Hi folks, my name is Wendy Gay, and I have worked with Citrix technologies for about 20 years (time flies when you’re having fun). During that time, I have worked with Citrix Systems Integrators and Citrix Platinum partners. I wanted to show you how to do some admin tasks in Citrix Virtual Apps and Desktop Service without even opening Studio.
When you are using Citrix Cloud for CVAD, Citrix Studio is used to manage your Citrix environment which sits in Citrix Cloud. Admins would be forgiven for thinking that you can’t get access to some of the under the hood PowerShell tools when using Citrix Cloud that you can get when using Studio on premise. I’m happy to tell you that you can use the Remote PowerShell SDK to do lots of tasks. All the details you need are on the Citrix edocs site (https://docs.citrix.com/en-us/xenapp-and-xendesktop/service/sdk-api.html).
This tip comes in handy when you have multiple admins managing the same environment, given that there is a limitation of 10 concurrent connections to the Citrix Cloud Studio Console. Admins are also switching to automation with PowerShell. I want to show you how you can access the Remote PowerShell SDK for Citrix Cloud CVAD and complete some simple tasks without ever opening the HTML5 Citrix Studio. Here is an example of how to create, add and configure a delivery group remotely using the PowerShell SDK.
On a domain joined machine in the resource location (what is this? – https://docs.citrix.com/en-us/citrix-cloud/citrix-cloud-resource-locations/resource-locations.html) that is NOT a cloud connector (not recommended), download from – https://www.citrix.com/downloads/citrix-cloud/product-software/xenapp-and-xendesktop-service.html or http://download.apps.cloud.com/CitrixPoshSdk.exe and then install the PowerShell SDK from Citrix.com, (note: you’ll require PowerShell 3.0 on the VM) and once installed, reboot the VM.
After a successful reboot and login, open a PowerShell window and follow the below instructions:
Open PowerShell – Type “asnp citrix*“
Type in “Get-XDAuthentication”
You are then prompted to enter credentials for the cloud account, and you will be kept logged in for 24 hours to that specific window.
Choose the customer account that you want to access, as you may have more than one cloud account if you are a Citrix Partner.
Now you are logged in and ready to start completing tasks against your CVAD environment.
Let’s start by:
- Creating a Machine Catalog, and adding a machine to the catalog
- Creating a Delivery Group
- Adding a machine to the Delivery Group
- Checking if its registered
- Add users & policies
- Test the Configuration & Employee Experience
1. Creating the Machine Catalog
This command will create a machine catalog called DublinVDA:
$catalog = New-BrokerCatalog -Name “DublinVDA” -AllocationType “Random” -Description $TSVDACatalogName -PersistUserChanges “OnLocal” -ProvisioningType “Manual” -SessionSupport “MultiSession” -MachinesArePhysical $true
We can now see that the catalog has been created.
Before I can add a machine to the catalogue, I first must find out what the catalogue Uid is.
I can run the following command to get this detail.
Get-BrokerCatalog
I can now see that the Uid is 7
To add the machine cc-dublinxam to the catalog I can run this command.
Now I can see that my machine has been added to the catalog.
2. Creating a Delivery Group
Let’s create a Delivery Group for Dublin called DublinDGGroup to deliver a desktop.
New-BrokerDesktopGroup -Name “DublinDGGroup” -PublishedName DublinDGGroup -DesktopKind “Shared” -SessionSupport “MultiSession” -DeliveryType DesktopsAndApp
3. Adding a machine to the Delivery Group
Now let’s add the Machine Catalog we created earlier, adding the machine CC-DublinXAM:
Add-BrokerMachine -MachineName “Dublinlab\CC-DublinXAM” -DesktopGroup DublinDGGroup
4. Checking if it’s registered
How can we see who is logged in? Let’s look at some commands that allow you to see what’s registered and what the OS type is:
Get-BrokerDesktop | select DNSName, OSType, RegistrationState | Where-Object {$_.RegistrationState -eq “Registered”}
I can see that my machine is in a registered state.
5. Add Users & Polices
Now we need to add some users to the Delivery Group
First let me find out my Desktop Group Uid, by running the command below:
Get-BrokerDesktopGroup
The output contains details of my delivery group, and the uid shown is 5
Let’s now add our users
New-BrokerEntitlementPolicyRule -Name DublinDGGroup -DesktopGroupUid 5 -IncludedUsers “Dublinlab\domain users” -description $DublinDGGroup
Use the Set-BrokerEntitlementPolicyRule to change any settings. Here, I added the published name DublinDGGroup.
Set-BrokerEntitlementPolicyRule -Name DublinDGGroup -IncludedUsers “dublinlab\Domain users” -description DublinDGGroup -PublishedName DublinDGGroup
The commands below are setting the Access Policy Rules.
New-BrokerAccessPolicyRule -AllowedConnections “ViaAG” -AllowedProtocols @(“HDX”,”RDP”) -AllowedUsers “AnyAuthenticated” -AllowRestart $True -DesktopGroupUid 5 -Enabled $True -IncludedSmartAccessFilterEnabled $True -IncludedSmartAccessTags @() -IncludedUserFilterEnabled $True -IncludedUsers @() -Name “DublinDGroup_AG
New-BrokerAccessPolicyRule -AllowedConnections “NotViaAG” -AllowedProtocols @(“HDX”,”RDP”) -AllowedUsers “AnyAuthenticated” -AllowRestart $True -DesktopGroupUid 5 -Enabled $True -IncludedSmartAccessFilterEnabled $True -IncludedUserFilterEnabled $True -IncludedUsers @() -Name “DUBLINDGroup_Direct”
In Studio, I can now see the users have been added to my delivery group.
6. Test the Configuration & Employee Experience
When I log into the gateway service and access my workspace, I can see the published desktop below.
Let’s click on the desktop
It’s that easy! There are some cmdlets disabled in remote operations to maintain the integrity and security of the Cloud control plane. In part two, we will talk about Endpoint Management and PowerShell.