Citrix Virtual Apps and Desktops

Create an AWS catalog

Create machine catalogs describes the wizards that create a machine catalog. The following information covers details specific to AWS virtualization environments.

Note:

Before creating an AWS catalog, you need to finish creating a connection to AWS. See Connection to AWS.

Limitation

From Citrix Virtual Apps and Desktops 2203 LTSR and later, MCS AWS plug-in makes DescribeInstanceTypes AWS API call and if that succeeds, then MCS uses the inventory name created from the API response.

Therefore, when you upgrade from CVAD 1912 to 2203 or later, disable the DefineInstanceType permission on AWS, and then update the existing catalog using Set-ProvScheme command to match the AWS naming scheme. Then, add the DescribeInstanceType permissions back after catalog update is complete and the service offering matches AWS naming scheme.

Network setting during image preparation

During image preparation, a preparation virtual machine (VM) is created based on the original VM. This preparation VM is disconnected from the network. To disconnect the network from the preparation VM, a network security group is created to deny all inbound and outbound traffic. This network security group persists and is reused. The network security group’s name is Citrix.XenDesktop.IsolationGroup-GUID, where GUID is randomly generated.

Configure AWS tenancy

AWS provides the following tenancy options:

  • Shared tenancy (the default type): Multiple Amazon EC2 instances from different customers might reside on the same piece of physical hardware.
  • Dedicated tenancy: Your EC2 instances run only on hardware with other instances that you have deployed. Other customers do not use the same piece of hardware.

You can use MCS to provision AWS dedicated hosts by using PowerShell.

Configure AWS dedicated host tenancy using PowerShell

You can create a catalog of machines with host tenancy defined through PowerShell.

An Amazon [EC2] dedicated host is a physical server with [EC2] instance capacity that is fully dedicated, allowing you to use existing per-socket, or per-VM software licenses.

Dedicated hosts have preset utilization based on instance type. For example, a single allocated dedicated host of C4 Large instance types is limited to running 16 instances. See the AWS site for more information.

The requirements for provisioning to AWS hosts include:

  • An imported BYOL (bring your own license) image (AMI). With dedicated hosts, use and manage your existing licenses.
  • An allocation of dedicated hosts with sufficient utilization to satisfy provisioning requests.
  • enable auto-placement.

To provision to a dedicated host in AWS using PowerShell, use the New-ProvScheme cmdlet with the parameter TenancyType set to Host.

Refer to the Citrix Developer Documentation for more information.

Capture AWS instance property

When you create a catalog to provision machines using Machine Creation Services (MCS) in AWS, you select an AMI to represent the master/golden image of that catalog. From that AMI, MCS uses a snapshot of the disk. In previous releases, if you wanted roles or tags on your machines you would use the AWS console to set them individually. This functionality is enabled by default.

Tip:

To use AWS instance property capturing, you must have a VM associated with the AMI.

To improve this process, MCS reads properties from the instance from which the AMI was taken and applies the Identity Access Management (IAM) role and tags of the machine to the machines provisioned for a given catalog. When using this optional feature, the catalog creation process finds the selected AMI source instance, reading a limited set of properties. These properties are then stored in an AWS Launch Template, which is used to provision machines for that catalog. Any machine in the catalog inherits the captured instance properties.

Captured properties include:

  • IAM roles – applied to provisioned instances.
  • Tags - applied to provisioned instances, their disk, and NICs. These tags are applied to transient Citrix resources, including: S3 bucket and objects, volume and worker resources, and AMIs, snapshots, and launch templates.

Tip:

The tagging of transient Citrix resources is optional and is configurable using the custom property AwsOperationalResourcesTagging.

Capture the AWS instance property

You can use this feature by specifying a custom property, AwsCaptureInstanceProperties, when creating a provisioning scheme for an AWS hosting connection:

New-ProvScheme -CustomProperties "AwsCaptureInstanceProperties,true" …<standard provscheme parameters

Refer to the Citrix Developer Documentation for more information.

Note:

The AwsCaptureInstanceProperties is deprecated.

Tag AWS operational resource

When creating a catalog to provision machines in AWS by using MCS, you can control whether to apply the IAM role and tag properties to those machines. You can also control whether to apply machine tags to operational resources.

An Amazon Machine Image (AMI) represents a type of virtual appliance used to create a virtual machine within the Amazon Cloud environment, commonly referred to as EC2. You use an AMI to deploy services that use the EC2 environment. When you create a catalog to provision machines using MCS for AWS, you select the AMI to act as the golden image for that catalog.

Important:

Creating catalogs by capturing an instance property and a launch template is required for using operational resource tagging.

To create an AWS catalog, you must first create an AMI for the instance you want to be the golden image. MCS reads the tags from that instance and incorporates them into the launch template. The launch template tags are then applied to all Citrix resources created in your AWS environment, including:

  • Virtual Machines
  • VM disks
  • VM network interfaces
  • S3 buckets
  • S3 objects
  • Launch templates
  • AMIs

Tag an operational resource

To use PowerShell to tag resources:

  1. Open a PowerShell window from the DDC host.
  2. Run the command asnp citrix to load Citrix-specific PowerShell modules.

To tag a resource for a provisioned VM, use the new custom property AwsOperationalResourcesTagging. The syntax for this property is:

New-ProvScheme -CustomProperties "AwsCaptureInstanceProperties,true; AwsOperationalResourcesTagging,true" …<standard provscheme parameters>

Where to go next

More information

Create an AWS catalog