Citrix, Cisco and EMC Teamwork Delivers a Cisco Validated Design to Accelerate DaaS Deployment for Service Providers

Deploying and scaling a business-ready Desktops-as-a-Service (DaaS) environment can become time-consuming and complex, particularly across multiple datacenters and clouds. Citrix and Cisco understand that management scale and simplicity is critical to the service provider business model, and have teamed to develop a new DaaS solution architecture as a Cisco Validated Design (CVD) titled “Desktop-as-a-Service for Service Provider 2000-Seat Virtual Desktop Infrastructure”. The complete CVD for Citrix Service Providers is available here. It gives service providers an excellent starting point for implementing a comprehensive DaaS solution. This blog summarizes the solution architecture, its components, and the testing performed to provision tenants and subscribers.

To validate the architecture, engineers built out a test environment to support 10 tenants and 2000 mixed workload users, conducting performance tests and documenting the solution.

Historically, service providers had to manage multiple tenant locations and datacenters independently, performing hosted app and desktop provisioning on a per-location basis. Of course there were some alternatives in the market that made it easier to associate a tenant’s desktop VMs with a particular vLAN, but those solutions continue to lack a vast majority of the functionality customers require in order to manage the day to day, and relatively complex challenges of end user expectations and experience. Let’s just say, until very recently it really wasn’t possible for administrators to see the big picture of all managed tenant environments. Configuring services and onboarding subscribers was time-consuming. From a business perspective, adding new tenants and subscribers meant that the service provider often had to either add more staff to handle the additional management tasks, which impacted profitability, or offload those tasks to the tenants themselves which then leads the tenant to question “why is this different than the basic IaaS I am already using?”

Feature-rich DaaS across Multiple Tenants, Locations, AD Domains and Isolation Models

Now, with the capabilities introduced by Citrix App Orchestration and Citrix CloudPortal Services Manager, it’s possible to provide feature-rich DaaS capabilities across multiple tenants, locations, Microsoft Active Directory domains, and isolation models, provisioning users and managing offerings, all using centralized App Orchestration and CloudPortal Services Manager tools as well as the familiar capabilities of Citrix NetScaler, XenApp and XenDesktop. The deep integration of these Citrix technologies allows administrators to be more productive, accelerating the process of on-boarding subscribers and efficiently orchestrating and monitoring feature rich offerings as a provider’s business expands.

Recognizing that management scale and simplicity is critical to the service provider business model, Citrix and Cisco have teamed to develop a much requested DaaS solution architecture from the leading vendors in the service provider market, from the enabling hardware and infrastructure layer provided by Cisco, all the way through the stack to the managed end-user experience provided by Citrix. To validate the architecture, engineers built out a test environment to support 10 tenants and 2000 mixed workload users, conducting performance tests and documenting the solution as a Cisco Validated Design (CVD). The complete Cisco Validated Design for Citrix Service Providers gives service providers an excellent starting point for implementing a comprehensive DaaS solution.

The CVD builds a typical Citrix-based DaaS infrastructure across a distributed Active Directory domain configuration. It implements both shared and private delivery site isolation models: eight tenants were deployed using shared infrastructure resources (representing tenants hosted in the provider’s datacenter) and two tenants configured as private delivery sites (representing tenant datacenter deployments managed by the provider). A workload mix of 90% XenApp hosted shared desktops (HSDs) and 10% XenDesktop server VDI (SVDI) users was provisioned in each tenant environment.

A Scalable Multi-tenant DaaS Architecture

The CVD describes a multitenant DaaS architecture that uses these hardware and software technologies:

• Citrix App Orchestration 2.5. App Orchestration allows service providers to automate and manage the delivery of desktop and application offerings using an array of isolation models across multiple tenants. It enables a common management interface across all managed tenants. Zero trust agents (new in the App Orchestration 2.5 release) are installed in the private delivery sites to communicate between Active Directory domains and the App Orchestration configuration server.
• CloudPortal Services Manager 11.0.1. CloudPortal Services Manager simplifies the management of tenant on-boarding and user subscriptions. Delegated management roles allow tenant administrators to self-provision and monitor provisioning requests.
• Citrix XenDesktop 7.5. This software release unifies the delivery of both Hosted Shared Desktops (XenApp HSDs) and Server Virtual Desktop Infrastructure (XenDesktop SVDI).
• Citrix NetScaler. These virtual appliances provide load balancing and secure access to service provider domains over SSL (TCP 443) across the public Internet.
• VMware ESXi 5.5. Service providers can deploy XenDesktop on a choice of hypervisors: VMware ESXi (as in this CVD), Microsoft Hyper-V, or Citrix XenServer. The infrastructure was 100% virtualized on VMware ESXi 5.5.
• EMC storage system. The blade servers booted via iSCSI from an EMC VNX5400 storage array.
• Cisco Unified Computing System™ (UCS) B-Series Blade Servers. The Cisco Unified Computing System integrates state-of-the-art x86 servers with storage interfaces and networking fabric in a fully converged data center platform. Wire-once cabling and flexible configuration capabilities ease deployment, management, and infrastructure changes. The test environment used Cisco UCS B200 M3 blades with dual 10-core Intel® Xeon® E5-2680v2 (“Ivy Bridge”) processors and 256GB of 1600MHz memory. UCS Director was used to streamline infrastructure provisioning.

The CVD constructs a provider environment that can support both shared and private delivery sites, as shown in the diagram below. It creates a shared delivery site that provisions hosted desktops and applications to shared tenants. In addition, zero trust mechanisms are used to provision hosted desktops and applications to private site tenants. App Orchestration 2.5 provides a zero trust agent that simplifies connectivity between the App Orchestration configuration server and orchestrated delivery controllers. Because of this agent, domain trusts are not required between the target orchestrated domain and the App Orchestration domain.

To support enterprise-level service, the architecture follows best practices to deliver a highly available design. The solution features redundant Cisco UCS blade chassis, access switches, and fabric interconnects for high throughput and greater availability. Blades are configured in an N+1 design that supports XenDesktop and infrastructure services even in the event of a single blade failure. The dual chassis were populated with sixteen blades: 2 blades for infrastructure servers and 14 blades to support 200 hosted virtual desktop users (HVDs) and 1800 hosted shared desktop session users (HSDs).

The CVD defines an affordable and flexible infrastructure for hosting Citrix XenDesktop 7.5 software. In addition to enhancements that improve the user experience for hosted Windows apps on mobile devices, XenDesktop 7.5 combines the functionality of previously separate XenApp and XenDesktop releases. It provides a single management framework, installation software, and common policies to deploy both HVDs and HSDs. Citrix Provisioning Server 7.1 supplies a single wizard that administrators can use to define and provision both types of desktop images.

Testing Methodology for Cisco and Citrix-based DaaS

Validation testing of the architecture was conducted in the Cisco labs in San Jose, California to verify DaaS tenant provisioning. The testing demonstrated the simplicity of the on-boarding process for new tenants and the ability to provision a mixed workload of 2000 HVD and HSD desktops across the 10 different tenants. The testing confirmed the exceptional simplicity of complex multi-tenant on-boarding scenarios and holistic life cycle management across multiple locations and Active Directory Forests using the combination of Citrix App Orchestration, Cloud Portal Services Manager, and XenDesktop technologies on Cisco UCS Director managed infrastructure.

To read more about the architecture and learn how the solution was constructed, see the full CVD.

— Rob Briggs, Principal Solutions Architect with Citrix Worldwide Alliances