Citrix Virtual Apps and Desktops

Microsoft System Center Virtual Machine Manager virtualization environments

Follow this guidance if you use Hyper-V with Microsoft System Center Virtual Machine Manager (VMM) to provide virtual machines.

This release supports the VMM versions listed in System requirements.

Note:

Mixed Hyper-V clusters (containing servers running different Hyper-V versions) are not supported.

You can use Citrix Provisioning (formerly Provisioning Services) and Machine Creation Services to provision:

  • Generation 1 supported Desktop or Server OS VMs.
  • Generation 2 supported Desktop or Server OS VMs, including Secure Boot support.

Install and configure a hypervisor

Important:

All Delivery Controllers must be in the same forest as the VMM servers.

  1. Install Microsoft Hyper-V server and VMM on your servers.
  2. Install the System Center Virtual Machine Manager console on all Controllers. The console version must match the management server version. Although an earlier console can connect to the management server, provisioning VDAs fails if the versions differ.
  3. Verify the following account information:

    The account you use to specify hosts in Studio is a VMM administrator or VMM delegated administrator for the relevant Hyper-V machines. If this account only has the delegated administrator role in VMM, the storage data is not listed in Studio during the host creation process.

    The user account used for Studio integration must also be a member of the administrators local security group on each Hyper-V server. This configuration supports VM life cycle management, such as VM creation, update, and deletion.

    Installing a Controller on a server running Hyper-V is not supported.

In large deployments where a single SCVMM manages multiple clusters in different data centers, you can limit the host groups scope of delegated admins.

To limit the host groups scope, use the Delegated Admin role in Microsoft System Center Virtual Machine Manager (VMM) console:

  1. On Create User Roles Wizard, select Fabric Administrator (Delegated Administrator) as a user role.
  2. In Members, add the user account in the Active Directory that you want to use as delegated admin.
  3. In Scope, select the host groups you want the delegated admin to have access to.
  4. Create a new Run As Account using delegated admin user credentials. Use these credentials to create a hypervisor connection later. Do not use the main administrator role accounts.

Create a master VM

  1. Install a VDA on the master VM, and select the option to optimize the desktop to improve performance.
  2. Take a snapshot of the master VM to use as a backup.

Create virtual desktops

If you are using MCS to create VMs, when creating a site or a connection:

  1. Select the Microsoft virtualization host type.
  2. Enter the address as the fully qualified domain name of the host server.
  3. Enter the credentials for the administrator account you set up earlier that has permissions to create VMs.
  4. In Host Details, select the cluster or standalone host to use when creating VMs.

    Browse for and select a cluster or standalone host even if you are using a single Hyper-V host deployment.

MCS on SMB 3 file shares

For machine catalogs created with MCS on SMB 3 file shares for VM storage, ensure that credentials meet the following requirements. These requirements ensure that calls from the Controller’s Hypervisor Communications Library (HCL) connect successfully to SMB storage:

  • VMM user credentials must include full read write access to the SMB storage.
  • Storage virtual disk operations during VM life cycle events are performed through the Hyper-V server using the VMM user credentials.

When you use SMB storage, enable the Authentication Credential Security Support Provider (CredSSP) from the Controller to individual Hyper-V machines. Use this process for VMM 2012 SP1 with Hyper-V on Windows Server 2012. For more information, see CTX137465.

The HCL uses CredSSP to open a connection to the Hyper-V machine. This feature passes Kerberos-encrypted user credentials to the Hyper-V machine. The PowerShell commands in the session on the remote Hyper-V machine run with the credentials provided. In this case, the credentials of the VMM user, so that communication commands to storage work correctly.

The following tasks use PowerShell scripts that originate in the HCL and are then sent to the Hyper-V machine to act on the SMB 3.0 storage.

  • Consolidate master image: A master image creates an MCS provisioning scheme (machine catalog). It clones and flattens the master VM ready for creating VMs from the new disk created (and removes dependency on the original master VM).

    ConvertVirtualHardDisk on the root\virtualization\v2 namespace

    Example:

$ims = Get-WmiObject -class $class -namespace "root\\virtualization\\v2";
$result = $ims.ConvertVirtualHardDisk($diskName, $vhdastext)
$result
<!--NeedCopy-->
  • Create difference disk: Creates a difference disk from the master image generated by consolidating the master image. The difference disk is then attached to a new VM.

    CreateVirtualHardDisk on the root\virtualization\v2 namespace

    Example:

$ims = Get-WmiObject -class $class -namespace "root\\virtualization\\v2";
$result = $ims.CreateVirtualHardDisk($vhdastext);
$result
<!--NeedCopy-->
  • Upload identity disks: The HCL cannot directly upload the identity disk to SMB storage. Therefore, the Hyper-V machine must upload and copy the identity disk to the storage. Because the Hyper-V machine cannot read the disk from the Controller, the HCL must first copy the identity disk through the Hyper-V machine as follows.

    The HCL uploads the Identity to the Hyper-V machine through the administrator share.

    The Hyper-V machine copies the disk to the SMB storage through a PowerShell script running in the PowerShell remote session. A folder is created on the Hyper-V machine and the permissions on that folder are locked for the VMM user only (through the remote PowerShell connection).

    The HCL deletes the file from the administrator share.

    When the HCL finishes uploading the identity disk to the Hyper-V machine, the remote PowerShell session copies the identity disks to SMB storage. It then deletes it from the Hyper-V machine.

    The identity disk folder is recreated if it is deleted so that it is available for reuse.

  • Download identity disks: As with uploads, the identity disks pass though the Hyper-V machine to the HCL. The following process creates a folder that only has VMM user permissions on the Hyper-V server if it does not exist.

    The Hyper-V machine copies the disk from the SMB storage to the local Hyper-V storage through a PowerShell script. This script runs in the PowerShell V3 remote session.

    HCL reads the disk from the Hyper-V machine’s administrator share into memory.

    HCL deletes the file from the administrator share.

Microsoft System Center Virtual Machine Manager virtualization environments