Cloud Worker

The ability to run Citrix workloads in a public cloud is not new. The 7.x versions already provided terminal servers and virtual desktops in the cloud. However, all administrative activities and monitoring had to be handled in the cloud, and Infrastructure as a Service (IaaS) usually was still relatively expensive. Now that costs have fallen to significantly lower levels and the provider handles the administrative tasks, a detailed look at the Citrix Cloud is worthwhile.

XenDesktop Essentials and XenApp Essentials (collectively, Citrix Essentials hereafter) manage and deliver Windows 10 virtual desktops and deliver Windows applications and shared hosted desktops from Microsoft Azure to users on any device. The applications appear to run locally on the user's computer. The XenApp and XenDesktop Service, on the other hand, provides applications and desktops independent of a device's operating system and interface, with IT control of virtual machines, applications, and security.

Citrix Essentials differs from all previous cloud solutions in that it provides and operates the complete infrastructure, the delivery controller (including the required SQL Server database instance), Citrix StoreFront as the access point, and NetScaler Service. All services are, of course, fail-safe. Complete provisioning of the components is automated through the Citrix Cloud. The provider also installs updates for both Windows and Citrix, which is a prerequisite for operation, because the customer has no administrative access to these components.

Differences

If you compare the main differences between Citrix Essentials and the respective on-premises versions, you quickly realize that the range of functions is very limited. However, this is not necessarily a disadvantage, because often a reduced range of functions is completely sufficient for a specific purpose.

To define the purpose, it is crucial to know that XenApp Essentials only provides published applications, whereas the on-premises installation supports published desktops, as well. XenDesktop Essentials exclusively supports virtual desktops with Windows 10. The on-premises installation of XenDesktop also supports Windows 7.8 and 8.1, as well as virtual desktops with Linux as the operating system. Essentials services are sold exclusively through the Azure Marketplace on a monthly basis and can only be ordered with a valid Azure subscription. Table 1 is an overview of the functional differences.

Going Shopping

To operate Citrix Essentials, you first need an account at Citrix [1]. Please note that no other Citrix Essentials product can have previously been active in this account. If you want to run XenApp Essentials, XenDesktop Essentials, or XenApp/XenDesktop Services together, you need your own Citrix Cloud account. However, apart from the administrative overhead, this is not a problem. That said, if users continue to access desktops and applications through the various URLs, this can cause some confusion.

If the Citrix Cloud account exists, the second step is an Azure subscription; this process is quick, too, just make sure you use the Pay-As-You-Go subscription only for XenApp Essentials, which cannot be ordered from Azure Marketplace without an Enterprise Agreement. If you already have an existing subscription for Azure, you can also use it for Citrix Essentials.

In the Azure Marketplace, you search for Xen and both XenApp Essentials and XenDesktop Essentials are displayed. With one click you can order and set up the desired product. Please note, however, that both products are only offered in packages of 25 users, and you cannot transfer or use existing Citrix licenses.

XenApp Essentials and XenDesktop Essentials each cost $12 per user per month. However, these are only the costs for the administration of the Citrix infrastructure, the corresponding license costs, and the operating costs of the infrastructure. In addition to these costs are the consumption costs for the terminal servers or virtual desktop instances, which are also operated on the Azure platform. By comparison, the user license for XenDesktop Enterprise is $430 plus $105 per year for the Citrix Success Services (CSS) license. Here, too, the costs for hardware, operating system, and operating and management costs are added. Citrix provides a very good cost calculator [2] to help you compare costs for a business case.

The First Resource Group

Citrix provides all necessary infrastructure components in a completely transparent manner (Figure 1). All you need is a resource group that contains your components and the corresponding virtual desktops or terminal servers. When you order Citrix Essentials from Azure Marketplace, you need to create this resource group or select an existing one.

Depending on where you run your virtual workloads, you need to be aware of the Azure location in which you create this resource group (e.g., West/East/North/Central US, West/North Europe, Canada Central/East, Australia East/Southeast, etc.). You then need to link the appropriate Citrix Cloud account so that the resource group can also communicate with the management layer in the Citrix Cloud. Once this step has been completed and the service has been purchased by clicking Create, you can proceed with further configuration.

Within Azure Resource Manager (ARM), first create a virtual network in the previously chosen resource group so that you can support network communication within the resource group. The virtual network needs a name, an IP address range, a location that should match that of the resource group, and, of course, a subnet with an IP address range within the selected virtual network. All virtual servers that you create later will receive an IP address from this subnet via DHCP.

Selecting Network Connections

At this point, you could in principle carry out further configuration in the Citrix Cloud. However, you need to clarify some important questions beforehand. For the connection between the Citrix Cloud and Microsoft Azure, the Citrix Cloud in this resource group creates two virtual machines on which a Citrix Cloud Connector is installed automatically. However, to access existing resources (data, printers, Active Directory) in your data center, you need a network connection.

Here, you have the choice between a site-to-site VPN or the luxury variant, Express Route. Of course, both variants have their advantages and disadvantages: With the VPN, the disadvantage is limited bandwidth, with Express Route, usually the price. A VPN is certainly sufficient for a proof of concept or a limited number of users (e.g., only external employees); in a production environment, only Express Route is advisable. A TechNet article [4] describes how to configure a site-to-site VPN with Citrix NetScaler Cloud Bridge.

Integrating Active Directory

A decision regarding Active Directory is also necessary. Various options include:

1. Extending the internal Active Directory: In principle, this means providing one or more domain controllers (DCs) in the Azure resource group and adding them as full DCs to the internal domain. Please note that these DCs must of course not be read-only, because the Citrix Cloud has to create machine accounts for the virtual desktops or terminal servers on these DCs. Because of security concerns and, of course, replication traffic, this variant is usually not advisable.
2. A new, independent forest: The better variant is to create an independent forest with its own namespace (not a subdomain) in the resource group, where all machine accounts can then be created without a problem. For the authentication of internal users, however, a corresponding trust position to the internal domain is required. This variant is also possible with Active Directory Federation Services (ADFS) instead of with a position of trust.
3. Azure Active Directory Domain Services: With this variant, not to be confused with AD on Azure, by the way, you operate Active Directory exclusively in the cloud, which of course should be used only in Cloud-only infrastructures.

For the first two variants, a connection between the Azure resource group and your local network via VPN or Express Route is mandatory. Therefore, for variants 1 and 2, you also need to provide virtual machines for the required DCs and configure them accordingly. Not much happens on these DCs, so a DS1 v2 or DS2 v2 instance [5] should be fine as a virtual machine. In this context, you will also want to set up a small instance as a file server for the user profiles. It makes sense to place the user profiles as close as possible to the virtual desktops or terminal servers.

For the golden image, you can either create another instance and install the image with Windows 10 or Windows 2016 Server, the required applications, and the corresponding Citrix Virtual Delivery Agent (VDA), or you can use an existing image and upload the virtual hard disk as a Virtual Hard Disk (VHD) file to the resource group from a storage account. It doesn't really matter which method you choose. If you don't want to do all this manually, you can use prefabricated Azure templates [6]. As mentioned before, all instances are assigned an IP address by DHCP. You should not use static IP addresses within the instance; rather, create a DHCP reservation using Azure. Now your infrastructure should look as shown in Figure 2.

Setting Up Citrix Components

Now for the Citrix part: Log in with your previously created Citrix Cloud account, where you should see a XenApp/XenDesktop Essentials service with a Manage button. The information here is self-explanatory: a name for this environment, the selection of the Azure subscription and the previously created resource group, and the information about the domain in which the required machine accounts are to be created (Figure 3).

For the image to be used, you have a choice between an image prepared by Citrix, which essentially contains only the plain vanilla operating system and Chrome and should only be used for test purposes, and two other options. You can choose an existing image, either from an instance you created in the resource group or an already uploaded image. You can select and use this image from a drop-down list. If you do not have either, you can also upload and use a locally available VHD file. The golden image is created as before: Operating system, required applications, and current VDA, which, if not available, can be downloaded from the Citrix Cloud with the download link.

The last two steps are again driven by cost. For example, XenApp Essentials uses DS2 v2 instances because they offer the best value for money. You only need to specify how many user sessions you want to use per server. The number of virtual instances that will later be created by Citrix Cloud in your Azure subscription depends on this. The power scheme, which you must now select, ensures that unused user connections are logged off and unneeded machines are shut down. It is also possible to take into account that certain capacities remain active to allow users to reconnect without having to start up additional machines first.

Now a little patience is required, because it takes one to two hours until all infrastructure components in the Citrix Cloud and the two machines for the Cloud Connector are created in the Azure resource group. In parallel, another resource group is created in which the virtual desktops or terminal servers are located; they will again be generated by Citrix on the basis of the golden image, courtesy of the Machine Creation Service (MCS). In the Citrix Cloud portal, you can then publish applications to XenApp Essentials and assign users or deploy them using the limited version of the Citrix Studio virtual desktop infrastructure (VDI).

Once the installation is complete, the Citrix Cloud portal will provide a link to the StoreFront server. You can now connect to the infrastructure and start applications or desktops. You can use a Citrix Receiver on a mobile device or the Citrix Receiver for HTML5 in the browser.

Conclusions

The current separation between the VDI desktop and applications does not make Citrix Essentials interesting for every company. The respective use case decides: The solution is ideally suited for external employees or individual project teams who need a workstation quickly. Companies that do not yet operate their own Citrix infrastructure can benefit from Citrix Essentials. Note that there is no investment outlay, only operating costs.

Companies with complex applications that require access to many components or many customizations will find fault with the lack of infrastructure management components and the inability to use existing licenses in Citrix Essentials. However, for those who perceive that Citrix Essentials has too many limitations, Citrix provides XenApp and XenDesktop Services.