1Y0-300 Deploying Citrix XenDesktop 7 Solutions Study Guide Part One
Section 1: Installing required technologies
1.1
Testing Aspect: How
Task Description: Configure Active Directory
In a XenDesktop environment, smart cards are supported within a single forest.
Smart card logons across forests require a direct two-way forest trust to all user accounts.
More complex multi-forest deployments involving smart cards (where trusts are only one-way or are different types) are not supported.
In contrast with Web Interface, StoreFront servers should always be joined to the domain that has a two-way trust with the users’ domain.
To delete a machine catalog in Studio:
Select the Machine Catalogs node and select the machine catalog in the results pane.
Click Delete Machine Catalog.
For Desktop OS and Server OS machine catalogs:
Specify whether to delete the machines hosting users’ desktops or applications.
If the machines are deleted, the following options are available for the removed machines and the associated Active Directory computer accounts:
Leave the machines in the Active Directory
Disable the machines in the Active Directory
Delete the machines from the Active Directory
1.2
Testing Aspect: How
Task Description: Set SQL permissions for service accounts/administrator
The administrator responsible for initial database creation, adding controllers, removing controllers, or applying database schema updates requires:
The dbcreator right
The securityadmin server right
The db_owner database right
When creating a desktop delivery Site, on the Database page, to use a database besides the locally installed SQL Server 2012 Express database:
Enter the database server name.
Enter the database name.
After clicking Next, an alert appears that the services could not connect to a database:
The engineer can indicate that Studio should create the connection to the database.
If the database is locked down and the engineer does not have edit permission, click Generate database script.
This generates two scripts that a database administrator can use to set up the database and optionally, database mirroring.
¨ These scripts must be run before the engineer can finish creating the Site.
1.3
Testing Aspect: Why
Task Description: Configure database fault tolerance
If a XenDesktop Site database fails, users are unable to connect or reconnect to a virtual desktop.
Citrix recommends a regular backup of the database so that it can be quickly restored.
For an enterprise-level, high availability (HA), and disaster recovery solution, which requires XenDesktop Site databases to automatically failover without data loss in response to outages or for administrative purposes:
Configure AlwaysOn Availability Groups on Windows Server Failover Clustering (WSFC) nodes.
AlwaysOn Availability Groups is an enterprise-level high-availability and disaster recovery solution introduced in SQL Server 2012 to enable an engineer to maximize availability for one or more user databases.
AlwaysOn Availability Groups requires that the SQL Server instances reside on WSFC nodes.
1.4
Testing Aspect: How
Task Description: Configure licensing
To change the product edition of XenDesktop:
In Studio configure:
Configuration > Licensing > Edit Product Edition
To download a license from Citrix, in the Studio left pane:
Select the Configuration node and Licensing.
In the Actions pane, select Allocate licenses.
In the text box, type the License Access Code from the email sent from Citrix.
Add licenses is selected when adding licenses from a network.
Edit product edition is selected to change the product edition and licensing model.
Change license server is used to change the license server.
1.5
Testing Aspect: What
Task Description: Determine which components need to be installed
To streamline the installation and management of application delivery to user desktops, use the following together:
Citrix Merchandising Server
Citrix Receiver for Windows
Merchandising Server provides an administrative interface to configure the following on user devices:
Configuring plug-ins
Delivering plug-ins
Upgrading plug-ins
Remote PC Access allows an end user to log on remotely to their physical Windows PC from virtually anywhere.
The Virtual Delivery Agent (VDA) on the office PC:
Enables it to register with the Delivery Controller.
Manages the HDX connection between the machine and end user client devices.
The Citrix Receiver running on the client device provides access to all of the applications and data on the office PC.
In order to use Remote Access PC, when installing the VDA, disable the feature Optimize Performance.
1.6
Testing Aspect: What
Task Description: Understand communication flow/architecture
The Secure Ticket Authority (STA) is responsible for issuing session tickets in response to connection requests for published resources on XenApp and XenDesktop.
The session tickets form the basis of authentication and authorization for access to published resources.
Citrix recommends hosting StoreFront on a dedicated instance of IIS.
Installing other Web applications on the same IIS instance as StoreFront could have security implications for the overall StoreFront infrastructure.
All of the StoreFront servers in a group must reside within the same domain.
In a production environment, Citrix recommends using HTTPS to secure communications between StoreFront and user devices.
StoreFront servers must reside within the same Microsoft Active Directory forest (not domain) as the XenDesktop and XenApp servers hosting users’ resources.
Consider implementing multiple StoreFront servers to ensure high availability if the primary server hosting StoreFront fails.
Configure an external load balancer to fail over between servers to ensure users have uninterrupted access to their applications and desktops.
1.7
Testing Aspect: Why
Task Description: Configure Citrix policies using GPOs (outside of Citrix Studio)
Group Policy Editor must be used to configure some policy settings, including:
Policy settings relating to registering virtual desktops with a controller
Policy settings relating to Microsoft application virtualization (App-V) servers
XenDesktop site GPO can handle most of Citrix policies except App-V related settings.
Group Policy Editor must be used to configure some policy settings including settings relating to registering virtual desktops with a controller.
Policies created using Studio are stored in the site database.
Updates are pushed to the virtual desktop either:
When the virtual desktop registers with the broker
OR
When a user connects to the virtual desktop
1.8
Testing Aspect: What (which factors should be considered)
Task Description: Determine which factors to consider when installing Citrix Delivery Controller
When an engineer is designing a XenDesktop environment and plans to provide high availability (HA) and disaster recovery for a company with datacenters in two locations:
The engineer should create two sites, one in each datacenter.
A XenDesktop site should be in each datacenter to minimize WAN traffic.
The engineer should install a minimum of two delivery controllers in each site.
Having two delivery controllers per datacenter ensures environment availability in case of a delivery controller failure.
The engineer should create a SQL 2012 database in each datacenter and configure database mirroring with the other datacenter.
SQL mirroring is the preferred method for providing database fault tolerance.
NOTE: Oracle database is not supported with XenDesktop 7.
To add, remove, or move a controller, a database engineer can grant a Citrix engineer any of the following:
AlterAnyDatabase and CreateAnyDatabase server permissions
Insert, Delete, and Update user permissions
The sysadmin server role
The dbcreator database server role
The db_owner database user role
The db_datawriter database user role
1.9
Testing Aspect: How
Task Description: Install the virtual delivery agent
To deploy the Remote PC feature for computers in an organization using Active Directory simplifies the installation process.
An engineer should use a startup script to run XenDesktopVDASetup.exe with the appropriate command line options to configure the Active Directory deployment.
When installing a VDA for use with Remote PC Access, specify only the options that are valid on:
Physical machines
Windows Desktop OS VDAs
Not VMs or master images
NOTE: The optimize command line option should NOT be used for Remote PC Access.
When planning to uninstall the Virtual Delivery Agent (VDA) from each machine in an Active Directory (AD) Organizational Unit (OU), using the sample script UninstallVDA.bat from \Support\AdDeploy\ on the XenDesktop installation media:
Make a backup of the original script before customizing it.
Give the script Everyone Read access to the network share where XenDesktopVdaSetup.exe is located.
Customize the script with SET CHECK_VDA_VERSION before assigning the script to the OU in AD where the machines are located.
Specifies the version of the VDA to remove.
When installing VDAs, use SET DESIREDVERSION to set the version of the VDA.
VDA_Install_Process_Log and Kickoff_VDA_Startup_Script are VDA debugging log files in the %temp% folder on each machine.
1.10
Testing Aspect: How
Task Description: Configure a site, including connecting to a server host
When configuring a XenDesktop site, the following three pieces of information are required:
The site name
The database
The Citrix license
A Full Deployment Site:
Allows configuration of network and storage
Must be used to connect to a host
Must be used when using MCS to create VMs
A Basic Site only allows the configuration of:
The Site name
The database
The license
A Remote PC Access Site allows the configuration of:
The Site name
The database
The license
The users
The machines
A Remote PC Access Site can be changed to a Full Deployment Site Later and vice-versa.
1.11
Testing Aspect: How
Task Description: Delegate administrative rights
To generate a Delegated Administration Report for an administrator:
Use Studio > Configuration > Administrators > Create Report.
Enter an administrator name in the Select User or Group window.
Click OK.
Enter a file name.
Choose a folder location.
Click Save.
The report file saves in HTML format.
Open the saved HTML report file to view the detailed delegation report.
To allow different levels of support for OS VMs, create a scope for each group using Studio.
To create a scope:
In Studio, click Configuration > Administrators in the left pane.
Click the Scopes tab in the middle pane.
A list of existing scopes will appear.
In the Actions pane, click Create new Scope.
Type a name and description for the scope.
Select object types or specific objects and click Save.
1.12
Testing Aspect: How
Task Description: Set up Citrix Director
To configure Director to support multiple XenDesktop sites, configure these settings in the IIS Manager console:
Browse to the Director website under the Default website.
Double-click Application Settings.
Double-click a setting to edit it.
If Director is already installed, it must be configured to work with multiple sites.
To do this, use the IIS Manager console on each Director server to update the list of server addresses in the application settings.
To configure permissions for Director:
Log on to Director.
Ensure administrators with permissions for Director are Active Directory domain users and have the following rights:
Read rights in all Active Directory forests to be searched.
Configured Delegated Administrator roles.
To shadow users, administrators must be configured using a Microsoft Group Policy for Windows Remote Assistance.
In addition, when installing VDAs, ensure the Windows Remote Assistance feature is enabled on all user devices.
It is selected by default.
When installing Director on a server, ensure that Windows Remote Assistance is installed
The default choice is to install it.
However, it is disabled on the server by default.
¨ Windows Remote Assistance does not need to be enabled for Director to provide assistance to end users.
¨ Citrix recommends leaving the feature disabled to improve security on the server.
To enable administrators to initiate Windows Remote Assistance:
Grant them the required permissions by using the appropriate Microsoft Group Policy settings for Remote Assistance.
1.13
Testing Aspect: How
Task Description:Create a diskless VM for Provisioning Services
When creating a virtual machine (VM) template for use with Provisioning Services Streamed VM Setup Wizard in order to deploy a Provisioning Services (PVS) streamed vDisk to a number of cloned VMs:
To fulfill requirements such as:
Each VM will have a set number of vCPUs.
Each VM will have a set limit of RAM.
Configure the VM without a hard drive.
Configure with network boot first in the boot order.
The administrator should configure the VM without a hard drive and with network boot first in the boot order to fulfill the requirements of using the VM as a template.
When creating a VM to be used as a template with Provisioning Services Streamed VM Setup Wizard the following are required:
Network/PXE first in the boot order list (as with physical machines).
If using local write cache, an NTFS formatted disk large enough for the cache must exist.
Otherwise, no hard disks are required.
Static MAC addresses are required.
The XenDesktop Setup Wizard provisions diskless VMs if:
The vDisk is in Standard Image mode
The cache is set as cache on the server
If the cache is on server side, Provisioning Services does not automatically boot the provisioned VMs.
The wizard provisions VMs with write cache drives if:
The vDisk is in Standard Image mode
The cache is set as cache on the local hard disk.
To format the write cache drive, the wizard automatically boots the VMs in Standard Image mode with cache on server.
After formatting completes, VMs are automatically shut down and XenDesktop boots the VMs as necessary.
1.14
Testing Aspect: How
Task Description: Install Provisioning Services
If using database mirroring and a MS SQL 2012 database and the primary version becomes unavailable:
PVS supports the mirrored version.
Results in improved overall availability of PVS.
MS SQL Server 2012 AlwaysOn Availability Group requires all servers to be at Enterprise edition.
MS SQL Server 2012 Standard edition supports a maximum of two nodes in the cluster.
To configure a master target device’s BIOS, set the network adapter to On with PXE.
Note: Depending on the system vendor, this setting may appear differently.
Configure the target device to boot from LAN or Network first.
If using a NIC with Managed Boot Agent (MBA) support:
Select the Universal Network Driver Interface, UNDI first.
¨ Note: On some older systems, if the BIOS setup program includes an option that permits enabling or disabling disk-boot sector write protection, ensure that the option is disabled before continuing.
Save changes and exit the BIOS setup program.
Boot the target device from its hard drive over the network to attach the vDisk to the target device.
1.15
Testing Aspect: How
Task Description: Deploy Citrix Receiver
Citrix Receiver for Windows 8/RT can be:
Downloaded from a Windows Store
OR
Deployed via sideload
Note: The sideloaded version does not support automatic updates.
Email-based account discovery does not apply when Receiver is deployed from Receiver for Web.
If email-based account discovery is configured and a first-time user installs Receiver from Citrix.com:
Receiver prompts the user for an email or server address.
If an email address is entered, the error message “Your email cannot be used to add an account” will appear.
Use the following configuration to prompt for the server address only:
Download CitrixReceiver.exe to a local computer.
Rename CitrixReceiver.exe to CitrixReceiverWeb.exe
¨ Important: The name CitrixReceiverWeb.exe is case sensitive.
Deploy the renamed executable using a regular deployment method.
1.16
Testing Aspect: What (Considerations)
Task Description: Determine installation and configuration considerations for StoreFront
To deploy Citrix StoreFront 2.1 in a highly-available configuration on multiple servers:
Ensure that the StoreFront servers are joined to either:
The Microsoft Active Directory domain containing the user accounts
OR
A domain that has a trust relationship with the user accounts domain.
Note: TCP port 808 is used for communication between StoreFront servers and must be accessible from inside the corporate network.
Note: A separate SQL Server database is no longer required with StoreFront 2.1. Users’ application subscription data is stored locally and automatically replicated between StoreFront servers.
When installing and configuring StoreFront, if users are authenticating with smart card:
HTTPS is required
It is recommended to keep communications secure even if smart card is not being used to authenticate.
Unused ports on the internal firewall should not be blocked
A Windows Firewall rule is configured enabling access to the StoreFront executable through a TCP port randomly selected from all unassigned ports.
This port is used for communications between the StoreFront servers in a server group.
Ensure firewalls and other network devices permit access to TCP port 80 or 443, whichever is appropriate for the deployment, from both inside and outside the corporate network.
Note: StoreFront cannot be installed on a domain controller.