Part One: Getting Things Done with Citrix Cloud Without Opening Studio!

By Wendy Gay posted 05-17-2019 08:50 AM

  

Part One: Getting Things Done with Citrix Cloud Without Opening Studio!


Hi folks, my name is Wendy Gay, and I have worked with Citrix technologies for about 20 years (time flies when you’re having fun). During that time, I have worked with Citrix Systems Integrators and Citrix Platinum partners. I wanted to show you how to do some admin tasks in Citrix Virtual Apps and Desktop Service without even opening Studio.

When you are using Citrix Cloud for CVAD, Citrix Studio is used to manage your Citrix environment which sits in Citrix Cloud. Admins would be forgiven for thinking that you can’t get access to some of the under the hood PowerShell tools when using Citrix Cloud that you can get when using Studio on premise. I’m happy to tell you that you can use the Remote PowerShell SDK to do lots of tasks. All the details you need are on the Citrix edocs site (https://docs.citrix.com/en-us/xenapp-and-xendesktop/service/sdk-api.html).

This tip comes in handy when you have multiple admins managing the same environment, given that there is a limitation of 10 concurrent connections to the Citrix Cloud Studio Console. Admins are also switching to automation with PowerShell. I want to show you how you can access the Remote PowerShell SDK for Citrix Cloud CVAD and complete some simple tasks without ever opening the HTML5 Citrix Studio. Here is an example of how to create, add and configure a delivery group remotely using the PowerShell SDK.

On a domain joined machine in the resource location (what is this? - https://docs.citrix.com/en-us/citrix-cloud/citrix-cloud-resource-locations/resource-locations.html) that is NOT a cloud connector (not recommended), download from - https://www.citrix.com/downloads/citrix-cloud/product-software/xenapp-and-xendesktop-service.html or http://download.apps.cloud.com/CitrixPoshSdk.exe and then install the PowerShell SDK from Citrix.com, (note: you’ll require PowerShell 3.0 on the VM) and once installed, reboot the VM.

After a successful reboot and login, open a PowerShell window and follow the below instructions:

Open PowerShell – Type "asnp citrix*"

Type in "Get-XDAuthentication"                                                  

You are then prompted to enter credentials for the cloud account, and you will be kept logged in for 24 hours to that specific window.

thumbnail image


Choose the customer account that you want to access, as you may have more than one cloud account if you are a Citrix Partner.

thumbnail image


Now you are logged in and ready to start completing tasks against your CVAD environment.

Let’s start by:

  1. Creating a Machine Catalog, and adding a machine to the catalog
  2. Creating a Delivery Group
  3. Adding a machine to the Delivery Group
  4. Checking if its registered
  5. Add users & policies
  6. Test the Configuration & Employee Experience

 

1. Creating the Machine Catalog

This command will create a machine catalog called DublinVDA:

$catalog = New-BrokerCatalog -Name “DublinVDA” -AllocationType "Random" -Description $TSVDACatalogName -PersistUserChanges "OnLocal" -ProvisioningType "Manual" -SessionSupport "MultiSession" -MachinesArePhysical $true

We can now see that the catalog has been created.

Machine_catalogue.png


Before I can add a machine to the catalogue, I first must find out what the catalogue Uid is.

I can run the following command to get this detail.

Get-BrokerCatalog                                                                                                            

I can now see that the Uid is 7

thumbnail image


To add the machine cc-dublinxam to the catalog I can run this command.

New_Broker.png


Now I can see that my machine has been added to the catalog.

thumbnail image


2. Creating a Delivery Group

Let’s create a Delivery Group for Dublin called DublinDGGroup to deliver a desktop.

New-BrokerDesktopGroup -Name "DublinDGGroup" -PublishedName DublinDGGroup -DesktopKind "Shared" -SessionSupport "MultiSession" -DeliveryType DesktopsAndApp                    

3. Adding a machine to the Delivery Group

Now let’s add the Machine Catalog we created earlier,  adding the machine CC-DublinXAM:

Add-BrokerMachine -MachineName "Dublinlab\CC-DublinXAM" -DesktopGroup DublinDGGroup                                                              

Machine_Cat.png


4. Checking if it's registered

How can we see who is logged in? Let’s look at some commands that allow you to see what’s registered and what the OS type is:

Get-BrokerDesktop | select DNSName, OSType, RegistrationState | Where-Object {$_.RegistrationState -eq "Registered"}                     

registered.png


I can see that my machine is in a registered state.

5. Add Users & Polices

Now we need to add some users to the Delivery Group

First let me find out my Desktop Group Uid, by running the command below:

Get-BrokerDesktopGroup                                                                          

The output contains details of my delivery group, and the uid shown is 5

thumbnail image


Let’s now add our users

New-BrokerEntitlementPolicyRule -Name DublinDGGroup -DesktopGroupUid 5 -IncludedUsers "Dublinlab\domain users" -description $DublinDGGroup

Use the Set-BrokerEntitlementPolicyRule to change any settings. Here, I added the published name DublinDGGroup.

Set-BrokerEntitlementPolicyRule -Name DublinDGGroup -IncludedUsers "dublinlab\Domain users" -description DublinDGGroup -PublishedName DublinDGGroup  

The commands below are setting the Access Policy Rules.

New-BrokerAccessPolicyRule  -AllowedConnections "ViaAG" -AllowedProtocols @("HDX","RDP") -AllowedUsers "AnyAuthenticated" -AllowRestart $True  -DesktopGroupUid 5 -Enabled $True -IncludedSmartAccessFilterEnabled $True -IncludedSmartAccessTags @() -IncludedUserFilterEnabled $True -IncludedUsers @() -Name "DublinDGroup_AG  

New-BrokerAccessPolicyRule  -AllowedConnections "NotViaAG" -AllowedProtocols @("HDX","RDP") -AllowedUsers "AnyAuthenticated" -AllowRestart $True -DesktopGroupUid 5 -Enabled $True -IncludedSmartAccessFilterEnabled $True -IncludedUserFilterEnabled $True -IncludedUsers @()  -Name "DUBLINDGroup_Direct"  

 
In Studio, I can now see the users have been added to my delivery group.

thumbnail image


6. Test the Configuration & Employee Experience

When I log into the gateway service and access my workspace, I can see the published desktop below.

thumbnail image


Let's click on the desktop 

thumbnail image


It’s that easy! There are some cmdlets disabled in remote operations to maintain the integrity and security of the Cloud control plane. In part two, we will talk about Endpoint Management and PowerShell.

Comments

2 days ago

When I do this full process I can't manage the user assignment in studo. Citrix even confirmed that it's "by design" that if you do this you have to manage user assignments via powershell from there on out. I'm not sure how you did this process and were then able to view the user assignments in Studio, in your screenshots. 

Can someone try this? Create a delivery group via powershell, assign users, add a server, then see if you can see user assignments manually in studio after this. 

Here is the script I'm using. Maybe something is wrong with the process? (this script assumes you already have the server in a machine catalog and available) 

#asnp citrix.*
#Get-XdAuthentication

$serverName = "contoso\Server1"
$dgName = "Test Powershell DG"
$Users = "contoso\Jane.Doe"

#Create new delivery group
$dg = New-BrokerDesktopGroup -Name $dgName -PublishedName $dgName -DesktopKind "Shared" -SessionSupport "MultiSession" -DeliveryType DesktopsAndApp

#Assign users
New-BrokerEntitlementPolicyRule -Name $dg.Name -DesktopGroupUid $dg.Uid -IncludedUsers $Users -PublishedName $dg.Name
New-BrokerAccessPolicyRule -Name $dg.Name -IncludedUserFilterEnabled $true -IncludedUsers $Users -DesktopGroupUid $dg.Uid -AllowedProtocols @("HDX","RDP") -AllowRestart $False -Enabled $True

#Add machine to delivery group
Add-BrokerMachine -MachineName "$serverName" -DesktopGroup $dg

2 days ago

Was there ever a part two?