PoC Guide: Citrix DaaS with Azure Virtual Desktop Hybrid

Overview

Microsoft Azure Virtual Desktops allow enterprises to deliver virtual applications and desktops from Azure. This proof of concept (PoC) guide is designed to help you quickly configure Citrix DaaS with Azure Virtual Desktop for a trial evaluation only, in a hybrid environment. At the end of this PoC guide you will be able to bridge your on-premises Citrix DaaS deployment with a Microsoft Azure subscription using Citrix DaaS. You will be able to let your users launch a Azure Virtual Desktop virtual app or desktop utilizing the new Windows 11 Multi-Session experience, while also accessing on-premises resources.

Conceptual Architecture

Scope

In this PoC guide, you experience the role of a Citrix Cloud and Microsoft Azure administrator and create a hybrid environment that spans your organization’s on-premises deployment and Azure. You provide access to a virtualization environment consisting of the Windows 11 Multi-Session experience in Azure Virtual Desktop (AVD) and on-premises resources to an end user with Citrix DaaS.

This guide showcases how to perform the following actions:

1. Create a new Azure subscription and an Azure Active Directory (AAD) Tenant (if you don’t have one)
2. Connect your on-premises AD to your AAD using Azure AD Connect
3. Create Master Image using Windows 11 Enterprise for Virtual Desktops
4. Create a Citrix Cloud account (if you don’t have one)
5. Request a Citrix DaaS trial
6. Create a Citrix DaaS account (Citrix Cloud account) and add the Azure tenant as a Resource Location
7. Create a Windows Server VM and install the Citrix Cloud Connector in your Azure resource location
8. Prepare the Azure Virtual Desktop template for the session host virtual machines (VMs). Install the Citrix Virtual Delivery Agent on the AVD VM
9. Utilize your Citrix Virtual Apps and Desktops service account (Citrix Cloud account) to connect to your Azure subscription using the Citrix Cloud Connector
10. Use Citrix Machine Creation Services for deploying a catalog and then create a delivery group
11. Create a Windows Server VM and install the Citrix Cloud Connector in on-premises Resource Location and add it as a resource location
12. Utilize your Citrix DaaS account (Citrix Cloud account) to connect to your on-premises resources using the Citrix Cloud Connector
13. Let your users connect to the AVD or on premises sessions via Citrix Workspace

There is a requirement from Microsoft that the AVD session hosts must be joined to a Windows Active Directory (AD) domain that has been synchronized with either Azure AD using Azure AD Connect or with Azure AD Domain Services. This would require you to connect your on-premises Active Directory to your organization’s Azure subscription. This is out-of-scope for this guide but if you are also a Citrix Networking or Citrix SD-WAN customer then you can useSite-to-Site VPNwithCitrix ADC(which requires a public IP) orCitrix SD-WAN. The two preceding options are creating IPsec tunnels between your on-premises environment and the AVD network in Azure.

If you are looking for a solution that does much more than just set-up a link between these two locations, then we suggest considering creating an end to end SDWAN solution. The main advantages this gives you are integrated security, orchestration, and policy based configuration. SDWAN has further benefits:

• Enables direct access to video-on-demand that is rendered from the customer data center
• Provides intelligent traffic steering from the VDA to other on-premises properties
• VoIP and real-time video traffic are navigated from the corporate data center
• Aggregate more than 1 link to give you resiliency and expanded bandwidth by combining the different links

To set up an end to end SDWAN solution you can follow these guides:

Configuring SDWAN to connect to Azure virtual network

Deplopy SDWAN on Azure

Deploy SDWAN on Azure using SDWAN Center

Express routeorPoint-to-Site VPNwhich doesn’t require a public IP are other options to establish the connectivity.

This guide provides detailed instructions on how to deploy and configure your environment including VMs, connecting your AD to Azure AD. As a Citrix and Azure tenant administrator, you create the AVD environment to enable your users to test various scenarios that showcase Citrix DaaS and Azure Virtual Desktop integration.

Create an Azure Subscription and an Azure Active Directory Tenant

If you are an existing Microsoft O365 customer you should already have an Azure Active Directory (AAD) and so you can log in to Azure as the global administrator of the subscription and skip to the next section.

1. Go to the url:Sign into Azureandlogin to Azure

   

2. Enter you information, clickNext

   

3. Verify your identityand thenprovide your credit card detailsfor billing purposes. You may be asked to verify your card details by making a payment of ~ USD 1

   

4. Once you are done you should see this in Azure Portal. If that is the payment method you want to use clickNext. Else change it and then clickNext.

   

5. If you agree, checkI agreecheck box for subscription agreement, offer details and privacy statement. ClickSign Up.

   

6. Alternately you can enroll in an O365 Enterprise E3 trial by going to thislinkand providing your details

   

7. Click+ Create a Resourceand search forAzure Active Directoryand select it

   

8. ClickCreate

   

9. Provide theOrganization nameandInitial domain nameof the AD that you want to create. Select theCountry or Regionand then clickCreate

   

10. Wait for the Azure AD to be created

    

Connect the on premises AD to Azure AD using Azure AD Connect

1. Launch an RDP session to the AD.

   

2. Open a browser and login to Azure as the global administrator of the subscription and Azure AD. ClickAzure Active Directoryand thenAzure AD Connect. ClickDownload Azure AD Connect

   

3. In the browser window that opens clickDownload

   

4. ClickRun

   

5. In the Azure AD connect dialog, clickContinue

   

6. ClickUse Express Settings

   

7. Provide the Azure Active Directory global administratorUsername and Password. ClickNextandlogin againif requested

   

8. Provide the Active Directory enterprise administratorUsername and Password. ClickNext.

   

9. Check theContinue without matching all UPN suffixes to verified domains, clickNext

   

10. ClickInstall

    

11. Once the config is complete, clickExit

    

12. Go back to the Azure Active Directory page in the Azure portal and clickUsers. Validate that the user(s) you created are visible in the list.

    

Create a master image using Windows 11 Enterprise Multi-session

1. Select+or+ Create a resource. Search forMicrosoft Windows 11and select the Microsoft Windows 11 option that shows Windows 11 Enterprise multi-session in the drop-down list.

   

2. Select theWindows 11 Enterprise multi-sessionoption from the drop-down list and then clickCreate

   

3. Select the appropriateSubscriptionand theResource groupcreated for AVD to deploy the machine in. Provide anamefor theMaster Image VM. Choose the sameregion as the AD VM. Enter thecredentials for the administrator account. ClickNext: Disks

   

4. Select theappropriate OS disk typeand加密类型for your deployment. ClickNext: Networking

   

5. Select thevirtual networkthat your other VMs are on and ensure that aPublic IPis being created for the Master Image. Click回顾+创建

   

6. Ensure that theValidation Passedmessage appears andcheck the machine settings. ClickCreateto begin the Master Image VM creation

   

7. Once the VM creation completes, clickGo to resource.

   

8. The VM must have a networking rule to allow incoming RDP traffic on it Public IP. ClickNetworking在e Favorites column. ClickAdd inbound port rule

   

9. Your public IP can be obtained by running a google search forwhatsmyipaddress to make RDP connections to the AD VM. SelectIP Addressas Source, enter thePublic IP Address of the machineyou want to connect from in the Source IP field, set Destination Port ranges to3389, andProtocoltoTCP. Set an appropriatePriority valueand provide aname to the rule.* ClickAdd

   

   *: Leaving port 3389 open remotely long-term can pose a security risk.

10. RDP in to the machine with the admin credentialsyou provided when creating the VM andjoin the VM to the domainandrebootthe machine.

Create a Cloud Connector in your Azure subscription

1. Select+or+ Create a resourcein Azure. SelectWindows Server 2019 Datacenterunder Get Started to create a new Windows Server 2016 machine.

   

2. Select the appropriateSubscriptionand theResource groupcreated for AVD to deploy the machine in. Provide aname for the Cloud connector VM. Choose thesame region as the ADVM. Enter thecredentials for the administrator account. ClickNext: Disks

   

3. Select theappropriate OS disk typeandEncryption Typefor your deployment. ClickNext: Networking

   

4. Select thevirtual networkthat your other VMs are on and ensure that aPublic IPis being created for the Cloud Connector VM. Click回顾+创建

   

5. Ensure that theValidation Passedmessage appears andcheck the machine settings. ClickCreateto begin the Cloud connector VM creation

   

6. Once the VM creation completes, clickGo to Resource

   

7. The VM must have a networking rule to allow incoming RDP traffic on it Public IP. ClickNetworking在e favorites column and then click thename of the network interface

   

8. ClickNetwork Security Groupand then select theNetwork Security Groupof yoyur AVD VM as it already has the port rules to allow access to your machine. ClickSave

   

   *: Leaving port 3389 open remotely long-term can pose a security risk.

9. RDP in to the machine with the admin credentials you provided when creating the VM and join the Cloud Connector VM to the domain and reboot the machine.

Create a Citrix Cloud account

If you are new to Citrix Cloud, please follow the instructions on theCitrix Cloud Sign Uppage.

If you are an existing Citrix Cloud customer continue onto the next section. Ensure that you have an active Citrix Cloud account. If your account has expired you need to contact sales to enable it.

Create a new Resource Location

1. RDP to the Cloud Connector VM and login as the AD admin. Goto the URL:Citrix Cloud.

2. EnterUsername and Password. ClickSign In. (If your account manages more than one customer select the appropriate one)

   

3. Under Resource Locations ClickEdit or Add New

   

4. Click+ Resource Locationand entername of the New Resource Location. ClickSave

   

5. Under the newly created resource location click+ Cloud Connectors

   

6. ClickDownload. ClickRunwhen the download begins

   

7. Citrix Cloud connectivity test successful message should be displayed. ClickSign in and Installto continue. If the test fails, check the following link to resolve the issue -CTX224133

   

8. From the drop-down lists select the appropriateCustomer and Resource Location. ClickInstall

   

9. Once the installation completes, a service connectivity test runs. Let it complete and you should again see a successful result. ClickClose

   

10. Refresh the Resource Location page in Citrix Cloud. Click on云连接ors

    

11. The newly added Cloud Connector is listed. In production environments, ensure to have 2 Cloud Connectors per resource location

    

Request a Citrix DaaS trial

1. Sign in to yourCitrix Cloudaccount

2. From the management console, selectRequest Trialfor the Citrix DaaS Service

Note:

For some services you must reqwuest a demo from a Citrix sales representative before you can try out the service. Requesting a demo allows you to discuss your organization’s cloud service needs with a Citrix sales representative. Also, the sales representative ensures you have all the information needed to use the service successfully. When your trial is approved and ready to use, Citrix will send you an email notification.

Install Virtual Delivery Agent on the AVD host VM

While we wait, we can install the Citrix Virtual Apps and Desktops, Virtual Delivery Agent on the Windows 11 Multiuser VM that we created.

1. Connect to theAVD VM via RDP as the domain admin

   

2. OpenCitrix.comin your browser. Hover overSign inand clickMy Account

   

3. Sign in with yourUsername and Password.

   

4. ClickDownloads.

   

5. From theSelect a Productdrop-down list, selectCitrix Virtual Apps and Desktops

   

6. In the page that opens, select thelatest version of Citrix Virtual Apps and Desktops 7(除非t the .x at the end)

   

7. Scroll down toComponents that are on the product ISO but also packaged separately. Click thechevronto expand the section. ClickDownload Fileunder Server OS Virtual Delivery Agent

   

8. Check“I have read and certify that I comply with the above Export Control Laws” check box, if you agree. ClickAccept. The download should begin.

   

9. Savethe file andRunit when the download completes

   

10. ClickNext在e Environment section to create a master MCS image.

    

11. 在核心组件部分,检查Citrix Workspace app check box if your users would use the session to launch sessions from within it. ClickNext

    

12. In the Additional section choose the components you need and clickNext

    

    NOTE:To see logon information in Citrix Director, select also Citrix User Profile Manager

13. Enter theUPN for the Cloud ConnectorVM and clickTest Connection. Ensure that the test is successful a green tick appears next to the entered UPN. ClickAddand clickNext

    

14. ClickNext在e Feature section andNextagain in the Firewall section.

    

15. ClickInstall在e Summary section

    

16. Once the installation completes, in the Diagnostics section clickConnect. Enter yourCitrix Cloud credentials, clickOK. Once the credentials are validated, clickNext

    

17. ClickFinishand let the VMreboot.

    

Create a hosting connection between Citrix DaaS and Azure

Configure Citrix DaaS to connect to the Azure Subscription that hosts the Azure Virtual Desktop VMs.

1. Once the trial is approved,Log in to Citrix Cloudfrom your local machine. Scroll toMy Services, and locateDaaSservice tile, clickManage

   

2. theFull Configurationpage is displayed

   

3. 在e left navigation menu, clickZonesand verify that theResource Locationand云连接oryou have setup are visible.

   

4. In the left menu under Configuration. ClickHostingand then clickAdd Connection and Resourcesthat host the machines.

   

5. From the drop downs selectCreate New Connection,Microsoft© AzureTMas Connection Type,Azure Globalfor Azure environment and an the Azure zone location setup as a Resources Location. SelectCitrix provisioning tools (Machine Creation Servicesselected. ClickNext

   

6. Paste your Azure Subscription ID在e Subscription ID text box and enter aConnection Name. ClickCreate Newto create a new service principal. Alternately you can manually grant Citrix Cloud Access to the Azure subscription (with more restrictive roles than the default contributor)CTX224110

   

7. Sign into your Azure account when prompted.Ensure that the user is an owner and not an external user在e subscription

   

8. Check theConsent on behalf of your organizationcheck box and clickAcceptif you agree. Once the validation completes Connected is displayed. ClickNext

   

9. Select theappropriate Regionand clickNext

   

10. Enter aName for these resourcesand select the appropriateVirtual networkandSubnetwhere the VMs are to be created. ClickNext. Review the Summary and clickFinish

    

11. You are returned to the Hosting page. Once you are done clickMachine Catalogsto start creating your catalog.

    

Create a Machine Catalog and a Delivery Group

1. ClickCreate Machine Catalog.

   

2. In theMachiune Catalog Setupdialog, clickNext

   

3. EnsureMulti-Session OSis selected. ClickNext

   

4. EnsureMachines that are power managedandCitrix机创建服务are selected and the correct Azure network is shown in the Resources. ClickNext

   

5. Choose the correctdisk that is associated with the AVD VM. From the minimum functional level drop-downselect 1811 (or newer). ClickNext. A pop-up appears to ask for the VM attached to the VHD to be stopped.

   

6. Log in to the Azure portaland UnderVirtual Machines, go to theAVD VMand Click theStopbutton. Ignore the warning about losing the Public IP. Wait forstatus to show Stopped (deallocated). Return to theCitrix Cloud taband clickClose

   

7. LeaveDefaultsand clickNext

   

8. 修改虚拟机的数量if you want and select themachine sizeyou want for your VMs. ClickNext

   

9. ClickNext

   

10. Set thewrite back cache sizeif you want it. ClickNext

    

11. ClickNextand clickClose

    

12. Select theOUin which the VMs should be placed. Enter the computerAccount naming scheme. Ensure the name is fewer than 15 chars long and ends with a #. ClickNext

    

13. ClickEnter Credentials. In the dialog that opens enterusername and passwordof the AD admin. ClickDone. ClickNext

    

14. ClickNext

    

15. ClickNext

    

16. Enter anamefor the machine catalog. ClickFinish

    

17. Wait for the catalog to be created.

    

18. When Machine Catalog creation is finished, from the left side menu clickDelivery GroupsthenCreate Delivery Group.

    

19. Select theWindows 11 Multisession Catalog.Increment the number of machinesto the number of VMS you want to add to the delivery group. ClickNext

    

20. For our example we will select theAllow any authenticated users to use this Delivery Grouporadio button. ClickNext

    

21. If you want to also make apps available from this delivery group click theAdddrop-down list and chooseFrom Start Menu

    

22. From the Add Applications from Start Menu Dialogcheck the boxes next to the appsyou want to make available. Then clickOK

    

23. ClickNext

    

24. In the Desktops section clickAdd. EnterDisplay Namefor the delivery group. EnsureEnable desktopis checked. ClickOK

    

25. ClickNext

    

26. ClickNext

    

27. Select the appropriate许可类型and ClickNext

    

28. Enter aDelivery Group name. ClickFinish

    

29. Once the delivery group is created, your Delivery Group overivew should look like this.

    

If you want to add your on-premises resources to the Workspace follow the below steps.

Create a Cloud Connector in your on-premises data center

1. Add a cloud connector in your on-premises data center. Create a Windows server 2012 R2 or 2016 VM in your on-premises. Repeat the steps in the “Create a new Resource Location” section.

Add on-premises site to the Workspace

1. Follow the steps in theguideto add the on-premises site to Citrix DaaS. Complete till the end of Task 3: Configure connectivity and confirm settings in this page.

Launch the session from Citrix Workspace

1. Open the Workspace URLyou had saved earlier (from Citrix Cloud) to the Citrix Workspace.Log in as one of the domain usersthat you had added to the Delivery Group.

   

2. ClickView all Desktops

   

3. Click on theWindows 11 Multi-session DGdesktop that you created in Azure.

   

4. The session should launch giving you access to the Azure Virtual Desktop

   

Summary

The guide walked you through bringing your Azure hosted Azure Virtual Desktop and on premises resources (using Workspace Configuration) together, so users access them in one place. You learned how to create a hybrid setup to manage both Azure Virtual Desktops based VMs and on premises based resources using Citrix VIrtual Apps and Desktops. The process included creating a network conneciton between the Azure virtual network and your on premises data center. Also you learned how to synchronize your on premises Active Directory with Azure Active Directory with Azure AD connect. We even looked at how to create a Citrix Cloud account, if you didn’t have one and get access to Citrix Virtual Apps and Desktops service, which makes all this work.

To learn more about migrating your on premises Citrix Virtual Apps and Desktops setup to the cloud, read thedeployment guide