Follow the guidance in this article when using the Microsoft Azure Resource Manager to provision virtual machines in your Citrix Virtual Apps or Citrix Virtual Desktops service deployment. Show
We assume you are familiar with the following: Azure on-demand provisioningWith Azure on-demand provisioning, VMs are created only when Citrix Virtual Apps and Desktops initiates a power-on action, after the provisioning completes. When you use MCS to create machine catalogs in the Azure Resource Manager, the Azure on-demand provisioning feature:
When you create an MCS catalog, the Azure portal displays the network security group, network interfaces, base images, and identity disks in the resource groups. The Azure portal does not show a VM until Citrix Virtual Apps and Desktops initiates a power-on action for it. Then, the VM’s status in the Full Configuration interface changes to On. There are two types of machines with the following differences:
Connection to Azure Resource ManagerCreate and manage connections describes the wizards that create a connection. The following information covers details specific to Azure Resource Manager connections. Considerations:
You can establish a host connection to Azure in two ways:
Create a service principal
Before you start, authenticate to Azure. Ensure:
When you authenticate to Azure to create a service principal, an application is registered in Azure. A secret key (client secret) is created for the registered application. The registered application uses the client secret to authenticate to Azure AD. Be sure to change the client secret before it expires. You receive an alert on the console before the secret key expires. See Application secret and secret expiration date. To authenticate to Azure to create a service principal, complete the following steps in the Add Connection and Resources wizard:
Use the details from a previously created service principal to connect to AzureTo create a service principal manually, connect to your Azure Resource Manager subscription and use the PowerShell cmdlets provided in the following sections. Prerequisites:
To create a service principal:
In the Add Connection and Resources wizard:
View the application IDYou can view the application ID in the Full Configuration interface. In the Add Connection and Resources wizard, select the connection to view the details. The Details tab shows the Application ID. View the application secretYou can view the application secret in the Azure portal.
Use the Full Configuration interface to add or modify the expiration date for the application secret in use.
Create a new application secretYou can create a new application secret of a connection through the Azure portal.
Create a machine catalog using an Azure Resource Manager imageThis information is a supplement to the guidance in Create machine catalogs. An image is the template that is used to create the VMs in a machine catalog. Before creating the machine catalog, create an image in Azure Resource Manager. For general information about images, see Create machine catalogs.
In the machine catalog creation wizard:
Complete the wizard. Machine catalogs with Trusted launchTo successfully create a machine catalog with Trusted launch, use:
To view the Citrix DaaS offering inventory items, and to determine whether the VM size supports Trusted launch, run the following command:
As per Azure’s PowerShell, you can use the following command to determine the VM sizes that support Trusted launch: (Get-AzComputeResourceSku | where {$_.Locations.Contains($region) -and ($_.Name -eq "<VM size>") })[0].Capabilities <!--NeedCopy--> Following are examples that describe whether the VM size supports Trusted launch after you run the Azure PowerShell command.
For more information on Trusted launch for Azure virtual machines, see the Microsoft document Trusted launch for Azure virtual machines. Errors while creating machine catalogs with Trusted launchYou get appropriate errors in the following scenarios while creating a machine catalog with trusted launch:
Use machine profile property valuesThe machine catalog uses the following properties that are defined in the custom properties:
If these custom properties are not defined explicitly, then the property values are set from the ARM template spec or VM, whichever is used as the machine profile. In addition, if ServiceOffering is not specified, then it will be set from the machine profile.
The following section describes some scenarios at New-ProvScheme and Set-ProvScheme when CustomProperties either have all the properties defined or values are derived from the MachineProfile.
Use PowerShell to enable Azure VM extensionsAfter you select the ARM template spec, run the following PowerShell commands to work with Azure VM extensions:
Page File LocationIn Azure environments, the page file location is set up when you first create a VM. The format of the page file setting is: page file location [min size] [max size] (the size in MB). For more information, see How to determine the appropriate page file size. During image preparation, when you create the provisioning scheme, MCS determines the page file location based on certain rules. After you create the provisioning scheme, you cannot:
Page file location determinationFeatures like EOS and MCS I/O have their own expected page file location and are exclusive to each other. The following table shows the expected page file location for each feature:
Page file setting scenariosThe following table describes some of the possible scenarios of page file setting during image preparation and provisioning scheme update:
Update page file settingUsing PowerShell commands, you can specify page file settings, including the location and size. This overrides the page file settings determined by MCS. You can do this by running the following New-ProvScheme command during machine catalog creation: New-ProvScheme -CleanOnBoot ` -HostingUnitName "zijinnet" ` -IdentityPoolName "PageFileSettingExample" ` -ProvisioningSchemeName "PageFileSettingExample" ` -InitialBatchSizeHint 1 ` -MasterImageVM "XDHyp:\HostingUnits\zijinnet\image.folder\neal-zijincloud-resources.resourcegroup\CustomWin10VDA_OsDisk_1_9473d7c8a6174b2c8284c7d3efeea88f.manageddisk" ` -NetworkMapping @{"0"="XDHyp:\\HostingUnits\\zijinnet\\virtualprivatecloud.folder\\East US.region\\virtualprivatecloud.folder\\neal-zijincloud-resources.resourcegroup\\neal-zijincloud-resources-vnet.virtualprivatecloud\\default.network"} ` -ServiceOffering "XDHyp:\\HostingUnits\\zijinnet\\serviceoffering.folder\\Standard_B2ms.serviceoffering" ` -CustomProperties '<CustomProperties xmlns=" http://schemas.citrix.com/2014/xd/machinecreation" xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance"> ` <Property xsi:type="StringProperty" Name="PersistOsDisk" Value="false"/> ` <Property xsi:type="StringProperty" Name="PersistVm" Value="false"/> ` <Property xsi:type="StringProperty" Name="PageFileDiskDriveLetterOverride" Value="d"/> ` <Property xsi:type="StringProperty" Name="InitialPageFileSizeInMB" Value="2048"/> ` <Property xsi:type="StringProperty" Name="MaxPageFileSizeInMB" Value="8196"/> ` <Property xsi:type="StringProperty" Name="StorageAccountType" Value="Premium_LRS"/> ` <Property xsi:type="StringProperty" Name="LicenseType" Value="Windows_Client"/> ` </CustomProperties>' <!--NeedCopy--> For information on how to create a catalog using the Remote PowerShell SDK, see Creating a catalog using PowerShell. Constraints:
Azure throttlingAzure Resource Manager throttles requests for subscriptions and tenants, routing traffic based on defined limits, tailored to the specific needs of the provider. See Throttling Resource Manager requests on the Microsoft site for more information. Limits exist for subscriptions and tenants, where managing many machines can become problematic. For example, a subscription containing many machines might experience performance problems related to power operations.
To help mitigate these issues, Citrix DaaS allows you to remove MCS internal throttling to use more of the available request quota from Azure. We recommend the following optimal settings when powering VMs on or off in large subscriptions, for example, those containing 1,000 VMs:
Use the Full Configuration interface to configure Azure operations for a given host connection:
MCS supports 500 maximum concurrent operations by default. Alternatively, you can use the Remote PowerShell SDK to set the maximum number of concurrent operations. Use the PowerShell property, MaximumConcurrentProvisioningOperations, to specify the maximum number of concurrent Azure provisioning operations. When using this property, consider:
Azure resource groupsAzure provisioning resource groups provide a way to provision the VMs that provide applications and desktops to users. You can add existing empty Azure resource groups when you create an MCS machine catalog, or have new resource groups created for you. For information about Azure resource groups, see the Microsoft documentation. Azure Resource Group UsageThere is no limit on the number of virtual machines, managed disks, snapshots, and images per Azure Resource Group. (The limit of 240 VMs per 800 managed disks per Azure Resource Group has been removed.)
Azure ephemeral disksAn Azure ephemeral disk allows you to repurpose the cache disk or temporary disk to store the OS disk for an Azure-enabled virtual machine. This functionality is useful for Azure environments that require a higher performant SSD disk over a standard HDD disk. To use ephemeral disks, you must set the custom property UseEphemeralOsDisk to true when running New-ProvScheme.
The following is an example set of custom properties to use in the provisioning scheme: "CustomProperties": [ { "Name": "UseManagedDisks", "Value": "true" }, { "Name": "StorageType", "Value": "Standard_LRS" }, { "Name": "UseSharedImageGallery", "Value": "true" }, { "Name": "SharedImageGalleryReplicaRatio", "Value": "40" }, { "Name": "SharedImageGalleryReplicaMaximum", "Value": "10" }, { "Name": "LicenseType", "Value": "Windows_Server" }, { "Name": "UseEphemeralOsDisk", "Value": "true" } ], <!--NeedCopy--> How to create machines using ephemeral OS disksEphemeral OS disks are controlled based on the UseEphemeralOsDisk property in the CustomProperties parameter. To provision ephemeral OS disks using New-ProvScheme, consider the following constraints:
Also consider these issues when:
Azure ephemeral disk and Machine Creation Services (MCS) storage optimization (MCS I/O)Azure ephemeral OS disk and MCS I/O cannot be enabled at the same time. The important considerations are as follows:
Citrix DaaS supports customer-managed encryption keys for Azure managed disks through Azure Key Vault. With this support you can manage your organizational and compliance requirements by encrypting the managed disks of your machine catalog using your own encryption key. For more information, see Server-side encryption of Azure Disk Storage. When using this feature for managed disks:
Consider the following when using this feature:
Azure Customer-managed encryption keyWhen creating a machine catalog, you can choose whether to encrypt data on the machines provisioned in the catalog. Server-side encryption with a customer-managed encryption key lets you manage encryption at a managed disk level and protect data on the machines in the catalog. A Disk Encryption Set (DES) represents a customer-managed key. To use this feature, you must first create your DES in Azure. A DES is in the following format:
Select a DES from the list. The DES you select must be in the same subscription and region as your resources. If your image is encrypted with a DES, use the same DES when creating the machine catalog. You cannot change the DES after you create the catalog. If you create a catalog with an encryption key and later disable the corresponding DES in Azure, you can no longer power on the machines in the catalog or add machines to it. Azure dedicated hostsYou can use MCS to provision VMs on Azure dedicated hosts. Before provisioning VMs on Azure dedicated hosts:
You can create a catalog of machines with host tenancy defined through the following PowerShell script: New-ProvScheme <otherParameters> -CustomProperties '<CustomProperties xmlns="http://schemas.citrix.com/2014/xd/machinecreation" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Property xsi:type="StringProperty" Name="HostGroupId" Value="myResourceGroup/myHostGroup" /> ...other Custom Properties... </CustomProperties> <!--NeedCopy--> When using MCS to provision virtual machines on Azure dedicated hosts, consider:
Use Azure Shared Image Gallery as a published image repository for MCS provisioned machines in Azure. You can store a published image in the gallery to accelerate the creation and hydration of OS disks, improving start and application launch times for non-persistent VMs. Shared image gallery contains the following three elements:
For more information, see Azure shared image gallery overview. Use the New-ProvScheme command to create a provisioning scheme with Shared Image Gallery support. Use the Set-ProvScheme command to enable or disable this feature for a provisioning scheme and to change the replica ratio and replica maximum values. Three custom properties were added to provisioning schemes to support the Shared Image Gallery feature: UseSharedImageGallery
SharedImageGalleryReplicaRatio
SharedImageGalleryReplicaMaximum
The existing machine catalog uses Shared Image Gallery. Use the Set-ProvScheme command to update the custom properties for all existing machines in the catalog and any future machines: Set-ProvScheme -ProvisioningSchemeName catalog-name -CustomProperties '<CustomProperties xmlns="http://schemas.citrix.com/2014/xd/machinecreation" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Property xsi:type="StringProperty" Name="StorageType" Value="Standard_LRS"/> <Property xsi:type="StringProperty" Name="UseManagedDisks" Value="True"/> <Property xsi:type="StringProperty" Name="UseSharedImageGallery" Value="True"/> <Property xsi:type="IntProperty" Name="SharedImageGalleryReplicaRatio" Value="30"/> <Property xsi:type="IntProperty" Name="SharedImageGalleryReplicaMaximum" Value="20"/></CustomProperties>' <!--NeedCopy--> For this use case:
For example: Set-ProvScheme -ProvisioningSchemeName catalog-name -CustomProperties '<CustomProperties xmlns="http://schemas.citrix.com/2014/xd/machinecreation" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Property xsi:type="StringProperty" Name="StorageType" Value="Standard_LRS"/> <Property xsi:type="StringProperty" Name="UseManagedDisks" Value="True"/> <Property xsi:type="StringProperty" Name="UseSharedImageGallery" Value="True"/> <Property xsi:type="IntProperty" Name="SharedImageGalleryReplicaRatio" Value="30"/> <Property xsi:type="IntProperty" Name="SharedImageGalleryReplicaMaximum" Value="20"/></CustomProperties>' <!--NeedCopy-->
For this use case:
For example: Set-ProvScheme -ProvisioningSchemeName catalog-name -CustomProperties '<CustomProperties xmlns="http://schemas.citrix.com/2014/xd/machinecreation" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Property xsi:type="StringProperty" Name="StorageType" Value="Standard_LRS"/> <Property xsi:type="StringProperty" Name="UseManagedDisks" Value="True"/> <Property xsi:type="StringProperty" Name="UseSharedImageGallery" Value="False"/></CustomProperties>' <!--NeedCopy-->
Image sharing with another service principal in the same tenantTo select an image in Azure Compute Gallery that belongs to a different subscription, the image must be shared with the service principal (SPN) of that subscription. For example, if there is a service principal (SPN 1), which is configured in Studio as: Service principal: SPN 1 Subscription: subscription 1 Tenant: tenant 1 The image is in different subscription, which is configured in Studio as: Subscription: subscription 2 Tenant: tenant 1 If you want to share the image in subscription 2 with subscription 1 (SPN 1), go to subscription 2, and share the resource group with SPN1. The image must be shared with another SPN using Azure role-based access control (RBAC). Azure RBAC is the authorization system used to manage access to Azure resources. For more information on Azure RBAC, see the Microsoft document What is Azure role-based access control (Azure RBAC). To grant access, you assign roles to service principals at resource group scope with Contributor role. To assign Azure roles, you must have Microsoft.Authorization/roleAssignments/write permission, such as User Access Administrator or Owner. For more information on sharing images with another SPN, see the Microsoft document Assign Azure roles using the Azure portal. You can select an image in Azure Compute Gallery that belongs to a different shared subscription in the same Azure tenant to create and update MCS catalogs using PowerShell commands.
Provision machines into specified Availability ZonesYou can provision machines into specific Availability Zones in Azure environments. You can achieve that using the Full Configuration interface or PowerShell.
Configuring Availability Zones in the Full Configuration interfaceWhen creating a machine catalog, you can specify Availability Zones into which you want to provision machines. On the Virtual Machines page, select one or more Availability Zones where you want to create machines. There are two reasons that no Availability Zones are available: The region has no Availability Zones or the selected machine size is unavailable. Configuring Availability Zones through PowerShellUsing PowerShell, you can view the Citrix DaaS offering inventory items by using Get-Item. For example, to view the Eastern US region Standard_B1ls service offering: $serviceOffering = Get-Item -path "XDHyp:\Connections\my-connection-name\East US.region\serviceoffering.folder\Standard_B1ls.serviceoffering" <!--NeedCopy--> To view the zones, use the AdditionalData parameter for the item: $serviceOffering.AdditionalData If Availability Zones are not specified, there is no change in how machines are provisioned. To configure Availability Zones through PowerShell, use the Zones custom property available with the New-ProvScheme operation. The Zones property defines a list of Availability Zones to provision machines into. Those zones can include one or more Availability Zones. For example, <Property xsi:type="StringProperty" Name="Zones" Value="1, 3"/> for Zones 1 and 3. Use the Set-ProvScheme command to update the zones for a provisioning scheme. If an invalid zone is provided, the provisioning scheme is not updated, and an error message appears providing instructions on how to fix the invalid command.
Using host groups and Azure availability zones at the same timeThere is a pre-flight check to assess whether the creation of a machine catalog will be successful based on the availability zone specified in the custom property and the host group’s zone. Catalog creation fails if the availability zone custom property does not match the host group’s zone. For information on configuring availability zones through PowerShell, see Configuring Availability Zones through PowerShell. For information on Azure dedicated hosts, see Azure dedicated hosts. The following table describes the various combinations of availability zone and host group zone and which ones result in successful or failed creation of a machine catalog.
Azure ephemeral diskAzure ephemeral disks allow you to repurpose the cache or temporary disk to store the OS disk for an Azure-enabled virtual machine. This functionality is useful for Azure environments that require a higher performant SSD disk over a standard HDD disk.
Ephemeral OS disks require that your provisioning scheme use managed disks and a Shared Image Gallery. For more information, see Azure shared image gallery. Using PowerShell to configure an ephemeral diskTo configure an Azure ephemeral OS disk for a catalog, use the UseEphemeralOsDisk parameter in Set-ProvScheme. Set the value of the UseEphemeralOsDisk parameter to true.
For example: Set-ProvScheme -ProvisioningSchemeName catalog-name -CustomProperties <CustomProperties xmlns="http://schemas.citrix.com/2014/xd/machinecreation" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Property xsi:type="StringProperty" Name="UseManagedDisks" Value="true" /> <Property xsi:type="StringProperty" Name="UseSharedImageGallery" Value="true" /> <Property xsi:type="StringProperty" Name="UseEphemeralOsDisk" Value="true" /> </CustomProperties>' <!--NeedCopy--> Storing an ephemeral OS temporary diskYou have the option of storing an ephemeral OS disk on the VM temp disk or a resource disk. This functionality enables you to use an ephemeral OS disk with a VM that either doesn’t have a cache, or has insufficient cache. Such VMs have a temp or resource disk to store an ephemeral OS disk, such as Ddv4. Consider the following:
Preserving a provisioned virtual machine when power cyclingChoose whether to preserve a provisioned virtual machine when power cycling. Use the PowerShell parameter New-ProvScheme CustomProperties. This parameter supports an extra property, PersistVm, used to determine if a provisioned virtual machine persists when power cycled. Set the PersistVm property to true to persist a virtual machine when powered off, or set the property to false to ensure that the virtual machine is not preserved when powered off.
In the following example, the New-ProvScheme CustomProperties parameter sets the PersistVmproperty to true: <CustomProperties xmlns="http://schemas.citrix.com/2014/xd/machinecreation" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Property xsi:type="StringProperty" Name="UseManagedDisks" Value="true" /> <Property xsi:type="StringProperty" Name="StorageType" Value="Standard_LRS" /> <Property xsi:type="StringProperty" Name="PersistWBC" Value="false" /> <Property xsi:type="StringProperty" Name="PersistOsDisk" Value="true" /> <Property xsi:type="StringProperty" Name="PersistVm" Value="true" /> <Property xsi:type="StringProperty" Name="ResourceGroups" Value="demo-resourcegroup" /> <Property xsi:type="StringProperty" Name="LicenseType" Value="Windows_Client" /> </CustomProperties> <!--NeedCopy--> In the following example, the New-ProvScheme CustomProperties parameter preserves write back cache by setting PersistVM to true: New-ProvScheme -AzureAdJoinType "None" -CleanOnBoot -CustomProperties "<CustomProperties xmlns=`"http://schemas.citrix.com/2014/xd/machinecreation`" xmlns:xsi=`"http://www.w3.org/2001/XMLSchema-instance`"><Property xsi:type=`"StringProperty`" Name=`"UseManagedDisks`" Value=`"true`" /><Property xsi:type=`"StringProperty`" Name=`"StorageType`" Value=`"Standard_LRS`" /><Property xsi:type=`"StringProperty`" Name=`"PersistWBC`" Value=`"false`" /><Property xsi:type=`"StringProperty`" Name=`"PersistOsDisk`" Value=`"true`" /><Property xsi:type=`"StringProperty`" Name=`"PersistVm`" Value=`"true`" /><Property xsi:type=`"StringProperty`" Name=`"ResourceGroups`" Value=`"demo-resourcegroup`" /><Property xsi:type=`"StringProperty`" Name=`"LicenseType`" Value=`"Windows_Client`" /></CustomProperties>" -HostingUnitName "demo" -IdentityPoolName "NonPersistent-MCSIO-PersistVM" -MasterImageVM "XDHyp:\HostingUnits\demo\image.folder\scale-test.resourcegroup\demo-snapshot.snapshot" -NetworkMapping @ {"0"="XDHyp:\HostingUnits\demo\\virtualprivatecloud.folder\East US.region\virtualprivatecloud.folder\ji-test.resourcegroup\jitest-vnet.virtualprivatecloud\default.network"} -ProvisioningSchemeName "NonPersistent-MCSIO-PersistVM" -ServiceOffering "XDHyp:\HostingUnits\demo\serviceoffering.folder\Standard_B2ms.serviceoffering" -UseWriteBackCache -WriteBackCacheDiskSize 127 -WriteBackCacheMemorySize 256 <!--NeedCopy-->
Storage typesSelect different storage types for virtual machines in Azure environments that use MCS. For target VMs, MCS supports:
When using these storage types, consider the following:
If WBCDiskStorageType is not configured, then StorageType is used as the default for WBCDiskStorageType Configuring storage typesTo configure storage types for VM, use the StorageType parameter in New-ProvScheme. Set the value of the StorageType parameter to one of the supported storage types. The following is an example set of the CustomProperties parameter in a provisioning scheme: Set-ProvScheme -ProvisioningSchemeName catalog-name -CustomProperties '<CustomProperties xmlns="http://schemas.citrix.com/2014/xd/machinecreation" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Property xsi:type="StringProperty" Name="UseManagedDisks" Value="true" /> <Property xsi:type="StringProperty" Name="StorageType" Value="Premium_LRS" /> <Property xsi:type="StringProperty" Name="LicenseType" Value="Windows_Client" /> </CustomProperties>' <!--NeedCopy--> Change the storage type to a lower tier when a VM is shut downYou can save storage costs by switching the storage type of a managed disk to a lower tier when you shut down a VM. To do this, use the StorageTypeAtShutdown custom property. The storage type of the disk changes to a lower tier (as specified in the StorageTypeAtShutdown custom property) when you shut down the VM. After you power on the VM, the storage type changes back to the original (as specified in StorageType custom property or WBCDiskStorageType custom property).
Requirements:
To change the storage type to a lower tier:
To apply StorageTypeAtShutdown to an existing catalog: Use Set-ProvScheme to add a VM to an existing catalog. The feature applies to new VMs added after running Set-ProvScheme. The existing machines are not affected. Example of setting custom properties while adding a VM to an existing catalog: $customProperties='<CustomProperties xmlns="http://schemas.citrix.com/2014/xd/machinecreation" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Property xsi:type="StringProperty" Name="UseManagedDisks" Value="true" /> <Property xsi:type="StringProperty" Name="StorageType" Value="Premium_LRS" /> <Property xsi:type="StringProperty" Name="WbcDiskStorageType" Value="Standard_SSD_LRS" /> <Property xsi:type="StringProperty" Name="ResourceGroups" Value="" /> <Property xsi:type="StringProperty" Name="LicenseType" Value="Windows_Client" /> <Property xsi:type="StringProperty" Name="SchemaVersion" Value="2" /> <Property xsi:type="StringProperty" Name="OsType" Value="Windows" /> <Property xsi:type="BooleanProperty" Name="persistWBC" Value=true /> <Property xsi:type="BooleanProperty" Name="persistOsDisk" Value=true /> <Property xsi:type="StringProperty" Name="StorageTypeAtShutdown" Value="Standard_LRS" /> </CustomProperties>’ $ProvScheme = Get-Provscheme -ProvisioningSchemeName $CatalogName Set-ProvScheme -ProvisioningSchemeName $ProvScheme.ProvisioningSchemeName -CustomProperties $customProperties <!--NeedCopy--> The Set-ProvScheme command changes the provisioning scheme. However, it does not affect existing machines. Using the PowerShell command Request-ProvVMUpdate, you can apply the current provisioning scheme to an existing persistent or non-persistent machine or set of machines. Currently, in Azure, you can update ServiceOffering, MachineProfile and the following custom properties:
You can update:
After you make the following changes to the provisioning scheme, VM instance gets recreated for persistent catalogs in Azure:
To update the existing VMs:
You can display information for an Azure VM, including OS disk and type, snapshot and gallery image definition. This information is displayed for resources on the master image when a machine catalog is assigned. Use this functionality to view and select either a Linux or Windows image. A PowerShell property, TemplateIsWindowsTemplate, was added to the AdditionDatafield parameter. This field contains Azure-specific information: VM type, OS disk, gallery image information, and OS type information. Setting TemplateIsWindowsTemplate to True indicates that the OS type is Windows; setting TemplateIsWindowsTemplate to False indicates that the OS type is Linux.
For example, set the Azure VM AdditionData parameter to True for Windows OS type using PowerShell: PS C:\Users\username> (get-item XDHyp:\HostingUnits\mynetwork\image.folder\username-dev-testing-rg.resourcegroup\username-dev-tsvda.vm).AdditionalData Key Value ServiceOfferingDescription Standard_B2ms HardDiskSizeGB 127 ResourceGroupName FENGHUAJ-DEV-TESTING-RG ServiceOfferingMemory 8192 ServiceOfferingCores 2 TemplateIsWindowsTemplate True ServiceOfferingWithTemporaryDiskSizeInMb 16384 SupportedMachineGenerations Gen1,Gen2 <!--NeedCopy--> You can display region name information for an Azure VM, managed disks, snapshots, Azure VHD, and ARM templates. This information is displayed for the resources on the master image when a machine catalog is assigned. A PowerShell property called RegionName displays the region name information when you run the PowerShell command with the AdditionalData parameter. For example, use the following PowerShell command to get a VM information in Azure. PS C:\Windows\system32> (get-item XDHyp:\HostingUnits\myAzureNetwork\image.folder\hu-dev-testing-rg.resourcegroup\hu-dev-tsvda.vm).AdditionalData Key Value HardDiskSizeGB 127 ResourceGroupName HU-DEV-TESTING-RG RegionName East US TemplateIsWindowsTemplate True LicenseType ServiceOfferingDescription Standard_B2ms ServiceOfferingMemory 8192 ServiceOfferingCores 2 SupportedMachineGenerations Gen1,Gen2 ServiceOfferingWithTemporaryDiskSizeInMb 16384 SecurityType SecureBootEnabled VTpmEnabled <!--NeedCopy--> Azure MarketplaceCitrix DaaS supports using a master image on Azure that contains plan information to create a machine catalog. For more information, see Microsoft Azure Marketplace.
Use the procedure in this section to view Shared Image Gallery images in Citrix Studio. These images can optionally be used for a master image. To put the image into a Shared Image Gallery, create an image definition in a gallery. In the Publishing options page, verify the purchase plan information. The purchase plan information fields are initially empty. Populate those fields with the purchase plan information used for the image. Failure to populate purchase plan information can cause the machine catalog process to fail. After verifying the purchase plan information, create an image version within the definition. This is used as the master image. Click Add version: In the Version details section, select the image snapshot or managed disk as the source: About Azure permissionsThis section contains the minimum and general permissions required for Azure. Minimum permissionsMinimum permissions give better security control. However, new features that require additional permissions will fail because of using only minimum permissions. Creating a host connectionAdd a new host connection using the information obtained from Azure. "Microsoft.Network/virtualNetworks/read", "Microsoft.Compute/virtualMachines/read", "Microsoft.Compute/disks/read", <!--NeedCopy--> Power management of VMsPower on or off the machine instances. "Microsoft.Compute/virtualMachines/read", "Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Compute/virtualMachines/deallocate/action", "Microsoft.Compute/virtualMachines/start/action", "Microsoft.Compute/virtualMachines/restart/action", <!--NeedCopy--> Creating, updating, or deleting VMsCreate a machine catalog, then add, delete, update machines, and delete the machine catalog. Following is the list of minimum permissions required when the master image is managed disk or snapshots are located in the same region as the hosting connection. "Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Resources/deployments/validate/action", "Microsoft.Compute/virtualMachines/read", "Microsoft.Compute/virtualMachines/write", "Microsoft.Compute/virtualMachines/delete", "Microsoft.Compute/virtualMachines/deallocate/action", "Microsoft.Compute/snapshots/read", "Microsoft.Compute/snapshots/write", "Microsoft.Compute/snapshots/delete", "Microsoft.Compute/snapshots/beginGetAccess/action", "Microsoft.Compute/snapshots/endGetAccess/action", "Microsoft.Compute/disks/read", "Microsoft.Compute/disks/write", "Microsoft.Compute/disks/delete", "Microsoft.Compute/disks/beginGetAccess/action", "Microsoft.Compute/disks/endGetAccess/action", "Microsoft.Network/virtualNetworks/read", "Microsoft.Network/virtualNetworks/subnets/join/action", "Microsoft.Network/virtualNetworks/subnets/read", "Microsoft.Network/networkSecurityGroups/read", "Microsoft.Network/networkSecurityGroups/write", "Microsoft.Network/networkSecurityGroups/delete", "Microsoft.Network/networkSecurityGroups/join/action", "Microsoft.Network/networkInterfaces/read", "Microsoft.Network/networkInterfaces/write", "Microsoft.Network/networkInterfaces/delete", "Microsoft.Network/networkInterfaces/join/action", <!--NeedCopy--> You need the following extra permissions based on minimal permissions for the following features:
Creating, updating, and deleting machines with unmanaged diskFollowing is the list of minimum permissions required when the master image is VHD and use resource group as provided by admin: "Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Storage/storageAccounts/delete", "Microsoft.Storage/storageAccounts/listKeys/action", "Microsoft.Storage/storageAccounts/read", "Microsoft.Storage/storageAccounts/write", "Microsoft.Compute/virtualMachines/deallocate/action", "Microsoft.Compute/virtualMachines/delete", "Microsoft.Compute/virtualMachines/read", "Microsoft.Compute/virtualMachines/write", "Microsoft.Resources/deployments/validate/action", "Microsoft.Network/networkInterfaces/delete", "Microsoft.Network/networkInterfaces/join/action", "Microsoft.Network/networkInterfaces/read", "Microsoft.Network/networkInterfaces/write", "Microsoft.Network/networkSecurityGroups/delete", "Microsoft.Network/networkSecurityGroups/join/action", "Microsoft.Network/networkSecurityGroups/read", "Microsoft.Network/networkSecurityGroups/write", "Microsoft.Network/virtualNetworks/subnets/read", "Microsoft.Network/virtualNetworks/read", "Microsoft.Network/virtualNetworks/subnets/join/action" <!--NeedCopy--> General permissionContributor role has full access to manage all resources. This set of permissions does not block you from getting new features. The following set of permissions provides the best compatibility going forward although it does include more permissions than needed with the current feature set: "Microsoft.Compute/diskEncryptionSets/read", "Microsoft.Compute/disks/beginGetAccess/action", "Microsoft.Compute/disks/delete", "Microsoft.Compute/disks/endGetAccess/action", "Microsoft.Compute/disks/read", "Microsoft.Compute/disks/write", "Microsoft.Compute/galleries/delete", "Microsoft.Compute/galleries/images/delete", "Microsoft.Compute/galleries/images/read", "Microsoft.Compute/galleries/images/versions/delete", "Microsoft.Compute/galleries/images/versions/read", "Microsoft.Compute/galleries/images/versions/write", "Microsoft.Compute/galleries/images/write", "Microsoft.Compute/galleries/read", "Microsoft.Compute/galleries/write", "Microsoft.Compute/hostGroups/hosts/read", "Microsoft.Compute/hostGroups/read", "Microsoft.Compute/hostGroups/write", "Microsoft.Compute/snapshots/beginGetAccess/action", "Microsoft.Compute/snapshots/delete", "Microsoft.Compute/snapshots/endGetAccess/action", "Microsoft.Compute/snapshots/read", "Microsoft.Compute/snapshots/write", "Microsoft.Compute/virtualMachines/deallocate/action", "Microsoft.Compute/virtualMachines/delete", "Microsoft.Compute/virtualMachines/read", "Microsoft.Compute/virtualMachines/restart/action", "Microsoft.Compute/virtualMachines/start/action", "Microsoft.Compute/virtualMachines/write", "Microsoft.Network/networkInterfaces/delete", "Microsoft.Network/networkInterfaces/join/action", "Microsoft.Network/networkInterfaces/read", "Microsoft.Network/networkInterfaces/write", "Microsoft.Network/networkSecurityGroups/delete", "Microsoft.Network/networkSecurityGroups/join/action", "Microsoft.Network/networkSecurityGroups/read", "Microsoft.Network/networkSecurityGroups/write", "Microsoft.Network/virtualNetworks/subnets/read", "Microsoft.Network/virtualNetworks/read", "Microsoft.Network/virtualNetworks/subnets/join/action", "Microsoft.Resources/deployments/operationstatuses/read", "Microsoft.Resources/deployments/read", "Microsoft.Resources/deployments/validate/action", "Microsoft.Resources/deployments/write", "Microsoft.Resources/deployments/delete", "Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Resources/subscriptions/resourceGroups/write", "Microsoft.Resources/subscriptions/resourceGroups/delete", "Microsoft.Storage/storageAccounts/delete", "Microsoft.Storage/storageAccounts/listKeys/action", "Microsoft.Storage/storageAccounts/read", "Microsoft.Storage/storageAccounts/write", "Microsoft.Resources/templateSpecs/read", "Microsoft.Resources/templateSpecs/versions/read", <!--NeedCopy--> |