Download - How to build a Citrix infrastructure on AWS
How to build a Citrix
infrastructure in the Amazon
cloud (AWS)
Denis Gundarev, Senior Consultant, Entisys Solutions
May 8, 2014
Tweet about this session with hashtag #SYN514, #CitrixSynergy and
#GeekSpeak
All links available at http://bit.ly/CitrixOnAWS
About me
Windows PowerShell
Copyright (C) 2014 Microsoft Corporation. All rights reserved.
PS C:\Users\Denis> [System.Security.Principal.WindowsIdentity]::GetCurrent()
AuthenticationType : LiveSSP
IsAuthenticated : True
IsGeek : True
IsSystem : False
IsAnonymous : False
Name : ENTISYS\Denis
User : S-1-5-21-1126498620-3681631189-227381393-500
Groups : {Bay Area Citrix User Group, Citrix Technology Professional, ...}
Email : [email protected]
Twitter : @fdwl
Agenda
What should you know about AWS
Use cases and architecture
What Citrix gives you
What you can and can’t do
Q&A
What should you know about AWS
Global infrastructure
10 Regions
28 Availability Zones
51 Edge Locations
How to fit more text on a slide?
AWS Services
A
ma
zon
Ela
stic
Co
mp
ute
Clo
ud
(EC
2)
A
ma
zon
Clo
ud
Wa
tch
A
ma
zon
Virtu
al P
riv
ate
Clo
ud
(V
PC
)
A
ma
zon
Ela
stic
Blo
ck S
tore
(EB
S)
A
uto
Sc
alin
g
Ela
stic
Lo
ad
Ba
lan
cin
g
A
ma
zon
Re
latio
na
l Da
tab
ase
Se
rvic
e
(RD
S)
A
WS C
lou
dFo
rma
tio
n
A
WS D
ire
ct
Co
nn
ec
t
V
M Im
po
rt/E
xp
ort
A
WS S
tora
ge
Ga
tew
ay
A
ma
zon
Sim
ple
Sto
rag
e S
erv
ice
(S3
)
A
ma
zon
Sim
ple
Wo
rkflo
w S
erv
ice
(SW
F)
A
ma
zon
Ela
stic
Ma
pR
ed
uc
e
A
WS S
up
po
rt
A
ma
zon
Dyn
am
oD
B
A
ma
zon
Sim
ple
Qu
eu
e S
erv
ice
(SQ
S)
A
ma
zon
Sim
ple
No
tific
atio
n S
erv
ice
(SN
S)
A
ma
zon
Ela
stiC
ac
he
A
WS E
last
ic B
ea
nst
alk
A
ma
zon
Sim
ple
DB
A
ma
zon
Clo
ud
Se
arc
h
A
ma
zon
Gla
cie
r
A
ma
zon
Ela
stic
Tra
nsc
od
er
A
ma
zon
Re
dsh
ift
A
WS Im
po
rt/E
xp
ort
A
WS D
ata
Pip
elin
e
H
igh
Pe
rfo
rma
nc
e C
om
pu
tin
g
A
WS C
lou
dH
SM
A
ma
zon
Sim
ple
Em
ail
Se
rvic
e (
SES)
A
ma
zon
Wo
rkSp
ac
es
A
WS C
lou
dTr
ail
A
ma
zon
Ap
pStr
ea
m
A
ma
zon
Kin
esi
s
AWS Services
A
ma
zon
Ela
stic
Co
mp
ute
Clo
ud
(EC
2)
A
ma
zon
Clo
ud
Wa
tch
A
ma
zon
Virtu
al P
riv
ate
Clo
ud
(V
PC
)
A
ma
zon
Ela
stic
Blo
ck S
tore
(EB
S)
A
uto
Sc
alin
g
Ela
stic
Lo
ad
Ba
lan
cin
g
A
ma
zon
Re
latio
na
l Da
tab
ase
Se
rvic
e
(RD
S)
A
WS C
lou
dFo
rma
tio
n
A
WS D
ire
ct
Co
nn
ec
t
V
M Im
po
rt/E
xp
ort
A
WS S
tora
ge
Ga
tew
ay
Compute
•Amazon Elastic Compute Cloud (EC2)
•Auto Scaling
•VM Import/Export
Networking
•Amazon Virtual Private Cloud (VPC)
•Elastic Load Balancing
•AWS Direct Connect
Storage•Amazon Elastic Block Store (EBS)
•AWS Storage Gateway
Databases •Amazon Relational Database Service (RDS)
Deployment & Management
•AWS Identity and Access Management (IAM)
•AWS CloudFormation
•Amazon CloudWatch
AWS Services
EC2 Instance = Virtual Machine
Amazon Machine Image (AMI) = VM Template or Snapshot may be shared or private
Two types of storage available:
Elastic Block Store (EBS) Volume = Virtual Disk, support provisioned IOPS, could be snapshotted,
SAN-based
Instance Store = Local Host storage, SSD option
EBS vs IS? - http://bit.ly/EBSvsIS
EBS Story - http://bit.ly/EBSStory
Elastic Compute Cloud (EC2) Basics
Amazon EC2 Amazon EBS
Availability Zone = Amazon Datacenter (http://bit.ly/AWSDataCenters)
VM Import/Export = Import VMWare vmdk, XenServer/Hyper-V VHD
(http://bit.ly/VMImport)
Instances may run on dedicated hardware
EC2 Compute Unit = equivalent CPU capacity of a 1.0-1.2 GHz 2007 Opteron or 2007 Xeon
processor (http://bit.ly/EC2ComputeUnits)
Instance could retrieve the metadata (http://bit.ly/EC2Metadata)
Elastic Compute Cloud (EC2) Basics
Amazon EC2 Amazon EBS
EC2 Config Service
33 EC2 Instance Types
M3 - General Purpose
•SSD-based
•Sandy Bridge
•1-8 vCPUs
•3.75-30 GB RAM
C3 - Compute Optimized
•SSD-Based
•SRV-IO
•Support for clustering
•Ivy Bridge
•2-32 vCPUs
•3.75-60 GB RAM
R3 - Memory Optimized
•SSD-Based
•2-32 vCPUs
•15-244 GB RAM
G2 – GPU
•NVIDIA GPU
•4GB of video memory
•8 vCPUs
•15 GB RAM
•SSD-Based
I2 - Storage Optimized
•800 GB – 6.4 TB SSD Storage
•4-32 vCPUs
•30-244 GB RAM
•SRV-IO
Special Types
•HS1 – 16 vCPU, 117 GB RAM, 48 TB HDD
•t1.micro - 1 vCPU, 0.613 GB RAM
•m1.small - 1 vCPU, 1,7 GB RAM
http://bit.ly/EC2Instances
VPC (Virtual Private Cloud) = Logically Isolated
Network
Subnet = VLAN
Security Group = Set of Stateful Firewall Rules
Elastic IP address (EIP) = Static “reusable”
public IP address
Amazon Networking
Elastic network interface (ENI) = “reusable”
NIC with assigned internal IP addresses, EIP,
MAC and Security Group mapping
NAT is used for public IP mapping
Dedicated NAT instances
Network ACL = *stateless* firewall between
subnets
Virtual private gateway (VPG) = Amazon
side of VPN connection
Amazon Direct Connect
Amazon Networking
CloudWatch
Basic Monitoring – CPU, Disk, Network at five-minute frequency – Free
Detailed Monitoring - Basic + Status Check at one-minute frequency – for an additional charge
EBS Volumes – Read/Write Bytes, IOPS, Queue, Throughput and Consumed IOPS -Free
Custom Metrics - i.e. any perfmon metric, submitted by a scheduled script
Alarms
Graphs/Statistics
Auto Scaling
CloudWatch
import-module AWSPowerShell
Add-PSSnapin Citrix.XenApp.Commands
$dat = New-Object Amazon.CloudWatch.Model.MetricDatum
$dat.Timestamp = (Get-Date).ToUniversalTime()
$dat.MetricName = "Server Load"
$dat.Unit = "Count"
$dat.Value=(Get-XAServerLoad -ServerName $env:COMPUTERNAME).Load
$inst= New-Object Amazon.CloudWatch.Model.Dimension
$inst.Name = "InstanceId"
$inst.Value=(Invoke-WebRequest http://169.254.169.254/latest/meta-data/instance-id).content
$dat.Dimensions = $inst
VWrite-CWMetricData -Namespace "XenApp" -MetricData $dat -AccessKey EYXUYIVKPHQ -SecretKey 9yqSuAuQciCj -Region us-west-2
mon-put-metrics-mem.ps1 —Collects system metrics on an Amazon EC2 Windows
instance (memory, page file utilization) and sends them to Amazon CloudWatch.
mon-put-metrics-disk.ps1 —Collects system metrics on an Amazon EC2 instance (disk
space utilization) and sends them to Amazon CloudWatch.
mon-put-metrics-perfmon.ps1 —Collects PerfMon counters on an Amazon EC2 instance
and sends them to Amazon CloudWatch.
mon-get-instance-stats.ps1—Queries Amazon CloudWatch and displays the most recent
utilization statistics for the EC2 instance on which this script is executed.
http://bit.ly/CWPowerShell
CloudWatch Monitoring Scripts
Launch Configuration
Auto Scaling Groups
Amazon Relational Database Service (RDS) = Preconfigured VM with Microsoft SQL or
MySQL managed by Amazon
Amazon Route 53 = DNS Hosting
Identity and Account Management
Other AWS Services
Management
Web-based AWS Console https://console.aws.amazon.com
ElasticWolf – Windows, Mac, Linux, FireFox http://www.elasticwolf.com/
AWS Console Mobile App – iOS, Android http://aws.amazon.com/console/mobile/
CLI, PowerShell, Python, Java
AWS Management Pack for Microsoft System Center -
https://aws.amazon.com/windows/system-center/
Hybridfox – FireFox https://code.google.com/p/hybridfox/
Management Consoles
Use cases and architecture
Customer Web Services
XenApp workers
XenApp workersSQL
SQL
DC
DC
DC
DCXenApp
Controller
XenApp
Controller
NetScaler/
Access Gateway
NetScaler/
Access Gateway
XenApp workers
XenApp workersSQL
SQLXenApp
Controller
XenApp
Controller
NetScaler/
Access Gateway
NetScaler/
Access Gateway
User
Zon
eB
Zon
eB
Zon
eA
Zon
eA
Example Deployments
Administrator
Internet
User
NetScaler01
NetScaler02
EIP
NAT Gateway
Pu
blic S
ecuri
ty G
roup
, TC
P 8
0, TC
P 4
43
, IP
SE
C
DMZ (10.0.1.X)
Pri
vate
Secu
rity
Gro
up
, TC
P 8
0, 4
43
, 1
49
4, 2
59
8, 3
38
9, 5
3, 3
89
Private subnet (10.0.1.X)
Domain Controllers
SQL
XenApp Controllers
StoreFront
XenApp Workers
Example Deployments
Availability
Zone A
Availability
Zone B
Asia/Singapore
Availability
Zone B
Availability
Zone A
Asia/Tokyo
AWS Firewall AWS Firewall
AWS Firewall AWS Firewall
WebInterface WebInterface WebInterface WebInterface
NetScaler/Access
Gateway
NetScaler/Access
Gateway
NetScaler/Access
Gateway
NetScaler/Access
Gateway
XenAppXenApp XenApp XenApp
Domain Controller
Domain Controller
Domain Controller
Domain Controller
XenApp SQL XenApp SQL
SQL Mirroring
Configuration
App
Configuration
App
Configuration
App
Configuration
App
Availability
Zone A
Availability
Zone B
US West
Availability
Zone B
Availability
Zone A
US East
AWS Firewall AWS Firewall
AWS Firewall AWS Firewall
WebInterface WebInterface WebInterface WebInterface
NetScaler/Access
Gateway
NetScaler/Access
Gateway
NetScaler/Access
Gateway
NetScaler/Access
Gateway
XenAppXenApp XenApp XenApp
Domain Controller
Domain Controller
Domain Controller
Domain Controller
XenApp SQL XenApp SQL
SQL Mirroring
Configuration
App
Configuration
App
Configuration
App
Configuration
App
Availability
Zone A
Availability
Zone B
EU/Ireland
Availability
Zone B
Availability
Zone A
EU/???
AWS Firewall AWS Firewall
AWS Firewall AWS Firewall
WebInterface WebInterface WebInterface WebInterface
NetScaler/Access
Gateway
NetScaler/Access
Gateway
NetScaler/Access
Gateway
NetScaler/Access
Gateway
XenAppXenApp XenApp XenApp
Domain Controller
Domain Controller
Domain Controller
Domain Controller
XenApp SQL XenApp SQL
SQL Mirroring
Configuration
App
Configuration
App
Configuration
App
Configuration
App
Example Deployments
Example Deployments
• Who are the users and what are our requirementsUser Layer
• How do users gain access to our resourcesAccess Layer
• What resources will we deliver Resource Layer
• How will we manage and maintain the solutionControl Layer
• What do I need to make this happenHardware Layer
Citrix’s 5-layer model
Citrix’s 5-layer model
What Citrix gives you
Sizing Documentation
http://bit.ly/XA65onAWSCalculator
http://bit.ly/XAonAWSEconomics
Product Documentation - http://bit.ly/NSonAWS
Netscaler High Availability Failover does not Occur in AWS Environment
http://bit.ly/NSonAWSHA
Deployment practices and guidelines for NetScaler on Amazon Web Services
http://bit.ly/NSonAWSGuide
Don’t be confused, there is CloudBridge VPX (NetScaler) and Citrix Branch Repeater for
CloudBridge (WanScaler)
NetScaler on AWS
What you can and can’t do
Citrix on AWS
Limitations
No Capacity management in XA/XD 7.x
No Client OS
No Windows Server 2012 R2
No L2, IPV6 on NetScaler
Slow HA on NetScaler
No PVS support
Guidelines
Use XA6.5 with PCM and EC2 Auto
Scaling for dynamic workloads
Use Amazon VPN for site-to-site
connections
Start with basic config
Size instances properly
Be careful with VPC planning and
Security Groups
Email me – [email protected]
Connect with me – http://j.mp/gundarev
Get all reference materials - http://bit.ly/CitrixOnAWS
Join BayCUG http://baycug.meetup.com