As more and more customers embark on the Citrix on Azure journey and finish their first design and deployment, the real work begins. You are then tasked with supporting a potentially unfamiliar solution and its new capabilities in production. In our two previous webinars, Jeff Mitchell, Microsoft Cloud Solution Architect, and I explored the five key principles for Azure design and did a Citrix on Azure deployment deep dive. Now we want to explore the, “I have deployed… now what?” aspect of Citrix on Azure: operations, management, and monitoring.

One of the first steps to managing Citrix on Microsoft Azure is understanding its resource hierarchy. Azure resources, Citrix or otherwise, are all part of an Azure subscription. An Azure subscription is a primary mechanism for billing and resource quotas. An organization can have multiple subscriptions within their account, and Citrix components can exist in one or more subscriptions. When managing a Citrix environment, the subscription is the primary connection mechanism for Citrix Machine Creation Services (MCS) and power management. Additionally, due to the resource quotas associated with a subscription, they also act as a key consideration for capacity planning as your production environment scales.

Every Azure resource within a subscription is organized using Resource Groups. An Azure Resource Group is a container that holds related resources. They group Azure resources and their associated costs as well as provide a mechanism for the granular application of Azure Role Based Access Control (RBAC). You decide how you want to allocate resources to resource groups based on what makes the most sense for your organization. From a Citrix perspective, we recommend a granular approach to allow for the delegated application of permissions based on a multi-level support structure. Resource Groups are also used by MCS and associated with Machine Catalogs for machine management and updates. All components of a Machine Catalog (NICs, master image, VMs) in Azure are stored within a designated Resource Group during the machine creation process.

So what does this all mean and how can we take these concepts and put them into action? Let’s use the below example of Citrix Resource Groups created by Citrix-on-Blue, Inc. and walk through how their Citrix Help Desk and Citrix Administrators may use built-in Azure tools to manage their Citrix workloads.

Resource Group Description
CTX-EngineeringVDI-P01-CUS Statically Assigned Engineer VDI.
CTX-Infrastructure-P01-CUS Citrix Infrastructure such as Cloud Connectors, etc.
CTX-NetScaler-P01-CUS Citrix NetScaler VPXs deployed and managed by the Citrix-on-Blue networking team.
CTX-Network-P01-CUS Azure Virtual Network, Network Security Groups, and User Defined Routes, managed by the Citrix-on-Blue networking team.
CTX-Storage-P01-CUS File servers for user profile storage and master images used by Citrix MCS.
CTX-XenApp-P01-CUS Citrix Virtual App servers created by MCS.

Citrix Help Desk

For the Citrix Help Desk at Citrix-on-Blue, their day-to-day is focused on resolving Citrix end user issues provided by frontline support. They typically need to perform issue analysis, problem definition, and simple issue resolution. They escalate tickets to the Citrix administrators, as needed. In the Citrix Virtual App and Desktop Service, they have the Help Desk Administrator role giving them delegated access to Citrix Director.

While the Citrix Help Desktop Administrator role equips them with the necessary Citrix tools, what happens if they need data from the applicable Azure components during issue analysis? Giving the Help Desk the required access is accomplished by creating a custom role in Azure RBAC. With the appropriate permissions, the Citrix Help Desk can use Azure Boot Diagnostics to verify if an Engineer’s statically assigned VDI is up or review Azure Alerts to see if any of the configured performance alerts were triggered on a Citrix Virtual App Server.

Citrix Administrators

The Citrix Administrators at Citrix-on-Blue are the central point for implementing, administering, and maintaining the Citrix Virtual Apps and Desktops infrastructure, with additional focus on deploying new use cases and leading lifecycle management initiatives. In the Citrix Virtual App and Desktop Service, they have full administrator access.

Citrix-on-Blue’s Citrix Administrator recently reviewed the latest Citrix scalability guidance for Microsoft Azure and wants to align with the Citrix recommendation of Standard_F16s_v2 instances as the optimal starting point for Azure virtual app workloads.  The team lead wants to audit the deployment of other instance types within the Citrix subscription while the team runs scalability testing. Additionally, they would also like to map each Resource Group/Machine Catalog to the appropriate Citrix-on-Blue cost center for a departmental chargeback. Using Azure Policy, the team lead implements an Audit policy to notify if alternative VM SKUs are used for the Citrix Virtual Application deployment. Additionally, using an Append policy they associate an appropriate billing tag to all resources in the CTX-XenApp-P01-CUS Resource Group used by MCS for the chargeback.

These high-level scenarios are just one example of the built-in Microsoft tools available for Citrix teams to operate and manage Azure workloads. If you want to learn more, please join Jeff and me as we explore these fundamental tools, including a live Q&A session! We will cover a deep dive on Azure operations, including an overview of the latest Azure scalability guidance and useful tools such as Azure Policy, Backup, Monitor and Log Analytics, in a free technical webinar on Thursday, September 27th at 9 AM and 2 PM EST. The content will be presented so both Azure experts and novices can benefit. So don’t be afraid to register even if your organization is just starting its Citrix on Azure journey.

Watch the webinar on-demand today!

Thank you,

Kevin Nardone
Enterprise Architect