How to build a Citrix infrastructure in the Amazon cloud. Intro to AWS for Citrix Admins

1. How to build a Citrix
infrastructure in the Amazon
cloud (AWS)
Denis Gundarev, Senior Consultant, Entisys Solutions
May 8, 2014

2. Tweet about this session with
hashtag #SYN514,
#CitrixSynergy and
#GeekSpeak
All links available at
http://bit.ly/CitrixOnAWS

3. About me
Windows PowerShell
Copyright (C) 2014 Microsoft Corporation. All rights reserved.
PS C:UsersDenis> [System.Security.Principal.WindowsIdentity]::GetCurrent()
AuthenticationType : LiveSSP
IsAuthenticated : True
IsGeek : True
IsSystem : False
IsAnonymous : False
Name : ENTISYSDenis
User : S-1-5-21-1126498620-3681631189-227381393-500
Groups : {Bay Area Citrix User Group, Citrix Technology Professional, ...}
Email : DenisG@entisys.com
Twitter : @fdwl

4. XenApp on AWS
http://bit.ly/XA65onAWS

5. Agenda
What should you know about AWS
Use cases and architecture
What Citrix gives you
What you can and can’t do
Q&A

6. What should you know about AWS

7. Global infrastructure
10 Regions
28
Availability
Zones
51 Edge
Locations

8. How to fit more text on a slide?
AWS Services

9. AmazonElasticComputeCloud(EC2)
AmazonCloudWatch
AmazonVirtualPrivateCloud(VPC)
AmazonElasticBlockStore(EBS)
AutoScaling
ElasticLoadBalancing
AmazonRelationalDatabaseService
(RDS)
AWSCloudFormation
AWSDirectConnect
VMImport/Export
AWSStorageGateway
AmazonSimpleStorageService(S3)
AmazonSimpleWorkflowService(SWF)
AmazonElasticMapReduce
AWSSupport
AmazonDynamoDB
AmazonSimpleQueueService(SQS)
AmazonSimpleNotificationService(SNS)
AmazonElastiCache
AWSElasticBeanstalk
AmazonSimpleDB
AmazonCloudSearch
AmazonGlacier
AmazonElasticTranscoder
AmazonRedshift
AWSImport/Export
AWSDataPipeline
HighPerformanceComputing
AWSCloudHSM
AmazonSimpleEmailService(SES)
AmazonWorkSpaces
AWSCloudTrail
AmazonAppStream
AmazonKinesis
AWS Services
AmazonElasticComputeCloud(EC2)
AmazonCloudWatch
AmazonVirtualPrivateCloud(VPC)
AmazonElasticBlockStore(EBS)
AutoScaling
ElasticLoadBalancing
AmazonRelationalDatabaseService
(RDS)
AWSCloudFormation
AWSDirectConnect
VMImport/Export
AWSStorageGateway

10. Compute
•Amazon Elastic Compute Cloud (EC2)
•Auto Scaling
•VM Import/Export
Networking
•Amazon Virtual Private Cloud (VPC)
•Elastic Load Balancing
•AWS Direct Connect
Storage
•Amazon Elastic Block Store (EBS)
•AWS Storage Gateway
Databases •Amazon Relational Database Service (RDS)
Deployment &
Management
•AWS Identity and Access Management (IAM)
•AWS CloudFormation
•Amazon CloudWatch
AWS Services

11.  EC2 Instance = Virtual Machine
 Amazon Machine Image (AMI) = VM Template or Snapshot may be shared or private
 Two types of storage available:
 Elastic Block Store (EBS) Volume = Virtual Disk, support provisioned IOPS, could be snapshotted,
SAN-based
 Instance Store = Local Host storage, SSD option
 EBS vs IS? - http://bit.ly/EBSvsIS
 EBS Story - http://bit.ly/EBSStory
Elastic Compute Cloud (EC2) Basics
Amazon EC2 Amazon EBS

12.  Availability Zone = Amazon Datacenter (http://bit.ly/AWSDataCenters)
 VM Import/Export = Import VMWare vmdk, XenServer/Hyper-V VHD
(http://bit.ly/VMImport)
 Instances may run on dedicated hardware
 EC2 Compute Unit = equivalent CPU capacity of a 1.0-1.2 GHz 2007 Opteron or 2007 Xeon
processor (http://bit.ly/EC2ComputeUnits)
 Instance could retrieve the metadata (http://bit.ly/EC2Metadata)
Elastic Compute Cloud (EC2) Basics
Amazon EC2 Amazon EBS

13. EC2 Config Service

14. 33 EC2 Instance Types
M3 - General
Purpose
•SSD-based
•Sandy Bridge
•1-8 vCPUs
•3.75-30 GB RAM
C3 - Compute
Optimized
•SSD-Based
•SRV-IO
•Support for
clustering
•Ivy Bridge
•2-32 vCPUs
•3.75-60 GB RAM
R3 - Memory
Optimized
•SSD-Based
•2-32 vCPUs
•15-244 GB RAM
G2 – GPU
•NVIDIA GPU
•4GB of video
memory
•8 vCPUs
•15 GB RAM
•SSD-Based
I2 - Storage
Optimized
•800 GB – 6.4 TB
SSD Storage
•4-32 vCPUs
•30-244 GB RAM
•SRV-IO
Special Types
•HS1 – 16 vCPU,
117 GB RAM, 48
TB HDD
•t1.micro - 1 vCPU,
0.613 GB RAM
•m1.small - 1
vCPU, 1,7 GB
RAM
http://bit.ly/EC2Instances

15.  VPC (Virtual Private Cloud) = Logically Isolated
Network
 Subnet = VLAN
 Security Group = Set of Stateful Firewall Rules
 Elastic IP address (EIP) = Static “reusable”
public IP address
Amazon Networking

16.  Elastic network interface (ENI) = “reusable”
NIC with assigned internal IP addresses, EIP,
MAC and Security Group mapping
 NAT is used for public IP mapping
 Dedicated NAT instances
 Network ACL = *stateless* firewall between
subnets
 Virtual private gateway (VPG) = Amazon
side of VPN connection
 Amazon Direct Connect
Amazon Networking

17. CloudWatch
 Basic Monitoring – CPU, Disk, Network at
five-minute frequency – Free
 Detailed Monitoring - Basic + Status Check
at one-minute frequency – for an additional
charge
 EBS Volumes – Read/Write Bytes, IOPS,
Queue, Throughput and Consumed IOPS -
Free
 Custom Metrics - i.e. any perfmon metric,
submitted by a scheduled script
 Alarms
 Graphs/Statistics
 Auto Scaling

18. CloudWatch
import-module AWSPowerShell
Add-PSSnapin Citrix.XenApp.Commands
$dat = New-Object Amazon.CloudWatch.Model.MetricDatum
$dat.Timestamp = (Get-Date).ToUniversalTime()
$dat.MetricName = "Server Load"
$dat.Unit = "Count"
$dat.Value=(Get-XAServerLoad -ServerName $env:COMPUTERNAME).Load
$inst= New-Object Amazon.CloudWatch.Model.Dimension
$inst.Name = "InstanceId"
$inst.Value=(Invoke-WebRequest http://169.254.169.254/latest/meta-data/instance-id).content
$dat.Dimensions = $inst
VWrite-CWMetricData -Namespace "XenApp" -MetricData $dat -AccessKey EYXUYIVKPHQ -SecretKey
9yqSuAuQciCj -Region us-west-2

19.  mon-put-metrics-mem.ps1 —Collects system metrics on an Amazon EC2 Windows
instance (memory, page file utilization) and sends them to Amazon CloudWatch.
 mon-put-metrics-disk.ps1 —Collects system metrics on an Amazon EC2 instance (disk
space utilization) and sends them to Amazon CloudWatch.
 mon-put-metrics-perfmon.ps1 —Collects PerfMon counters on an Amazon EC2 instance
and sends them to Amazon CloudWatch.
 mon-get-instance-stats.ps1—Queries Amazon CloudWatch and displays the most recent
utilization statistics for the EC2 instance on which this script is executed.
http://bit.ly/CWPowerShell
CloudWatch Monitoring Scripts

20. Launch Configuration

21. Auto Scaling Groups

22.  Amazon Relational Database Service (RDS) = Preconfigured VM with Microsoft SQL or
MySQL managed by Amazon
 Amazon Route 53 = DNS Hosting
 Identity and Account Management
Other AWS Services

23. Management

24.  Web-based AWS Console https://console.aws.amazon.com
 ElasticWolf – Windows, Mac, Linux, FireFox http://www.elasticwolf.com/
 AWS Console Mobile App – iOS, Android http://aws.amazon.com/console/mobile/
 CLI, PowerShell, Python, Java
 AWS Management Pack for Microsoft System Center -
https://aws.amazon.com/windows/system-center/
 Hybridfox – FireFox https://code.google.com/p/hybridfox/
Management Consoles

25. Use cases and architecture

26. Customer Web Services
XenApp workers
XenApp workers
SQL
SQL
DC
DC
DC
DCXenApp
Controller
XenApp
Controller
NetScaler/
Access Gateway
NetScaler/
Access Gateway
XenApp workers
XenApp workers
SQL
SQLXenApp
Controller
XenApp
Controller
NetScaler/
Access Gateway
NetScaler/
Access Gateway
User
ZoneBZoneBZoneAZoneA
Example Deployments

27. Administrator
Internet
User
NetScaler01
NetScaler02
EIP
NAT Gateway
PublicSecurityGroup,TCP80,TCP443,IPSEC
DMZ (10.0.1.X)
PrivateSecurityGroup,TCP80,443,1494,2598,3389,53,389
Private subnet (10.0.1.X)
Domain Controllers
SQL
XenApp Controllers
StoreFront
XenApp Workers
Example Deployments

28. Availab
ility
Zone A
Availab
ility
Zone B
Asia/
Singapore
Availab
ility
Zone B
Availab
ility
Zone A
Asia/Tokyo
AWS Firewall AWS Firewall
AWS Firewall AWS Firewall
WebInterface WebInterface WebInterface WebInterface
NetScaler
/Access
Gateway
NetScaler
/Access
Gateway
NetScaler
/Access
Gateway
NetScaler
/Access
Gateway
XenAppXenApp XenApp XenApp
Domain
Controller
Domain
Controller
Domain
Controller
Domain
Controller
XenApp SQL XenApp SQL
SQL Mirroring
Configuration
App
Configuration
App
Configuration
App
Configuration
App
Availab
ility
Zone A
Availab
ility
Zone B
US West
Availab
ility
Zone B
Availab
ility
Zone A
US East
AWS Firewall AWS Firewall
AWS Firewall AWS Firewall
WebInterface WebInterface WebInterface WebInterface
NetScaler
/Access
Gateway
NetScaler
/Access
Gateway
NetScaler
/Access
Gateway
NetScaler
/Access
Gateway
XenAppXenApp XenApp XenApp
Domain
Controller
Domain
Controller
Domain
Controller
Domain
Controller
XenApp SQL XenApp SQL
SQL Mirroring
Configuration
App
Configuration
App
Configuration
App
Configuration
App
Availab
ility
Zone A
Availab
ility
Zone B
EU/Ireland
Availab
ility
Zone B
Availab
ility
Zone A
EU/???
AWS Firewall AWS Firewall
AWS Firewall AWS Firewall
WebInterface WebInterface WebInterface WebInterface
NetScaler
/Access
Gateway
NetScaler
/Access
Gateway
NetScaler
/Access
Gateway
NetScaler
/Access
Gateway
XenAppXenApp XenApp XenApp
Domain
Controller
Domain
Controller
Domain
Controller
Domain
Controller
XenApp SQL XenApp SQL
SQL Mirroring
Configuration
App
Configuration
App
Configuration
App
Configuration
App
Example Deployments

29. Example Deployments

30. • Who are the users and what are our requirementsUser Layer
• How do users gain access to our resourcesAccess Layer
• What resources will we deliverResource Layer
• How will we manage and maintain the solutionControl Layer
• What do I need to make this happenHardware Layer
Citrix’s 5-layer model

31. Citrix’s 5-layer model

32. What Citrix gives you

33. CloudFormation Templates
http://bit.ly/AWSVisualStudio

34. XenDesktop/XenApp 7.5
http://bit.ly/XAXD75onAWS

35. Sizing Documentation
http://bit.ly/XA65onAWSCalculator
http://bit.ly/XAonAWSEconomics

36.  Product Documentation - http://bit.ly/NSonAWS
 Netscaler High Availability Failover does not Occur in AWS Environment
http://bit.ly/NSonAWSHA
 Deployment practices and guidelines for NetScaler on Amazon Web Services
http://bit.ly/NSonAWSGuide
 Don’t be confused, there is CloudBridge VPX (NetScaler) and Citrix Branch Repeater for
CloudBridge (WanScaler)
NetScaler on AWS

37. What you can and can’t do

38. Citrix on AWS
Limitations
 No Capacity management in XA/XD 7.x
 No Client OS
 No Windows Server 2012 R2
 No L2, IPV6 on NetScaler
 Slow HA on NetScaler
 No PVS support
Guidelines
 Use XA6.5 with PCM and EC2 Auto
Scaling for dynamic workloads
 Use Amazon VPN for site-to-site
connections
 Start with basic config
 Size instances properly
 Be careful with VPC planning and
Security Groups

39. Email me – denisg@entisys.com
Connect with me – http://j.mp/gundarev
Get all reference materials - http://bit.ly/CitrixOnAWS
Join BayCUG http://baycug.meetup.com