Citrix XenDesktop 3.0 Design And Best Practices

Below are listed some of the best practice guidelines for installing and configuring Citrix Xen Desktop 3.0 in a new environment. Some of the information is miscellaneous, but I hope these notes help someone.

  • Uninstall Web Interface and IIS from Desktop Delivery Controller
    • Less overhead on these systems
    • Must use an existing web server infrastructure
    • SETUP.EXE -nosites
    • Suggested to uninstall if already installed
  • Separate Farm Master and Desktop Delivery Controller
    • When there are multiple servers, separate these roles.
    • Farm master is best to control its own roles and not worry about being Desktop Delivery Controller
    • Ensure that a particular server is chosen to be Farm Master
    • Ensure that unnecessary duties are not performed by that server
  • Server Preference Settings
    • Master: Server are preferentially chosen as Farm Master
    • Backup: Chosen when Master is unavailable
    • Member: When all else fails, this can become the Farm Master
  • Farm Master Selection
    • Farm masters have the logic for launching sessions
    • Its recommended to have the Master be its own server, everything else should be Member servers
    • Web interface servers should point to Member servers
  • Configure Delivery Controller Selection
    • For some reason we have to do this in the registry.
    • HKLM\Software\Citrix\IMA\RUNTIME\UseRegistrySetting set to DWORD of 1
    • HKLM\Software\Citrix\IMA\RUNTIME\MasterRanking
    • DWORD value, 1 for Master, 2 for Backup, 3 for Member
  • Throttling Commands to the Hosting Infrastructure
    • Suggested that the pool management service traffic on the Desktop Delivery Controller and the hosting infrastructure is throttled to 10% of the total pool
    • This is primarily to keep power cycling commands to a minimum which would otherwise overload the infrastructure.
    • To configure:
    • C:\Program Files\Citrix\VmManagement\CdsPoolMgr.exe.config
    • Add the following:
    • <add =key=”MaximumTransitionRate” value=”10″ />
    • This is made under <appSettings> and the value of 10 is arbitrary, it should be tuned for a situation.
    • Save the file and restart the Desktop Delivery Controller
  • Scaling the Desktop Delivery Controller
    • Desktop Delivery Zone Master is a single bottleneck and can not be scaled out for a desktop group
    • Citrix says 3000 desktops per group is a good limit
    • Upgrading to a bigger/badder machine is a good plan if you have large requirements
  • Scaling the Provisioning Server
    • Disk bound scaling
    • Put Write Cache files on separate LUNs from the vDisk
    • Get yourself a high performance storage system
    • Basically just make sure your storage solution is quick
  • Scalability by component
    • Desktops per XenDesktop Group: 3000
    • Tested Logon Rate: 1500 over 5 min
    • vDisk per XenServer: up to 28
    • Provisioning Server for Desktops:  500VM’s per machine when using local cache files
  • Planning Security Considerations
    • Install AV, Firewall usage, network securing, user privilege lockdown , etc..
    • Users who are Administrators on virtual desktops can
    • Have full control over this desktop
    • Potentially view other’s information on this desktop if it is pooled rather than assigned
    • Control/Monitor network traffic
    • Install malicious software
  • Desktop Delivery Controller Requirements
    • Windows Server 2003 SP2
    • Windows Server 2003 R2
    • Terminal services in application mode, no CAL’s needed
    • IIS version 6.0 (For Web Interface Only)
    • .NET Framework 3.5
    • JRE 1.5.0_15
    • MS J#  2.0 Redistributable Package Second Edition
    • IE 5.0 or later
    • 400MB for DDC Software
  • Data Store Database Requirements
    • Microsoft Access (Basically unusable except in tiny installations)
    • Microsoft SQL Server 2000 SP4 and above
    • Oracle Enterprise 10.2.0.1.0
  • License Server Requirements
    • Windows 2000, 2003, 2008
    • 30 MB disk
  • License Management Console
    • IE5.0 or greater
    • IIS 5.0, 6.0, 7.0
    • Server 2008 needs ASP.NET, Windows Authentication security role, IIS 6 Management Compatibility role
    • Tomcat 4.1.24
    • Apache HTTP Server 2.0.49
  • Active Directory
    • No schema changes are needed
    • Each Farm needs an OU
    • Controllers Security Group Created
      • Computer Account of all controllers must  be a member of this security group
      • This is done by default
      • Service Connection Point
        • Farm Meta Info
        • Registration Services Container
          • One SCP object for each controller in the farm
          • Updated on each startup
          • Permissions must match to get rid of security groups which are added automatically by installing.
            • Should contain the computer accounts for the delivery controllers in the farm
            • By default installation sets up permissions so that controllers have write access to their SCP, make sure permissions are set that only trusted admins can change SCP info
            • Replication of new information could take some time
            • Valid forward and reverse DNS is required and up to date
  • User Types
    • Task Workers
    • Data entry, standard tasks that do not require personalized desktop
    • Call center staff
      • Knowledge Workers
      • Personalized desktop and software
      • Close experience to personal desktop
  • Access Modes
    • Full-Screen-Only
    • Focused on virtual desktop, fits full screen and cannot interact with local desktop
      • Window View
      • Good for multiple virtual desktops
      • Can interact with remote and local desktops
      • Flexible viewing
        • Multiple Monitor support
        • 8 total
        • Identical screen resolutions required
        • 1024×768 x 8 monitors (24bpp)
        • No configuration required, except to physically arrange desktop in a rectangle
  • Web Connectivity