Citrix XenDesktop技术架构深入剖析

1、Citrix桌面虚拟化技术培训Citrix XenDesktop 技术架构深入剖析XenDesktop 7.X Introduction定义应用和桌面虚拟化，适用于移动化和云通过任何网络将 Windows/Linux桌面从云中交付到所选的任何设备上 桌面可以是专用桌面或共享桌面 桌面可以进行全面个性化设置 任何 PC 都可以安全地从远程接入 虚拟桌面可以断开连接然后随用户移动 统一管理和监控可简化应用更新和维护 通过任何网络将 Windows 应用交付到任何设备上 Smart Access 可支持广泛的安全策略控制功能 Smart Auditor提供功能强大的应用会话记录，改善了合规性，降低了

2、风险，并加快了问题的解决速度优化的 HDX（高清）视频、通信、触摸操作和 3D 体验 支持 5 代 Windows 应用 ，25,000 多种 Citrix Ready 应用和设备 AppDNA 帮助分析业务软件是否适用于虚拟化平台提供虚拟桌面/应用的安全远程接入访问实现XenDesktop/XenApp关键组件的负载均衡多数据中心，全网部署，实现数据中心冗余和就近访问实时监控最终用户体验，并集成到XD/XA管理工具中。LAN-connectedusers withDesktop AppliancesA XenDesktop Deployment ExampleSFVMware Cluster

3、/XenServer PoolNetScalerGatewayRemote andhome usersXD Farm XA FarmPVSs NAS/SANAD with roaming profile VDMs App Streaming OS Streaming Published App Data CenterWANLANDDCs ZDCs/Session Hosts App Integration 变革性的架构-XenDesktop 73rd generation FlexCast Management Architecture (FMA)Virtual DesktopsVirtual

4、AppsUnified Management ArchitectureAWS, Azure, CloudPlatform CitrixStudioStorefront / Receiver for Web / Web InterfaceReceiverDBServer OSWorkers Desktop OSWorkers Delivery ControllerProvisioning ServicesFMA: Unified Service Delivery TeamFlexCast Management ArchitectureVDAVDACitrixDirectorProvisionin

5、g ConsoleXenDesktop / XenApp Site(FMA)XenDesktop ComponentsCore ComponetsDesktop Deliver Controller (DDC)Storefront (Replace Web Interface)Receiver (Including Online-Plugin)Virtual Desktop Agent (VDA)Virtual Desktop Infrastructure (VMware vSphere/XenServer/Hyper-V)SQL Server (Not Citrix Product)Opti

6、onal componets XenApp (If deploy separately)Virtual Desktop Provisioning (Provisioning Server )Netscaler (NetScaler Gateway)WAN Optimization (CloudBridge)Workspace SuiteTypical deploymentMachine CreationServicesBrokerServiceInfrastructureServicesXenDesktop 7 Architecture BrokerBroker ServiceMachine

7、CreationServiceAD Identity ServiceMachine Identity ServiceHost ServiceConfigurationServiceDesktop Studio Desktop Director WCF 80Virtual Desktop (VDA)WinRM 2.0PVS for VMs Agent5985/5986 WCF 80PoSH PoSHGroup Policy EngineSQL ServerSQL ServerSQL ServerControllerDelivery Controller System RequirementsSu

8、pported operating systems:Windows Server 2012 R2, Standard and Datacenter EditionsWindows Server 2012, Standard and Datacenter EditionsWindows Server 2008 R2 SP1, Standard, Enterprise, and Datacenter EditionsRequirements:Microsoft .NET Framework 3.5.1 (Windows Server 2008 R2 only).Microsoft .NET Fra

9、mework 4.5.1 (4.5.2 and 4.6 are also supported).Microsoft .NET Framework 4.6.1Windows PowerShell 2.0 (included with Windows Server 2008 R2) or 3.0 (included with Windows Server 2012 R2 and Windows Server 2012).Visual C+ 2005, 2008 SP1, and 2010 Redistributable packages.DatabaseSupported Microsoft SQ

10、L Server versions for the Site Configuration Database (which initially includes the Configuration Logging Database and the Monitoring Database):SQL Server 2014, Express, Standard, and Enterprise Editions.SQL Server 2012 SP1, Express, Standard, and Enterprise Editions. By default, SQL Server 2012 SP1

11、 Express is installed when installing the Controller, if an existing supported SQL Server installation is not detected.SQL Server 2008 R2 SP2, Express, Standard, Enterprise, and Datacenter Editions.The following database features are supported (except for SQL Server Express, which supports only stan

12、dalone mode):SQL Server Clustered InstancesSQL Server MirroringSQL Server 2012 AlwaysOn Availability GroupsWindows authentication is required for connections between the Controller and the SQL Server database.Common Service Design Broker ServiceMachine CreationServiceAD Identity ServiceMachine Ident

13、ity ServiceHost ServiceCentral Config ServiceSQL ServerPowerShell snapinHypervisorHCLWCFXenDesktop 7.X 连接高可用性确保用户即使在数据库连接失败的情况下，仍可以连接到应用和桌面AppsDesktops连接租约XenDesktop 7.X正常的流程User在StoreFront上登陆StoreFront转发用户凭据给DDCDDC授权给用户并从DB中读取并枚举可用资源Receiver接收回复并启动会话 DDC缓存XML资源文件 Site DB1234 StoreFront Delivery Con

14、trollerUserXD/XAXML File5XenDesktop 7.XDa数据库不可用User在StoreFront上登陆StoreFront转发凭据给DDCDDC授权给用户，同时由于DB不可达无法枚举枚举可用资源DDC读取XML文件并且枚举资源Receiver接收到回复并启动会话Site DB123 StoreFront Delivery ControllerUserXenAppXML File45连接租约功能说明不是在DDC保留一个数据库的快照没有数据库冲突，因为我们有Local Host CacheXML是一个很简单的文件安全地存储在DDC上没有DDC互相间的通信XenApp/X

15、enDesktop高可用性XenDesktop Site DatabaseEach service is informed of the database connection detailsEach service has specific database tables created by scriptsEach service reads and writes to the databaseSQL ServerCentral Configuration ServiceAll services are registered in this service directoryService

16、Type, Address, Binding, Version, ServiceAccount .Used to locate the available service resources when needed Stores Global meta-data about all services Service configuration information (key=value)For 3rd party and future useService reads/writes to SQL databaseDDC Database1. Establishes a connection2

17、. Reads/Writes to database3. Disconnects from the database4. Re-establishes the connection5. Reads/Writes to database6. Disconnects from the databaseDatabase read/writes are done through stored proceduresDatabase reads can also be direct accessBroker ServicesBroker ServiceIMAXMLSSLCDSPool Management

18、XenDesktop 4:XenDesktop 5/7:4438044380Database access XML components VDA management License management Hosting management SDK - PowershellBroker service XML componentUses XML component rewritten in .NETInteracts with Storefront for launch requestsvalidate user logonsenumerate and connect to resource

19、sperform workspace control operationsInteracts with NetScaler for health monitoring of the siteInteracts with NetScaler Gateway for Secure Ticket AuthorityBroker service and VDA registrationRegistry based VDA registration from ListofDDCs registry key on the VDAUses WCF/ Connection Brokering Protocol

20、Validates VDA, test call-back and writes state into databaseVDA broker service role handles launch sequence, status updates and session controlSame VDA registration process as in XenDesktop 4Soft sets up minimal ping support to maintain heartbeatHard fully configures the VDA with desktop group membe

21、rshipBroker interactions with License ServerPerforms license check-out and check-in operations for desktop sessions and applicationsThe license policy engine DLL is what actually communicates with the license serverLicense ServerBroker ServiceProvisioning for VDI Services (MCS)Responsible for the cr

22、eation of new virtual machines on the hypervisorUses AD Identity Service and Machine Identity Service to provide “user ready” desktopsUsed for maintenance of the master image that is used to provide the desktopsVirtual Center -ESX XenServer Pool SCVMM HyperVMachine Creation ServiceSingle Image Manag

23、ementCreated by XenDesktopPower ControlBest for:Pooled - RandomLowest cost VDI optionPooled - StaticLower cost with improved app compatibilityStreamedStreaming to physical and virtualDedicatedLowered storage cost for individual VMsExistingManaging existing VMsPhysicalBlade PCsMachine Creation Servic

24、e: How it worksVMMaster DiskVMVMDiff DiskId DiskDiff DiskId DiskDiff DiskId DiskStorage One copy of the base image shared by all VMs Space reclaimed every boot Persistent Identity uses little spaceMachine Creation Service: How it worksVMMaster DiskDiff DiskId DiskC DriveC:Program FilesCitrix.hypervi

25、sorstorageAMaster VMMaster ImageAAAAAAAidentitydiff diskAStorageAMaster VMMaster VMImageABBBBidentitydiff diskMachine Creation Services (MCS)HypervisorAACopyImage Prep PhaseCreating Catalog (Pooled)1 Master is selectedMaster7 GBTemplate StorageDesktop StorageBaseDisk7 GBcopyMasterSnap0 bytesnapshotD

26、IFF0 byteDIFF0 byteIDENT16 MBIDENT16 MBCreating Catalog (Pooled)2 Snapshot of master is created (automatically)In case Snapshot is selected in step 1 already, this step 2 is not done as the original snapshot will be usedDuration: few secondsMaster7 GBTemplate StorageDesktop StorageBaseDisk7 GBcopyMa

27、sterSnap0 bytesnapshotDIFF0 byteDIFF0 byteIDENT16 MBIDENT16 MBCreating Catalog (Pooled)3 Snapshot is copied to target storage (automatically)Duration: some minutes(full copy)Master7 GBTemplate StorageDesktop StorageBaseDisk7 GBcopyMasterSnap0 bytesnapshotDIFF0 byteDIFF0 byteIDENT16 MBIDENT16 MBCreat

28、ing Catalog (Pooled)4 DIFF and IDENTITY disks are created on target storage (automatically)Duration: few seconds(depends on VM#)Master7 GBTemplate StorageDesktop StorageBaseDisk7 GBcopyMasterSnap0 bytesnapshotDIFF0 byteDIFF0 byteIDENT16 MBIDENT16 MBXenServer space handlingMasterTemplate StorageDeskt

29、op StorageSnapCopycopyMasterSnapsnapshotDIFFLVM(iSCSI/FC)Full space24GBSnapshotUsed space7GBCopy of snapshotFull copy24GBDiff disk 1 = Snapshot 7GB (negligible)Diff disk 2.n =Full copy 24 GBCalculation!VHD(EXT3 / NFS)Used space7GBSnapshot0GBCopy of snapshotUsed space7GBDiff disk 1.nSnapshot0GBBut gr

30、owing during use!Example:Win7 VM7GB of 24GB utilizedFirst boot of Win 7 VMDiff disk is filled with write data during VM bootDesktop StorageBaseDisk7 GBDIFF380 MBIDENT16 MBShutdown of Win 7 VMDuring shutdown Diff disk is filled with write dataDiff disk stays on storage (e.g. for analysis)Desktop Stor

31、ageBaseDisk7 GBDIFF675 MBIDENT16 MBBoot again Win 7 VMFirst diff disk is deletedNew diff disk is generated and used for boot write dataNote: When starting a VM using XenServer directly the last diff disk always stays on the storageDesktop StorageBaseDisk7 GBIDENT16 MBDIFF380 MBDIFF675 MBMachine Crea

32、tion Service: Compatible StorageAlmost any shared storage will workNFSLow Scale:VMFSESXNFSLow Scale:Fibre ChanneliSCSIDASXenServerCSV(Clustered Shared Volume)Hyper-VProvisioning for VDI Services (MCS)Creates / manages AD computer accounts and passwords to provide identity for virtual desktopsAD comp

33、uter accounts get created by AD Identity ServiceExisting AD computer accounts can be importedAD Identity ServiceProvisioning for VDI Services (MCS)Manages storage attached to the virtual machinesCreates the diff disk and identity diskEnsures the correct base disk is mapped to the virtual machineRecr

34、eates the diff disk at restartMaster VMSnapshotSnapshotSnapshotSnapshotGolden ImageMachine Identity ServiceBroker service and Machine Identity ServiceCommunicates with the Machine Identity Service to reset the diff disks associated with a pooled VM upon restartVMDiff DiskId DiskVMDiff DiskId DiskHos

35、t ServiceCreates and manages hypervisor connections and hosting unitsBroker service polls the host service for hypervisor credentials and passes them on to the HCL for access to VMsHypervisor Communication Library (HCL) is a wrapper around the plugins (XS, ESX, HyperV)Does machine cloningStops and s

36、tarts VMsHosting Management ComponentHCL wrapperESX pluginXenServer pluginHCL plug-ins do the machine cloning and power actionsHypervisor PoolHypervisor PoolHypervisor PoolHypervisor Connection MgrHyper-V pluginHypervisor Connection MgrHosting Management ComponentHypervisor Connection MgrHost Servic

37、eMachine Creation ServiceSQL DatabasePower actions are queued in the db and VDA power state is written hereImproved Hosting Failure MitigationXenDesktop 4:Desktop GroupHypervisor PoolMax size of Desktop Group based on size of Hypervisor PoolFailure = loss of entire Desktop GroupXenDesktop 5/7:Deskto

38、p GroupHypervisor PoolHypervisor PoolHypervisor PoolDesktop GroupDesktop Group lower failure impactNo architectural limit on group sizeIdle Pool Power Management Idle Pool Count is configured under Power Management in the properties of Desktop GroupsPower Policy Actions can be defined for each deskt

39、op group (do after x number of minutes (ie 10 minutes after logoff, shutdown)Idle Pool and buffer sizeDefault buffer (10%) is the set of VDAs that are ready for useThe “ready” VDAs are turned on when the number of VDAs in the pool drops below the buffer sizeBuffers are configurable with the SDKSet-B

40、rokerDesktopGroup -Name MyGroup -OffPeakBufferSizePercent 0 PeakBufferSizePercent 5Stops/starts performed on hypervisor are queued in the SQL databaseSite ServicesFunctionality modules that run in the broker serviceDynamically allocated to a DDC at run time separatelyHard-coded to run on only one DD

41、C per site at a timeWhat does Site Services do?Reaper services - finds and marks failed controllers, finds and kills expired launch sessions Cache Refresh - does async AD lookups of DDC, VDA and user namesLicensing - communicates with license server to manage permanent licensesRegistration Hardening

42、 completes soft registered machinesPower Policy - manages idle pool levels and initiates policy power actionsGroup Usage - monitors how many desktops are in use in each groupHypervisor Connection Site Services Managed on per-hypervisor-connection basisManages all interaction with a hypervisor resour

43、ce poolConfigurable with “Set-BrokerHypervisorConnection”There is a heartbeat from other brokers so failover will take place if it goes downIf the preferred DDC comes back up, the site service will fall back to be run on the preferred DDCDesktop Catalogs-计算机组Collections of virtual machines or physic

44、al computers that are managed as a single entity.Catalogs are defined by the following elements:Machine typeMaster imageNumber of virtual machinesActive Directory accountsAdministratorsMachine TypesDefines:Type of infrastructure used to host desktops.User personalization of desktops.XenDesktop offer

45、s the following machine types:PooledDedicatedExistingPhysicalStreamedPooled Machine TypeTypical use cases for the pooled machine type are:Task workers who require standardized desktops.Shared workstations.End users who do not need to install applications on the desktop.Dedicated Machine TypeTypical

46、use cases for dedicated machines are:Task or knowledge workers who require individual desktops to which they make persistent changes.Mobile workers who want to access the same desktop from a variety of endpoint devices over different networks.End users who need to install their own applications on t

47、he desktop.Existing Machine TypeTypical use cases for the existing machine type are:End users who already have virtual machine-hosted desktops that they want to continue using.End users who have a large number of different and conflicting requirements for their desktops.Physical Machine TypeTypical

48、use cases for the physical machine type are:Technical workers or power users.Workers who use processor-intensive applications.End users have high performance expectations for specific business applications.Streamed Machine TypeTypical use cases for the streamed machine type are:Task or knowledge wor

49、kers who require desktops which they can take ownership of and personalize.End users on shared workstations.End users on locked-down workstations who access secure data.Virtual Desktop UpdatesTo apply changes to all the desktops allocated from a pooled machine catalog, update the master virtual machine.Managing the common aspects of users desktops through a single master virtual machine enables you to deploy system-wide changes, such as applying Windows updates or making configuration changes, to a large number of desktops very quickly.To Modify the Master Virtual MachineTo Revert to