It's been a while that we covered the topic of hybrid cloud models with Citrix as a hub. Several years ago we talked about this model if we introduced first native provisioning AWS. I thought it was time to take this issue into attack, but use of the approach of our apps and desktop services in Citrix Workspace cloud management solution and Azure the latest Citrix addition to Azure marketplace a blog post about ,
Recently Prasanna Padmanabhan wrote. You can deploy an entire XenApp infrastructure in Azure in a few easy steps. His blog can be found here.
This blog to focus on creating a resource zone in Azure and retain that. In an on-premise datacenter and domain Below is a high-level architectural view of the solution. Use of apps and desktop services in Workspace Cloud, the main XenApp / XenDesktop farm components are in the cloud, while the resources reside in Azure and on-premise.
must be observed with that I already with an existing Workspace cloud environment involved in your local domain.
[1945001gestartetActiveDirectoryfürdiesenEinsatz] I use an on-premise. All AD communication via the VPN connection sent. The machines can participate in all AD activities. There are other ways to deal with Active Directory and a VPN connection.- The way I treat just described. Domain all Azure has resources.
- , you can deploy a separate AD site for your local domain and a domain controller in Azure.
- providing a separate Active Directory in Azure, and create a trust with your local domain.
The Setup
The first step is to build a site-to-site VPN connection between Azure and your local data center. NetScaler can be used to establish this connection. One of your famous CTPs, Stéphane Thirion (@archynet) has laid the necessary steps; First he shows you the Azure steps, followed by the necessary steps on the NetScaler. His contribution can be found at this link.
When I setup my environment, I used the newest NetScaler build (at the time of this publication) in 11.0.65.31.nc. Here are some additional environment details about the environment that I used for the purposes of this blog
- On-Premise NetScaler 11.0.65.31 connect to my Azure account
- My pre- Location network 192.168.0.0.
- My Azure environment is based on a 10.20.0.0 address scheme.
- All machines with the "Classic" method via the web portal in the central region were created.
- I have my configuration to perform a bastion or jump server in Azure work. This server had a public IP and port for RDP (3389) was open on endpoints. He was placed in the subnet 10.20.20.0.
- The server, the Cloud Connector and the VDA installed part of the 10.20.30.0 subnet.
- I have a workspace Cloud account with 2 resource locations; 1 for my on-premise and 1 for Azure
- All resources in Azure domain are connected through the VPN connection.
- all server resource zone be secured by the use of Network Security Group (NSG) within Azure
Let's start!
After a PBR (Policy-based route) indicate the steps that have been created with Stephane in your NetScaler configuration. Below is a picture of me.
In this way, for all traffic for my 10.20.0.0 subnet determined are routed correctly through the Azure Connector that I created.
On To Resource Creation
When are familiar with the Azure portal, you see two options when creating VMs: Classic or resource manager. At the time of this blog, Citrix Provisioning support native "Classic" Azure. All my resources were in the Central Region Azure created data center as it continues to support the classical method.
to create the first server was, my bastion or "jump" server. This server is my entry in the subnet, for which I created other images to work from. This was a simple "basic A1" server. Not many resources here, but enough to get the job done. For a full list of available VM sizes, see the Azure Marketplace.
to create a Network Security Group My next step. The NSG I created, has been applied to my resources subnets. This allows fall for masses allocation of all resources to the necessary subnet automatically within the rules of the associated NSG. Below is a screen capture is a partial list of ports shows I opened. As always when ports and a separate resource to open, do this in the best interest of your solution and your company's security.
There are many resources that NSG and their creation cover and architectures. Here are three to get you started. Many more sites like this are just a keyword search away.
- Build with NSGs
- Create a DMZ application with a firewall and NSG to protect a simple DMZ
- Back Azure Virtual Network and create DMZ on Azure VNET with Network Security Groups
you can also NSG assign to VMs. I chose a subnet to stay, so that all future deployed machines to get the allocated same
The second server:.! The workspace Cloud Connector
Next on my list to was the Workspace Cloud Connector Server. If you select your VM size, do so within the parameters and the load that you feel is the best match. For the purposes of this blog, I selected a "Standard A1" server.
When I was that server to create, I made sure this place within the 10.20.30.0 subnet. This allows me to segment my traffic and possibly another NSG should apply to the subnet that are necessary. This server is a manual creation either PowerShell or the portal. I opted for the portal.
I removed the standard endpoints that Azure has the VM, WinRM and RDP. I'll take my NSG care access to the VMs can. Use my jump server, I'll use for RDP access, but can directly to the gold image on the Internet. I removed the public IP address for that server.
After the Connector VM has been added to my local domain, I setup a new zone in my workspace cloud environment, downloaded and installed in order to connect.
First, the resources to create site in your workspace cloud environment. Download the plug and install it on the Azure Connector machine. During installation, you will be prompted to sign this to your business website and promote connect.
Once the installation is complete, your new plug in your resource area appears of your workspace Cloud Web console. As a best practice, a minimum of 2 connections per resource zone.
You can now your Zone in Workspace Cloud Studio create properly assist in the published resources dismissed.
Large, including the connector setup to not much.
Azure VM resource
I have another VM that is the "gold" for my hosts shared environment in Azure. Same build process as before. I took advantage of the Azure portal manually create the VM to make sure to place them in the correct subnet I use for these resources.
When installing the VDA when prompted for your DDC, in the FQDN set of the connector that you created. The VDA is to communicate the connector with the Workspace cloud environment using SSL as a secure proxy for this communication. During installation of the VDA, I decided Receiver installed. I had my receiver onsite storefront help to aid in the provision of additional applications.
Once your image is to your liking, it's time to take a picture. It is recommended that the VM is in an off state when you make your first recording. During the process, there is no need to check the box on SysPrep machines with VDA version 7.7 or higher. Images can be displayed for Azure in classic web UI, https://manage.windowsazure.com.
delivery of the goods
If you do not happen so, configure Azure a hosting platform in the apps and desktop service workspace cloud management console ,
to be copy and your publishing file contents in the "Import" Insert section. Then follow filter the remaining window with your data center and your network of choice.
Once this is complete, configure your machine catalog.
Once this is done, we can move on to the delivery group creation. For image selection you can find a list of all "captured" have machines. Select the appropriate gold image.
Make sure to enable you Workspace cloud to manage access to these delivery group in order to fit it in the subscription model. You will see the Studio command prompt shown below. After the delivery group successfully added, you can add in the published subscription after the image.
After you finished creating the delivery group, the Azure console will show your VMs in a stopped state. That's nice, because you are not incur any unnecessary costs.
Time to start a VM and test your deployment. // products known Happy hybrid cloud-ing! 
This comment has been removed by the author.
ReplyDelete