Configure Virtual Windows 10 (VDI) Desktops with XenDesktop – Virtual Desktops Essentials in Microsoft Azure


I’ve written a bunch of articles on the new Digital Workspace – or also known as the Future of Work in marketing terms, so to speak… Therefore, never on the XenDesktop – Virtual Desktops Essentials Azure service. Citrix currently offers several services to activate and configure Windows 10 VDIs in Azure, but the easiest one to setup is through the Azure Marketplace – purchasing Citrix Virtual Desktops – XenDesktop Essentials. Unfortunately, there isn’t much documentation on the internet on this solution, so I’m happy to fill in that gap for the community!

But first something else…

Currently, rumors were going on EUC market. Firstly, everyone thought that the new Windows Server 2019 version didn’t have the Session Host – RDS role anymore. The role wasn’t available in one of the early preview builds, which increased the rumors even more. Last week, Microsoft confirmed that Server 2019 would have the Session Host role in place. Read the official article here. 

 

So, this means that we still have the opportunity to provide Hosted Shared Desktops in the future, therefore in my opinion, Virtual Desktops, such as Windows 10 can have much better user experience, and applications aligns most of the time better upon a Desktop OS than on a Multi-User server OS.  

The other rumor still goes that Microsoft will release a different version of Windows 10, which includes some kind of this all in the Desktop OS. So, let’s wait and see what the time will bring. Microsoft just released latest build 1803 – named under codename Redstone, more on this specific topic later on in the article.

See below a technical explanation how all the pieces within Azure and Citrix Cloud come together…

In this article, I’ll show you how easy you can configure Windows 10 Virtual Desktop(s) in Microsoft Azure through XenDesktop Essentials – without the need to have an annual contract with Citrix. XenDesktop Essentials makes it possible to instantly deploy VDIs in Azure on monthly – OpEx based costs.

Enjoy reading!

Table of Contents

Click on the title to get forwarded in the article:

More on Digital Workspaces in Azure?

This blog is part of a Citrix Cloud blog series about the different Citrix Cloud Digital Workspaces possibilities. Previous articles that I wrote around the Citrix Cloud, that you might find interesting to read as well:

Did you know?

  • The default Windows 10 build version in Microsoft Azure is 1709?
  • XenDesktop Essentials can now also be sold via Microsoft CSP channel(s).
  • Windows 10 Professional is available from the Azure marketplace without the need for an Enterprise Agreement?
  • For new customers (from December 2017), XenDesktop Essentials includes a workspace URL, usually in the format https://<yourcompanyname>.cloud.com. After you set up XenDesktop Essentials, test and share the workspace URL link with your subscribers to give them access to their desktops.
  • Microsoft and Citrix take care of the underlying updates, so you don’t need to worry about maintaining and replacing servers.
  • Citrix Workspace Experience is included in the Cloud license
  • NetScaler Gateway Service for Remote Access to your XenDesktop Essentials workspace is standard included in the license.
  • Two Factor Authentication (2FA) is now supported with NGaaS
  • The Enlightened Data Transport Protocol is not supported, coming soon available!
  • There is no need to buy RDS CALs for Windows 10 Desktop deployments – those are all included in the license.
  • Use your own StoreFront and NetScaler with XenDesktop Essentials to provide a higher level of security and optimizations of StoreFront CSS / NetScaler themes?
  • Citrix App Layering can increase huge management benefits to the VDA imagining and application virtualization process.
    • User Layers can provide persistence of the complete C:\Users\Username profile location to non-persistent Windows 10 desktop pools. This can decrease the logon duration by more than 50% – to 10 seconds in total!
      • Office 365 layers are a small piece of the User Layers, which make the Outlook Offline Cache folder (.OST location) persistent.
  • One of the great new things that are now integrated into Windows 10 is the OneDrive (files) On-Demand functionality. Which makes it possible to only synchronize OneDrive repository files to your Virtual Desktop when needed. For instance, you’ll see the complete inventory of your OneDrive account on your Virtual Desktop, without the files allocated. Clicking on the file will instantly download the file and place it on Virtual Desktop.
  • XenApp Essentials can also provide Desktops, instead of only Published Applications?
  • Licensing on Azure works in much the same way as on-premises; you can even bring your own licenses if you are simply migrating from one virtual machine to another. Organizations with hybrid cloud scenarios in mind might also be able to save money using Azure Hybrid Benefits.
  • Azure and Citrix Subscriptions – Citrix on Azure uses a per-user/per-year model as its subscription package. Depending on the size, location, and resource requirements of your Citrix estate, you’ll have several options to choose from including XenApp and XenDesktop (both hybrid solutions) or XenDesktop and XenApp Essentials (Azure-only packages).
  • Shift from large-scale, one-off CapEx commitments to easier to manage OpEx expenditures. With XenDesktop Essentials, you also Pay what you use.
  • Access workspace using Citrix Receiver for any of the desktop platforms (Windows, Mac, and Linux). Citrix Receiver for HTML5 and Citrix Receiver for Chrome are also supported.
  • If you are using Azure Active Directory (AAD), do not make the registry change described in CTX225819. Making this change may cause session launch failures for AAD users.
  • For Citrix known issues with Windows 10 version 1709, please see CTX229052.

Windows 10 – What’s new in Windows 10 1803 – now available

Microsoft just released the latest build release for Windows 10 this week. The version was available earlier through the insiders program with codename Redstone 4 and now also for everyone through Windows Updates. Unfortunately, the official release isn’t available yet from the Azure marketplace. Therefore I think that it won’t take long – the latest similar version will be the Fall Creators Update below

Note: Windows 10 1803 (former known as Redstone 4) – Citrix Desktop VDA Known Issues list can be found here https://support.citrix.com/article/CTX231942

The new release holds a lot of great new features. Also, a lot security improvements because of the GPDR law which is coming this month.

  • Office 365 Ransomware Detection
  • Windows Hello for Business
  • Windows 10 Subscription Activation
  • Windows Update for Business (WUfB)
  • Windows Autopilot
  • Windows 10 in S mode
  • Windows 10 kiosk and Kiosk Browser
  • Windows Defender Exploit Guard
  • Windows Defender ATP
  • Windows Defender Application Guard
  • Windows Defender Device Guard

Source: https://docs.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-1803

Windows 10 – End of support list

There is no denying that Windows 10 is dominating. Never before was a Desktop Operating System that popular. Even after Microsoft announced their change in release strategy to WaaS – Windows-As-a-Service. This change in release management changes the way how we upgrade our Virtual Desktop environments in the past. Using Windows updates can change the complete build, and asks for a whole different approach to upgrading our VDI’s, for instance, the profile version can change in version, which asks for a complete rebuild.

Goodbye versions and hello services. Innovation has become faster, and users expect new features quicker.

Many customers have made significant progress in moving to Windows as a service, but aren’t aware of the EOS – EOL dates. The following table will help you understand more.

Note: If this release management goes to fast for your company, then you’ll need to use the new LTSB versions. LTSB stands for Long Term Service Branch. See the following Microsoft article to get to know more about this..

Windows 10 – Citrix VDA support list

See the table (Last Modified: 02 May 2018) below for all the supported Citrix VDA versions. Currently, only the configuration of the VDA is supported… I’ve tested 1803 with VDA agent version 7.17 in my lab and had no problems detected so far, but know that it’s officially not supported.

See the official article here: https://support.citrix.com/article/CTX224843

 

Citrix Cloud Connector design considerations 

Some of the most important things to consider when u deploy a Citrix Cloud solutions are:

  • Deploy minimum two Cloud Connectors per resource location.
  • Always place them in an Availability Set including a minimum of 2 Fault and Update domains.
  • Consider using Availability Zones in Microsoft Azure to increase the availability and uptime of your Citrix Cloud environment.
  • VDAs must be able to communicate with Cloud Connectors for registration and brokering.

Are you going to Citrix Synergy next week and want to know more in-depth information on this specific topic Best Practices, just to get more confident on deploying Citrix in the Cloud? Please join me, and George Kuruvilla on our session. The Citrix Synergy session you don’t want to miss — SYN105, held Wednesday, May 9, 10:30 a.m. – 11:15 a.m. ACC, Level 3, Ballroom B. Do I see you there?

Note: This table includes numbers without Local Host Cache (LHC) activated, which means more resource consumption…

Citrix Cloud Workspaces comparison sheet

I shared this sheet in one of my earlier blogs. This sheet is very comprehensive to make a right decision on features in an on-premises version of Citrix XenApp and XenDesktop or the Citrix Cloud, such as XenDesktop Essentials.

In my opinion, XenDesktop Essentials will do fine for business from 25 up to 500 concurrent (CCU) users. If you exceed this number, you’ll go into the “Enterprise” class, and then XenDesktop (or XenApp and XenDesktop) Service will do better.

See the complete sheet here:

NetScaler Gateway Service

NetScaler Gateway Service, or also known as NGaaS is enabled by default when you use one of the different Citrix Cloud services. Using this solution ensures you the POP Presence functionality – which means that the entry point to your Citrix Cloud environment will start from one of the nearest locations of your endpoint/users around the globe. After this, it will create a high-speed and reliable connection with the lowest latency as possible.

Some of the other advantages of NGaaS are:

  • Global POP presence
  • ICA Proxy – Apps and desktops for XenApp and XenDesktop Service and Essentials
  • 1 GB Data transfer (Included per user)
  • Two Factor Authentication (2FA) with Azure MFA
  • Simplified setup
  • Session reliability
  • Optimal end-user traffic routing

Note: NGaas is supported for AWS datacenters.

 

Purchase the XenDesktop Essential Service in the Marketplace

Go to the Azure Marketplace and search for XenDesktop Essentials

 

Click on Create

 

Give in the required information

 (The resource name can be random.)

 

 Connect to the Citrix Cloud

Note: You’ll need a Citrix Cloud account to proceed this step. To create a new account, please visit Citrix Cloud and enter the requested information.

 

 If you create a new account – please create a location to place your resources in.

 

 Confirm the account through the email – confirm the password

 Click on the Connect button

 

 Enter in credentials of your Citrix Cloud account

 Make sure that the new Citrix Cloud account is listed in the – * Number of users section – change the amount of users for your business (25 is the minimum value) and check the box next to – I Agree to pay

 Click on Create

Deployment is started.

This process can take up to a max. of 1 hour to complete…

 The next step will perform the Citrix Cloud Connectors installation. 

Deploy the Citrix Cloud Connector(s) in Azure

Before we start with the installation of the Citrix Cloud Connectors, we need to deploy 1 or 2 (recommended) basic VM’s in Microsoft Azure. Join them to your Active Directory domain and proceed the next step on those specific machines…

Note: There is no need for SSD premium storage for this type of machine. Select them wisely by using the Design considerations table in the beginning of this blog. I’ll use the sizing below.

Enter the required information

Select a VM Sizing

(I prefer the D2S_V3 as mentioned at the beginning of the article – design considerations)

Enter the required information

Note: Make sure to place (when u install 2) the Citrix Cloud servers in the same Availability Set. 

Extra note: Azure also supports Availability Zones, which makes it possible to place different Citrix Cloud Connectors in another independent datacentre within the same region. This avoids outages on the complete datacenter level. Please check one of my previous blogs if you want to know more about Availability Sets and Availability Zones!

Finish the deployment in Azure,

Setup an RDP connection to the VM and join the Citrix Cloud Servers to the domain

Go to the next step

Note: Make sure to disable IE Enhanced Security Configuration before you start the cwconnector.exe installation

 

Go to citrix.cloud.com

Open the Resource Location option in the upper-left menu.

Click on download and save the file (cwcconnector.exe) somewhere on the Citrix Cloud servers in Azure, the installation needs (of course) to be run from inside that machine.

 Install the Citrix Cloud Connector software on the specific Cloud Connector servers in Azure, first sign in with your Citrix Cloud Account.

Note: The Citrix Cloud Connectors need to have an internet connection.

The installation process will start directly afterward…

 Testing the Connection…

Note: Troubles with the connection? Please check out this troubleshoot article.

 

Connection successfully verified, click on Close

 Click on Refresh All

 

 The new resource location is now added to the list in the Resource Locations menu. Perform the same steps for the other Cloud Connectors.

 Note: The yellow/orange mark is active because there is only one Citrix Cloud Connector active. When you install another Citrix Cloud server in Azure, the warning will disappear. And remember: place them in the same Availability Set!

After the second; the warning will be gone.

Rename the resource location to Azure – DC location.

Save the new Resource Location name and check if it’s changed on the menu.

Deploy the Windows 10 Master image in Azure

Firstly, we need to deploy a Windows 10 Pro or Enterprise VM, which we’ll need to use as Master Image for our Machine Catalog(s) – MCS image management procedure within the Citrix Cloud.

Log in to the Azure portal and open the Marketplace.

 Click on the Windows 10 version which fits your business

 Click on Create

Give in the required information and Click on Ok

 Note: Please make sure to select the Hybrid Use Benefit program if you have a Software Assurance for the OS. This will result in much lower resource consumption, the license costs that are normally included in the license will be gone.

 Select a proper sizing

 (for the Master Image this wouldn’t be that of a problem, but when we start deploying machines within the Citrix Cloud, this will be used a default. And yes, it can be changed afterward.)

Note: You’ll see that the sizing dashboard is changed – this is a huge improvement on the previous one! Good job Microsoft!

Give in the requirements.

 Note: Make sure to activate Azure Managed Disks for higher IOPS and dynamically expandable disks. Also, the Machine Catalog update maintenance tasks will increase up to 50% in speed! We also need to activate this option later on – during the Machine Catalog configuration!

Click on Create

Setup an RDP to the Windows 10 VM in Azure

Note: If you have no IPsec VPN or ExpressRoute, please assign a Public IP to the network card to provide external access on port 389 for Remote Desktop. RDP is enabled by default in Azure!

Join the Windows 10 Master image to your domain

Reboot the machine

Log in with your administrator/domain credentials to the VM

 

Install the latest VDA software

Download the latest Citrix XenApp and XenDesktop VDA software through the URL below.

https://www.citrix.nl/downloads/citrix-cloud/product-software/xenapp-and-xendesktop-service.html

Or directly from the Citrix Cloud portal – under the menu option Downloads 

Choose from – Create a Master Image – Click on Next

Click Next

Select the services that you want to use / integrate, Click on Next 

Enter in the FQDN of the Citrix Cloud Connector(s), Click Next

 

Select the features you want to use

Note: Optimize Performance will have some overlap with the Citrix Optimizer steps later on. For that reason – I’d deselect the feature.

 Click on Next

Confirm the summary, Click on Install

The installation is ongoing…

Choose if you want to use Call Home – Click on Next

 

Click on Finish to Restart the machine

Optimize the image with Citrix Optimizer

 Download the Citrix Optimizer software and start CitrixOptimizer.exe

https://support.citrix.com/article/CTX224676

Select the Windows 10 1709 template

Select the services that you want to disable – or choose the default settings and click on Analyse and Optimize if you agree 

Process is completed  

Shutdown the Virtual machine

Switch to the Azure portal and click on Stop when the status is – Stopped (still incurring compute charges).

Note: If you skip these steps – the machine catalog Machine Creation Services (MCS) procedure will fail – because the disks will still in lock status!

 

Make sure that the VM has the status de-allocated in Azure before you proceed to the next step!

Setup the Host Connection to Azure

Go to https://xenapp.cloud.com/

(Yes, a strange domain extension for the name XD Essentials J ) 

Click on the button – I’m ready to start!

 

The next steps are pretty similar to an on-premises environment.

Click on – 1 Connect to the resources that will host the machines 

Note: When u receive the error message below, you’ll need to set up the Citrix Cloud Connectors first, or something went wrong during the setup.

Select your Azure Datacenter location – Click on Next

(Almost all the location are placed under – Azure Global)

You can find your Azure subscription under the Subscriptions menu within the Azure Portal.

 Copy the Subscription ID

You can paste the ID within the HTML receiver by pressing the Receiver button in the upper-middle of the browser.

 Paste it into the text field

 

 And again, paste it in the Subscription ID field

 Note: During this process, an extra user will be created on the Azure subscription with Contributor RBAC rights. This account can be found at the Access Control (IAM) menu of the subscription in Azure.

Enter your Azure Administrator credentials

Click on Accept

 

Confirm that the status Connected, click on Next

Pick a DC region to standardly deploy your Windows 10 Virtual Desktop(s).

Click Next

Give in a random resource name – Select the Azure Virtual Network (vNet) which will be used for the Virtual Desktop Network Interfaces.

Click Next

 

Confirm the summary.

Click on Finish to start to perform the Host Connection configuration

Create the Machine Catalog

Switch to step – 2 Set up the machines and create machine catalogs to run apps and desktops

Click on Next

The only OS version is Desktop OS – Click Next

Click Next

 

The following settings are very important. Are you using personal desktops – or pooled desktops? Personal Desktops speaks for themselves, therefore pooled desktops can be best compared to random desktop – which mostly results in a non-resistant approach. 

The other 2 settings meaning that the differential (OS) disk will be writeable and will save the changes, also after a reboot. The second option will clear the image OS disk after a reboot.

Choose the following setting wisely for your business. I’ll pick the Personal Desktop 

Switch to the Disks menu of the VM in Azure to detect the storage location.

 Click on the OS disk name 

Remember the location under VHD URI 

Search for the location – select the Master Image VHD file, Click on Next

Note: Confirm that the Master Image VM in Azure has the Power State de-allocated! 

Choose for Premium (SSD) Storage for the best performance 

Use the HUB program if you have an Enterprise Agreement, including SA on Windows 10. Otherwise choose No

Note: Managed Disks are an optional feature, but with this alternative storage solution in Microsoft Azure, you have much lower limitations active and also optimisations on performance for your environment.

  • Faster provisioning time
  • Scalable elastic storage / dynamically expandable storage
  • No IOPS limitations anymore

I’m using Managed Disks as default

Click on Next

 Choose the sizing for the VMs in Azure – and the number of machines.

 Click on Next

 (I’m using the Standard_D2S_v3 sizing.)

 

Choose if you want to use an existing resource group or create new groups.

 Click Next

 

 (Ignore this warning if the Host Connection process went well)

 

 Select the network card. Click on Next

 

 Select an Active Directory OU Location and naming convention. Click on Next

 

Click on Enter Credentials

 

 Enter domain credentials, which are privileged to provide the domain join.

 Give in a name for the Machine Catalog.

Click on Finish to start the enrolment in Azure

 

 The deployment process is ongoing…

 

This can take up a while…

 (mine took 20 minutes)

 Almost finished…

 

 The machines are now created – The Virtual Machine will appear in Azure when the machine is starting.

 The machines will start automatically after the Delivery Group process!

Configure the Delivery Groups 

Select the 3th and final option – 3 Setup up delivery groups to be displayed as service

Click on Next

 

 Increase the value to add the created machines to the Delivery Group. Click on Next

  

We now can filter the Delivery Group based on users/groups.

Click on Add to search for a User or Group

 

Note: It is also possible to provide the access based on Citrix Cloud / MyCitrix user credentials when choosing the first option.

Click on Add 

Give in a name for the Published Desktop and the max. desktops per user.

Click Ok

Click Next

Enter in a name for the Delivery Group and Click Finish 

Machines are now created in Microsoft Azure

 

And the machines are now visible in the Citrix Studio!

 Click on the Delivery Group to assign the Windows 10 Desktop to a user

Search for a user

 

Click Ok

(repeat the steps for the other desktops.)

 

Confirm that the VM is assigned to the specific user

 

NetScaler Gateway Service – XenDesktop Essentials configuration

Switch back to the Citrix Cloud – home menu, or open citrix.cloud.com

Open the NetScaler Gateway Service – Manage menu

Click on Configure

 

If all the steps are performed correctly – the services below must be listed and have the status enabled.

 

Customize the Citrix Workspace

Switch in that same menu to Customize

 Upload (or drag) your business logo in the required sizing limits field(s)

Don’t forget to click on Save

As small extra, on the Preferences section – you’ll find the possibility to activate favourites – very useful when u have multiple apps and only use some of them daily…

Access the Windows 10 Desktop through Citrix Workspace Experience  

Switch to the Access tab 

Note: You can edit the <NAME>.cloud.com part of the Citrix Workspace url here too.

Getting the error below after changing the url – please wait for one hour…

Open the Workspace URL in your internet browser

Enter in the credentials

 

Start the Windows 10 Virtual Desktop!

Loading…

Awesome – It works too!

 

Extra: NetScaler Gateway Service – SSO to SaaS, web and VDI app

Note: The following steps are in Tech Preview and only supported for SalesForce CRM and Zoom

If you switch back to the home screen of citrix.cloud.com – choose for NetScaler Gateway Service 

 Click on the second option – Single Sign On (SSO) – Tech Preview

 Choose one of the 2 (SSO) apps, Click Next

Enter in the required App URL from SalesForce

 The last step is to activate Single Sign-On

 Unfortunately, I haven’t got a SalesForce Account to test it. But I think this step will be pretty straightforward.

 I hope this helps.

Cheers,

Christiaan Brinkhoff