Using XenDesktop with VMware
Using XenDesktop with VMware Infrastructure 3 or vSphere 4 require a few extra steps to set up and configure. VMware Infrastructure 3 and vSphere 4 both have a few different steps for XenDesktop Delivery Controller and XenDesktop Setup Wizard communication along with the proper permissions for the account used to connect to your Virtual Center or vCenter server. In this blog post I am going to go over the steps to set up and configure XenDesktop Delivery Controller and the XenDesktop Setup Wizard communication along with the permissions needed for both VMware Infrastructure 3 and vSphere 4.
XenDesktop Delivery Controller and VMware Infrastructure 3 – Virtual Center 2.5
Virtual Center HTTPS Access
- On the Virtual Center server browse to Documents and SettingsAll UsersApplication DataVMwareVMware VirtualCenterSSL and copy the rui.crt to your XenDesktop Delivery Controller(s) and Provisioning Server(s) with the XenDesktop Setup Wizard.
- Open an MMC and the Certificates snap-in to manage Certificates for the Computer Account on the XenDesktop Delivery Controller(s) and Provisioning Server(s) with the XenDesktop Setup Wizard.
- Expand Certificates > Trusted Root Certificates > Certificates and import the rui.crt.
- Create a host file entry for vmware with the IP address of the Virtual Center server on your XenDesktop Delivery Controller(s) and Provisioning Server(s) with the XenDesktop Setup Wizard. You can also create DNS entry for vmware pointing to your vCenter server instead of editing hosts files on your servers.
- In the Hosting Infrastructure section when creating a desktop group on the XenDesktop Delivery Controller or on the Provisioning Server when the running the XenDesktop Setup Wizard, select VMware Virtualization for the Hosting Infrastructure and enter https://vmware/sdk for the Virtual Center address.
Virtual Center HTTP Access
- Logon to the Virtual Center server.
- Browse to Documents and SettingsAll UsersApplication DataVMwareVMware VirtualCenter.
- Open proxy.xml with the text editor of your choice and find the /sdk section. Change the accessMode to httpAndHttps.
- Restart the vCenter services.
- In the Hosting Infrastructure section when creating a desktop group on the XenDesktop Delivery Controller or on the Provisioning Server when the running the XenDesktop Setup Wizard, select VMware Virtualization for the Hosting Infrastructure and enter http://Virtual Center Server IP address/sdk for the Virtual Center address.
XenDesktop Delivery Controller and vSphere 4 and 4.1
vCenter HTTPS Access
- On the vCenter server browse to Documents and SettingsAll UsersApplication DataVMwareVMware VirtualCenterSSL (Windows 2003) or ProgramDataVMwareVMware VirtualCenterSSL (Windows 2008) and copy the rui.crt to your XenDesktop Delivery Controller(s) and Provisioning Server with the XenDesktop Setup Wizard.
- Open an MMC and the Certificates snap-in to manage Certificates for the Computer Account on the XenDesktop Delivery Controller(s) and Provisioning Server(s) with the XenDesktop Setup Wizard.
- Expand Certificates > Trusted Root Certificates > Certificates and import the trusted root certificate for the SSL certificate copied from the vCenter server in step 1. Also import the certificate to the Trusted People Store.
- For XenDesktop 3.0 – On the XenDesktop Delivery Controller(s) install Citrix XenDesktop hotfix XDE300PM003 and on the Provisioning Server(s) install XenDesktop Setup Wizard XDE300SW001. For XenDesktop 4.0 – On the Desktop Delivery Controller(s) install Citrix XenDesktop hotfix XDE400PM004 and on the Provisioning Server(s) install XenDesktop Setup Wizard XDE400SWx86001 for 32 bit or XDE400SWX64001 for 64 bit.
- Create a host file entry for vmware with the IP address of the vCenter server on your XenDesktop Delivery Controller(s) and Provisioning Server(s) with the XenDesktop Setup Wizard. You can also create DNS entry for vmware pointing to your vCenter server instead of editing hosts files on your servers.
- In the Hosting Infrastructure section when creating a desktop group on the XenDesktop Delivery Controller or on the Provisioning Server when the running the XenDesktop Setup Wizard, select VMware Virtualization for the Hosting Infrastructure and enter https://vmware/sdk for the Virtual Center address.
vCenter HTTP Access
- Logon to the vCenter server
- Browse to Documents and SettingsAll UsersApplication DataVMwareVMware VirtualCenter (Windows 2003) or ProgramDataVMwareVMware VirtualCenterSSL (Windows 2008).
- Open proxy.xml with the text editor of your choice and find the /sdk section. Change the accessMode to httpAndHttps.
- Restart the vCenter services.
- In the Hosting Infrastructure section when creating a desktop group on the XenDesktop Delivery Controller or on the Provisioning Server when the running the XenDesktop Setup Wizard, select VMware Virtualization for the Hosting Infrastructure and enter http://vCenter server IP address/sdk for the Virtual Center address.
Virtual Center and vCenter Permissions
When using XenDesktop with VMware make sure you use an account with the proper permissions to connect to the Virtual Center or vCenter server. This account will be used for both the XenDesktop Delivery Controller and the XenDesktop Setup Wizard to connect to Virtual Center or vCenter.
The account used for XenDesktop Delivery Controller and the XenDesktop Setup Wizard to communicate to Virtual Center or vCenter will need the following permissions. The following permissions need to be propagated to the lower levels in the Virtual Center or vCenter tree. Create a role in Virtual Center or vCenter for XenDesktop with the following permissions:
At the Hosts and Clusters Node
For a complete overview of using XenDesktop with VMware see Citrix eDocs VMware and XenDesktop.
As you can see, using XenDesktop with VMware is pretty straight forward. I recommend using HTTPS access over HTTP access. Using HTTPS access is more secure than HTTP access and doesn’t require modifying the proxy.xml file on your Virtual Center or vCenter server. Note: Using the default Virtual Center or vSphere certificate is not recommended for production use. To change the default SSL certificate see Replacing Virtual Center Server Certificates in Virtual Infrastructure 3 or Replacing vCenter Server Certificates in vSphere 4. To use an Enterprise CA certificate like Microsoft Certificate Services see Replacing vSphere SSL Certificates over at the VirtualVCP IT Virtualization blog.
If you have found this article interesting or if you have any other insights, please feel free to leave comments on this article.
Thanks mate. Good article you got going on here. Got some more sites to point to with more stuff like this?
Just tried the steps on vCenter 4.0 Update 2 with ESX 4.0 Update 2 and not a good fit. After editing the proxy.xml file and adding the “httpand ” text and then restarting the services they would not start. I had to remove the “httpand” and everything is good now
Jim
I’ve looked all over and no one has answered this – does VMware SDK NEED to be INSTALLED on the vCenter server in order for this to work?
It is installed when you install Virtual Center. It’s on the Virtual Center server. You have to give unsecure access to it or use secure acccess with the default certificate or install a 3rd party certificate.
Hi Jarian,
Thanks for all those information on vcenter.
Am using vcenter(vSphere) 4.1 to store all my xendesktop and am using a data store called xendesktop store. One day last week we weren’t able to connect to any of our xendesktop. We noticed that all our xendesktop in vSphere had a question mark with a displaying message stating that we were out of space for that datastore. After adding 50 GB space to that datastore we were able to start the 10 xendesktop.
Yesterday we had the same problem. We are not sure what is causing this problem. We did not add any machine to the desktop group. We did not install any software. Any idea what would be eating up the space like that?
Article has been updated with latest udpates. Thanks!