Delivering and optimizing citrix from microsoft azure

© 2017 Citrix User Group Community
Delivering and
Optimizing Citrix
from
Microsoft Azure

Marius Sandbu
• Microsoft Azure MVP, Citrix CTP, VMware EUC Champion,
Vmware vExpert NSX, NVIDIA GRID Advisor, Veeam
Vanguard, Nutanix NTC, Networking SIG leader
• Blog: msandbu.org
• Twitter: @msandbu

Dave Brett
• Citrix CTP, myCUGC Networking SIG Leader and DABCC.com
Community Contributor
• Blog: bretty.me.uk
• Twitter: @dbretty

• Basic building blocks and options for delivering Citrix in Azure
• Designing and deploying Citrix in Azure
• Automation and monitoring
• Compute, Networking and high-availability
• Example Architectures
• Tips and tuning
• Scripts & Automation
Agenda

Basic building blocks in Azure
• Azure Resource Manager
Provisioning layer used for deployment of resources in Azure
using different Resource Providers
• Resource Groups
Logical grouping of objects in Azure used for lifecycle management
and role based access control and cost control
• Azure Active Directory
Web based identity service in Microsoft Azure used to
control access to resources in Azure and other third party SaaS
Application Insights
Azure
Active Directory
Azure
Automation
Backup Service Batch
Azure cache
Data Factory
Data Lake
DocumentDB DNS Event Hubs
HDInsight
Azure Key Vault IoT Hub
Azure load balancer
Logic App Media
Services
Machine Learning
Notification
Hubs
Operational Insights Azure
Search Service Bus
Scheduler Azure SQL database
Service Fabric Storage Traffic Manager Virtual machine
VPN Gateway
Stream Analytics
ExpressRoute
AzureContainer
Service
StorSimple
AzureCDN Azure
Security
Center
Cosmos DB
AzureData
Catalog
Web App
Intune
Azure
Container
Registry
AzureApplication Gateway
Site Recovery
Cognitive
Services
AzureData LakeAnalytics
Bot Service
AzureFunctions
PostegreSQL
MySQL
AzureSQL
Datawarehouse
AzureSearch
AzureAdvisor

Where can I deploy?

Azure Resource Manager (ARM)
• Unified orchestration layer against Azure
• Role Based Access Control
Azure AD which defines which type of access an user has to interact or deploy
resources
• Resource Providers
Different providers depending on what kind of resource we want to manage for
instance compute, Network or Storage
• Deployment of ARM Templates
JSON based templates which allows for deployment of all objects in Azure
• Accessed using REST or using UI

Azure Resource Manager - Templates
AzureRM PowerShell deployment
New-AzureRmResourceGroupDeployment –ResourceGroup –Templatefile –TemplateParameterfile
Also works in Azure Stack!

Planning deployment of Citrix in Azure
• Meet user demands
Will a deployment in Azure meet user demands to performance and functionality?
• Cost
What will a deployment of Citrix in Azure Actually cost us? And is cloud cheaper?
• Features
Logical grouping of objects in Azure used for lifecycle management
and role based access control and cost control
• Management and provisioning
How to do smart management of infrastructure and what kind of deployment model to use?
• Responsibility model when moving to the cloud
Security still our responsibility – Patching, Maintance & Management

Some limitations in Azure
• GPU support
Supports GPU-passtrough only with NV-series – limited support for high-end storage
NVIDIA and Microsoft announced new N series
• Specific VM sizes
No custom VM sizes need to have specific VM instance types
• Specific IOPS or Disk sizes
Standard storage or Premium Storage – Max 4 TB disk size
• Hypervisor and provisioning options
No access to hypervisor limited to MCS setup
• Network limitation
Azure uses network virtualization and therefore no layer two support
• Initial subscription default limit
https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits
• Supported virtual machine workloads  http://bit.ly/2thxIEF
• Lacking support for platform services in Azure for Citrix

On-premises vs Citrix Cloud
Citrix Cloud
Active
Directory
Hypervisor
VDAs
Cloud Connector
IdentityProvisioningProxyAuthentication
NetScaler
(Optional)
Storefront
(Optional)
Active
Directory
Hypervisor
VDAs
Desktop Delivery Controller
IdentityProvisioningAuthentication
NetScaler
Storefront
SQL
Database
On-premises
XenDesktop
• Both On-premises and Citrix Cloud supports Azure provisioning
• Citrix Cloud can be used against
• XenApp Essentials
• XenDesktop Essentials
• Apps and Desktop Service
• NetScaler and Storefront as a service
optional
• Storefront as a service
• No Optimal Gateway Routing
• No UI customization
• No MFA
• No HTML5 Receiver

Deployment options
XenApp Essentials
• Azure only service
• Apps only
• NGaaS only
• Uses Azure MCS
• Smart Scale included
• No Studio Access
• Citrix monthly subscription
XenDesktop Essentials
• Azure only Service
• Desktops only
• NGaaS or NetScaler
• Uses Azure MCS
• Smart Scale included
• Limited Studio Access
• Microsoft EA only
• Windows 10 CBB Enterprise
User mode
Citrix Cloud
• Multiple Clouds
• Apps and Desktops
• NGaaS or NetScaler
• Use Azure MCS
• Smart Tools included
• Full Studio Access
• Can be used to deploy VDI
• 12$ User/month
• Does include from Microsoft RDS
• Minimum 25 users
• 12$ User/month
• Does not include RDS
• 270$ year
• Does not include RDS
https://blogs.windows.com/business/2017/07/10/windows-
virtualization-use-rights-coming-to-csp/

Remote Access options
NetScaler Gateway as a Service
• Fully Managed NetScaler Service
• No need to Public IP or Certificate
• Need 2x CWC Connector for HA
• Limited to ICA Proxy
• No support for AppFlow or Storefront options
such as Optimal Gateway Routing
• No Support for MFA
POP’s in Azure: Azure South Central US ii. Azure West Europe iii. Azure
Australia East iv. Azure East US v. Azure West US vi. Azure North Europe
vii. Azure Japan East viii. Azure Brazil South ix. Azure Southeast Asia
NetScaler Gateway IaaS
• Available from Marketplace in Azure with
BYOL
• Maintained as regular VPX
• Requires 2x in the same availability
groups for HA
• L2 capabilities limited because of network
architecture in Azure (GARP, Bridge Mode,
VLAN, L2 Mode, USIP)
• NB: Enlightened data transport not working in
Azure yet Will be fixed soon!
• NetScaler in Azure? More info on the previous
webinar 
NB: Want to deploy it using ARM? Look at http://bit.ly/2ue9ejW

Identity options
• Active Directory on IaaS
• Azure Active Directory
Web based identity service with support for web based
authentication protocols
• Pass-trough or Federation?
• Office365
• Enable modern authentication
• Use with Windows 10 Azure AD join and Citrix FAS
• Setup  http://bit.ly/2rzPWRJ
• Can also be used with Citrix Cloud Admin
• Not end-users

Identity options
• Azure Active Directory Domain Services
• “AD-as-a-service” with Azure AD Currently only supported in
Classic mode using VNET Peering
• Cannot be used in Hybrid model
• Preview now in ARM  http://bit.ly/2vzyX2E
Domain or Enterprise
administrator privileges
✕ ✓
Domain join ✓ ✓
Domain authentication using
NTLM and Kerberos
✓ ✓
Kerberos constrained
delegation
resource-
based
resource-based &
account-based
Custom OU structure ✓ ✓
Schema extensions ✕ ✓
AD domain/forest trusts ✕ ✓
LDAP write ✕ ✓
Group Policy ✓ ✓
Geo-distributed deployments ✕ ✓

Role based access control for helpdesk
• Azure AD supports role based access
• Has a number of built-in custom roles
• Access can be given to a resource group or object
• Custom roles can be created using PowerShell or REST
• NOTE: Does not affect access inside Guest OS
• Built-in roles  http://bit.ly/2uwxk8J
• Example: Create Helpdesk operator role to restart VM’s
$role = Get-AzureRmRoleDefinition “Virtual Machine Contributor”
$role.Id = $null
$role.Name = “Reboot Helpdesk Operator”
$role.Description = “Can restart virtual machines.”
$role.Actions.Clear()
$role.Actions.Add(“Microsoft.Compute/virtualMachines/read”)
$role.Actions.Add(“Microsoft.Compute/virtualMachines/restart/action”)
$role.AssignableScopes.Clear()
$role.AssignableScopes.Add(“/subscriptions/subscriptionID”)
New-AzureRmRoleDefinition -Role $role

Azure Resource Locks and Resource Policies
• Azure Resource Locks
• Allows to lock single resources or resource groups
• Ensure that no one deletes or overwrites resources
• Or using PowerShell
• New-AzureRmResourceLock -LockName LockGroup
-LockLevel CanNotDelete ` -ResourceGroupName example
• Resource Policies
• Restrict usage of certain resources
• Disallow certain locations
• Disallow certain resource types
• Disallow virtual machine SKU’s
• Enforcing tags and value

• Virtual Network
• Contained within a single region and Vnet peering
• Contains one or more subnets
• DHCP and DNS controlled by Azure
• Network Security Groups
• Dynamic IP’s & Public IP’s
• First three IP’s and last IP reserved in each subnet are reserved
• Forwarder DNS  168.63.129.16
• VPN or Direct Connectivity
• S2S VPN for Hybrid Scenario
• S2S VPN Requires specific MSS = 1350
• Cannot have overlapping IP addresses
• Software based VPN now supports up to 1,25 Gbps
• Max 30 Site-to-site VPN w/Multi-site
• Active / Active
• BGP
Networking
Virtual Network 10.0.0.0/23
Default Subnet 10.0.0.0/24
Region = North Europe
10.0.0.4 10.0.0.5 10.0.0.6
Network Security
Group
Public IP
Gateway
10.0.0.1
DNS
IP-forwarding
Static or Dynamic
Multi IP
DNS
specified
Internal Subnet 10.0.1.0/24
10.0.1.4 10.0.1.5

Highly available services in Azure
• Load Balancer
• Deals with L4 traffic both internally and externally
• It’s free
• Basic Health Monitoring
• Application Gateway
• Deals with HTTP/HTTPS/Web Socket traffic L7
• Application Load Balancing, SSL Offloading
• WAF – OWASP top 10
• Traffic Manager
• DNS based load balancing
• Performance, Geographic, Priority, Weighted

• Disk layout
• Built-in drives
• Premium Storage vs Standard (DS vs D series)
• One or more data disks
• Standard 99,95% and Premium Disk 99,99%
• One Storage Account for 40 VM’s
• High-availability
• Availability Sets to manage updates and fault domains
• Create Availability sets before creating machines
• Managed disks vs Storage Accounts
• Running a Cluster in Azure
• Storage Spaces Direct for user profile disks with cloud witness
• Storage Spaces Direct for SQL Failover Cluster with cloud witness
• Backup using either Agent based or Azure Backup Services
Compute

• Different compute instance have different restrictions
• Type of NIC Bandwidth
• Check if RSS is enabled inside your VM
• Amount of Data Disks (x 4 TB Standard or Storage Premium)
• Not always SSD on local drive
• List of instance sizes --> http://bit.ly/2tmcpWy
• Citrix recommends D2v2 series
• Av2 series an alternative
• Note: A series can use a series of different
hardware types and processors
Compute instances
Instance type Bandwidth
High D2_v2 1500 Mbps
A2 500 Mbps
Extremely high D5_v2 15000 mbps
Moderate D1_v2 750 Mbps
D12_v2 3000 mbps

Provisioning with MCS
Requirements:
• Requires an existing Azure subscription
• An Azure AD Account which has Contributer rights
to the subscription (Script on last slide for narrow
service principle configuration
• ARM virtual network and subnet in the preferred
region, uses either a LRS or Premium Storage
• Can support HUB (Hybrid Use Benefits) and
different instance types available in the region
• Master image created from a snapshot VHD blob
on a stopped VM
• Maximum of 800 virtual machines in a resource
group, will automatically create a new storage
account per 40 VM's
Use Azure Files to upload software you need for
easy access between on-premises and guest-os

Provisioning with MCS
Use Azure based image
• Setup virtual machine in Azure using ARM automation
• Stop virtual machine to be deallocated
• Copy VHD to image Storage Container
• Used for Rollback purposes
• Update Machine Catalog
Automate image process using Packer or ARM
Use On-premises VHD file
• Install Azure Agent on base image
(https://go.microsoft.com/fwlink/?LinkID=394789&clcid=0x409)
• Upload VHD using PowerShell, using Azure Storage Explorer or
AzCopy
• Remember limitations: VHD only and disk size
• Add-AzureRMVHD -ResourceGroupName OnPremVHDStore -Destination
“https://example.blob.core.windows.net/example/example.vhd” -
LocalFilePath “D:xa-vda.vhd”
Storage blobStorage blobStorage blob Storage blobStorage blob
Base image
Copy VHD Update Machine
Catalog
Storage
Account Images
Container
XenApp Hosts

Wizard setup

Provisioning with MCS – Managed disks
Managed Disk
• Default option when setting up VM’s in Azure in ARM
• No longer limited by IOPS in a Storage Account
• Up to 10,000 VM’s in a subscription
• Better reliability
• Only support for LRS
• Support for Managed Disk Snapshot copy
• Encrypted by default
• Not supported by MCS yet
• Supported by Azure Backup
• Building Golden image using Managed Disks?
Copy script on last slide

Setting up environment for XenApp Essentials in Azure
 Have an active Azure Subscription
 Create an virtual network in the closest region
 Active user in Azure Active Directory that can
be used for provisioning
 Add the user as owner/contributer to
subscription
 Create a Active Directory Domain in the
virtual network
 Change the virtual network DNS to point
to your Active Directory DNS

• Log Analytics – OMS
• Azure Monitor
All Azure related notification, changes and health
• Base Metrics in Azure
Monitoring basic metrics using Agent and triggers alerts
• Logic Apps
UI based integration services using Connectors
Try it! Tweet #azure #citrix #CTPpower
• Azure Automation
Allows for runbooks based upon PowerShell or PowerShell DSC
• Status notification from Azure and Citrix Cloud
https://azure.microsoft.com/en-us/status/ Azure Service Health Dashboard
https://status.cloud.com/ - Webhook notification
• Octoblu – Mr Dave “Octoblu” Brett
Automation and Monitoring

• Log gathering based upon packs and source
• Can be used with free tier
• Sources
• Linux / Windows / Syslog / Azure / Office 365 / REST API
• Event Logs, Custom Files, Network, Performance Counters and such
• Intelligence Packages
• Security and Audit
• Network Performance Monitor, Service Map
• Citrix packages in tech preview
• Triggers – Webhook or Azure Automation
• Example, block incoming connection attempts http://bit.ly/2segwAh
Automation and Monitoring – Log Analytics

• Delivers Citrix information and events to Log Analytics
• Based on ComTrade
• Requires to have OMS agent and then Citrix agent
• Delivers real-time information
• Logon count per Site
• Average logon duration per Site
• Delivery Groups sorted by number of desktops
• Availability of Delivery Groups as a percentage
• Delivery Groups that are in maintenance mode
• Server OS machines by highest load index
• Number of unique users per Delivery Group
• Users with slow logon time detection
• Setup  http://bit.ly/2oNeoge
• Or Community based Free OMS agent  http://bit.ly/2tAsSll
Log Analytics – Citrix

• Smart Scale
Allow for automatic scaling up and down on resources
based upon schedule and load.
• Only support for XenApp hosts
• Support for VDI desktops is currently in "preview."
• Follow news and updates --> http://bit.ly/2veM5es
• Azure Advisor
Microsoft Azure optimizer feature which can advise on
low utilization and recommend optimization tips
• Free Service and useable using REST API
• Does not scan applications running inside guest OS
• Pay Attention to updates
• https://azure.microsoft.com/en-us/roadmap/
• Use the Citrix Azure Cost calculator
https://costcalculator.azurewebsites.net/
Optimizing cost

• Check the latency to your closest region  http://azurespeed.com/
• Check if you can optimize routing to another peer to get lower latency to that region
• Web Facing servers in Azure should have other TCP profile “Set-NetTCPProfile”
• Windows Server 2016 RS3 makes a lot of difference on this part!
• Microsoft publishes Azure’s public IP ranges here  https://www.microsoft.com/en-
us/download/confirmation.aspx?id=41653
• Also makes the IP addresses quite popular for hackers 
• Add local user accounts to your virtual machines, in case of failure
• If already using regular (non premium) Storage run this to enable TRIM support
fsutil behavior set DisableDeleteNotify 0
• Moving public facing DNS to Azure DNS also allows for automated deployment
• Do not install SQL based applications on C: or D:
• Look at what kind of storage redundancy you are using
• Do not rename the resource groups that MCS creates or that will break the connection
Tips and tuning

• Scheduled Maintance?
curl -H Metadata:true http://169.254.169.254/metadata/instance?api-version=2017-04-02
• Not all services are available in all regions so check before starting
• Enable Boot Diagnostics on virtual machines to see what is going on in the VM
• XenDesktop Essentials Microsoft VDI optimization  https://docs.microsoft.com/en-us/windows-
server/remote/remote-desktop-services/rds-vdi-recommendations
• Citrix VDI optimization  https://support.citrix.com/article/CTX216252
• Using a consistent naming standard for resource groups
• Environment-Location-Role-RG as an example for resource groups
• Start learning ARM templates and building your own templates
• https://github.com/Azure/azure-quickstart-templates
Tips and tuning

• Trouble with Citrix Cloud Connector?  https://support.citrix.com/article/CTX221535
• Check C:ProgramDataCitrixWorkspacecloudLogs
• Hybrid? Check time sync https://support.citrix.com/article/CTX206522
Azure Guests by default sync with Hypervisor time
• Using Proxy with Cloud Connector? Configure Browser Proxy “Netsh winhttp import proxy source =ie
• Trouble provisioning? Check the Activity Log under the Resource Group in the Azure Portal
• Trouble provisioning? Check that the service principal has access to create resources in the subscription
• Trouble provisioning? Check that you have sufficient quota in Azure
• Trouble finding the VHD in the Wizard? Not supported with Managed disks
• Trouble provisioning? Check that the virtual machine containing the master image is shut down
• Networking not working? Enable Network Watcher in Azure or check NSG rules flow in Log Analytics
• Network Watcher needs to be enabled on subscription level
• Can download PCAP file and do packet trace
• Does not support Azure LB
Troubleshooting

• Use of Managed disks for non MCS resources
• Use Log Analytics free tier to do alerting and react
• Using Azure DNS for automation of external DNS
• Smart scale used to manage VDA’s
• A2v2 for Cloud Connectors
• Azure Recovery Services used to backup critical
Components
• Azure AD connect configured user lifecycle management
• NetScaler setup behind Azure LB for HA purposes
• 168.63.129.16 used to probe from Azure LB
Example architecture – Cloud only
Citrix Cloud
Microsoft Azure
Availability Set
Domain Controllers
Availability Set
Cloud Connectors
Azure Recovery
Services
Server VDA s XenDesktop
MCS provisioned
Azure Active
Directory
Authentication &
Management
IT-Administrators
Sync
Availability Set
Azure AD Connect
Primary and Staged
Public IP
Availabilty Set
NetScaler VPX
ICA
SESSION
Azure load balancer
Availabilty Set
Storefront
Azure Log
Analytics
Azure DNS
msandbu.org
Scale up or
Scale down
Endusers
Azure
Automation

Example architecture - Hybrid
• Use of Zones (Primary on-premises and Satelitte Zone in Azure)
• Optimal Gateway Routing
• Each Zone has its own Hypervisor Connection (Azure)
• Be aware of latency between Primary and Satelitte Zone

Example architecture – Multi Region Self Managed
• NetScaler and Unified Gateway running in both regions
with Multiple IP Addresses
• ADNS Service in both regions
• DNS Delegated to ADNS Servive
• StoreFront Clusters in both regions in Availability set
with NetScaler Load Balancer
• Controllers in both regions for both Zones in
Availability set
• Apps and Desktops split across both regions
• Highly available SQL Instance split across regions

• XenApp Essentials deployment guide
http://bit.ly/2uqiJvW
• Active Directory Deployment in Azure
http://bit.ly/2twYY18
• XenDesktop Essentials deployment guide
http://bit.ly/2twhsip
• Customize deployment into specific Resource Groups
http://bit.ly/2u19sI0
• Using Citrix with Azure ASR
http://bit.ly/2u0v2MG
• Deployment guide for Citrix in Azure
http://bit.ly/2uqhkW9
• Advanced Concepts Citrix Cloud and Azure
http://bit.ly/2uFmptj
More reading material

Citrix and Azure – Getting Started
• Bunch of Marketplace items already
available in Azure
• A lot of ARM templates for automating
deployment of Citrix in Azure here 
• https://github.com/citrix/Citrix-Cloud-
ResourceLocation-Arm-Template
• Auto shutdown feature
• Build, Destroy and repeat!
Remove-AzureRmResourceGroup
• Citrix & Azure Whitepaper coming soon!

Citrix and Azure – Moving forward roadmap
• Improved Provisioning performance
• Support for Linux VDA in Azure
• Support for Azure Goverment*
• Support for Managed Disks
• Support for Azure Disk Encryption
#SYN318  https://www.youtube.com/watch?v=jnnZTKBy18c

Scripting and working with Azure PowerShell?
# Install the Azure Resource Manager modules from the PowerShell Gallery
Install-Module AzureRM
#Import Module to PowerShell Session
Import-Module AzureRM
# Login to Azure Account
Login-AzureRmAccount
# or we can use the Add-AzureRMaccount with a lokal AccessToken if we have older version of Azure cmdlets
Save-AzureRmProfile -path c:mydirmyprofile.json
Select-AzureRmProfile -Path c:mydirmyprofile.json
Latest Azure PowerShell cmdlets
Save-AzureRmContext -Path c:mydirmyprofile.json
Import-AzureRmContext -Path c:mydirmyprofile.json

Competition!
How many times did this guy appear in
the webinar? (Excluding on this slide….)

Scripts for update VHD
Update VHD
Login-AzureRmAccount
# VHD blob to copy #
$blob = «xaimage.vhd"
# Source Storage Account Information #
$sourceStorageAccountName = "rdshwesteuropestorage1"
$sourceKey = AccessKey
$sourceContext = New-AzureStorageContext –StorageAccountName $sourceStorageAccountName -StorageAccountKey $sourceKey
$sourceContainer = "vhds"
# Destination Storage Account Information #
$destinationStorageAccountName = " rdshwesteuropestorage1 "
$destinationKey = AccessKey
$destinationContext = New-AzureStorageContext –StorageAccountName $destinationStorageAccountName -StorageAccountKey $destinationKey
# Create the destination container #
$destinationContainerName = "basevhd"
New-AzureStorageContainer -Name $destinationContainerName -Context $destinationContext
# Copy the blob #
$blobCopy = Start-AzureStorageBlobCopy -DestContainer $destinationContainerName -DestContext `
$destinationContext -SrcBlob $blob -Context $sourceContext -SrcContainer $sourceContainer

Scripts to create service principal
Create Service Principal for Azure AD use
Login-AzureRmAccountparam(
[string]$applicationName = "CitrixAccess",
[Parameter(Mandatory=$true)][string]$applicationPassword,
[Parameter(Mandatory=$true)][string]$subscriptionId
)
## Just to create a AzureAD Application to act as a service principal
$application = New-AzureRmADApplication -DisplayName $applicationName -HomePage "https://localhost/$applicationName" `
-IdentifierUris "https://$applicationName" -Password $applicationPassword
New-AzureRmADServicePrincipal -ApplicationId $application.ApplicationId
# Wait for the service principal to become available
Start-Sleep -s 60
New-AzureRmRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $application.ApplicationId `
-scope "/subscriptions/$subscriptionId"
Write-Host ("Application ID: " + $application.ApplicationId)
https://support.citrix.com/article/CTX219243

Scripts to create hypervisor connection
Create Hypervisor Connection in Citrix Studio
param(
[string]$connectionName = "AzureConnection",
[Parameter(Mandatory=$true)][string]$applicationId,
[Parameter(Mandatory=$true)][string]$applicationPassword,
[Parameter(Mandatory=$true)][string]$subscriptionId,
[Parameter(Mandatory=$true)][string]$subscriptionName,
[Parameter(Mandatory=$true)][string]$tenantId
)
Add-PsSnapin Citrix*
$customProperties = @"
<CustomProperties xmlns="http://schemas.citrix.com/2014/xd/machinecreation" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Property xsi:type="StringProperty" Name="AuthenticationAuthority" Value="https://login.microsoftonline.com/"/>
<Property xsi:type="StringProperty" Name="ManagementEndpoint" Value="https://management.azure.com/"/>
<Property xsi:type="StringProperty" Name="StorageSuffix" Value="core.windows.net"/>
<Property xsi:type="StringProperty" Name="TenantId" Value="$tenantId"/>
<Property xsi:type="StringProperty" Name="SubscriptionId" Value="$subscriptionId"/>
<Property xsi:type="StringProperty" Name="SubscriptionName" Value="$subscriptionName"/>
</CustomProperties>
"@
$connection = New-Item -ConnectionType "Custom" -CustomProperties $customProperties -HypervisorAddress @("https://management.azure.com/") `
-Path @("XDHyp:Connections$connectionName") -Persist -PluginId "AzureRmFactory" -Scope @() `
-SecurePassword (ConvertTo-SecureString -AsPlainText -Force $applicationPassword) -UserName $applicationId
New-BrokerHypervisorConnection -HypHypervisorConnectionUid $connection.HypervisorConnectionUid

Scripts to create OMS workspace
Create OMS worksapce
$ResourceGroup = "oms-example"
$WorkspaceName = "log-analytics-" + (Get-Random -Maximum 99999) # workspace names need to be unique - Get-Random helps with this for the example code
$Location = "westeurope"
# List of solutions to enable
$Solutions = "Security", "Updates", "SQLAssessment"
# Create the resource group if needed
try {
Get-AzureRmResourceGroup -Name $ResourceGroup -ErrorAction Stop
} catch {
New-AzureRmResourceGroup -Name $ResourceGroup -Location $Location
}
# Create the workspace
New-AzureRmOperationalInsightsWorkspace -Location $Location -Name $WorkspaceName -Sku Standard -ResourceGroupName $ResourceGroup
# List all solutions and their installation status
Get-AzureRmOperationalInsightsIntelligencePacks -ResourceGroupName $ResourceGroup -WorkspaceName $WorkspaceName
# Add solutions
foreach ($solution in $Solutions) {
Set-AzureRmOperationalInsightsIntelligencePack -ResourceGroupName $ResourceGroup -WorkspaceName $WorkspaceName -IntelligencePackName $solution -Enabled $true
}
#List enabled solutions
(Get-AzureRmOperationalInsightsIntelligencePacks -ResourceGroupName $ResourceGroup -WorkspaceName $WorkspaceName).Where({($_.enabled -eq $true)})

Scripts to create custom helpdesk role in Azure
Create custom role Azure AD
$role = Get-AzureRmRoleDefinition “Virtual Machine Contributor”
$role.Id = $null
$role.Name = “Reboot Helpdesk Operator”
$role.Description = “Can restart virtual machines.”
$role.Actions.Clear()
$role.Actions.Add(“Microsoft.Compute/virtualMachines/read”)
$role.Actions.Add(“Microsoft.Compute/virtualMachines/restart/action”)
$role.AssignableScopes.Clear()
$role.AssignableScopes.Add(“/subscriptions/subscriptionID”)
New-AzureRmRoleDefinition -Role $role

Scripts to create snapshot managed disk and copy
# Take Snapshot of Managed Disks# Source VM Details START $resourceGroupName = 'MSANDBUtest'
$location = 'westeurope'
$dataDiskName = 'msandbu_OsDisk_1_e10a5ca28e6546c2b3c58634ae0b5916' $snapshotName = 'vm01_snapshot'$disk =
Get-AzureRmDisk -ResourceGroupName $resourceGroupName -DiskName $dataDiskName$snapshot =
New-AzureRmSnapshotConfig -SourceUri $disk.Id -CreateOption Copy -Location $locationNew-AzureRmSnapshot -Snapshot
$snapshot -SnapshotName $snapshotName -ResourceGroupName $resourceGroupName
# Copy snapshotGet-AzureRmSnapshot -Name $snapshotName -ResourceGroupName $resourcegroupName$sasExpiryDuration =
"3600«
$storageAccountName = "msandbutest2"$storageContainerName = "vhd«
$storageAccountKey
='wIVvedHPhTASHCyZpCZkC/FtXVR94BXnTCpi42pEpa3IX9qzuruwiVoSvKQkEhSFqrk4zMOcQGBS9jGWnyRLag=='$destinationVHDFileName
= "updatevhd"$sas = Grant-AzureRmSnapshotAccess -ResourceGroupName $ResourceGroupName -SnapshotName $SnapshotName
-DurationInSecond $sasExpiryDuration -Access Read $destinationContext = New-AzureStorageContext –
StorageAccountName $storageAccountName -StorageAccountKey $storageAccountKey #Copy the snapshot to the storage
account Start-AzureStorageBlobCopy -AbsoluteUri $sas.AccessSAS -DestContainer $storageContainerName -DestContext
$destinationContext -DestBlob $destinationVHDFileName

Delivering and optimizing citrix from microsoft azure

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Delivering and optimizing citrix from microsoft azure

Ähnlich wie Delivering and optimizing citrix from microsoft azure (20)

Mehr von Marius Sandbu

Mehr von Marius Sandbu (6)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Delivering and optimizing citrix from microsoft azure

Hinweis der Redaktion