Reposting Robin Hobo, follow below guide to deploy windows Auto Patch with Intune
Thank you Robin Hobo for providing an awesome guide
Virtualization - Cloud
Reposting Robin Hobo, follow below guide to deploy windows Auto Patch with Intune
Thank you Robin Hobo for providing an awesome guide
Reposting Robin Hobo post here, follow the below guide to deploy Windows 365
Thank you Robin Hobo for providing an awesome guide
I have recently executed Citrix Virtual Apps & Desktop POC on Nutanix Hypervisor (AHV) platform, writing this post to share my technical knowledge gained in this project.
Project Goal:
Refer the below high level design document which contains Prerequisites, Dependencies, Hardware Requirements, VDI Models, NVIDIA requirements etc..
Hardware Installation Checklist to install Nutanix for Citrix POC
Below IP’s s are posted here for example/reference for better understanding
Refer below document for installing Nutanix AHV Cluster on HP Servers
Post Installation of Nutanix, Installed Citrix Infrastructure components. I am not covering these installation steps in this post as many articles are available on internet.
This POC has a requirement of GPU workloads hence we have installed NVIDIA License server & NVIDIA Graphic drivers on host & guest machines. Follow below document to know the NVIDIA Installation procedure
This POC has a requirement of delivering Linux VDI workloads for CAD/CAM applications, Follow below post to know the VDA & Graphics installation procedure for Linux
Knowledge Base References
Note: This post will be updated with few more updates
I recently worked for one of the customer to Integrate On-prem Citrix Site (7.15) with Citrix cloud workspace and wanted to share my experience over this blog in simple steps
What is Site Aggregation for Citrix Workspace (Cloud Workspace)?
Site aggregation is a feature within the new Workspace experience that provides a simplified admin workflow that enables existing, on-premises Virtual Apps & Desktop deployments (inclusive of versions XenApp 6.5 and XenDesktop 7.X) to be aggregated into the new Workspace end-user experience. Once the workflow is completed, all apps and desktops associated with your traditional on-prem deployments will populate in the end-user’s workspace. All Citrix Workspace supported apps will live side-by-side traditional on-premises apps and desktops. End-users won’t be able to tell the difference between how the apps and desktops are hosted
What is the Value of Site Aggregation?
For customers maintaining hybrid environments, site aggregation helps deliver a single workspace with a modern end-user experience for traditional on-premises apps and desktops. End-users will have access to all their apps, services, and data via a single pane of glass, no matter how they’re hosted. By using the feature, these customers can also remove their dependency from on-premises StoreFront and use Citrix Workspace as their primary delivery mechanism, which is evergreen and highly-available.
For existing Citrix customers who want to try Workspace, site aggregation provides a low-risk approach to start using Citrix Workspace and cloud. And trying Workspace with traditional on-premises apps and desktops requires little additional effort or investment. These customers can continue maintaining Storefront on-prem while they test out a subset of users in Citrix Workspace. This means that customers’ on-premises Storefront can run in parallel with Workspace since no updates or changes are needed to Storefront.
For existing Citrix customers planning to migrate to Citrix Cloud services, site aggregation provides an initial step toward the migration process. Once aggregated, and the dependency on StoreFront is removed, end-users can continue to be productive by using Citrix Workspace, while admins plan and execute against their migration plan. They can begin redirecting and registering their VDAs to the cloud connectors instead of the on-premises brokers to move another part of their infrastructure to Citrix Cloud.
Conceptual Architecture
Below table provides Site Aggregation prerequisites and Implementation Procedures
Click the below for Site Aggregation build screenshots
References:
Aggregate on-premises virtual apps and desktops in workspaces (citrix.com)
Reposting Citrix Blog
Thanks to Monica Griesemer
Virtual desktop infrastructure (VDI) is a technology that allows organizations to run operating systems on virtual machines, enabling users to access resources remotely. It has become highly important in the era of hybrid work. To make the most of each benefit a VDI implementation offers, it’s essential to consider several best practices for successful deployment.
Put simply, virtual desktop infrastructure (VDI) enables organizations to deliver user desktops and apps by executing functions on virtual machines hosted in datacenters. Each virtualized environment simulates a physical infrastructure, including an operating system and applications.
A VDI environment usually includes virtual machines (VMs), a hypervisor, an access method, and a connector to help users connect to the VDI workspace.
There are several key advantages to implementing virtual desktop infrastructure.
With the significant growth of remote work in recent years, it is critical to implement a platform that can support anywhere, anytime work. VDI systems help organizations provide a seamless and secure digital workspace for employees, regardless of location and device — while also offering robust security, better performance, and more scalability.
One of the top advantages of VDI is robust security. Today, organizations are distributed and constantly expanding digitally across multiple platforms and devices. A single cyberattack can compromise thousands of users, costing millions in damages and reputation loss. VDI security can protect your IT infrastructure by hosting the data in a central system instead of end-user devices. Since all data is centralized, it’s easier to protect it and apply security policies.
Virtualization technologies optimize hardware investments by getting more users on fewer servers. VDI doesn’t require a significant investment in end-user devices, and you can get more life out of the devices you already have. In addition, VDI offers long-term savings that make it worth any initial costs associated with deployment. Licensing costs are lower using VDI because users can share a single application license across multiple virtual sessions.
Another advantage of VDI is that it offers a seamless work experience for employees, with easy remote access to applications and resources. Delays and downtimes from maintenance or upgrades are minimal, since these are rolled out automatically to all virtual desktops. And with specialized optimization technologies, you can ensure voice, video, and graphics apps run just as smoothly in virtual desktops as they do on native devices. Employees can stay productive by becoming more agile and focused.
With a VDI implementation, everything is managed from a centralized system. This means end users can have updates and new applications deployed to the central desktop image and automatically appear on authorized devices. IT admins can control application usage and permissions, and add or remove users when provisioning from a centralized dashboard.
Organizations that plan to implement desktop virtualization should consider the needs of the user and company as well as the user experience. Factors like availability are critical, as VDI performance relies on the server, not local processing power. Here are some tips to ensure the VDI’s best performance.
Before deploying VDI, consider how end users will interact with the virtual app or desktop. Map and evaluate usage patterns or different categories of users. For instance, what time of day do most users log in? Other factors to consider include:
High availability is critical for a successful VDI implementation because employees and third parties use virtualized desktops for their daily activities. Modern hypervisors have characteristics that make them resilient. When using virtualization, all desktops depend on the backend VDI solution to be reliable. To prevent a single point of failure, you should have redundancy of resources to support reliable access and disaster recovery.
In addition to evaluating your users’ requirements, you’ll need to monitor server performance issues. Monitoring tools provide essential insights into a server’s workloads, resource shortages, and peak loads. Monitoring server performance can also help you identify which users or applications are placing an extra burden on the server. Monitoring can also help you plan for future improvements.
Upgrade when necessary. From time to time, evaluate the server requirements according to your use case and scale accordingly. You have the option to leverage horizontal scaling, adding machines to your resource pool, or vertical scaling, adding more power to an existing machine, to expand your environment. For instance, if you have hundreds or thousands of users, the servers will require more CPU, memory, and network bandwidth than smaller networks. Your server resources need to be adapted to your organization’s needs. If your requirements are higher than your server resources, here are some tips:
VDI renders the screen on the server and then sends the image to the endpoint for display. So, when specific applications are visually intensive, they can put a strain on the virtual desktop performance. Reducing the visual requirements of the application can reduce the traffic demands of virtual desktops.
For instance, reducing the display resolution from 1920×1200 to 1280×1024 bits per pixel (bpp) can reduce the bandwidth needs from 2 gigabits to 629 megabits.
It’s also essential to monitor network performance. Network monitoring can help you identify the bandwidth demands of virtual desktops. Identify bottlenecks and demand peaks, traffic trends, and bandwidth usage and adjust your services accordingly.
VDI enables organizations to deliver a consistent desktop experience to diverse endpoints and devices. This is especially important with the expansion of BYOD (bring your own device) policies. But while VDI is device agnostic, different users may need different resources.
How can you ensure device and user control for many device types? First, determine the device types you will support to access VDI. Once you have determined the devices, identify how you will secure them. For instance, you can establish clear policies that state which activities users can and cannot do.
It’s critical to monitor connections to the VDI from third-party devices to ensure anyone trying to enter the network follows security procedures. This way, you can detect any anomalous behavior and prevent data breaches.
Choosing the right VDI implementation for your organization will depend largely on your organization’s specific needs. Some of the best use cases for VDI include:
For many organizations, there are also instances where desktop as a service (DaaS) is the best choice. Because this form of VDI is hosted in the cloud and managed by a third-party provider, it can be an ideal option for companies looking to lower upfront costs and offload maintenance.
Citrix DaaS and VDI solutions are designed to meet the needs of an increasingly flexible workforce, and make it easy for companies to provide secure access to digital workspaces.
Azure AD Authentication for applications
Users may be required to authenticate to their applications (for example, Microsoft 365 apps, Teams (work or school), OneDrive, etc.) at every sign-in. The repeated authentication prompts are due to the virtual machines Azure AD device state. We recommend virtual machines are Azure AD Joined (AADJ) or Hybrid Azure AD Joined (HAADJ) for the best user experience.
Virtual machines, which are AADJ or HAADJ create the user’s primary refresh token (PRT) at sign-in. Primary refresh token(s) created at sign-in will be used to authenticate to Azure AD based applications. Standard Domain Joined (DJ) virtual machines don’t create a PRT at sign-in, instead rely on the Microsoft Azure AD broker plugin.
Starting in FSLogix 2210 (2.9.8361.52326) and later versions, all content stored in following locations is no longer roamed as part of the user profile.
%USERPROFILE%\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
%USERPROFILE%\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy
%USERPROFILE%\AppData\Local\Microsoft\TokenBroker
The following articles are provided to help determine whether or not your virtual machines are configured to use primary refresh tokens as part of an Azure AD sign-in process.
When using non-persistent VDI, you need to prevent users from adding work or school accounts. Use the below registry entry to prevent adding these virtual machines to your Azure AD directory. Failure to do so will result in your directory having lots of stale Hybrid Azure AD joined devices that were registered from your non-persistent VDI platform resulting in increased pressure on your tenant quota and risk of service interruption because of running out of tenant quota.
HKLM\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin: "BlockAADWorkplaceJoin"=dword:00000001
Reference
Connecting to the Internet from your datacenters requires opening port 443 to outbound connections. The following list includes the addresses that are common to most Citrix Cloud services:
URLs for Citrix Cloud Connectors:
https://*.citrixworkspacesapi.net
https://*.servicebus.windows.net
URLs for Certificate Validation by Cloud Connectors
Note: PAC is not supported by Cloud connectors.
Allowed FQDNs for Cloud Connector
For a complete list of the fully-qualified domain names (FQDNs) that the Cloud Connector accesses, refer to the JSON file located at
https://fqdnallowlistsa.blob.core.windows.net/fqdnallowlist-commercial/allowlist.json.
This list is grouped by product and includes a change log for each group of FQDNs
If Customer does not allow wildcard URL’s then below list of FQDN’s are should be allowed.
Note
Allowing FQDN’s in Firewalls may lead to an application launching issue as Citrix may add Gateway POP’s in backend at any time and this will not be updated to Citrix customers to allow newly added gateway services
References
Cloud Connector Proxy and Firewall Configuration | Citrix Cloud
Google Cloud Associate Cloud Engineer – Qwiklabs Courses Questions & Answers
© 2023 Tech Blog
Theme by Anders Noren — Up ↑