Below are listed some of the best practice guidelines for installing and configuring Citrix Xen Desktop 3.0 in a new environment. Some of the information is miscellaneous, but I hope these notes help someone.
- Uninstall Web Interface and IIS from Desktop Delivery Controller
- Less overhead on these systems
- Must use an existing web server infrastructure
- SETUP.EXE -nosites
- Suggested to uninstall if already installed
- Separate Farm Master and Desktop Delivery Controller
- When there are multiple servers, separate these roles.
- Farm master is best to control its own roles and not worry about being Desktop Delivery Controller
- Ensure that a particular server is chosen to be Farm Master
- Ensure that unnecessary duties are not performed by that server
- Server Preference Settings
- Master: Server are preferentially chosen as Farm Master
- Backup: Chosen when Master is unavailable
- Member: When all else fails, this can become the Farm Master
- Farm Master Selection
- Farm masters have the logic for launching sessions
- Its recommended to have the Master be its own server, everything else should be Member servers
- Web interface servers should point to Member servers
- Configure Delivery Controller Selection
- For some reason we have to do this in the registry.
- HKLM\Software\Citrix\IMA\RUNTIME\UseRegistrySetting set to DWORD of 1
- HKLM\Software\Citrix\IMA\RUNTIME\MasterRanking
- DWORD value, 1 for Master, 2 for Backup, 3 for Member
- Throttling Commands to the Hosting Infrastructure
- Suggested that the pool management service traffic on the Desktop Delivery Controller and the hosting infrastructure is throttled to 10% of the total pool
- This is primarily to keep power cycling commands to a minimum which would otherwise overload the infrastructure.
- To configure:
- C:\Program Files\Citrix\VmManagement\CdsPoolMgr.exe.config
- Add the following:
- <add =key=”MaximumTransitionRate” value=”10″ />
- This is made under <appSettings> and the value of 10 is arbitrary, it should be tuned for a situation.
- Save the file and restart the Desktop Delivery Controller
- Scaling the Desktop Delivery Controller
- Desktop Delivery Zone Master is a single bottleneck and can not be scaled out for a desktop group
- Citrix says 3000 desktops per group is a good limit
- Upgrading to a bigger/badder machine is a good plan if you have large requirements
- Scaling the Provisioning Server
- Disk bound scaling
- Put Write Cache files on separate LUNs from the vDisk
- Get yourself a high performance storage system
- Basically just make sure your storage solution is quick
- Scalability by component
- Desktops per XenDesktop Group: 3000
- Tested Logon Rate: 1500 over 5 min
- vDisk per XenServer: up to 28
- Provisioning Server for Desktops: 500VM’s per machine when using local cache files
- Planning Security Considerations
- Install AV, Firewall usage, network securing, user privilege lockdown , etc..
- Users who are Administrators on virtual desktops can
- Have full control over this desktop
- Potentially view other’s information on this desktop if it is pooled rather than assigned
- Control/Monitor network traffic
- Install malicious software
- Desktop Delivery Controller Requirements
- Windows Server 2003 SP2
- Windows Server 2003 R2
- Terminal services in application mode, no CAL’s needed
- IIS version 6.0 (For Web Interface Only)
- .NET Framework 3.5
- JRE 1.5.0_15
- MS J# 2.0 Redistributable Package Second Edition
- IE 5.0 or later
- 400MB for DDC Software
- Data Store Database Requirements
- Microsoft Access (Basically unusable except in tiny installations)
- Microsoft SQL Server 2000 SP4 and above
- Oracle Enterprise 10.2.0.1.0
- License Server Requirements
- Windows 2000, 2003, 2008
- 30 MB disk
- License Management Console
- IE5.0 or greater
- IIS 5.0, 6.0, 7.0
- Server 2008 needs ASP.NET, Windows Authentication security role, IIS 6 Management Compatibility role
- Tomcat 4.1.24
- Apache HTTP Server 2.0.49
- Active Directory
- No schema changes are needed
- Each Farm needs an OU
- Controllers Security Group Created
- Computer Account of all controllers must be a member of this security group
- This is done by default
- Service Connection Point
- Farm Meta Info
- Registration Services Container
- One SCP object for each controller in the farm
- Updated on each startup
- Permissions must match to get rid of security groups which are added automatically by installing.
- Should contain the computer accounts for the delivery controllers in the farm
- By default installation sets up permissions so that controllers have write access to their SCP, make sure permissions are set that only trusted admins can change SCP info
- Replication of new information could take some time
- Valid forward and reverse DNS is required and up to date
- User Types
- Task Workers
- Data entry, standard tasks that do not require personalized desktop
- Call center staff
- Knowledge Workers
- Personalized desktop and software
- Close experience to personal desktop
- Access Modes
- Full-Screen-Only
- Focused on virtual desktop, fits full screen and cannot interact with local desktop
- Window View
- Good for multiple virtual desktops
- Can interact with remote and local desktops
- Flexible viewing
- Multiple Monitor support
- 8 total
- Identical screen resolutions required
- 1024×768 x 8 monitors (24bpp)
- No configuration required, except to physically arrange desktop in a rectangle
- Web Connectivity
- Desktop Appliance Connector Site
- http://DesktopDeliveryControllerName/Citrix/DesktopAppliance
- XenDesktop Services site
- http://DesktopDeliveryControllerName/Citrix/PNAgent
- XenDesktop Site
- http://DesktopDeliveryControllerName/