Citrix VDI Deployment and VLAN Segmentation

IPROUTE
IPROUTE used Ask the Experts™
on
We are planning to deploy Citrix VDI with multiple master images based on functions as we are in health sector and  but we have  got multiple VLANs (subnets) on edge switches in networks.
Please find the attached network diagram

So please advise, how can we proceed ? Where VLANs should be created for VDI machines, VM images and Client machines.
Network-Design.png
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Lead Technical Architect
Commented:
You don't appear to have attached anything?

Multiple VLAN's will potentially complicate your VDI solution.

That said, not necessarily.

First off you need to decide which technology you wish to use - PVS or MCS. With PVS, the VDI machines will require PXE to boot from the master image. This may or may not be something you need to consider if you ever plan to move your implementation to the cloud, as Azure et al don't support PXE booting at time of writing.

Ultimately, VLAN seperation doesn't mean much to the clients - as long as they can contact the relevant Citrix servers (StoreFront etc) then all the Citrix server related traffic (such as PXE) will remain within the subnet that the servers reside in.

Think of the scenario where users access a Citrix solution from externally. This can be done without VPN access by using, for example, Citrix NetScalers. Obviously in that scenario, there is no connectivity with the Citrix solution directly.

If you can upload the diagram it will possibly help.

Author

Commented:
Thanks john,
I have attached the diagram to the original question
Tony JohncockLead Technical Architect

Commented:
Tony, not John :)

Looks simple enough.

In essence you would place all of your Citrix infrastructure in the top of the diagram, so it's all on the same core.

You could use either PVS or MCS.

How many VDI instances?
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Tony, not John :)
Sorry for that.

Our end users and clients infrastructure is placed on core and Citrix Servers including VMs images are placed behind Distribution layer.
So do we need to create VLANs for VMs on distribution switch ?
I am new to VDI but we are preparing network requirements for Citrix engineers.

once image is downloaded to client, which IP will be used by the user? is it network connected behind core or distribution ?

How many VDI instances?
At the moment we will have 200 VDI machines

Author

Commented:
Another query;
The client machines communicates in the network with other hosts by VDI ip address or Thin Client machine IP address ?
Tony JohncockLead Technical Architect

Commented:
Clients and thin clients communicate with Citrix StoreFront - either directly or via something like a NetScaler.

I think this will help to clarify things for you:

https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/technical-overview.html

Author

Commented:
Thanks Tony for sharing the guide.

We have been asked by Citrix team to provide the VLAN and Dynamic IP for Windows VDIs. Here the confusion,  they are asking the VLAN for VMs only? So we just need to create only single VLAN for that ?

Because our client network behind is segmented to VLans. Do we need to provide them these VLANs ?
End user itself will use which IP to go to internet for example ? Is it VM assgined IP or VDI or Thin Client.
Please clear this confusion :)
Tony JohncockLead Technical Architect

Commented:
It sounds very much like they are asking for the VLAN details of where the Citrix servers themselves will sit.

So from the guide I linked to, the items in the green box:

 XenApp-VLAN-example.png

Author

Commented:
Thanks that make sense now
Another point, once user login to its desktop, the user will see which under network settings ? Is it the DHCP IP assigned by the access layer network or is it VDI VM IP?
Tony JohncockLead Technical Architect

Commented:
The VDI machines (the ones booting from the master image) require DHCP to work - you would usually assign a dedicated scope.

The VDA (Virtual Desktop Agent) that is part of the image will create the necessary networking components, assign the correct MAC address and join the domain in real time as each VDI machine boots.

Author

Commented:
VDI machines: which machine you mean here, is it the physical device available with end user or a virtual machine created ok citrix server?
Tony JohncockLead Technical Architect

Commented:
Ok so think of the VDI machine as if you were sat at a laptop or desktop.

Or another way to visualise it is basically like any other virtual machine running on a hypervisor such as VMware or Hyper-V.

The VDI machine can refer to either the virtual machine in its entirety, including the virtual hardware and OS or sometimes just the OS, or desktop but in essence it's the same thing - the virtual machine you connect to.

Author

Commented:
As an end user, my IP will be belong to the VLAN that we will share with Citrix for VDI?
Tony JohncockLead Technical Architect

Commented:
Imagine this scenario:

You have a server that you RDP into from your desktop.

Your desktop has an IP address.

Within the RDP session, though, if you run IPCONFIG you will see the server IP address.

Exactly the same in VDI - your workstation/thin client will have an IP address and then within the remote VDI desktop, that desktop will have its own IP address that is different.

Author

Commented:
Its crystal clear
For VDI VLANs, we need to create on distribution switches.
As stated earlier, we want to segment our end users in different vlan due to security and nature of there work.

Author

Commented:
Thanks Tony for your support. Everything is sorted with your guidance and thoughts.
Tony JohncockLead Technical Architect

Commented:
You're more than welcome. Glad you have sorted it to your satisfaction and always happy to help.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial