Using XenDesktop with VMware

Share Button

Using XenDesktop with VMware Infrastructure 3 or vSphere 4 require a few extra steps to set up and configure.  VMware Infrastructure 3 and vSphere 4 both have a few different steps for XenDesktop Delivery Controller and XenDesktop Setup Wizard communication along with the proper permissions for the account used to connect to your Virtual Center or vCenter server.  In this blog post I am going to go over the steps to set up and configure XenDesktop Delivery Controller and the XenDesktop Setup Wizard communication along with the permissions needed for both VMware Infrastructure 3 and vSphere 4.

XenDesktop Delivery Controller and VMware Infrastructure 3 – Virtual Center 2.5

Virtual Center HTTPS Access

  1. On the Virtual Center server browse to Documents and SettingsAll UsersApplication DataVMwareVMware VirtualCenterSSL and copy the rui.crt to your XenDesktop Delivery Controller(s) and Provisioning Server(s) with the XenDesktop Setup Wizard.
  2. Open an MMC and the Certificates snap-in to manage Certificates for the Computer Account on the XenDesktop Delivery Controller(s) and Provisioning Server(s) with the XenDesktop Setup Wizard.
  3. Expand Certificates > Trusted Root Certificates > Certificates and import the rui.crt.
  4. Create a host file entry for vmware with the IP address of the Virtual Center server on your XenDesktop Delivery Controller(s) and Provisioning Server(s) with the XenDesktop Setup Wizard.  You can also create DNS entry for vmware pointing to your vCenter server instead of editing hosts files on your servers. 
  5. In the Hosting Infrastructure section when creating a desktop group on the XenDesktop Delivery Controller or on the Provisioning Server when the running the XenDesktop Setup Wizard, select VMware Virtualization for the Hosting Infrastructure and enter https://vmware/sdk for the Virtual Center address.

Virtual Center HTTP Access

  1. Logon to the Virtual Center server.
  2. Browse to Documents and SettingsAll UsersApplication DataVMwareVMware VirtualCenter.
  3. Open proxy.xml with the text editor of your choice and find the /sdk section.  Change the accessMode to httpAndHttps.
  4. Restart the vCenter services.
  5. In the Hosting Infrastructure section when creating a desktop group on the XenDesktop Delivery Controller or on the Provisioning Server when the running the XenDesktop Setup Wizard, select VMware Virtualization for the Hosting Infrastructure and enter http://Virtual Center Server IP address/sdk for the Virtual Center address.

XenDesktop Delivery Controller and vSphere 4 and 4.1

vCenter HTTPS Access

  1. On the vCenter server browse to Documents and SettingsAll UsersApplication DataVMwareVMware VirtualCenterSSL (Windows 2003) or ProgramDataVMwareVMware VirtualCenterSSL (Windows 2008) and copy the rui.crt to your XenDesktop Delivery Controller(s) and Provisioning Server with the XenDesktop Setup Wizard.
  2. Open an MMC and the Certificates snap-in to manage Certificates for the Computer Account on the XenDesktop Delivery Controller(s) and Provisioning Server(s) with the XenDesktop Setup Wizard.
  3. Expand Certificates > Trusted Root Certificates > Certificates and import the trusted root certificate for the SSL certificate copied from the vCenter server in step 1.  Also import the certificate to the Trusted People Store.
  4. For XenDesktop 3.0 – On the XenDesktop Delivery Controller(s) install Citrix XenDesktop hotfix XDE300PM003 and on the Provisioning Server(s) install XenDesktop Setup Wizard XDE300SW001.  For XenDesktop 4.0 – On the Desktop Delivery Controller(s) install Citrix XenDesktop hotfix XDE400PM004 and on the Provisioning Server(s) install XenDesktop Setup Wizard XDE400SWx86001 for 32 bit or XDE400SWX64001 for 64 bit. 
  5. Create a host file entry for vmware with the IP address of the vCenter server on your XenDesktop Delivery Controller(s) and Provisioning Server(s) with the XenDesktop Setup Wizard.  You can also create DNS entry for vmware pointing to your vCenter server instead of editing hosts files on your servers. 
  6. In the Hosting Infrastructure section when creating a desktop group on the XenDesktop Delivery Controller or on the Provisioning Server when the running the XenDesktop Setup Wizard, select VMware Virtualization for the Hosting Infrastructure and enter https://vmware/sdk for the Virtual Center address.

vCenter HTTP Access

  1. Logon to the vCenter server
  2. Browse to Documents and SettingsAll UsersApplication DataVMwareVMware VirtualCenter (Windows 2003) or ProgramDataVMwareVMware VirtualCenterSSL (Windows 2008).
  3. Open proxy.xml with the text editor of your choice and find the /sdk section.  Change the accessMode to httpAndHttps.
  4. Restart the vCenter services.
  5. In the Hosting Infrastructure section when creating a desktop group on the XenDesktop Delivery Controller or on the Provisioning Server when the running the XenDesktop Setup Wizard, select VMware Virtualization for the Hosting Infrastructure and enter http://vCenter server IP address/sdk for the Virtual Center address.

Virtual Center and vCenter Permissions

When using XenDesktop with VMware make sure you use an account with the proper permissions to connect to the Virtual Center or vCenter server.  This account will be used for both the XenDesktop Delivery Controller and the XenDesktop Setup Wizard to connect to Virtual Center or vCenter.

The account used for XenDesktop Delivery Controller and the XenDesktop Setup Wizard to communicate to Virtual Center or vCenter will need the following permissions.  The following permissions need to be propagated to the lower levels in the Virtual Center or vCenter tree.  Create a role in Virtual Center or vCenter for XenDesktop with the following permissions:

At the Hosts and Clusters Node

  • Global.Manage Custom Attributes
  • On the data center(s) that will contain the virtual machines
    • Data Store.AllocateSpace
    • Data Store.Browse Data Store
    • Virtual Machine.CloneTemplate
    • Virtual Machine.Provisioning.Deploy Template
    • Virtual Machine.Inventory.Create
    • Virtual Mahcine.CreateFromExisting
    • Resource.AssignVMToPool
  • On the container (folder, cluster, and so on) that the virtual machines will be located in
    • Global.Set Custom Attributes
    • Virtual Machine.Interaction.Power On
    • Virtual Machine.Interaction.Power Off
    • Virtual Machine.Interaction.Power Suspend
    • Virtual Machine.Interaction.Power Reset
  • For a complete overview of using XenDesktop with VMware see Citrix eDocs VMware and XenDesktop.

    As you can see, using XenDesktop with VMware is pretty straight forward.  I recommend using HTTPS access over HTTP access.  Using HTTPS access is more secure than HTTP access and doesn’t require modifying the proxy.xml file on your Virtual Center or vCenter server.  Note: Using the default Virtual Center or vSphere certificate is not recommended for production use.  To change the default SSL certificate see Replacing Virtual Center Server Certificates in Virtual Infrastructure 3 or Replacing vCenter Server Certificates in vSphere 4. To use an Enterprise CA certificate like Microsoft Certificate Services see Replacing vSphere SSL Certificates over at the VirtualVCP IT Virtualization blog.

    If you have found this article interesting or if you have any other insights, please feel free to leave comments on this article.

    Share Button
    1. Peter KoziuraPeter Koziura04-21-2011

      The VMWare vCenter SDK is not installed by default (at least on vSphere 4.0/4.1) and confirmed this statement with VMWare Support. There are two ways to enable the vCenter SDK (Note: There are different bits depending on which version of vCenter your running so choose accordingly):
      1.) Install the vSphere SDK (http://www.vmware.com/support/developer/vc-sdk/) on vCenter
      2.) Install the VMWare vSphere CLI (http://downloads.vmware.com/d/details/vcli41/ZHcqYmRoaCpiZHRAag==) (which includes the SDK) on vCenter.
      There may be other tools from VMWare that also bundle the SDK (most likely since its a pre-requisite for the tools to interface with the vSphere API).

      I also recommend replacing the vCenter self-signed SSL cert (Standard Tomcat Server procedure requiring OpenSSL utility) to a CA SSL Cert. The VMWare self-signed SSL Cert was changed slightly from ESX 3.5 to the vSphere platform causing issues resolving via the Windows host file hack. The host file hack extended to the DDC and PVS servers in order to resolve the back-end hosting infrastructure properly (e.g. https:\vmwaresdk) and also required importing the self-signed cert into the local Certficate Store to work properly.
      So do yourself a favor and create a CA SSL cert using the FQDN as the CommonName and this eliminates the host file hack and the import cert into local cetificate store steps.

      Peter Koziura

    Leave a Reply