Solved

Citrix XenDesktop automatic IP assignment based on VM delivery group

Posted on 2014-03-13
7
2,116 Views
Last Modified: 2014-03-30
Hi People,

I have already provision one VLAN 10.117.84.0/24 for the separate desktop VM, which will be deployed by VMware vSphere ESXi 5.1 through VCenter.

How can Citrix XenDesktop 7.1 automatically assign IP to the VMs dynamically based on multiple different VM delivery group types like the following:

Delivery Group 1 - (Server Team, 8 people)
IP address range: 10.117.84.1 until 10.117.84.8
Firewall Access type: all servers unrestricted

Delivery Group 2 - (Application Team, 20 people)
IP address range: 10.117.84.9 until 10.117.84.29
Firewall Access type: Business Object Servers, SAP Servers, SQL Servers and Oracle Servers only.

Delivery Group 3 - (Accounting & Finance Team, 50 people)
IP address range: 10.117.84.30 until 10.117.84.30
Firewall Access type: SAP Servers, Quicken Servers and Finance Team Servers only.

Delivery Group 4 - (Remote Access outside of Office, the rest of the people)
IP address range: 10.117.84.31 until 10.117.84.253
Firewall Access type: Exchange Servers, SharePoint Servers and File Servers only.

The VM delivery type will be Machine Creation Service (MCS) not PVS.

Windows DHCP server would not know which desktop belongs to which group hence it won’t work with the firewall rule that will be based on the IP range and the destination servers.
0
Comment
  • 4
  • 3
7 Comments
 
LVL 23

Assisted Solution

by:Ayman Bakr
Ayman Bakr earned 500 total points
ID: 39932083
You can do that using Policy based assignment provided you have a Windows 2012 DHCP server. For more info see this:

http://technet.microsoft.com/en-us/library/hh831538.aspx
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 39932169
Yes the dhcp server is the XenDesktop Delivery controller itself which is Windows Server 2012 R2.

How can windows server knows about the dynamically deployed VM by the Citrix Machine Creation Service (MCS). Do I have to switch to PVS instead ?
0
 
LVL 23

Expert Comment

by:Ayman Bakr
ID: 39932218
My understanding is that you can define IP ranges in a DHCP which can be assigned based on certain policy. The way I am thinking to go about this is using MAC addresses to create these policies. Yet, it seems it would be difficult (if not possible) to get different MAC addresses for different delivery groups using MCS - unfortunately I am not having a lab currently for testing such combinations/scenarios. Definitely PVS in this case will greatly help - you can create different device collections with different MAC address prefixes for the different delivery groups.

On the other hand, perhaps you can use policies related to Vendor Class, User Class, relay agent information etc... or a combination to work around your situation. Again, you will need to test it.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 39932231
Mutawadi,

Wow that sounds promising, so which component in PVS that I can or should configure so that it deploy a VMware VM with certain MAC address ?

And then I should configure the dhcp policy in the windows server 2012 dhcp server ?
0
 
LVL 23

Accepted Solution

by:
Ayman Bakr earned 500 total points
ID: 39932255
First you will create your different vDisks for the different delivery groups in PVS and put it in standard mode. Then you will have a device collection created for each delivery group. You will also have to have a template VM created for each delivery group (do it with static MAC). Then run the XenDesktop Setup Wizard within PVS as follows:

1. Right click on any Site icon in PVS console, then select the XenDesktop Setup Wizard.

2. Specify the location of the XenDesktop Controller address.

3. Select one or more ESXi hosts and the template to use for each host.

4. Provide the credentials of the host. This will display a list of available templates. Select the template for the intended delivery group.

5. Select the Collection that the VM should become a member of.
 
6. Select the vDisk intended for the delivery group to assign to the collection group.
 
7. If you have an existing catalog then select it. Otherwise create a new one.

8. Set the number of VMs to create for the intended Delivery group setting the number of vCPUs and amount of memory.

9. Enable for adding Active Directory computer accounts.

You will repeate the above steps for each delivery group (and put them in their intended device collection, assigning to them the intended vDisk). Two things to note:

1. First ensure that all prerequisites in place.

2. I am not sure here whether you can control the MAC addresses within the setup itself. So do it for one delivery group first. If you can't control the MAC address prefix within the setup, then you need to manually change the MAC addresses on each VM in ESXi to have similar prefixes for those belonging to one delivery group and then reflect these MAC addresses within the properties of the target devices in the PVS for that device collection.

For more info on the prerequisites and XenDesktop Setup Wizard see this: http://support.citrix.com/proddocs/topic/provisioning-61/pvs-xendesktop-setup-wizard-readme.html

Then will configure a Policy based assignment in DHCP to assign IP addresses based on MAC address prefixes.

A question though? Why don't you spare yourself all this hassle, and have different delivery groups on different subnets. This way you have different IP address ranges and thus you don't have to think how DHCP will assign IP addresses.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 39932298
Cool, let me try to implement that in the pilot environment first.
The VLAN for this VDI VM is already created and assigned as /24 group, how can that VLAN be sliced into smaller VLAN ?

Hopefully that steps that you suggested can simplify me writing the firewall rule for each of those delivery group.
0
 
LVL 23

Expert Comment

by:Ayman Bakr
ID: 39932303
I am not a network engineer but I believe could be done. Anyway - let's see how it will go with you in the test environment ;)
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your vDisk VHD file gets deleted from the image store accidentally or on purpose, you won't be able to remove the vDisk from the PVS console. There is a known workaround that is solid.
This article will show you how to create an ISO CD-ROM/DVD-ROM image (*.iso), and MD5 checksum signature, for use with VMware vSphere Hypervisor 6.5 (ESXi 6.5). It's a good idea to compare checksums, because many installations fail because of a corr…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question