When deploying apps and desktops in AWS, Machine Creation Services (MCS) for image and power management is what positions Citrix ahead of the curve! Being able to manage desktops and apps in AWS from a central location and to join machines to the domain is key to a successful deployment. Over the past few years, I’ve been involved in several large Citrix Virtual Apps and Desktops deployments on AWS. While most go off without a hitch, there are some recurring issues involving new AWS regions, security leading practices, networking, and permissions.
Are you thinking of thinking of setting up MCS in AWS? In the middle of a deployment and having trouble? Never fear! Keep reading for the top five troubleshooting tips and rock your Citrix Virtual Apps and Desktops in AWS!
1) “I’ve deleted my default VPC and machine catalog creation is failing!”
It’s not the end of the world. The default VPC is a great way to get started in AWS, but the leading security practice is to delete or limit access to the default VPC and create a VPC that is locked down to your individual, company, or enterprise specifications for user workloads. (Please note, you might experience issues deploying certain sample cloud formation templates without a default VPC. Consult AWS documentation for setting up explicit VPC networking). By default, the MCS plugin will reach out to the internet through the default VPC to retrieve the latest “instructions” for the volume workers, but a simple configuration will mandate the use of an explicit VPC. Just set the host connection to use the explicit VPC in the Connection Options field!
UseExplicitVpcForVolumeWorkerBootstrap=true
2) “My region is new/explicit VPC/air-gapped, and my volume worker creation is failing!”
New or air-gapped regions may have different AMI IDs for the Linux AMI needed to create an MCS volume worker that are different from the default from the us-east-1 region. No worries! Go into the AWS Marketplace, choose an EBS-backed Linux server AMI, and note the AMI ID. My typical choice (it’s usually first in the Marketplace list and is EBS-backed) is the Amazon Linux 2 AMI (HVM), SSD Volume Type. Using the AMI ID and region name where the AMI resides, execute the following PowerShell for AWS command on the delivery controller:
Set-HypVolumeServiceConfiguration –VolumeServiceConfigurationName SiteDefault –ConnectionType AWS –RegionName cn-north-1 –BaseLinuxTemplateId ami-d3e992a2
3) “My region is new/air-gapped, and I can’t make a host connection!”
This may be due to unreachable endpoints. When using the GUI to set up a host connection, choosing “Amazon EC2” from the dropdown will attempt to establish a connection to the us-east-1 region by default. If you don’t have a connection to this region, you’re going to have a bad time unless you follow this simple workaround! You can redirect the dropdown choice to your AWS endpoint URL by updating the default endpoint URL setting in “C:\Program Files\Citrix\Desktop Studio\mmcsnapin.dll.config”. You can learn more here.
4) “My AWS region is new, but my software is old.”
The AWSSDK may not have the latest endpoint URLs included, but don’t despair. We have a solution for that, too. Simply modify the “endpoints.json” file to include your endpoint and place it in the “C:\Program Files\Common Files\Citrix\HCLPlugins\Hypervisor\2.27.0.0\AWS” folder. Check out Github for the latest “endpoints.json”.
5) “I set up an IAM role/user, but MCS can’t make an S3 Bucket!”
Don’t kick the bucket yet! MCS needs permissions to create and terminate S3 buckets to load the instructions for volume workers. While IAM roles are always preferred for security purposes, the IAM permissions for MCS for users and roles are laid out in this Citrix Knowledge Center article. **Note: For CVAD 2003, the IAM permission “ec2:describetags” is needed in addition to the list in the KC article. These permissions include the necessary permissions for MCS communication with the S3 service.
Now you’re ready to deploy Citrix Virtual Apps and Desktops with MCS on AWS. Need more? Stay tuned for my upcoming blog post on MCS in AWS O&M tasks.
Citrix Tech Bytes – Created by Citrix Experts, made for Citrix Technologists! Learn from passionate Citrix Experts and gain technical insights into the latest Citrix Technologies.
Click here for more Tech Bytes and subscribe.
Want specific Tech Bytes? Let us know! tech-content-feedback@citrix.com.