Solved

Citrix XenDesktop automatic IP assignment based on VM delivery group

Posted on 2014-03-13
7
2,151 Views
Last Modified: 2014-03-30
Hi People,

I have already provision one VLAN 10.117.84.0/24 for the separate desktop VM, which will be deployed by VMware vSphere ESXi 5.1 through VCenter.

How can Citrix XenDesktop 7.1 automatically assign IP to the VMs dynamically based on multiple different VM delivery group types like the following:

Delivery Group 1 - (Server Team, 8 people)
IP address range: 10.117.84.1 until 10.117.84.8
Firewall Access type: all servers unrestricted

Delivery Group 2 - (Application Team, 20 people)
IP address range: 10.117.84.9 until 10.117.84.29
Firewall Access type: Business Object Servers, SAP Servers, SQL Servers and Oracle Servers only.

Delivery Group 3 - (Accounting & Finance Team, 50 people)
IP address range: 10.117.84.30 until 10.117.84.30
Firewall Access type: SAP Servers, Quicken Servers and Finance Team Servers only.

Delivery Group 4 - (Remote Access outside of Office, the rest of the people)
IP address range: 10.117.84.31 until 10.117.84.253
Firewall Access type: Exchange Servers, SharePoint Servers and File Servers only.

The VM delivery type will be Machine Creation Service (MCS) not PVS.

Windows DHCP server would not know which desktop belongs to which group hence it won’t work with the firewall rule that will be based on the IP range and the destination servers.
0
Comment
  • 4
  • 3
7 Comments
 
LVL 23

Assisted Solution

by:Ayman Bakr
Ayman Bakr earned 500 total points
ID: 39932083
You can do that using Policy based assignment provided you have a Windows 2012 DHCP server. For more info see this:

http://technet.microsoft.com/en-us/library/hh831538.aspx
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 39932169
Yes the dhcp server is the XenDesktop Delivery controller itself which is Windows Server 2012 R2.

How can windows server knows about the dynamically deployed VM by the Citrix Machine Creation Service (MCS). Do I have to switch to PVS instead ?
0
 
LVL 23

Expert Comment

by:Ayman Bakr
ID: 39932218
My understanding is that you can define IP ranges in a DHCP which can be assigned based on certain policy. The way I am thinking to go about this is using MAC addresses to create these policies. Yet, it seems it would be difficult (if not possible) to get different MAC addresses for different delivery groups using MCS - unfortunately I am not having a lab currently for testing such combinations/scenarios. Definitely PVS in this case will greatly help - you can create different device collections with different MAC address prefixes for the different delivery groups.

On the other hand, perhaps you can use policies related to Vendor Class, User Class, relay agent information etc... or a combination to work around your situation. Again, you will need to test it.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 39932231
Mutawadi,

Wow that sounds promising, so which component in PVS that I can or should configure so that it deploy a VMware VM with certain MAC address ?

And then I should configure the dhcp policy in the windows server 2012 dhcp server ?
0
 
LVL 23

Accepted Solution

by:
Ayman Bakr earned 500 total points
ID: 39932255
First you will create your different vDisks for the different delivery groups in PVS and put it in standard mode. Then you will have a device collection created for each delivery group. You will also have to have a template VM created for each delivery group (do it with static MAC). Then run the XenDesktop Setup Wizard within PVS as follows:

1. Right click on any Site icon in PVS console, then select the XenDesktop Setup Wizard.

2. Specify the location of the XenDesktop Controller address.

3. Select one or more ESXi hosts and the template to use for each host.

4. Provide the credentials of the host. This will display a list of available templates. Select the template for the intended delivery group.

5. Select the Collection that the VM should become a member of.
 
6. Select the vDisk intended for the delivery group to assign to the collection group.
 
7. If you have an existing catalog then select it. Otherwise create a new one.

8. Set the number of VMs to create for the intended Delivery group setting the number of vCPUs and amount of memory.

9. Enable for adding Active Directory computer accounts.

You will repeate the above steps for each delivery group (and put them in their intended device collection, assigning to them the intended vDisk). Two things to note:

1. First ensure that all prerequisites in place.

2. I am not sure here whether you can control the MAC addresses within the setup itself. So do it for one delivery group first. If you can't control the MAC address prefix within the setup, then you need to manually change the MAC addresses on each VM in ESXi to have similar prefixes for those belonging to one delivery group and then reflect these MAC addresses within the properties of the target devices in the PVS for that device collection.

For more info on the prerequisites and XenDesktop Setup Wizard see this: http://support.citrix.com/proddocs/topic/provisioning-61/pvs-xendesktop-setup-wizard-readme.html

Then will configure a Policy based assignment in DHCP to assign IP addresses based on MAC address prefixes.

A question though? Why don't you spare yourself all this hassle, and have different delivery groups on different subnets. This way you have different IP address ranges and thus you don't have to think how DHCP will assign IP addresses.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 39932298
Cool, let me try to implement that in the pilot environment first.
The VLAN for this VDI VM is already created and assigned as /24 group, how can that VLAN be sliced into smaller VLAN ?

Hopefully that steps that you suggested can simplify me writing the firewall rule for each of those delivery group.
0
 
LVL 23

Expert Comment

by:Ayman Bakr
ID: 39932303
I am not a network engineer but I believe could be done. Anyway - let's see how it will go with you in the test environment ;)
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
EVC and clusters 12 55
harden EXCH2013 7 54
Samsung Dex 3 40
BgInfo help 5 57
In this step by step tutorial with screenshots, we will show you HOW TO: Enable SSH Remote Access on a VMware vSphere Hypervisor 6.5 (ESXi 6.5). This is important if you need to enable SSH remote access for additional troubleshooting of the ESXi hos…
This article outlines why you need to choose a backup solution that protects your entire environment – including your VMware ESXi and Microsoft Hyper-V virtualization hosts – not just your virtual machines.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
This video shows you how to use a vSphere client to connect to your ESX host as the root user. Demonstrates the basic connection of bypassing certification set up. Demonstrates how to access the traditional view to begin managing your virtual mac…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question