In support of our Any Cloud approach, the pace of innovation coming out of the Citrix/Google partnership has been incredible over the last few years. In addition to some great announcements around Google Cloud and SD-WAN, Endpoint Management, and more, we have also announced the availability of Machine Creation Services (MCS) for Citrix Cloud customers who run Citrix Virtual Apps and Desktops service workloads on Google Cloud.
This feature enables customers who choose to use Google Cloud for their Citrix Virtual Apps and Desktops workloads to experience native VDA image management and provisioning at scale. One of the key features in this release is the ability to use configuration information and metadata from the master image template to create VMs, enabling customers deploying MCS on Google Cloud to quickly use new Google Cloud features without waiting for developers to update the code. Current elements such as labels and tags, descriptions, firewall settings, service account properties, and CPU and GPU configurations can now be applied from the template to the targets. This feature is currently unique to deploying MCS on Google Cloud.
Initially customers had to use PowerShell commands to create and populate machine catalogs in the Citrix Virtual Apps and Desktops service. We have just released native Citrix Cloud Studio functionality, which means these PowerShell commands are now optional but still valid for those who prefer this deployment method. The steps below focus on setting up the Google Cloud environment and Citrix Cloud host connection and preparing the master image using the Google Cloud Console and Citrix Cloud Studio.
To get started with MCS on Google Cloud, you need a few prerequisites before you dive into the feature’s scripts and functionality. These are detailed below. This blog assumes that a Citrix Cloud Resource Location has already been created in your Google Cloud project, with Citrix Cloud Connectors already installed and registered.
The following steps outline the general process flow required to configure MCS on Google Cloud:
- Prepare the Google Cloud Project for use by MCS:
- Enable Google Cloud APIs
- Create an MCS hosting service account with appropriate rights to Google Cloud Project resources
- Configure MCS on Google Cloud hosting connection
- Prepare master VDA instance and persistent disk
Prepare the Google Cloud Project for Use by MCS
A Google Cloud service account needs to be set up with appropriate permissions to enable MCS to provision VMs in the Google Cloud project. There are several additional permissions required beyond what is required for VM power management in Google Cloud; permissions must be applied to allow for the creation and deletion of the MCS VMs and resources such as networking and storage. In addition, the project used for provisioning Citrix catalogs will need to be configured to use certain platform APIs. We recommend creating a new service account for MCS instead of using the Compute Engine default service account that exists in every project.
Enable Google Cloud APIs
Your Google Cloud project needs to have the following APIs enabled for MCS provisioning and image management to function:
- Compute Engine API
- Cloud Resource Manager API
- Identity and Access Management (IAM) API
- Cloud Build API
This can be done from either the APIs and Services/Dashboard or the APIs and Services/Library pages. For guidance on using the Google Cloud console, see the Google documentation.
This can also be done quickly by using the Google Cloud Shell within the Google Cloud Console for your project. To activate the Cloud Shell, click the button in the top right-hand corner of the Console:
Once Cloud Shell is activated, you can paste the following four commands into Cloud Shell:
gcloud services enable compute.googleapis.com
gcloud services enable cloudresourcemanager.googleapis.com
gcloud services enable iam.googleapis.com
gcloud services enable cloudbuild.googleapis.com
The resulting output will look something like this:
Google Cloud Service Accounts for the Project
To create the connection to Google Cloud from Citrix we need to create a key from the Google Cloud Console. Here’s how you do it:
- Navigate to IAM and admin -> Service Accounts
- Click ‘+ CREATE SERVICE ACCOUNT’.
- Give the service account a name and description, then click Create.
- Service account permissions will be added later so on the second page click Continue
- On the third page, choose Actions… -> Create Key.
- Choose the recommended “Key type” of JSON, click “Create” and save the JSON file somewhere secure. Once this is complete, click “Done” to finish.
The entire content of this JSON file is required later to create the Host Connection within Studio.
Service Account Configuration
Define the required permissions on the Service Accounts
For provisioning operations to create and remove resources for Catalogs we require certain permissions be allowed for the MCS service account used for our connection and the default Cloud Build service account. For the MCS service account, a small set of pre-defined roles can be used to quickly allow the required operations, or you can define a custom role with the minimum required permission set. The pre-defined role setup is detailed below. Setting up a custom role will be covered in a future article.
To assign your MCS service account pre-defined roles from the Google Cloud Platform console:
- Navigate to IAM and admin, IAM
- Find and edit your service account, created above, by clicking on the edit icon:
- “+ Add another role” for each role below to configure the service account:
- Compute Admin
- Storage Admin
- Cloud Build Editor
- Service Account User
- Cloud Datastore User
Once complete, click Save. Your service account properties should now look like the following:
To update the Cloud Build service account, from the Google Cloud Platform console:
- Navigate to IAM and admin, IAM
- Find and edit your service account by clicking on the edit icon:
Note: The Cloud Build service account can be identified by its username, which will be in the following format: <your_gcp_project_ID_number>@cloudbuild.gserviceaccount.com - “+ Add another role” for each role below to configure the service account:
- Compute Admin
- Storage Admin
- Cloud Build Editor
- Service Account User
Once complete, click Save. Your service account properties should now look like the following:
Configuring MCS on Google Cloud Hosting Connection
Now that we have the prerequisites down, we can deploy MCS with Citrix Cloud and Google Cloud. The first step in deploying MCS is setting up a hosting connection in Cloud Studio so that machines can be created, and power managed. This is accomplished by setting up a hosting connection, which creates the linkage between the Google Cloud service account and Citrix Cloud.
- To create a Hosting connection, navigate to the Virtual Apps and Desktops Service, Manage page. Under “Configuration”, right click “Hosting” and select “Add Connection and Resources”
- The required service account key was created and saved as a JSON file. The contents of this file need to be inserted into the hosting connection as an imported key during its creation. Cut and paste the contents of the JSON file into the hosting connection using the “Import Key” button.
- Ensure the Zone name is correct for your Google Cloud connection and create a unique connection name. Click Next.
- On the Region page of the wizard, make sure that your Google Cloud project and chosen Region are selected, then click Next:
- On the Network page, give the Hosting resource a name, select the appropriate Google Cloud VPC as your virtual network, then select the appropriate subnet from the discovered list of subnets associated with your chosen VPC:
Click Next, review the details in the Summary, and click Create to finish creating your Hosting connection and Hosting resource. MCS is now ready to create your first Machine Catalog, though you need to have your master VM instance and master persistent disk image created first.
Prepare Master VDA Instance and Persistent Disk
MCS on Google Cloud operates a bit differently than it does with on-premises hypervisors, most of which only use the virtual disk snapshot when creating a machine catalog. With MCS on Google Cloud, both the source virtual machine instance and a snapshot of the instance’s virtual disk are used. This allows MCS on Google Cloud take advantage of new and existing virtual machine instance types and features without any code updates to MCS.
You will need to create a master VM instance in Google Cloud with properties that match the configuration you want for your target VDAs. This includes traditional instance attributes such as CPU and Memory, as well as more advanced features such as metadata, tags, GPU assignments, service account properties, and more. During machine creation, an instance template is created and used to create the target VDAs. Except for VPC, subnet, and persistent disk properties (defined when the VM is cloned), VDAs inherit properties from the instance template, a new MCS feature unique to MCS on Google Cloud. The following screenshots show the inheritance of this information from the master image template to the target MCS VM:
Master Image Template (click images to view larger)
Target MCS VM (click images to view larger)
Once the configuration of your master VM instance’s persistent disk is completed and the Citrix VDA software is installed, we recommend creating a snapshot of the disk manually. This allows you to use a meaningful naming convention to track and maintain the master image and saves a little time during MCS catalog creation. If you don’t create your own snapshot, MCS will create one for you.
Create a persistent disk snapshot on Google Cloud:
- From the Google Cloud Console, Compute Engine, Disks page, find the persistent disk currently attached to your master VM instance. Click on the actions icon and choose “Create Snapshot”:
- On the Create a snapshot page, give your snapshot a meaningful name and description that will help you manage snapshot versions.
- Once the snapshot properties are set to your liking, click Create to create the snapshot.
Once the snapshot process is complete, Citrix Cloud Studio can be used to create and maintain machine catalogs and delivery groups. These tasks can be completed in Citrix Cloud Studio as they would for any other Citrix Virtual Apps and Desktops service deployment.
To learn more about how customers are getting more from Citrix on Google Cloud, check out this blog post on Oncology Venture’s experience. A special thanks to Thomas Wagner and Rick Dehlinger for assistance in the creation of this blog post. If you want more information, drop us a note at citrixongcp@citrix.com! Thanks for reading, and watch for more enhancements for Google Cloud from Citrix later this year!