Citrix Workspace Suite Reference Architecture for Trade up Customers

Citrix Workspace Suite Reference Architecture for Trade up Customers
 Citrix Workspace Suite Reference
Architecture for Trade up Customers
This document is intended to aid IT architects and administrators who have an existing XenDesktop
deployment and are looking to add other key components of Citrix Workspace Suite. It includes an
overview of the architecture and introductory implementation guidance.
Last Updated: July 2015
Prepared by: Citrix Solutions Lab Table of Contents Section 1: Executive Summary ................................................................... 2
Audience .................................................................................................................... 2
Project Overview ........................................................................................................ 2
Disclaimer ................................................................................................................... 2
Citrix Solutions Lab Implementation .............................................................................. 3
Section 2: Architectural Overview ............................................................... 4
Section 3: Deploying the Environment ........................................................ 5
Server Hardware ........................................................................................................ 5
Networking Components ............................................................................................ 6
Storage Configuration ................................................................................................ 6
Environment Infrastructure ......................................................................................... 6
Software ........................................................................................................................ 7
Environment Infrastructure ......................................................................................... 7
NetScaler Configuration ............................................................................................. 9
StoreFront Configuration .......................................................................................... 13
XenDesktop & XenApp Configuration ...................................................................... 16
XenMobile Configuration .......................................................................................... 22
ShareFile Configuration ............................................................................................ 24
Section 4: Conclusion ................................................................................ 29
Appendix A – References .......................................................................... 30
Appendix B – Tables .................................................................................. 31
Appendix C – Figures ................................................................................ 32
citrix.com 1 Citrix Workspace Suite Reference Architecture
Section 1:
Executive Summary
The goal of any data center is to deliver secure access to applications, data and services allowing the
end-user to use any device in any location. To help enterprises accomplish this, Citrix Workspace Suite
delivers a powerful solution to address the performance, security and mobility requirements of today’s
workforce. Citrix Workspace Suite brings XenDesktop, XenApp, XenMobile, ShareFile, NetScaler, and
CloudBridge into a single solution making business critical applications (Windows, web, SaaS and
mobile) and data available to anyone, anytime, anywhere, thus allowing your users to work smarter, work
better. For more information about Citrix Workspace Suite, visit www.citrix.com/go/workspacesuite.
This reference architecture documents the leading practices in migrating from XenDesktop to Citrix
Workspace Suite. It outlines the high-level tasks needed to bring XenMobile and ShareFile into an
existing XenDesktop environment:
• XenMobile delivers mobile device management (MDM), mobile application management (MAM),
and enterprise-grade productivity apps to users on their mobile device. For more information on
XenMobile, visit: http://www.citrix.com/products/xenmobile/overview.html
• ShareFile provides a secure enterprise file sync and share service that meets the mobility,
collaboration, and data security requirements of business. For more information on ShareFile,
visit: http://www.citrix.com/products/sharefile/overview.html.
Audience
This reference architecture is aimed at IT administrators, implementers, and architects who have a
current installation of XenDesktop and are looking to trade up to Citrix Workspace Suite, which involves
adding XenMobile and ShareFile to the environment.
Project Overview
This document assumes there is an existing XenDesktop installation. In the scenario, a XenDesktop 7.5
installation and is upgraded to the Citrix Workspace Suite which includes XenDesktop 7.6 and XenMobile
10. To get here, we did an upgrade to the XenDesktop environment and installed the XenMobile and
ShareFile components to the environment. This scenario assumes NetScaler is already configured into
the environment to support XenDesktop, and the configuration will be updated and modified to support
the addition of XenMobile and ShareFile.
Note: The scenario does not include branch office users and therefore will not include CloudBridge.
Disclaimer
This guide is not intended to constitute legal advice. Customers should consult with their legal counsel
regarding compliance with U.S., and other country-specific industry laws and regulations, and the
intended use of Citrix products and services. Citrix makes no warranties, express, implied, or statutory, as
to the information in this document.
citrix.com 2 Citrix Workspace Suite Reference Architecture
Citrix Solutions Lab Implementation
The Citrix Solutions Lab built a XenDesktop deployment utilizing XenDesktop 7.1 almost a year ago.
Over the past year, this environment has been updated and managed similar to a real-world data center
deployment, upgrading the XenDesktop deployment with each new release of XenDesktop. In this
implementation, not only will XenDesktop be upgraded to 7.6, but also XenMobile 10 and ShareFile will
be added to the environment. The following diagram shows the environment prior to upgrading to Citrix
Workspace Suite.
For all deployments and upgrades of the components, the Citrix product documentation process was
followed as closely as possible. What is presented in this document highlights clarification of how to
configure specific steps. Note: this document is not a step-by-step how to guide. For specific guidance
on deployments, see Citrix Product documentation at http://docs.citrix.com.
citrix.com 3 Citrix Workspace Suite Reference Architecture
Section 2:
Architectural Overview
The goal of this reference architecture is to build an environment to support 2000 users Citrix Workspace
Suite users, which means creating an environment for the same 2000 users on XenDesktop, XenMobile
and ShareFile. It assumes an existing XenDesktop environment is in place. The following figure shows
the design after implementing the trade up program.
The above diagram highlights the goal and design of the Workspace Suite deployment. Four networks
will be leveraged within the deployment, with the Guest network connecting to the DMZ containing
firewalls, NetScaler and XenMobile deployments and ShareFIle configured as an on-premises storage
zone.
This environment uses local storage for the XenApp write cache files. It is used to leverage the
advantage of XenApp sites (delivery groups) to create a highly available XenApp deployment, and using
the N+1 approach to ensure enough overheard to handle any server failures. To accomplish the use of
citrix.com 4 Citrix Workspace Suite Reference Architecture
local storage, the blade servers that used to support the XenApp VMs were configured with additional
storage: a 300GB SAS HDD to hold the operating system and a 400GB SSD to hold the write cache files.
These VMs were also deployed utilizing the RAM Cache with disk-overflow capabilities of PVS to reduce
the I/O reads and writes to local storage. If any server, physical or virtual, fails, the remaining servers in
the site will absorb the workload. If additional users are desired, adding another blade to the XenApp site
is all that is required. There is no requirement of SAN storage to add more XenApp servers.
Several new features for XenDesktop 7.6 were also added to the configuration, the first being PVS RAM
Cache with disk overflow. This provisioning method uses memory on the physical server supporting the
HSD or VDI VMs to hold the write cache information, and if the RAM cache becomes full then older data
in the cache will be pushed to disk. The second feature is the ability to use SSL to the VDA which is used
to encrypt the entire user connection process.
Section 3:
Deploying the Environment
Server Hardware
Citrix Solutions Lab deployed the following HP BL460c Gen8 blade servers to host the infrastructure for
the entire solution:
Server Role
Qty.
Operating System
Configuration
Infrastructure Hyper–V
Hosts
2
Windows Server
2012 R2
Datacenter Edition
2 x 2.8 GHz Intel E5–2680 Xeon processors (10
cores/processor), 3 TB SAN storage. 192 GB RAM
Hosted Shared Desktop
Hyper–V Hosts
9
Windows Server
2012 R2
Datacenter Edition
2 x 2.6 GHz Intel E5–2670 Xeon processors (10
cores/processor), 2 x 400 GB SSD (RAID1) local
storage. 256 GB RAM
VDI Hyper-V Hosts
2
Windows Server
2012 R2
Datacenter Edition
2 x 2.6 GHz Intel E5–2670 Xeon processors (10
cores/processor), 3 TB SAN storage. 192 GB RAM
PVD Hyper-V Hosts
2
Windows Server
2012 R2
Datacenter Edition
2 x 2.6 GHz Intel E5–2670 Xeon processors (10
cores/processor), 3 TB SAN storage. 192 GB RAM
Table 1 – Server Hardware citrix.com 5 Citrix Workspace Suite Reference Architecture
Networking Components
The following networking components were used for this implementation:
Device
Qty.
Purpose
Cisco 5048
2
Layer 2
HP
1
Layer 3
Table 2 – Networking Components Storage Configuration
This implementation used an EMC VNX5400 to support the infrastructure components. An iSCSI LUN was
attached to the two node Hyper–V cluster and was used to store the infrastructure VMs. Local SSD drives
on the Hyper–V hosts hosting the Shared Delivery Group VMs used local SSD drives to host the PVS
Write Cache files.
Environment Infrastructure
The following virtual servers were used in this implementation:
Name
Role
CPU
RAM
(GB)
Disk
Space
(GB)
OS
MAM/MDM
XM Controller
4
8
50
Citrix Proprietary
DC01
Primary AD
Domain
Controller,
DHCP and
DNS server
2
4
40
Windows Server 2012
R2 Datacenter
Domain Controller, DNS, DHCP,
Certificate Services
DC02
Secondary AD
Domain
Controller
2
4
40
Windows Server 2012
R2 Datacenter
Domain Controller, DNS
FS01
File server
storage
6
8
540
Windows Server 2012
R2 Datacenter
UPM Storage
FS02
File server
storage
2
4
190
Windows Server 2012
R2 Datacenter
PVS vDisk(s) Storage
LIC01
Citrix License
Server
2
4
60
Windows Server 2012
R2 Datacenter
Citrix Licensing
LIC02
Secondary
Citrix License
Server, RDS
License Server
2
4
127
Windows Server 2012
R2 Datacenter
MDM
XM Mobile
Device
Manager
4
4
60
Windows Server 2012
R2 Datacenter
PVS01
Primary Citrix
PVS Server
4
16
40
Windows Server 2012
R2 Datacenter
citrix.com Notes
Provisioning Services, DHCP for
PVS vLAN
6 Citrix Workspace Suite Reference Architecture
PVS02
Secondary
Citrix PVS
Server
2
16
40
Windows Server 2012
R2 Datacenter
Provisioning Services
SCVMM01
Microsoft
SCVMM
Console and
management
server
4
4
40
Windows Server 2012
R2 Datacenter
Virtual Machine Manager
SF01
Primary Citrix
StoreFront
Server
2
4
40
Windows Server 2012
R2 Datacenter
StoreFront Services
SF02
Secondary
Citrix
StoreFront
Server
2
4
40
Windows Server 2012
R2 Datacenter
StoreFront Services
ShareFile01
Primary
ShareFile
StorageZones
Controller
2
4
40
Windows Server 2012
R2 Datacenter
ShareFile02
Secondary
ShareFile
StorageZones
Controller
2
4
40
Windows Server 2012
R2 Datacenter
SQL01
Primary
Microsoft SQL
Database
server
1
12
60
Windows Server 2012
R2 Datacenter
SQL Database Server
SQL02
Secondary
Microsoft SQL
Database
server
1
12
60
Windows Server 2012
R2 Datacenter
SQL Database Server
XD01
Primary Citrix
XenDesktop
Delivery
Controller
server
1
8
60
Windows Server 2012
R2 Datacenter
Delivery Controller
XD02
Secondary
Citrix
XenDesktop
Delivery
Controller
server
1
8
60
Windows Server 2012
R2 Datacenter
Delivery Controller
Table 3 – Workspace Suite Infrastructure Software
Environment Infrastructure
Software Components
The following software components were used in this implementation.
citrix.com 7 Citrix Workspace Suite Reference Architecture
Component
Version
Virtual Desktop Broker
Citrix XenDesktop 7.6
Mobile Device Management
XenMobile 10.0
Enterprise Personal Storage
Citrix ShareFile 3.1.0.1438
VDI Desktop Provisioning
Citrix Provisioning Services 7.6
Endpoint Client
Citrix Receiver for Windows 4.2
User Profile Management
Citrix User Profile Manager 5.x (Built–in)
Web Portal
Citrix StoreFront 2.6
Licensing
Citrix License Server 11.12.1
Workload Generator
Login VSI 4.1.2.1205
Office
Microsoft Office 2013
Virtual Desktop OS (Hosted
Shared Desktops)
Microsoft Windows Server 2012 R2
Virtual Desktop OS (VDI and
PVD)
Microsoft Windows 8.1 Client x64
Database Server for SCVMM,
XD, and PVS
Microsoft SQL Server 2012 R2
VDI Hypervisor Management
Microsoft SCVMM 2012 R2
VDI Hypervisor
Microsoft Windows Server 2012 R2 with Hyper–V
Role
NetScaler Software
NS 10.5
Table 4 – Software Components Network VLANs
The following Virtual LANs (VLANs) were used in this implementation. VLAN
Traffic
510
Management VLAN for internal network
511
Storage VLAN for internal network
512
Guest VLAN for internal network
513
External VLAN for internal network
526
Provisioning Services (PVS) PXE boot traffic for
internal network
514
Management VLAN for external network
516
Provisioning Services (PVS) PXE boot traffic for
external network
517
Guest VLAN for client devices
518
External VLAN for external network
Table 5 – Network VLANs citrix.com 8 Citrix Workspace Suite Reference Architecture
Microsoft SQL AlwaysOn Database Configuration
Several Citrix software components in this architecture require SQL databases, including XenDesktop.
®
™
This implementation uses Microsoft SQL Server as the database management system. SQL Server
2014 features high availability and disaster recovery solutions, including AlwaysOn clusters and
availability groups, which were implemented to increase the reliability of this Reference Architecture.
AlwaysOn Availability Groups provide an enterprise–level alternative to database mirroring. Introduced in
SQL Server 2012, AlwaysOn Availability Groups maximize the availability of user databases. An
availability group supports failover for a set of databases that fail over together.
XenDesktop 7.6 uses a Microsoft SQL Server database as the data store for both configuration and
session information. A typical single–site XenDesktop 7.6 deployment consists of three databases, as
follows:
• Site configuration database: Stores the current configuration and XenDesktop state.
• Monitoring database: Stores historical data for display within Director.
• Configuration logging database: Tracks XenDesktop configuration changes.
SQL Server may also create a temporary database called TempDB.
NetScaler Configuration
The NetScaler instance for this implementation functions as an Access Gateway configured to load
balance the StoreFront and ShareFile services. The connectivity configuration for the
XenDesktop/XenApp, ShareFile and XenMobile is listed in each respective product/component section.
Citrix Solutions Lab Implementation
The NetScaler Gateway Enterprise Edition virtual server is an entity within a NetScaler appliance that is a
representative of all the configured services available to clients. The virtual server is also the point
through which clients access these services.
Device
Qty.
Operating System
Configuration
NetScaler
1
NetScaler VPX
10.5 55.8.nc
Access Gateway and Load Balancing
Figure 1 – NetScaler Instance Note: The NetScaler VPX products have been used as a flexible means to enable multiple virtual
appliances to be implemented in various configurations throughout the different networks within the
architecture. There may be scenarios where larger throughput needs and economics are better served by
the physical NetScaler appliances such as the MPX or SDX. Please refer to the NetScaler product page
for more information on which product line may fit your particular designs.
Basic Configuration
In order to get the NetScaler appliance working to a basic level, the VPX needs to be downloaded and
loaded on a hypervisor. Once the VPX has been started, enter the IPv4 address, netmask and gateway
IPv4 address. With this basic information, the web-based console can be used for the remaining
configuration.
Once the device reboots, open the web console by using a web browser and navigating to the IPv4
address specified earlier. After logging in, click on the Configuration tab at the top to complete the basic
configuration.
citrix.com 9 Citrix Workspace Suite Reference Architecture
Figure 2 -­‐ NetScaler -­‐ Basic Configuration Specify the license file to properly license the necessary features for a deployment of this kind. The
following screen shows the licensed features of the NetScaler appliance and the license is highlighted,
model and primary functions of this NetScaler.
Figure 3 – NetScaler – Licensed Features citrix.com 10 Citrix Workspace Suite Reference Architecture
Lastly specify that LDAP authentication will be used. The screen below displays the LDAP policy applied
to this implementation:
Figure 4 -­‐ NetScaler -­‐ Authentication NetScaler Insight Configuration
NetScaler Insight Center was installed in this implementation to capture and monitor all ICA traffic.
NetScaler Insight uses AppFlow, (AppFlow.org) an open standards technology that includes per flow level
application and networking data. In this environment, NetScaler Insight Center is the central point for
collecting ICA traffic and monitors and analyzes ICA performance.
Note: For more information on NetScaler Insight Center, http://docs.citrix.com/en-us/netscaler-insight/105/ni-understanding-insight-wrapper-con.html.
NetScaler Insight Center is installed as a virtual appliance on a hypervisor. The virtual appliance must be
downloaded, extracted and started. Once started, basic settings such as credentials and IPv4 can be set
using the command line interface. After configuring basic settings, the rest of the settings can be
configured using the web console.
Upon logging onto the web console, clicking on the Configuration tab displays the configuration settings.
A subnet IP (SNIP) address needs to be created next. The NetScaler ADC uses the subnet IP address as
a source IP address to proxy client connections to servers. For more information about SNIP,
http://support.citrix.com/proddocs/topic/ns-system-10-map/ns-nw-ipaddrssng-confrng-snips-tsk.html .
The following screen displays the specifics of the SNIP address created for this environment:
citrix.com 11 Citrix Workspace Suite Reference Architecture
Figure 5 -­‐ NetScaler -­‐ Insight SNIP Configuration After setting up the SNIP, go to the Inventory Setup and enable AppFlow.
Figure 6 -­‐ NetScaler -­‐ Insight AppFlow Configuration Back on the NetScaler VPX appliance, transparent-mode data collection must be enabled. To do this, use
the command line interface of the appliance to create a collector and bind it to the virtual server handling
the ICA traffic, in this case _XD_go.ctxmobi.com.
citrix.com 12 Citrix Workspace Suite Reference Architecture
Figure 7 -­‐ NetScaler -­‐ Insight Data Collection Mode Configuration StoreFront Configuration
The StoreFront component of the environment was configured with two StoreFront servers in a server
group. Load balancing between those two servers is achieved using the load-balancing feature of
NetScaler. Communication to the StoreFront servers was configured to use SSL. For information on
securing StoreFront, http://support.citrix.com/proddocs/topic/dws-storefront-26/dws-secure.html .
The following screenshot taken in the StoreFront console displays the server group containing the two
StoreFront servers as well as the load-balanced URL specified in the NetScaler configuration.
citrix.com 13 Citrix Workspace Suite Reference Architecture
Figure 8 – StoreFront Server Group XenDesktop & XenApp Connectivity
The Secure Ticket Authority settings must be configured to point to the STA URLs for both the
XeNDesktop controllers.
Figure 9 – Secure Ticket Authority (STA) Settings Both XenDesktop Delivery controllers must be specified in the Delivery Controller settings of the
StoreFront console.
citrix.com 14 Citrix Workspace Suite Reference Architecture
Figure 10 – Delivery Controller Settings NetScaler Connectivity and Configuration
The following screen shows how to point the StoreFront group to the NetScaler Instance from the
StoreFront console.
citrix.com 15 Citrix Workspace Suite Reference Architecture
Figure 11 – NetScaler Gateway Settings The NetScaler appliance will load balance between the two StoreFront servers. Log onto the NetScaler
console and navigate to the Configuration -> Traffic Management -> Load Balancing tab. Create two
services corresponding to the two StoreFront servers.
Figure 12 -­‐ NetScaler -­‐ StoreFront Load Balancing Services Next, create a virtual server to represent the address that will be load balanced on the two StoreFront
Servers.
Figure 13 -­‐ NetScaler -­‐ StoreFront Load Balancing Virtual Server Lastly, bind the two services to the Virtual server.
XenDesktop & XenApp Configuration
Since we had a fully deployed XD environment we followed the Citrix Product Documentation for
upgrading from 7.5 to 7.6. As stated previously, the PVS RAM Cache with Disk Overflow was configured
for the HSD and VDI VMs for this upgrade. This option reduces the IOPs and helps with performance
citrix.com 16 Citrix Workspace Suite Reference Architecture
1
overall . Also configured in the upgrade was the use of SSL to the VDA encrypting communication from
the client to the Virtual Desktop Agent (VDA). Configuring the SSL communication was done according to
Citrix Product Documentation: http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xadssl.html#xad-mng-cntrlr-ssl .
Provisioning Services Configuration
Two PVS servers were deployed to add resiliency and load balancing of the vDisks. The following
screenshots taken from the PVS console outlines the configuration.
Figure 14 – Provisioning Services console farm view Figure 15 – PVS Console Device Collections As part of the XenDesktop and XenApp elements of the environment, three virtual desktop offerings were
created.
Hosted Shared Desktop Deployment
Hosted shared desktops allow users to connect to a desktop virtual machine hosted on a Windows Server
running Citrix XenApp. The configuration for this environment was as follows:
Function
Hosted Shared Desktops
1
For more information on cache in device RAM cache with overflow to hard disk feature in PVS, refer to
(“Understanding Write Cache in Provisioning Services Server”) and the article titled “Less than 1 IOPS
per user with XenDesktop 7.5” For RAM cache sizing guidelines see (“Size Matters: PVS RAM Cache
Overflow Sizing”).
citrix.com 17 Citrix Workspace Suite Reference Architecture
Quantity
Operating System
CPU
Memory
Storage
NIC
Network
PVS configuration
Software
63
Windows 2012 R2
4 vCPU
12 GB
60GB (Master/vDisk)
2– NetVSC
Guest v512
PVS v526
18GB Windows Page File
25GB Write Cache
RAM Cache
Microsoft Office 2013
Citrix Virtual Desktop Agent (XD 7.6)
Hypervisor tools
The virtual machines running the Hosted Shared Desktops were all hosted on Microsoft Hyper–V running
in a non–clustered configuration. The virtual disks were stored on Solid State Drives (SSDs) installed on
the Hyper–V machines host machines. This configuration provides significant storage cost reductions.
VDI Desktop Deployment
The VDI desktop deployment option allows users to connect to a virtual machine running a Windows
client OS. The configuration for this environment was as follows:
Function
VDI Virtual Desktops
Quantity
120
Operating System
Windows 8.1 x64 Enterprise
CPU
1 vCPU
Memory
1.5 GB
Storage
40GB (Master/vDisk)
NIC
2– NetVSC
Network
Guest v512
PVS v526
PVS configuration
3GB Windows Page File
4GB Write Cache
RAM Cache
Software
Microsoft Office 2013
Citrix Virtual Desktop Agent (XD 7.6)
Hypervisor tools
citrix.com 18 Citrix Workspace Suite Reference Architecture
Virtual Desktop with PvD Deployment
In addition to being able to provide users with virtual desktops, a private vDisk can be assigned to each
user that will allow them to have persistent data. The configuration for this environment was as follows:
Function
Virtual Desktops with PvD
Quantity
120
Operating System
Windows 8.1 x64 Enterprise
CPU
1 vCPU
Memory
1.5 GB
Storage
40GB (Master/vDisk)
NIC
2– NetVSC
Network
Guest v512
PVS v526
PVS configuration
10GB Personal vDisk
3GB Windows Page File
4GB Write Cache
RAM Cache
Software
Microsoft Office 2013
Citrix Virtual Desktop Agent (XD 7.6)
Hypervisor tools
citrix.com 19 Citrix Workspace Suite Reference Architecture
XenDesktop/NetScaler Connectivity Configuration
This screen illustrates the various Virtual Servers used. The _XD_go.ctxmobi.com and callback ones
handle the authentication page and authentication call back to the StoreFront server.
Figure 16 – NetScaler – XenDesktop Virtual Servers Each Virtual Server will have session policies associated with them and those policies will in turn have
actions. For example, the _XD_go.ctxmobi.com VIP it has 2 policies:
Figure 17 – NetScaler – Session Policies The PL_WB_172.16.140.4 policy handles all requests originating from a web browser (not Citrix
Receiver). This policy ensures the user lands on the StoreFront authentication page.
citrix.com 20 Citrix Workspace Suite Reference Architecture
The Virtual Server details are shown in this screen:
Figure 18 – NetScaler – Virtual Server Details 1 citrix.com 21 Citrix Workspace Suite Reference Architecture
Figure 19 – NetScaler – Virtual Server Details 2 XenMobile Configuration
The XenMobile component of this environment was deployed using standard defaults and following the
2
steps defined in the Citrix product documentation . XenMobile 10 console, referred to as XenMobile
Server (XMS), resides in the DMZ as a single appliance and combines the App controller and Device
Manager (MDM) into a unified management tool. XMS now consists of the mobile device manager
(MDM) and the mobile app management (MAM) components. It uses LDAP authentication and has a
portfolio of applications available to the mobile user. The same console can be used to manage
integration with NetScaler Gateway. It is recommended to connect to the XenMobile server either
through the NetScaler Gateway or from within the firewall directly to the XMS. The Solutions Lab
environment used a single instance of XMS, and therefore had no HA capabilities. With XenMobile 10,
this configuration changed by combining the app controller and the device manager. In order to cluster
2
XenMobile Installation steps: http://docs.citrix.com/en-us/xenmobile/10/xmobabout.html?__utma=222274247.2025277090.1406064996.1434046922.1434118093.25&__utmb=22227
4247.10.9.1434119751622&__utmc=222274247&__utmx=&__utmz=222274247.1434044799.23.9.utmcsr=citrix.com%257Cutmccn=(referral)%257Cutmcmd=referr
al%257Cutmcct=/products/xendesktop/whats-new.html&__utmv=222274247.%257C10=phone=786-4493700=1%255e11=annual_sales=1614000000=1%255e12=audience=Enterprise%20Business=1%255e13
=web_site=citrix.com=1%255e14=industry=Technology=1%255e15=sub_industry=Software%20Applicat
citrix.com 22 Citrix Workspace Suite Reference Architecture
XenMobile 10 load balancing of the virtual IP addresses needs to be configured on the NetScaler as
defined in the installation documentation.
The screen below shows the LDAP configuration:
Figure 20 -­‐ XenMobile -­‐ LDAP Configuration This screen shows the apps available to the mobile user:
Figure 21 -­‐ XenMobile -­‐ Apps As stated, the Solutions Lab deployment used default configurations. For more information sizing a
XenMobile deployment, please consult http://docs.citrix.com/en-us/xenmobile/10.html or your consultant.
XenMobile/NetScaler Connectivity Configuration
The following screen shows the virtual server used to handle the XenMobile Server requests:
citrix.com 23 Citrix Workspace Suite Reference Architecture
ShareFile Configuration
The following section will detail the sequence for deploying the ShareFile portion of the environment.
Certain design and configuration decisions were made as each deployment gas its own requirements;
decisions should be made on those requirements. In this deployment, Restricted Storage Zones were
used. Here are the highlights using this configuration:
• A secure data enclave – Unlike Citrix–managed storage zones in the cloud or standard
customer–managed storage zones on–premises, files in a Restricted StorageZone are accessible
only to authenticated domain users within your enterprise. Citrix has no ability to impersonate
users or access files in a Restricted StorageZone.
• Metadata encryption key ownership – File and folder names are encrypted with a private key
using AES–256 before being written to the ShareFile cloud. Encryption is performed by the on–
premise StorageZone Controller server. Authenticated access to that server is required to
unencrypt the metadata, meaning employees accessing content have zero knowledge about file
and folder names.
• Zone authentication – In addition to ShareFile cloud authentication, users must also
authenticate to the StorageZone Controller. This gives IT organizations more options in how to
control user access.
• Network access restrictions – A restricted StorageZone need not be exposed to the Internet.
When configured with an internal–only address, users must be on the company network or VPN
in order to access, sync or share documents.
citrix.com 24 Citrix Workspace Suite Reference Architecture
•
Governed sync and sharing – Authenticated employees still get the benefits of ShareFile
including mobile access, web browser access and file sync across multiple devices. But files in a
Restricted StorageZone cannot be shared with anyone outside your organization’s domain.
The following figure illustrates the high level view of a Restricted StorageZones deployment:
Figure 22 – High level view of ShareFile Restricted StorageZones Another benefit of the Restricted StorageZones configuration is that a StorageZones Controller
configured for restricted zones does not need to accept in–bound connections from the ShareFile cloud. It
can be configured with an internal address. The following figure indicates the traffic flow between user
devices, the ShareFile cloud, and StorageZones Controller:
Figure 23 – StorageZone Controller with restricted zones citrix.com 25 Citrix Workspace Suite Reference Architecture
Storage Zone Controller Installation and Configuration
ShareFile StorageZones Controllers enterprises with private data storage, referred to as StorageZones
for ShareFile Data.
Prerequisites
These are the pre–requisites for a StorageZone controller:
• Web Server (IIS) role including the following sub roles:
o Static Content
o ASP.NET (4.5)
o Basic Authentication
o Windows Authentication
• Microsoft .NET Framework 4.5
Preparations Before starting the installation, consider preparing with the following steps:
• Open port 443 on the firewall for inbound TCP requests
• Have an external IP address available
• Configured an external DNS record (for example sharefile.domain.com)
• Created a ShareFile Service Account in Active Directory
• Have a ShareFile Enterprise account
• Have a Citrix NetScaler up and running
• Have an SSL certificate trusted with an external CA
• Have an internal Certificate Authority (CA) up and running
• Have two free IP address for configuring ShareFile on the Citrix NetScaler
• Assign a web server certificate to the IIS server and modify the bindings so the web server can
authenticate using that certificate.
Once all the prerequisites have been completed, create a share on the StorageZone controller and grant
the ShareFile service account Full Control permissions to it.
StorageZone Controller Software Installation and Configuration
The installation of the Citrix ShareFile StorageZone Controller software is documented in the Citrix
product documentation website found here. After the installation is complete, reboot the server. Once the
server has been rebooted, log into the ShareFile StorageZones Controller Configuration page to
configure the Storage Zones.
citrix.com 26 Citrix Workspace Suite Reference Architecture
Figure 24 – ShareFile StorageZone Controller Zone Creation ShareFile and XenMobile AppController Integration
After creating and configuring the StorageZones, the next step is to integrate XenMobile Server with
ShareFile. Logging onto the XMS, the administrator can create a security group and add members to it.
These members represent users that will have access to ShareFile functionality in the environment.
Once that security group exists in the Active Directory, a role must be added to the XMS using the XMS
console to add the role, assign the StorageZone created in the previous section and grant the AD security
group access to it.
citrix.com 27 Citrix Workspace Suite Reference Architecture
ShareFile/NetScaler Connectivity Configuration
For the ShareFile configuration, a content switching virtual server needs to be created to handle CIFS
storage and App Controller requests.
This screen displays the one created in this environment:
Figure 25 – NetScaler – ShareFile Content Switching Virtual Server In addition to the content switching virtual server, load balancing servers also need to be created to
handle the CIFS and StorageZone traffic:
citrix.com 28 Citrix Workspace Suite Reference Architecture
Figure 26 – NetScaler – ShareFile Load Balancers Section 4:
Conclusion
The goal of this project was to document the technical deployment process of trading up to Citrix
Workspace Suite from an existing XenDesktop deployment. This means adding XenMobile and ShareFile
to the environment. The upgrade of XenDesktop followed the Citrix product documentation procedure,
with the addition of PVS RAM Cache with Disk Overflow and moving the HSD PVS write cache files from
SAN storage to local storage.
The ShareFile configuration utilized an on-premises Restricted StorageZone, meaning the storage was
local and the Solutions lab provided our own encryption key. You need to evaluate the best type of
StorageZone for your environment and obtain the necessary certificates and DNS addresses required.
The XenMobile installation was a basic installation following the product documentation guidelines, to
support 2ooo XenMobile users, the same 2000 users who leverage XenDesktop. When using a
NetScaler system for XenDesktop and XenMobile, one system, or HA pair, can be use the same
NetScaler, but NetScaler performance will be impacted. The more concurrent XenMobile connections the
slower the remote user access can be. Documentation on NetScaler configurations at
www.citrix.com/go/solutions-lab and at http://docs.citrix.com/en-us/netscaler/11.html . You can also look
at “Understanding Performance of NetScaler VPX” at http://blogs.citrix.com.
citrix.com 29 Citrix Workspace Suite Reference Architecture
Appendices Appendix A – References
Citrix XenApp and XenDesktop 7.6 Reference – http://docs.citrix.com/en-us/xenapp-and-xendesktop/76.html
Configuring SSL to the VDA on XenDesktop and XenApp 7.6 - http://docs.citrix.com/en-us/xenapp-andxendesktop/7-6/xad-security-article/xad-ssl.html
Citrix XenMobile 10.0 Reference - http://docs.citrix.com/en-us/xenmobile/10/xmob-about.html
Citrix XenMobile 10 migration overview and migration tool- http://docs.citrix.com/enus/xenmobile/10/xmob-upgradetool-overview.html
Citrix ShareFile StorageZone Controller 3.1 Reference – http://docs.citrix.com/en-us/storagezonescontroller/3-1.html
Citrix Provisioning Services (PVS) – Write Cache Reference – http://support.citrix.com/article/CTX119469
Citrix Provisioning Services (PVS) – PVS RAM Cache Sizing – http://blogs.citrix.com/2015/01/19/size–
matters–pvs–ram–cache–overflow–sizing/#.VL0piNBOUSQ.linkedin
Citrix Provisioning Services (PVS) – Turbo charging your IOPS with the new PVS Cache in RAM with
Disk Overflow Feature – http://blogs.citrix.com/2014/04/18/turbo–charging–your–iops–with–the–new–
pvs–cache–in–ram–with–disk–overflow–feature–part–one/
Citrix NetScaler 10.5 Reference – http://docs.citrix.com/en-us/netscaler-gateway/10-5.html
Citrix NetScaler 10.5 Insight Center Reference - http://docs.citrix.com/en-us/netscaler-insight/10-5.html
LoginVSI Technical Reference – http://www.loginvsi.com/documentation/Login_VSI
citrix.com 30 Citrix Workspace Suite Reference Architecture
Appendix B – Tables
Table 1 – Server Hardware .............................................................................................. 5
Table 2 – Networking Components .................................................................................. 6
Table 3 – Workspace Suite Infrastructure ........................................................................ 7
Table 4 – Software Components ...................................................................................... 8
Table 5 – Network VLANs ................................................................................................ 8
citrix.com 31 Citrix Workspace Suite Reference Architecture
Appendix C – Figures
Figure 1 – NetScaler Instance .......................................................................................... 9
Figure 2 - NetScaler - Basic Configuration ..................................................................... 10
Figure 3 – NetScaler – Licensed Features ..................................................................... 10
Figure 4 - NetScaler - Authentication ............................................................................. 11
Figure 5 - NetScaler - Insight SNIP Configuration .......................................................... 12
Figure 6 - NetScaler - Insight AppFlow Configuration .................................................... 12
Figure 7 - NetScaler - Insight Data Collection Mode Configuration ................................ 13
Figure 8 – StoreFront Server Group ............................................................................... 14
Figure 9 – Secure Ticket Authority (STA) Settings ......................................................... 14
Figure 10 – Delivery Controller Settings ......................................................................... 15
Figure 11 – NetScaler Gateway Settings ....................................................................... 16
Figure 12 - NetScaler - StoreFront Load Balancing Services ........................................ 16
Figure 13 - NetScaler - StoreFront Load Balancing Virtual Server ................................ 16
Figure 14 – PVS Console Farm View ............................................................................. 17
Figure 15 – PVS Console Device Collections ................................................................ 17
Figure 16 – NetScaler – XenDesktop Virtual Servers .................................................... 20
Figure 17 – NetScaler – Session Policies ...................................................................... 20
Figure 18 – NetScaler – Virtual Server Details 1 ............................................................ 21
Figure 19 – NetScaler – Virtual Server Details 2 ............................................................ 22
Figure 20 - XenMobile - LDAP Configuration ................................................................. 23
Figure 21 - XenMobile - Apps ......................................................................................... 23
Figure 22 – High level view of ShareFile Restricted StorageZones ............................... 25
Figure 23 – StorageZone Controller with restricted zones ............................................. 25
Figure 24 – ShareFile StorageZone Controller Zone Creation ....................................... 27
Figure 25 – NetScaler – ShareFile Content Switching Virtual Server ............................ 28
Figure 26 – NetScaler – ShareFile Load Balancers ....................................................... 29
citrix.com 32 Citrix Workspace Suite Reference Architecture
Corporate Headquarters
Fort Lauderdale, FL, USA
India Development Center
Bangalore, India
Latin America Headquarters
Coral Gables, FL, USA
Silicon Valley Headquarters
Santa Clara, CA, USA
EMEA Headquarters
Schaffhausen, Switzerland
Online Division Headquarters
Santa Barbara, CA, USA
Pacific Headquarters
Hong Kong, China
UK Development Center
Chalfont, United Kingdom
About Citrix
Citrix (NASDAQ:CTXS) is leading the transition to software-­‐defining the workplace, uniting virtualization, mobility management, networking and SaaS solutions to enable new ways for businesses and people to work better. Citrix solutions power business mobility through secure, mobile workspaces that provide people with instant access to apps, desktops, data and communications on any device, over any network and cloud. With annual revenue in 2014 of $3.14 billion, Citrix solutions are in use at more than 330,000 organizations and by over 100 million users globally. Learn more at www.citrix.com. Copyright © 2015 Citrix Systems, Inc. All rights reserved. Citrix, XenDesktop, Citrix Receiver, HDX Insight, XenMobile, XenApp, FlexCast, Citrix Provisioning Services, NetScaler, NetScaler Insight Center, NetScaler VPX, XenServer, NetScaler MPX and NetScaler Gateway are trademarks of Citrix Systems, Inc. and/or one of its subsidiaries, and may be registered in the U.S. and other countries. Other product and company names mentioned herein may be trademarks of their respective companies. citrix.com 33 
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising