Solved

Citrix XenDesktop automatic IP assignment based on VM delivery group

Posted on 2014-03-13
7
2,018 Views
Last Modified: 2014-03-30
Hi People,

I have already provision one VLAN 10.117.84.0/24 for the separate desktop VM, which will be deployed by VMware vSphere ESXi 5.1 through VCenter.

How can Citrix XenDesktop 7.1 automatically assign IP to the VMs dynamically based on multiple different VM delivery group types like the following:

Delivery Group 1 - (Server Team, 8 people)
IP address range: 10.117.84.1 until 10.117.84.8
Firewall Access type: all servers unrestricted

Delivery Group 2 - (Application Team, 20 people)
IP address range: 10.117.84.9 until 10.117.84.29
Firewall Access type: Business Object Servers, SAP Servers, SQL Servers and Oracle Servers only.

Delivery Group 3 - (Accounting & Finance Team, 50 people)
IP address range: 10.117.84.30 until 10.117.84.30
Firewall Access type: SAP Servers, Quicken Servers and Finance Team Servers only.

Delivery Group 4 - (Remote Access outside of Office, the rest of the people)
IP address range: 10.117.84.31 until 10.117.84.253
Firewall Access type: Exchange Servers, SharePoint Servers and File Servers only.

The VM delivery type will be Machine Creation Service (MCS) not PVS.

Windows DHCP server would not know which desktop belongs to which group hence it won’t work with the firewall rule that will be based on the IP range and the destination servers.
0
Comment
  • 4
  • 3
7 Comments
 
LVL 23

Assisted Solution

by:Ayman Bakr
Ayman Bakr earned 500 total points
ID: 39932083
You can do that using Policy based assignment provided you have a Windows 2012 DHCP server. For more info see this:

http://technet.microsoft.com/en-us/library/hh831538.aspx
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 39932169
Yes the dhcp server is the XenDesktop Delivery controller itself which is Windows Server 2012 R2.

How can windows server knows about the dynamically deployed VM by the Citrix Machine Creation Service (MCS). Do I have to switch to PVS instead ?
0
 
LVL 23

Expert Comment

by:Ayman Bakr
ID: 39932218
My understanding is that you can define IP ranges in a DHCP which can be assigned based on certain policy. The way I am thinking to go about this is using MAC addresses to create these policies. Yet, it seems it would be difficult (if not possible) to get different MAC addresses for different delivery groups using MCS - unfortunately I am not having a lab currently for testing such combinations/scenarios. Definitely PVS in this case will greatly help - you can create different device collections with different MAC address prefixes for the different delivery groups.

On the other hand, perhaps you can use policies related to Vendor Class, User Class, relay agent information etc... or a combination to work around your situation. Again, you will need to test it.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 39932231
Mutawadi,

Wow that sounds promising, so which component in PVS that I can or should configure so that it deploy a VMware VM with certain MAC address ?

And then I should configure the dhcp policy in the windows server 2012 dhcp server ?
0
 
LVL 23

Accepted Solution

by:
Ayman Bakr earned 500 total points
ID: 39932255
First you will create your different vDisks for the different delivery groups in PVS and put it in standard mode. Then you will have a device collection created for each delivery group. You will also have to have a template VM created for each delivery group (do it with static MAC). Then run the XenDesktop Setup Wizard within PVS as follows:

1. Right click on any Site icon in PVS console, then select the XenDesktop Setup Wizard.

2. Specify the location of the XenDesktop Controller address.

3. Select one or more ESXi hosts and the template to use for each host.

4. Provide the credentials of the host. This will display a list of available templates. Select the template for the intended delivery group.

5. Select the Collection that the VM should become a member of.
 
6. Select the vDisk intended for the delivery group to assign to the collection group.
 
7. If you have an existing catalog then select it. Otherwise create a new one.

8. Set the number of VMs to create for the intended Delivery group setting the number of vCPUs and amount of memory.

9. Enable for adding Active Directory computer accounts.

You will repeate the above steps for each delivery group (and put them in their intended device collection, assigning to them the intended vDisk). Two things to note:

1. First ensure that all prerequisites in place.

2. I am not sure here whether you can control the MAC addresses within the setup itself. So do it for one delivery group first. If you can't control the MAC address prefix within the setup, then you need to manually change the MAC addresses on each VM in ESXi to have similar prefixes for those belonging to one delivery group and then reflect these MAC addresses within the properties of the target devices in the PVS for that device collection.

For more info on the prerequisites and XenDesktop Setup Wizard see this: http://support.citrix.com/proddocs/topic/provisioning-61/pvs-xendesktop-setup-wizard-readme.html

Then will configure a Policy based assignment in DHCP to assign IP addresses based on MAC address prefixes.

A question though? Why don't you spare yourself all this hassle, and have different delivery groups on different subnets. This way you have different IP address ranges and thus you don't have to think how DHCP will assign IP addresses.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 39932298
Cool, let me try to implement that in the pilot environment first.
The VLAN for this VDI VM is already created and assigned as /24 group, how can that VLAN be sliced into smaller VLAN ?

Hopefully that steps that you suggested can simplify me writing the firewall rule for each of those delivery group.
0
 
LVL 23

Expert Comment

by:Ayman Bakr
ID: 39932303
I am not a network engineer but I believe could be done. Anyway - let's see how it will go with you in the test environment ;)
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This Micro Tutorial walks you through using a remote console to access a server and install ESXi 5.1. This example is showing remote access and installation using a Dell server. The hypervisor is the very first component of your virtual infrastructu…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now