – pooled desktop group will launch the app

• PrivateApp – assigned desktop to run the app. Can be pre-assigned or AoFU (App of first use)

• User initiates RequestAppData which starts with XMLservice BrokerDAL DB stored procedure which enumerates resources for user

• AppResoluiton then processes credentials, creates a ticket, ….. gets a brokered session and then launches the VM-hosted app and checks out a license.

VM hosted apps

LAB Exercise 5LAB Exercise 6

Scalability and Best Practices

Scalability, Tips and Tidbits

• No more bottleneck with farm master (XD4)

• All DDCs load balance launch requests

• All DDCs load balance VDA registration

• All DDCs talk to SQL database

• Single server scalability - disk I/O could be the bottleneck and logon rate plays a role here

• DDCs should be close to SQL Server

• DB failure = Broker failure = Site failure

• SQL Mirror – best option for HA

• Database sizing -150 MB for 20,000 VDAs - more to follow on sizing and scaling

• SQL transaction log is required for mirroring and could get very large

• Broker log is enabled in CDSController config – same as in XD4

Scalability, Tips and Tidbits

• Multi-site deployment is same as with XD4 (Use WI to aggregate sites)

• Site services - runs on only one broker per site but there is a heartbeat from other brokers so failover will take place if it goes down

• AG needs 'TrustRequestsSenttoXMLport=TRUE' (default is FALSE)

Scalability, Tips and Tidbits

Resources

Product Documentationhttp://support.citrix.com/proddocs/index.jsp XenDesktop 5 Reference Architecturehttp://support.citrix.com/article/CTX127587 CXD-101-2 Citrix XenDesktop 5 Overviewhttp://citrixtraining.com/courses/course_view.cfm/course_id:276?cgroup_id=30&cpn_id=281 XenDesktop 5 Quick PoC Kit (requires mycitrix login)http://www.citrix.com/xendesktop/pockit XenDestop Setup Wizard Workaround for XenDesktop 5 and Provisioning Services 5.6http://support.citrix.com/article/CTX128283

LAB Exercise 7 LAB Exercise 8 LAB Exercise 9