Microsoft Azure Resource Manager virtualization environments
Follow this guidance when using Microsoft Azure Resource Manager to provision virtual machines in your XenApp or XenDesktop deployment.
You can configure XenApp or XenDesktop to provision resources in Azure Resource Manager either when you create the XenApp or XenDesktop Site (which includes creating a connection), or when you create a host connection later (after creating the Site).
You should be familiar with the following:
- Azure Active Directory: https://azure.microsoft.com/en-us/documentation/articles/active-directory-howto-tenant/
- Consent framework: https://azure.microsoft.com/en-us/documentation/articles/active-directory-integrating-applications/
- Service principal: https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-objects/
Azure Disk Encryption is not supported when using Machine Creation Services.
This version of XenApp and XenDesktop only supports an Azure unmanaged disk storage system. By default, Azure uses a managed disk storage system. For information about managed and unmanaged Azure storage solutions, refer to Azure managed disks.
Create a connection to Azure Resource Manager
See the Create a Site and Connections and resources articles for complete information about all pages in the wizards that create a Site or a connection. The following information covers only details specific to Azure Resource Manager connections.
There are two ways to establish a host connection to Azure Resource Manager:
- Authenticate to Azure Resource Manager to create a service principal.
- Use the details from a previously created service principal to connect to Azure Resource Manager.
Authenticate to Azure Resource Manager to create a service principal
Before you start, make sure:
- You have a user account in your subscription’s Azure Active Directory tenant.
- The Azure AD user account is also a co-administrator for the Azure subscription you want to use for provisioning resources.
In the Site Setup or Add Connection and Resources wizard:
- On the Connection page, select the Microsoft Azure connection type and your Azure environment.
- On the Connection Details page, enter your Azure subscription ID and a name for the connection. The connection name can contain 1–64 characters, and cannot contain only blank spaces or the characters \\/;:#.*?=<>|[]{}”’()’). After you enter the subscription ID and connection name, the Create new button is enabled.
- Enter the Azure Active Directory account user name and password.
- Click Sign in.
- Click Accept to give XenApp or XenDesktop the listed permissions. XenApp or XenDesktop creates a service principal that allows it to manage Azure Resource Manager resources on behalf of the specified user.
- After you click Accept, you are returned to the Connection page in Studio. Notice that when you successfully authenticate to Azure, the Create new and Use existing buttons are replaced with Connected, and a green check mark indicates the successful connection to your Azure subscription.
- Indicate which tools to use to create the virtual machines, and then click Next. (You cannot progress beyond this page in the wizard until you successfully authenticate with Azure and accept giving the required permissions.
Resources comprise the region and the network.
- On the Region page, select a region.
- On the Network page,
- Type a 1–64 character resources name to help identify the region and network combination in Studio. A resource name cannot contain only blank spaces, and cannot contain the characters \/;:#.*?=<>|[]{}”’()’.
- Select a virtual network and resource group pair. (Since you can have more than one virtual network with the same name, pairing the network name with the resource group provides unique combinations.) If you selected a region on the previous page that does not have any virtual networks, you need to return to that page and select a region that has virtual networks.
Complete the wizard.
Use the details from a previously created service principal to connect to Azure Resource Manager
To create a service principal manually, connect to your Azure Resource Manager subscription and use the PowerShell cmdlets provided below.
Prerequisites:
- $SubscriptionId: Azure Resource Manager SubscriptionID for the subscription where you want to provision VDAs.
- $AADUser: Azure AD user account for your subscription’s AD tenant.
- Make the $AADUser the co-administrator for your subscription.
- $ApplicationName: Name for the application to be created in Azure AD.
- $ApplicationPassword: Password for the application. You use this password as the application secret when creating the host connection.
To create a service principal:
Step 1: Connect to your Azure Resource Manager subscription.
Login-AzureRmAccount.
Step 2: Select the Azure Resource Manager subscription where you want to create the service principal.
Select-AzureRmSubscription -SubscriptionID $SubscriptionId;
Step 3: Create the application in your AD tenant.
$AzureADApplication = New-AzureRmADApplication -DisplayName $ApplicationName -HomePage "https://localhost/$ApplicationName" -IdentifierUris https://$ApplicationName -Password $ApplicationPassword
Step 4: Create a service principal.
New-AzureRmADServicePrincipal -ApplicationId $AzureADApplication.ApplicationId
Step 5: Assign a role to the service principal.
New-AzureRmRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $AzureADApplication.ApplicationId –scope /subscriptions/$SubscriptionId
Step 6: From the output window of the PowerShell console, note the ApplicationId. You provide that ID when creating the host connection.
In the Site Setup or Add Connection and Resources wizard:
- On the Connection page, select the Microsoft Azure connection type and your Azure environment.
- On the Connection Details page, enter your Azure subscription ID and a name for the connection. (The connection name can contain 1–64 characters, and cannot contain only blank spaces or the characters \/;:#.*?=<>|[]{}”’()’).
- Click Use existing. Provide the subscription ID, subscription name, authentication URL, management URL, storage suffix, Active Directory ID or tenant ID, application ID, and application secret for the existing service principal. After you enter the details, the OK button is enabled. Click OK.
- Indicate which tools to use to create the virtual machines, and then click Next. The service principal details you provided will be used to connect to your Azure subscription. (You cannot progress beyond this page in the wizard until you provide valid details for the Use existing option.)
Resources comprise the region and the network.
- On the Region page, select a region.
- On the Network page:
- Type a 1–64 character resources name to help identify the region and network combination in Studio. A resource name cannot contain only blank spaces, and cannot contain the characters \/;:#.*?=<>|[]{}”’()’.
- Select a virtual network and resource group pair. (Since you can have more than one virtual network with the same name, pairing the network name with the resource group provides unique combinations.) If you selected a region on the previous page that does not have any virtual networks, you need to return to that page and select a region that has virtual networks.
Complete the wizard.
Create a Machine Catalog using an Azure Resource Manager master image
This information is a supplement to the guidance in the Create Machine Catalogs article.
A master image is the template that will be used to create the VMs in a Machine Catalog. Before creating the Machine Catalog, create a master image in Azure Resource Manager. For information about master images in general, see the Create Machine Catalogs article.
When you create a Machine Catalog in Studio:
- The Operating System and Machine Management pages do not contain Azure-specific information. Follow the guidance in the Create Machine Catalogs article.
- On the Master Image page, select a resource group and then navigate (drill down) through the containers to the Azure VHD you want to use as the master image. The VHD must have a Citrix VDA installed on it. If the VHD is attached to a VM, the VM must be stopped.
-
The Storage and License Types page appears only when using an Azure Resource Manager master image.
Select a storage type: standard or premium. The storage type affects which machine sizes are offered on the Virtual Machines page of the wizard. Both storage types make multiple synchronous copies of your data within a single data center. For details about Azure storage types and storage replication, see the following:
https://docs.microsoft.com/en-us/azure/storage/common/storage-introduction
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disks-types#premium-ssd
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
Select whether to use existing on-premises Windows Server licenses. Doing so with using existing on-premises Windows Server images utilizes Azure Hybrid Use Benefits (HUB). More details are available at https://azure.microsoft.com/pricing/hybrid-use-benefit/.
HUB reduces the cost of running VMs in Azure to the base compute rate since it waives the price of extra Windows Server licenses from the Azure gallery. You must bring your on-premises Windows Servers images to Azure to use HUB. Azure gallery images are not supported. On-premises Windows Client licenses are currently not supported. See https://blogs.msdn.microsoft.com/azureedu/2016/04/13/how-can-i-use-the-hybrid-use-benefit-in-azure/.
To check if the provisioned Virtual Machines are successfully utilizing HUB, run the following PowerShell command
Get-AzureRmVM -ResourceGroup MyResourceGroup -Name MyVMand check that the license type is
Windows_Server. More instructions are available at https://docs.microsoft.com/en-us/azure/virtual-machines/windows/hybrid-use-benefit-licensing?toc=%2Fazure%2Fvirtual-machines%2Fwindows%2Ftoc.json. - On the Virtual Machines page, indicate how many VMs you want to create; you must specify at least one. Select a machine size. After you create a Machine Catalog, you cannot change the machine size. If you later want a different size, delete the catalog and then create a catalog that uses the same master image and specifies the desired machine size.
Virtual machine names cannot contain non-ASCII or special characters.
- The Network Cards, Computer Accounts, and Summary pages do not contain Azure-specific information. Follow the guidance in the Create Machine Catalogs article.
Complete the wizard.