Menu
XenDesktop Machine Creation Services provides a simplified way of provisioning desktops for VDI solutions. It can give you great savings on disk space, CPU, and Memory consumption compared to using dedicated VDIs and it can also hugely simplify (but not negate) your desktop management and image management. It has been tested by Citrix for up to 5000 desktops and I believe a 10,000 desktop test is in the pipeline.
Machine Creation Services is far more simple than Provisioning Services. They are two completely different products though. Also bear in mind that Machine Creation Services will hit your storage IOPS 1.6 times more than using Provisioning Services.
Machine Creation Services will only work for VDI, whereas Provision Services covers all bases. But the advantage of Machine Creation Services is you do not need any additional infrastructure. If you have XenDesktop 5 or above, some hosting infrastructure, and storage then you have everything you need.
See Daniel Feller’s blog post “Provisioning Services or Machine Creation Services… Big Picture Matters” to find out when to use which product.
Remember that Machine Creation Services DOES NOT support Microsoft MAK activation, only KMS.
XenDesktop Controller to Hypervisor Communication
For Machine Creation Services to be able to talk to your Hypervisor you need an Active Directory account.
Create an appropriately named account. Assign it a random password or something that matches your domain password policy. Make sure you untick User must change password at next logon and tick User cannot change password and Password never expires.
VMWare
For Machine Creation Services to be able to talk to Virtual Centre you need the following things in place:
Permissions assigned to the Active Directory account in Virtual Center
A private CA certificate or the rui.crt from the Virtual Centre server
Permissions in Virtual Center
You need to have the following permissions assigned in Virtual Center
SDK USER INTERFACE
Datastore.AllocateSpace Datastore > Allocate space
Datastore.Browse Datastore > Browse datastore
Datastore.FileManagement Datastore > Low level file operations
Network.Assign Network > Assign network
Resource.AssignVMToPool Resource > Assign virtual machine to resource pool
System.Anonymous Added automatically.
System.Read Added automatically.
System.View Added automatically.
Task.Create Tasks > Create task
VirtualMachine.Config.AddExistingDisk Virtual machine > Configuration > Add existing disk
VirtualMachine.Config.AddNewDisk Virtual machine > Configuration > Add new disk
VirtualMachine.Config.RemoveDisk Virtual machine > Configuration > Remove disk
VirtualMachine.Config.Resource Virtual machine > Configuration > Change resource
VirtualMachine.Interact.PowerOff Virtual machine > Interaction > Power Off
VirtualMachine.Interact.PowerOn Virtual machine > Interaction > Power On
VirtualMachine.Interact.Reset Virtual machine > Interaction > Reset
VirtualMachine.Interact.Suspend Virtual machine > Interaction > Suspend
VirtualMachine.Inventory.Create Virtual machine > Inventory > Create new
VirtualMachine.Inventory.CreateFromExisting Virtual machine > Inventory > Create from existing
VirtualMachine.Inventory.Delete Virtual machine > Inventory > Remove
VirtualMachine.Inventory.Register Virtual machine > Inventory > Register
VirtualMachine.Provisioning.Clone Virtual machine > Provisioning > Clone virtual machine
VirtualMachine.Provisioning.DiskRandomAccess Virtual machine > Provisioning > Allow disk access
VirtualMachine.Provisioning.GetVmFiles Virtual machine > Provisioning > Allow virtual machine download
VirtualMachine.Provisioning.PutVmFiles Virtual machine > Provisioning > Allow virtual machine files upload
VirtualMachine.State.CreateSnapshot Virtual machine > State > Create snapshot
VirtualMachine.State.RemoveSnapshot Virtual machine > State > Remove snapshot
VirtualMachine.State.RevertToSnapshot Virtual machine > State > Revert to snapshot
Private CA certificate or the rui.crt from the Virtual Centre server
This great 7 part blog series takes you through how to setup a Microsoft Certificate Authority and replace the default Virtual Center Certificate.
If you don’t want to go through all this and you just want to get Machine Creation Services up and running then do the following.
Log onto each one of your XenDesktop Controllers
1. Add the fully qualified domain name (FQDN) of the computer running vCenter Server to the hosts file on that server, located at %SystemRoot%/WINDOWS/system32/Drivers/etc/. Note that this step is required only if the FQDN of the computer running vCenter Server is not already present in the domain name system.
2. Open Internet Explorer and enter the address of the computer running vCenter Server as https://FQDN.
3. Accept the security warnings.
4. Click the Certificate Error in the Security Status bar and select View certificates.
5. Click Install certificate, and then click Next.
6. Select Place all certificates in the following store, and then click Browse.
7. Select the Show physical stores check box.
8. Expand Trusted People and select Local Computer.
9. Click OK, and then click Finish.
XenServer
For Machine Creation Services to be able to talk to XenServer you need the following in place:
Permissions assigned to the Active Directory account in XenServer
The minimum permissions for an AD account to talk to XenServer doesn’t seem to be documented anywhere but from testing it looks like the VM Admin role has the minimum requirements.
Hyper-V
If you are using Hyper-V you must install the System Center Virtual Machine Manager console on all you XenDesktop controllers.
The account you use to create hosts in Studio must be a VMM administrator or VMM delegated administrator for the relevant Hyper-V machines.
The user account used for XenDesktop integration must also be a member of the administrators local security group on each Hyper-V Server to support VM life cycle management
Adding the hosting infrastructure to Desktop Studio
So that Machine Creation Services can talk to the hypervisor you need to tell it where to go and what account to use. To do this:
1. Fire up Desktop Studio (Start–>All Programs–>Citrix–>Desktop Studio)
2. Expand Configuration and click on Hosts
3. Right click and select Add Host
4. Select the correct Host type from the drop down and fill in the details for your hosting infrastructure including the Active Directory account created previously.
For XenServer you can use https://IP address or https://FQDN
For VMWare you must use https://FQDN/sdk
For Hyper-V use the FQDN of the SCVMM with no http
Make sure that you have Use XenDesktop to create virtual machines selected and click Next.
6. Select the network you want to be assigned to your VDIs and click Next.
7. Select your storage (local or shared), whether or not to use IntelliCache and where to place your Personal vDisks and then click Next.
8. Give the Host a name and then click Finish
Note: IntelliCache is a feature available with XenServer 5.6 FP1 and above which allows caching of VDI images on your XenServer local storage to take the impact of your SAN. This 40 second video without sound explains it quite well.
Master Template
Your master template is what XenDesktop uses to provision all the pooled VDIs. It should contain your company’s core software set, E.G Office, Acrobat Reader, WinZip etc. As I stated at the beginning, MAK activation is not supported, only KMS. If you try to use MAK it won’t work and every time a machine boots up your users will be prompted to enter registration keys. Citrix recommend streaming or publishing applications into the base OS using either XenApp hosted applications or streaming with Citrix Application Streaming or Microsoft App-V.
As your master template VM is going to be “replicated” many times over you want to make sure that it is well built and doesn’t have any issues. These are really going to stand out if 1000 users all get the same error at logon.
Once you have your master VM exactly how you want it, shut it down and take a snapshot of it. Name the snapshot something like Image Deployed 1st May, I also put details in the snapshot notes like “Office 2010 installed”. This will allow you to roll back to this point in time if you discover you have issues with the latest version of the master you have rolled out. You are now ready to create your XenDesktop Catalog and start using Machine Creation Services.
Machine Catalog
Fire up Desktop Studio (Start–>All Programs–>Citrix –>Desktop Studio)
1. Right click on Machines and select Create Catalog.
2. Select Pooled or Pooled with personal vDisk. If you select Pooled you will need to select Random or Static assignment and click Next. Random is randomly assigned and static means a user logging on will always be assigned the same desktop but MCS rules regarding the diff disk will still apply.
3. Select the snapshot of the master image which you created previously and click Next.
4. Select the number of virtual machines you want to create and the memory and CPU specification. If the account you are logged into XenDesktop Studio with has permission to create accounts in Active Directory select Create New Accounts and click Next. Otherwise you can choose to import the accounts if you don’t have permission to Active Directory.
5. Select the OU in which you want the AD machine accounts to be created and enter the naming scheme. If you enter VDI### and 0-9 in the drop down your machines will be named VDI001, VDI002, etc.
6. Select the Administrators you want to delegate administration to; this will not affect what permission users have. Enter a description for Administrators and click Next.
7. Enter the Catalog name and click Finish.
After a while, if everything is working correctly, you should see some activity in your Hosting Infrastructure (VMWare or XenServer). XenDesktop should create the number of virtual machines that you specified during the catalog creation. The time it takes for this to complete depends on the number of VDIs you requested, the speed of your storage etc etc.
Desktop Group
Now that your MCS machines are created you need to create a Desktop Group to assign them to users. This is also the way that you manage the pool settings.
1. Right click Assignments and select Create Desktop Group
2. Select the Catalog from which you want to assign VDIs and select the number of VDIs you want to assign and then click Next.
3. Add the AD group that will be used to assign the desktops to your users and select the number of desktops per user. Using Microsoft best practise you should enter Domain Local Group here, then add your users to a Domain Global Group and add the Domain Global Group to the Domain Local Group.
4. Select the Administrators you want to delegate administration to.
5. Give the assignment a Display name and a Desktop Group Name. The Display name is what users will see when they logon via Web Interface or Access Gateway and the Desktop Group Name is what administrations will see in Desktop Studio.
Pools
Once the Desktop Group has been created you will want to go back into the properties of it and edit the Power Management settings. This is what determine how many “spare” VDIs are powered on at certain times of the day. If you don’t adjust these settings you may either have too many VDIs powered on, thus wasting valuable resources (Power, SAN, memory, CPU) or your users might be forced to wait while VDIs are powered on for them to log into.
So work out at what time the bulk of your users log in and make sure that you have enough VDIs powerd on at this time. If you know that a 1000 users are likely to all log in at once at 9am then make sure you have this many VDIs available but don’t set them all to power on at 8.30am at this is going to kill your storage. Stagger the power actions from 5 or 6 am so you have a nice controlled power up. By 12pm you might want to reduce your pool down to 50 VDIs as most of your users should be logged on by this time. Remember all these figures depend on the size of your environment and the way in which your users work. I’m just using these numbers as examples.
Buffers
The buffer is unallocated VDIs that are powered on when the number of machines in the pool drops below the buffer threshold. By default the buffer is 10%. The buffer stops XenDesktop trying to power on more machines than it actually has available within the pool. Daniel Feller explains Buffers in his blog post here
You can change the size of the buffer using Set-BrokerDesktopGroup.
Power State Timers
Power State Timers determine what happens to disconnected desktops during Peak and Off Peak hours. Set your peak hours using the green selector bar. If you created a Pooled-Static catalog XenDesktop will turn off unused machines outside of the peak hours and turn them back on during peak hours.