VMware cloud and partner solutions

Citrix Provisioning supports the following VMware cloud and partner solutions:

• Azure VMware Solution (AVS)
• VMware Cloud on AWS
• Google Cloud Platform VMware Engine

Note:

The VMware cloud and partner solutions are supported from Citrix DaaS (formerly Citrix Virtual Apps and Desktops service) or if you have a Hybrid Rights License.

Azure VMware Solution (AVS) integration

Citrix Provisioning supportsAVS. AVS provides cloud infrastructure containing vSphere clusters created by Azure infrastructure. Leverage Citrix Provisioning to use AVS for provisioning your VDA workload in the same way that you would using vSphere in on-premises enviornments.

Setting up the AVS cluster

To enable Citrix Provisioning to use AVS, do the following steps in Azure:

• Request a host quota
• Register the Microsoft.AVS resource provider
• Network Checklist
• Create an Azure VMware Solution private cloud
• Access an Azure VMware Solution private cloud
• Configure networking for your VMware private cloud in Azure
• Configure DHCP for Azure VMware Solution
• Add a network segment in Azure VMware Solution
• Verify Azure VMware Solution environment

Request host quota for Azure Enterprise Agreement customers

In the Azure portal’sHelp + Supportpage selectNew support request, and include the following information:

• Issue type:Technical
• Subscription:Select your subscription
• Service:All services > Azure VMware Solution
• Resource:General question
• Summary:Need capacity
• Problem type:Capacity Management Issues
• Problem subtype:Customer Request for Additional Host Quota/Capacity

In theDescriptionof the support ticket, incldue the following information in theDetailstab:

• POC or Production
• Region Name
• Number of hosts
• Any other details

Note:

AVS requires a minimum of three hosts, and recommends that you use redundancy of N+1 hosts.

After specifying details for the support ticket, selectReview + Createto submit the request to Azure.

Register the Microsoft.AVS resource provider

After requesting the host quota, register the resource provider:

1. Sign in to the Azure portal.
2. On the Azure portal menu, selectAll services.
3. In theAll servicesmenu, enter the subscription, and selectSubscriptions.
4. Select the subscription from the subscription list.
5. SelectResource providersand enterMicrosoft.AVSin the search bar.
6. If the resource provider is not registered, selectRegister.

Networking considerations

AVS offers networking services requiring specific network address ranges and firewall ports. SeeNetworking planning checklist for Azure VMware Solutionfor more information.

Create an Azure VMware Solution private cloud

After conidering network requirements for your environment, create a ASV private cloud:

1. Sign in to the Azure portal.
2. SelectCreate a new resource.

3. In theSearch the Marketplacetext box type,Azure VMware Solution, and selectAzure VMware Solutionfrom the list.

   

In theAzure VMware Solutionwindow:

1. SelectCreate.
2. Click theBasicstab.
3. Enter values for the fields, using the information in the table below:

Field	Value
Subscription	选择您计划使用的订阅deployment. All resources in an Azure subscription are billed together.
Resource group	Select the resource group for your private cloud. An Azure resource group is a logical container into which Azure resources are deployed and managed. Alternatively, you can create a new resource group for your private cloud.
Location	Select a location, such as east us. This is the region you defined during the planning phase.
Resource name	Provide the name of your Azure VMware Solution private cloud.
SKU	Select AV36.
Hosts	Shows the number of hosts allocated for the private cloud cluster. The default value is 3, which can be raised or lowered after deployment.
Address block	Provide an IP address block for the private cloud. The CIDR represents the private cloud management network and will be used for the cluster management services, such as vCenter Server and NSX-T Manager. Use /22 address space, for example, 10.175.0.0/22. The address should be unique and not overlap with other Azure Virtual Networks as well as with on-premises networks.
Virtual Network	Leave this blank because the Azure VMware Solution ExpressRoute circuit is established as a post-deployment step.

In theCreate a private cloudscreen:

1. In theLocationfield, select the region that has the AVS; the resource group region is the same as the AVS region.
2. In theSKUfield, selectAV36 Node.
3. Specify an IP address in theAddress Blockfield. For example, 10.15.0.0/22.
4. SelectReview + Create.
5. After reviewing the information, clickCreate.

Tip:

Creating a private cloud can take 3-4 hours. Adding a single host to cluster can take 30-45 minutes.

Verify that the deployment was successful. Navigate to the resource group you created and select your private cloud. Once theStatusisSucceededthe deployment is complete.

Access an Azure VMware Solution private cloud

Once you have created a private cloud, create a Windows VM and connect to the local vCenter of your private cloud.

Create a new Windows virtual machine

1. In the resource group, select+ Addthen search and selectMicrosoft Windows 10/2016/2019.
2. ClickCreate.
3. Enter the required information, then selectReview + Create.
4. Once validation passes, selectCreateto start the virtual machine creation process.

Connect to the local vCenter of your private cloud

1. Sign in tovSphere Client with VMware vCenter SSOas a cloud administrator.

   

2. In the Azure portal, select your private cloud, and thenManage> Identity.

The URLs and user credentials for private cloud vCenter and NSX-T Manager appear:

After confirming URLs and user credentials:

1. Navigate to the VM you created in the preceding step and connect to the virtual machine.

2. In the Windows VM, open a browser and navigate to the vCenter and NSX-T Manger URLs in two browser tabs. In the vCenter tab, enter thecloudadmin@vmcp.localuser credentials from the previous step.

Configure networking for your VMware private cloud in Azure

访问一个ASV私有云后,配置不tworking by creating a virtual network and gateway.

Create a virtual network

1. Sign in to the Azure portal.
2. Navigate to the previously created resource group.
3. Select+ Addto define a new resource.
4. In theSearch the Marketplacetext box, typevirtual network. Find the virtual network resource and select it.
5. On theVirtual Networkpage, selectCreateto set up the virtual network for your private cloud.
6. On theCreate Virtual Network页面,输入虚拟网络的细节。
7. On theBasicstab, enter a name for the virtual network, select the appropriate region, and clickNext : IP Addresses.
8. On theIP Addressestab, under IPv4 address space, enter the previously created address.

Important:

Use an address that does not overlap with the address space you used when you created your private cloud.

After entering the address space:

1. Select+ Add subnet.
2. On theAdd subnetpage, give the subnet a name and appropriate address range.
3. ClickAdd.
4. SelectReview + create.
5. Verify the information and clickCreate. Once the deployment is complete, the virtual network appears in the resource group.

Create a virtual network gateway

After creating a virtual network, create a virtual network gateway.

1. In your resource group, select+ Addto add a new resource.
2. In theSearch the Marketplacetext box, typevirtual network gateway. Find the virtual network resource and select it.
3. On theVirtual Network gatewaypage, clickCreate.
4. On theBasicstab in theCreate virtual network gatewaypage, provide values for the fields.
5. ClickReview + create.

After reviewing the virtual network gateway configuration, clickCreateto deploy your virtual network gateway. Once the deployment completes, connect yourExpressRouteconnection to the virtual network gateway containing your Azure AVS private cloud.

Connect ExpressRoute to the virtual network gateway

After deploying a virtual network gateway, add a connection between it and your Azure AVS private cloud:

1. Request an ExpressRoute authorization key.
2. In the Azure portal, navigate to theAzure VMware Solution private cloud. SelectManage> Connectivity > ExpressRouteand then select+ Request an authorization key.

After requesting an authorization key:

1. Enter a name for the key and clickCreate. It may take about 30 seconds to create the key. Once created, the new key appears in the list of authorization keys for the private cloud.
2. Copy theauthorization keyandExpressRoute ID. You’ll need them to complete the peering process. The authorization key disappears after some time, so copy it as soon as it appears.
3. Navigate to thevirtual network gatewayyou plan to use and selectConnections> + Add.
4. On theAdd connectionpage, provide values for the fields, and selectOK.

The connection is established between your ExpressRoute circuit and your virtual network:

Configure DHCP for Azure VMware Solution

After connecting ExpressRoute to the virutal gateway, configure DHCP.

Use NSX-T to host your DHCP server

In NSX-T Manager:

1. SelectNetworking> DHCP, and then selectAdd Server.
2. SelectDHCPfor theServer Type, provide the server name and IP address.
3. ClickSave.
4. SelectTier 1 Gateways, select the vertical ellipsis on the Tier-1 gateway, and then selectEdit.
5. SelectNo IP Allocation Setto add a subnet.
6. SelectDHCP Local Serverfor theType.
7. For theDHCP Server, selectDefault DHCP, and then clickSave.
8. ClickSaveagain and then selectClose Editing.

Add a network segment in Azure VMware Solution

After settnig up DHCP, add a network segment.

To add a network segment, in NSX-T Manager, selectNetworking> Segments, and then clickAdd Segment.

In theSegments profilescreen:

1. Enter anamefor the segment.
2. Select theTier-1 Gateway (TNTxx-T1)as theConnected Gatewayand leave theTypeasFlexible.
3. Select the pre-configured overlayTransport Zone(TNTxx-OVERLAY-TZ).
4. ClickSet Subnets.

In theSubnetssection:

1. Enter the gateway IP address.
2. SelectAdd.

Important:

This segment IP address must belong to the Azure gateway IP address, 10.15.0.0/22.

DHCP range should be belong to segment IP address:

SelectNoto decline the option to continue configuring the segment:

In vCenter, selectNetworking > SDDC-Datacenter:

Verify the Azure AVS environment

1. Setup a direct connection and connector in the Azure resource group:

   

2. Verify the connection with vCenter credentials.

VMware cloud on AWS

VMware在AWS云使您能够迁移虚拟机based on-premises Citrix workloads to AWS Cloud and your core Citrix Virtual Apps and Desktops environment to Citrix DaaS (formerly Citrix Virtual Apps and Desktops service).

Access the VMware cloud environment

1. Log in to VMware cloud services using theURL.
2. ClickVMware Cloud on AWS. The pageSDDCappears.
3. ClickOPEN VCENTER, and then clickSHOW CREDENTIALS. Note the credentials for later use.
4. Open a Web browser, and enter the URL for the vSphere Web Client.
5. Enter the credentials as noted and clickLogin. The vSphere client webpage is similar to the on-premises environment.

For more and updated information on VMware Cloud on AWS, seeVMware Cloud on AWS Documentation.

About VMware cloud environment

There are four views on the vSphere client webpage.

• Host and Cluster view: You cannot create a new Cluster, but the cloud admin can create multiple resource pools.
• VM and Template view: Cloud admin can create many folders.
• Storage View: SelectWorkloadDatastorestorage when you add hosting unit in the Citrix Studio because you have access to only Workload Datastore.
• Network View: The icons are different for VMware cloud networks and opaque networks.

For more and updated information on VMware Cloud on AWS, seeVMware Cloud on AWS Documentation.

Set up Citrix Provisioning environment on VMware Cloud on AWS

1. Set up a domain controller or request for credentials for domain vmconaws.local.

2. Use an existing template, or right-click Cluster and selectNew Virtual Machineto create the following three VMs:

   • Citrix Provisioning Server
   • Database Server
   • Cloud Connector for connecting to Citrix DaaS
3. Create a host connection in Citrix Studio by selecting theVMware vSphereoption, and select onlyWorkloadDatastoreas Storage.

Google Cloud Platform (GCP) VMware Engine

Citrix Provisioning now allows you to migrate VMware based on-premises Citrix workloads to Google Cloud VMware Engine.

This article describes the procedure for configuring the GCP VMware Engine.

Access the VMware Engine portal

1. In theGoogle Cloud Console, click the navigation menu.
2. In theComputesection, clickVMware Engineto open VMware Engine in a new browser tab.

Create first private cloud

Requirements

你必须能够访问谷歌云VMware引擎, available VMware Engine node quota, and an appropriate IAM role. Prepare the following requirements before you continue to create your private cloud:

1. Request API access and node quota. For more information, seeRequesting API access and quota.
2. Note the address ranges you want to use for VMware management appliances and the HCX deployment network. For more information, seeNetworking requirements.
3. Get the VMware Engine Service Admin IAM role.

Create your first private cloud

1. Access the VMware Engine portal.
2. On the VMware Engine Home page, clickCreate a private cloud. The hosting location and hardware node types are listed.
3. Select the number of nodes for the private cloud. At least three nodes are required.
4. Enter a Classless Inter-Domain Routing (CIDR) range for the VMware management network.

5. Enter a CIDR range for the HCX deployment network.

   Important:

   The CIDR range must not overlap with any of your on-premises or cloud subnets. The CIDR range must be /27or higher.

6. SelectReview and create.
7. Review the settings. To change any settings, clickBack.
8. ClickCreateto begin creating the private cloud.

As VMware Engine creates your new private cloud, it deploys several VMware components and sets up initial autoscale policies for clusters in the private cloud. Private cloud creation can take 30 minutes to 2 hours. After the provisioning is complete, you receive an email.

Setup Google Cloud VMware Engine VPN Gateway

To establish an initial connectivity to Google Cloud VMware Engine, you can use a VPN gateway. This is an OpenVPN-based client VPN using which you can connect to your SDDC’s vCenter and do any initial configuration required.

Before deploying VPN gateway, configure theEdge Servicesrange for the region where your SDDC is deployed. To do this:

1. Log on to theGoogle Cloud VMware Engineportal, and go toNetwork > Regional Settings. ClickAdd Region.
2. Choose the region where your SDDC is deployed and enableInternet AccessandPublic IP Service.

3. Supply the Edge Services range noted during planning and clickSubmit. Enabling these services takes 10–15 minutes.

   Once complete, the Edge Services show asEnabledon the Regional Settings page. Enabling these settings allow Public IPs to be allocated to your SDDC, which is a requirement for deploying a VPN gateway.

To deploy a VPN gateway:

1. In theGoogle Cloud VMware Engineportal, go toNetwork > VPN Gateways. ClickCreate New VPN Gateway.
2. Supply the name for the VPN gateway and the client subnet reserved during planning. ClickNext.
3. Select users to grant VPN access. ClickNext.
4. Specify the networks that must be accessible over VPN. ClickNext.
5. A summary screen is displayed. Verify the selections, and clickSubmitto create the VPN Gateway. The VPN Gateways page is displayed with the status of the new VPN gateway asCreating.
6. After the status changes toOperational, click the new VPN gateway.
7. ClickDownload my VPN configuration下载ZIP文件包含预先配置的OpenVPN profiles for the VPN gateway. Profiles for connecting through UDP/1194 and TCP/443 are available. Choose your preference and import it into Open VPN, and then connect.
8. Go toResourcesand select your SDDC.

Connect the VPN

Connect to VPN through Azure machine:

1. Create an Azure machine in Azure portal.
2. Download and install the installerOpenVPN.
3. Open theOpenVPN.
4. Upload the VPN file and connect the VPN.

Create first subnet

Access NSX-T Manager from the VMware Engine portal

The process of creating a subnet happens in NSX-T, which you access through VMware Engine. Do the following to access NSX-T Manager.

1. Log on to theGoogle Cloud VMware Engineportal.
2. From the main navigation, go toResources.
3. Click thePrivate cloud namecorresponding to the private cloud where you want to create the subnet.
4. On the details page of your private cloud, click thevSphere Management Networktab.
5. Click theFQDNcorresponding to the NSX-T Manager.

6. When prompted, enter your sign-in credentials. If you have set up vIDM and connected it to an identity source, such as Active Directory, use your identity source credentials.

   Reminder:

   You can retrieve generated credentials from the private cloud details page.

Set up DHCP service for the subnet

Before you can create a subnet, set up a DHCP service:

In NSX-T Manager:

1. Go toNetworking > DHCP. The networking dashboard shows that the service creates one Tier-0 and one Tier-1 gateway.
2. To begin provisioning a DHCP server, clickAdd Server.
3. SelectDHCPfor theServer Type. Provide the server name and IP address.
4. ClickSaveto create the DHCP service.

Do the following to attach this DHCP service to the relevant Tier-1 gateway. A default Tier-1 gateway is already provisioned by the service:

1. SelectTier 1 Gateways, select the vertical ellipsis on the Tier-1 gateway, and then selectEdit.
2. In theIP Address Managementfield, selectNo IP Allocation Set.
3. SelectDHCP Local Serverfor theType.
4. Select the DHCP server that you created for theDHCP Server.
5. ClickSave.
6. ClickClose Editing.

You can now create a network segment in NSX-T. For more information about DHCP in NSX-T, see theVMware documentation for DHCP.

Create a network segment in NSX-T

For workload VMs, you create subnets as NSX-T network segments for your private cloud:

1. In NSX-T Manager, go toNetworking > Segments.
2. ClickAdd Segment.
3. Enter a name for the segment.
4. Select theTier-1as theConnected Gatewayand leave the Type asFlexible.
5. ClickSet Subnets.
6. ClickAdd Subnets.
7. Enter the subnet range in theGateway IP/Prefix Length. Specify the subnet range with.1as the last octet. For example,10.12.2.1/24.
8. Specify the DHCP Ranges and clickADD.
9. InTransport Zone, selectTZ-OVERLAY | Overlayfrom the drop-down list.
10. ClickSave. You can now select this network segment in vCenter when creating a VM.

In a given region, you can set up at most 100 unique routes from VMware Engine to your VPC network using private services access. This includes, for example, private cloud management IP address ranges, NSX-T workload network segments, and HCX network IP address ranges. This limit includes all private clouds in the region.

Note:

There is a GCP configuration issue because of which you need to configure DHCP range setting several times. Therefore, make sure to configure the DHCP range setting after GCP configuration. ClickEDIT DHCP CONFIGto configure the DHCP ranges.

Set up Citrix Provisioning environment on Google Cloud VMware Engine

1. Install desktop and server VMs. Run Windows updates for both VMs. Turn them into templates.
2. Create the following VMs:
   • Domain controller with DNS. Be sure to use static DNS pointing to this VM to join the newly created domain.
   • Citrix Provisioning Server
   • SQL Server
   • Connector VM
   • BIOS PVS target VM
   • EFI PVS target VM
3. Create a host connection in Citrix Studio:
   1. Launch the Citrix Studio.
   2. Select the hosting node, and clickAdd Connection and Resources.

   3. On theConnectionscreen, selectCreate a new Connection, and the following details:

      

      1. SelectConnection typeasVMware vSphere.
      2. In theConnection address, enter the vCenter private IP address.
      3. Enter the vCenter credentials.
      4. Enter a connection name.
      5. Choose the tool to create virtual machines.
   4. On theNetworkscreen, select the subnet created in NSX-T server.
   5. Click through the screens to complete the wizard.