Using XenDesktop 5 with VMware
Last year I blogged about using VMware with XenDesktop. That article was focused on XenDesktop 4 and VMware integration. With the recent release of XenDesktop 5, it’s time for an updated article. In this blog post I am going to go over using XenDesktop 5 with VMware.
vCenter HTTPS Access
1. If it doesn’t already exist, create a DNS entry for your vCenter server. Another option would be to create a host file entry on your XenDesktop Delivery Controllers and Provisioning Servers for your Virtual Center/vCenter server.
2. Using your browser connect to the FQDN of the vCenter server. You should get a warning about the website’s security certificate. Click continue to this website (not recommended).
3. Click the Certificate Error in the Security Status bar and select View certificates. Once you can see the vCenter certificate, Click Install Certificate.
4. When the Certificate Import Wizard comes up, select Place all certificates in the following store and click Browse.
5. When Select Certificate Store comes up, select Show physical stores then expand Trusted People and then select Local Computer and click Ok.
6. When the Certificate Import Wizard completion screen comes up, click Finish.
7. You will get prompted when the import is successful, click Ok.
8. Close the browser and reopen it. You should be able to browse to your vCenter server without getting any certificate errors.
vCenter role for XenDesktop
When setting up the XenDesktop role in vCenter, the permissions listed in the Citrix eDocs are from the SDK programming guide and some permissions are not what is actually shown in the add a new role dialog box. Differences in permissions are noted below in bold.
Create a role in vCenter with the following permissions:
- Datastore Permissions
- Allocate space
- Browse datastore
- File management is listed in Citrix eDocs but it is Low level file operations in vCenter
- Network Permissions
- Assign network
- Resource Permissions
- Assign virtual machine to resource pool
- System Permissions – These permissions are automatically added when you create a role in vCenter.
- Anonymous
- Read
- View
- Task Permissions
- Create Task
- Virtual Machine/Configuration Permissions
- Add existing disk
- Add new disk
- Change CPU count
- Configure Resource is listed in the Citrix eDocs but it is Change resource in vCenter
- Memory
- Remove disk
-
Virtual Machine/Interaction
-
Power Off
-
Power On
-
Reset
-
Suspend
-
- Virtual Machine/Inventory
- Create is listed in the Citrix eDocs but it is Create New in vCenter
- Create from existing
- Delete is listed the Citrix eDocs but is Remove in vCenter
- Register
- Virtual Machine/Provisioning
- Clone is listed in the Citrix eDocs but it is Clone virtual machine in vCenter
- Disk Random Access is listed in the Citrix eDocs but it is Allow disk access in vCenter
- Get VM Files is listed in the Citrix eDocs but it is Allow virtual machine download in vCenter
- Put VM Files is listed in the Citrix eDocs but it is Allow virtual machine files upload in vCenter
- Virtual Machine/State
- Create snapshot
- Revert to snapshot
If you want XenDesktop to tag the virtual machines, you must also add the following permissions:
- Global
- Manage Custom Fields is in the Citrix eDocs but it is Manager custom attributes in vCenter
- Set Custom Field is in the Citrix eDocs but it is Set custom attribute in vCenter
To use XenDesktop Setup Tool with Provisioning Services, you will have to add the following permissions in addition to what is listed above:
- Virtual Machine/Provisioning
- Clone Template
- Deploy Template
Now that we have the XenDesktop role created, assign a domain account to the role. For this article the example domain account is Citirx_services.
One question I am always asked when using XenDesktop with VMware by customers is how to limit virtual machine creation to a certain cluster or servers within vCenter. Follow the steps below to control where virtual machines are deployed within your VMware infrastructure.
- Assign the XenDesktop role at the Datacenter level but do not propagate by unselecting Propagate when adding the role.
- Assign the XenDesktop role at the Cluster level but do not propagate by unselecting Propagate when adding the role. If you want to control virtual machine creation at the Cluster level then leave Propagate selected. Assign the XenDesktop role to Servers within a Cluster if you want to limit virtual machine creation to certain Servers within a Cluster.
- Assign the XenDesktop role to the Networks you want the virtual machines to have access to.
- Assign the XenDesktop role the to Datastores you want virtual machines to be created in.
- If you are also using folders within vCenter in the VMs and Templates view make sure to also assign the XenDesktop role to the folders you want virtual machines created in.
You should now be able to control where the virtual machines are placed when they are created. See the screenshot below for an example of controlling where virtual machines get created.
In the example above, virtual machines will only be created within the CitrixDesktops folder on a single server within the VDILab cluster in a single Datacenter in vCenter. The virtual machines will only use the VDI Network and will only be created on the LeftHand_Lab Datastore.
When you create virtual machines using Machine Creation Services or XenDesktop Setup Tool with Provisioning Services, configure the following on the Host screen:
- Host type: VMware virtualization
- Address: https://vCenter.domain.com/sdk – example vCenter name
- Username: domaincitrix_services – example service account for XenDesktop role created in vCenter
- Password: password for citrix_services account – example service account password for XenDesktop role created in vCenter
This article was created using vCenter/ESX 4.1, XenDesktop 5 with Machine Creation Services, and Internet Explorer 8.
This blog post was a collaboration with Shane Kleinert (@shanekleinert, CitrixIRC, @CitrixIRC). I would like to give a big thanks to Shane for the team work on this article.
I figured this one or rather found out it’s a no go. It would work with XenServer but not VMware. When XD5 uses Vmware you need kill the catalog and recreate it, this means all machine creation process and longer maintenance window which sucks
any idea how an existing catalog can be migrated to different datastore within the same VM cluster?
I just noticed that in Create Catalog wizard I’m not prompted for Storage selection although I have 3 datastores. I also created another host which is the same cluster but different datastore but Catalog wizard doesn’t prompt to select host either. It’s XD5 MCS on vSphere 4.1
Great arcticle but I could not got it working in Distributed Virtual Switch configuration. I gave access to individual port groups but since cannot assign the permission to DVS object, hence VM level NICs got not be modified. Any thoughts
Are you on vSphere 4.x or 5?
I don’t have a “Local Computer” sub-store of “Trusted People”, so can’t properly install the cert.
Helpl!
Did check/click show physical stores?
Thanks for this article ! Nevertheless, I’m having an issue creating vm’s in a specific resource pool of the vCenter. All vm’s are created out of the resource pools, at the same level in the tree. Any ideas ?