Infrastructure as Code is the new way of deploying a fully working Citrix environment, if you have tried configuring a new Delivery Group on Citrix Cloud Studio using only PowerShell, then you most likely have run into the following error message: “The users configuration has been manually modified and cannot be changed by studio”
Depending on whether you plan to deploy Apps & Desktops or just Apps or just Desktops, you need to set new entitlement policy. I’ll go through the script in detail below, I am using the Remote PowerShell SDK to run the below scripts from my machine:
asnp citrix.* // This will load the PowerShell module.
Get-XdAuthentication // Prompts users for CAS credentials, and must be done once per PowerShell session. If you want to bypass the prompt, you can use Set-Xdcredentials and define the parameters, use
get-help set-xdcredentials -full within PowerShell to check out parameters and examples.
Alternatively, you can also create a new API Client:
Go to Cloud.citrix.com
Go to Identity and Access Management
Go to API Access
Enter the name of an API key in “Name your Secure Client” and click on “Create” and note down the information and reference it using the below cmdlet:
Set-XDCredentials -StoreAs default -ProfileType CloudApi -CustomerId #### -APIKey ##### -SecretKey
Follow the below cmdlet to create a Delivery Group, choose the right options depending on the type of Delivery Group you want to setup:
New-BrokerDesktopGroup -Name 'DeliveryGroupName' -DesktopKind Shared -SessionSupport MultiSession -DeliveryType AppsOnly -Enabled $true -MinimumFunctionalLevel L7_7 -PublishedName 'DG Name'
In the above cmdlet, you will choose “-Delivery type Desktops&Apps” if you want to publish desktops as well.
The below cmdlet adds a brokered machine to the Delivery Group:
Add-BrokerMachine -MachineName "domain\machinename" -DesktopGroup
"Delivery Group Name"
Now for the next set of cmdlets, you need to define two broker access policy rules ViaAG & NotViaAG, please follow the below set of cmdlets:
$Uid = Get-BrokerDesktopGroup -Name "DeliveryGroupName" | Select-Object -ExpandProperty Uid
New-BrokerAccessPolicyRule -Name 'DeliveryGroupName_AG' -Enabled $true -AllowedProtocols @("HDX","RDP") -AllowedUsers Filtered -AllowRestart $true -AllowedConnections ViaAG -IncludedSmartAccessFilterEnabled $true -IncludedUserFilterEnabled $true -DesktopGroupUid
New-BrokerAccessPolicyRule -Name 'DeliveryGroupName_Directt' -Enabled $true -AllowedProtocols @("HDX","RDP") -AllowedUsers Filtered -AllowRestart $true -AllowedConnections NotViaAG -IncludedSmartAccessFilterEnabled $true -IncludedUserFilterEnabled $true -DesktopGroupUid
Once the policy has been created, you can assign users by using the below cmdlets:
Set-BrokerAccessPolicyRule -Name 'DG_IAQ_INTG_AG' -AddIncludedUsers ("domain\user"
Set-BrokerAccessPolicyRule -Name 'DG_IAQ_INTG_Direct' -AddIncludedUsers ("domain\user"
Depending on whether you are publishing apps and desktops or only apps, you will need to define AppEntitlement policy as well, using the below cmdlets:
New-BrokerAppEntitlementPolicyRule -Name 'DeliveryGroupName' -Enabled $true -LeasingBehavior Allowed -SessionReconnection Always -IncludedUserFilterEnabled $false -DesktopGroupUid $Uid
Post which you can publish the application using the below cmdlet, in the below example we are publishing a simple Notepad application:
New-BrokerApplication -Name "Notepad" -ApplicationType HostedOnDesktop -DesktopGroup "DeliverGroupName" -CommandLineExecutable "Notepad.exe"
Once you have modified and executed the above commands as per your environment, you should be able to add and remove users from the Studio GUI in the Citrix Cloud portal. Please feel free to add comments or reach out to me if you need help with the script. I spent a lot of time with Citrix support on this. It is always a good practice to deploy a delivery group using the GUI and getting the information about the Delivery Group using PowerShell to get the exact parameters.