Using XenDesktop with VMware Infrastructure 3 or vSphere 4 require a few extra steps to set up and configure. VMware Infrastructure 3 and vSphere 4 both have a few different steps for XenDesktop Delivery Controller and XenDesktop Setup Wizard communication along with the proper permissions for the account used to connect to your Virtual Center or vCenter server. In this blog post I am going to go over the steps to set up and configure XenDesktop Delivery Controller and the XenDesktop Setup Wizard communication along with the permissions needed for both VMware Infrastructure 3 and vSphere 4.
XenDesktop Delivery Controller and VMware Infrastructure 3 – Virtual Center 2.5
Virtual Center HTTPS Access
- On the Virtual Center server browse to Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL\ and copy the rui.crt to your XenDesktop Delivery Controller(s) and Provisioning Server(s) with the XenDesktop Setup Wizard.
- Open an MMC and the Certificates snap-in to manage Certificates for the Computer Account on the XenDesktop Delivery Controller(s) and Provisioning Server(s) with the XenDesktop Setup Wizard.
- Expand Certificates > Trusted Root Certificates > Certificates and import the rui.crt.
- Create a host file entry for vmware with the IP address of the Virtual Center server on your XenDesktop Delivery Controller(s) and Provisioning Server(s) with the XenDesktop Setup Wizard. You can also create DNS entry for vmware pointing to your vCenter server instead of editing hosts files on your servers.
- In the Hosting Infrastructure section when creating a desktop group on the XenDesktop Delivery Controller or on the Provisioning Server when the running the XenDesktop Setup Wizard, select VMware Virtualization for the Hosting Infrastructure and enter https://vmware/sdk for the Virtual Center address.
Virtual Center HTTP Access
- Logon to the Virtual Center server.
- Browse to Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\.
- Open proxy.xml with the text editor of your choice and find the /sdk section. Change the accessMode to httpAndHttps.
- Restart the vCenter services.
- In the Hosting Infrastructure section when creating a desktop group on the XenDesktop Delivery Controller or on the Provisioning Server when the running the XenDesktop Setup Wizard, select VMware Virtualization for the Hosting Infrastructure and enter http://Virtual Center Server IP address/sdk for the Virtual Center address.
XenDesktop Delivery Controller and vSphere 4 and 4.1
vCenter HTTPS Access
- On the vCenter server browse to Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL\ (Windows 2003) or ProgramData\VMware\VMware VirtualCenter\SSL\ (Windows 2008) and copy the rui.crt to your XenDesktop Delivery Controller(s) and Provisioning Server with the XenDesktop Setup Wizard.
- Open an MMC and the Certificates snap-in to manage Certificates for the Computer Account on the XenDesktop Delivery Controller(s) and Provisioning Server(s) with the XenDesktop Setup Wizard.
- Expand Certificates > Trusted Root Certificates > Certificates and import the trusted root certificate for the SSL certificate copied from the vCenter server in step 1. Also import the certificate to the Trusted People Store.
- For XenDesktop 3.0 – On the XenDesktop Delivery Controller(s) install Citrix XenDesktop hotfix XDE300PM003 and on the Provisioning Server(s) install XenDesktop Setup Wizard XDE300SW001. For XenDesktop 4.0 – On the Desktop Delivery Controller(s) install Citrix XenDesktop hotfix XDE400PM004 and on the Provisioning Server(s) install XenDesktop Setup Wizard XDE400SWx86001 for 32 bit or XDE400SWX64001 for 64 bit.
- Create a host file entry for vmware with the IP address of the vCenter server on your XenDesktop Delivery Controller(s) and Provisioning Server(s) with the XenDesktop Setup Wizard. You can also create DNS entry for vmware pointing to your vCenter server instead of editing hosts files on your servers.
- In the Hosting Infrastructure section when creating a desktop group on the XenDesktop Delivery Controller or on the Provisioning Server when the running the XenDesktop Setup Wizard, select VMware Virtualization for the Hosting Infrastructure and enter https://vmware/sdk for the Virtual Center address.
vCenter HTTP Access
- Logon to the vCenter server
- Browse to Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\ (Windows 2003) or ProgramData\VMware\VMware VirtualCenter\SSL (Windows 2008).
- Open proxy.xml with the text editor of your choice and find the /sdk section. Change the accessMode to httpAndHttps.
- Restart the vCenter services.
- In the Hosting Infrastructure section when creating a desktop group on the XenDesktop Delivery Controller or on the Provisioning Server when the running the XenDesktop Setup Wizard, select VMware Virtualization for the Hosting Infrastructure and enter http://vCenter server IP address/sdk for the Virtual Center address.
Virtual Center and vCenter Permissions
When using XenDesktop with VMware make sure you use an account with the proper permissions to connect to the Virtual Center or vCenter server. This account will be used for both the XenDesktop Delivery Controller and the XenDesktop Setup Wizard to connect to Virtual Center or vCenter.
The account used for XenDesktop Delivery Controller and the XenDesktop Setup Wizard to communicate to Virtual Center or vCenter will need the following permissions. The following permissions need to be propagated to the lower levels in the Virtual Center or vCenter tree. Create a role in Virtual Center or vCenter for XenDesktop with the following permissions:
At the Hosts and Clusters Node
For a complete overview of using XenDesktop with VMware see Citrix eDocs VMware and XenDesktop.
As you can see, using XenDesktop with VMware is pretty straight forward. I recommend using HTTPS access over HTTP access. Using HTTPS access is more secure than HTTP access and doesn’t require modifying the proxy.xml file on your Virtual Center or vCenter server. Note: Using the default Virtual Center or vSphere certificate is not recommended for production use. To change the default SSL certificate see Replacing Virtual Center Server Certificates in Virtual Infrastructure 3 or Replacing vCenter Server Certificates in vSphere 4. To use an Enterprise CA certificate like Microsoft Certificate Services see Replacing vSphere SSL Certificates over at the VirtualVCP IT Virtualization blog.
If you have found this article interesting or if you have any other insights, please feel free to leave comments on this article.
Jarian Gibson is a consultant that specializes in Citrix and Microsoft technologies. Credentials include being certified as a Citrix Certified Administrator, Citrix Certified Advanced Administrator, Citrix Certified Enterprise Engineer, Citrix Certified Integration Architect, Citrix Certified Instructor, Citrix Certified Sales Professional, Microsoft Certified Technical Specialist, Microsoft Certified IT Professional (Server Administrator, Enterprise Administrator, and Virtualization Administrator) and VMware Certified Professional. Memberships include being a nominated and selected member of the Citrix Partner Technical Expert Council. With over 10 years of experience in the IT field, Jarian has worked for companies such as Securities America Financial Corporation and MTM Technologies. He is currently based in the Kansas City area working for Choice Solutions as a Citrix Practice Manager/Principal Consultant.
Hi Jarain,
nice article.
I did a XenDesktop project in combination with VI 3.0 and we used the “Virtual Center HTTPS Access”. The problem with this solution is, that you can address only one virtual center, because you only have one “vmware” DNS/host entry. In our particular case changing the certificate wasn’t a option because even with VMware support on board we couldn’t change the SSL certificate of our Virtual Center cluster. And using HTTP instead of HTTPS was also no option, as we were doing this in the financial sector. Safety comes first!
Also it’s absolute necessary to set proper permissions (http://support.citrix.com/article/ctx118038) on the virtual center. Doing this the wrong way can have very bad impact.
Greetings,
Tim
http://www.timarenz.de
Thanks for the comments. You are absolutely right about the permissions. They are very important. I will add this to the article. Thanks!
Hi Jarian,
Really need your help. We have been trying to setup xen in our environment for about two months now but we cant seems to get it work. We have created a master image and was able to create a vdisk on the provisional server. The problem that we are having: it will only boot up on the computer that the master image was created on, and blue screen on all other computers.
(2) where can we find or download xendesk delivery controller? Greatly appreciate your help
Are you using VMXNET3 nic on your target devices VMs? If so did you install the PVS hotfix for VMXNET3?
Thanks Jarian, I wasn’t using the VMXNET3 NIC so I have made that adjustment.
I saw a video and they ran xen setup wizard to associate the vdisk with the vms so i downloaded this wizard but am getting an error message saying it cannot find a FARM in active directory. After reading some more I found out that I need xendesktop delivery controller. I spent days looking for this download and I cannot locate it, am I missing something. Please help.
Mike
You download the XenDesktop media and setup a XenDesktop farm/site by logging into MyCitrix > downloads > XenDesktop 5/5.5. Once downloaded setup and install the XenDesktop by using the iso.
The setup wizard for XenDesktop and PVS is a PVS patch. The machine creation services part is built into XenDesktop.
Jarian,
I have two windows 2008 R2 installed on a xenserver. I installed xendesktop on one and PVS on the other.
the server with xendesktop is configured to store all the vms on vcenter 4.0
The computer with the master image has windows 7- adapter VMXNET3 NIC- this master image is on the vcenter
I then convert and lodad the mater image to the pvs server. I don’t have a xendesk delivery controller as mentioned in many post as I am using the express edition. I called Citrix today and they said that the full evaluation version has to be downloaded with the direction of a sales rep.
My clients are set to boot from the network- pc boots ok from the network- found vdisk and started windows – then displayed Blue Screen Error 0x0000007B (0xFFFFF880009A98E8, 0xFFFFFFFFC0000034, 0×0000000000000000, 0×0000000000000000)
Can you say where am going wrong.
Thanks
Thanks, really helped. I was lazy and repalced HTTPS Rerdirect with HTTPandHTTPS and rebooted the vCenter server. All works fine
Hey, Love the post! Keep it up, I will definatley be coming back soon!! =)
Great article and I use this for our customers, so that should tell you how good it is!
Thanks David. Glad I can give a hand to the Citrix community.
Jarian,
We have done several deployments using VSphere 4, and have not found it necessary to replace the default VMWare certificate. The default certificate for VCenter is a CA certificate issued to an FQDN of vmware. We simply add this cert to the trusted root store of the machine account and create the entry in the host file on the DDC and the PVS server.
It has worked every time.
Jarian, thanks for taking time out of your busy life to keep this blog!
Here’s some info regarding integration of XenDesktop 4. with vSphere 4.1. Apparantly there’re some changes in 4.1 SDK and httpAndHttps trick doesn’t work. There’s a long discussion here: http://forums.citrix.com/message.jspa?messageID=1481636 which boils down to installing a XenDesktop Hotfix http://support.citrix.com/article/CTX125538 Check it out. Maybe you could add this to your write ups!
Cheers!
Roman
Just to top that off: please don’t be like me – read all the instructions
The XenDesktop Desktop Delivery Controller and XenDesktop Setup Wizard do not communicate with VMware Virtual Center via HTTPS if the vSphere 4.0 default certificate is used. To enable the vSphere 4.0 default certificate, place it in the Trusted People store, on the Desktop Delivery Controller, and the Setup Wizard computer.
The default certificate is called rui.crt
Thanks Roman. I will update this post with the new info for 4.1. Thanks!
Article has been updated with latest udpates. Thanks!
I’ve looked all over and no one has answered this – does VMware SDK NEED to be INSTALLED on the vCenter server in order for this to work?
It is installed when you install Virtual Center. It’s on the Virtual Center server. You have to give unsecure access to it or use secure acccess with the default certificate or install a 3rd party certificate.
Hi Jarian,
Thanks for all those information on vcenter.
Am using vcenter(vSphere) 4.1 to store all my xendesktop and am using a data store called xendesktop store. One day last week we weren’t able to connect to any of our xendesktop. We noticed that all our xendesktop in vSphere had a question mark with a displaying message stating that we were out of space for that datastore. After adding 50 GB space to that datastore we were able to start the 10 xendesktop.
Yesterday we had the same problem. We are not sure what is causing this problem. We did not add any machine to the desktop group. We did not install any software. Any idea what would be eating up the space like that?
Just tried the steps on vCenter 4.0 Update 2 with ESX 4.0 Update 2 and not a good fit. After editing the proxy.xml file and adding the “httpand ” text and then restarting the services they would not start. I had to remove the “httpand” and everything is good now
Jim
Thanks mate. Good article you got going on here. Got some more sites to point to with more stuff like this?
The VMWare vCenter SDK is not installed by default (at least on vSphere 4.0/4.1) and confirmed this statement with VMWare Support. There are two ways to enable the vCenter SDK (Note: There are different bits depending on which version of vCenter your running so choose accordingly):
1.) Install the vSphere SDK (http://www.vmware.com/support/developer/vc-sdk/) on vCenter
2.) Install the VMWare vSphere CLI (http://downloads.vmware.com/d/details/vcli41/ZHcqYmRoaCpiZHRAag==) (which includes the SDK) on vCenter.
There may be other tools from VMWare that also bundle the SDK (most likely since its a pre-requisite for the tools to interface with the vSphere API).
I also recommend replacing the vCenter self-signed SSL cert (Standard Tomcat Server procedure requiring OpenSSL utility) to a CA SSL Cert. The VMWare self-signed SSL Cert was changed slightly from ESX 3.5 to the vSphere platform causing issues resolving via the Windows host file hack. The host file hack extended to the DDC and PVS servers in order to resolve the back-end hosting infrastructure properly (e.g. https:\\vmware\sdk) and also required importing the self-signed cert into the local Certficate Store to work properly.
So do yourself a favor and create a CA SSL cert using the FQDN as the CommonName and this eliminates the host file hack and the import cert into local cetificate store steps.
Peter Koziura
I don’t even understand how I finished up here, however I figured this
Cheers!
publish was good. I don’t recognise who you’re however definitely you’re visiting a well-known blogger whenever you aren’t already
of course like your web site however you need to check
the spelling on several of your posts. Many of them are rife with spelling issues and I in finding it
very bothersome to tell the truth then again I will certainly come back again.
hey do you know how to publish a xendesktop in vsphere 4.1? its already been created, but i need to publish it and i cant find any article on doing so…any help would be great!