Citrix 2022/2/16

# Citrix 2022/2/16 業界 HyperVisor:VMWare最多 VDI、App:Citrix最多(VMWare也有Horizon) 業界常用XenApp來建RDP供協力廠商連進來使用且會設定連線至特定設備授權: 1.MS:S2022-SD or DC 2.VM 3.XenServer SD版只能16Core Ex：AD的CPU為4+4,所以也6core，只能2台VM DC版也是16Core,VM無限制 C # Citrix 2/16 [線上E-Training(很多不能看...)](https://training.citrix.com/learning/landing) ==Citrix是架構於AD上== Citrix需掛載QNAP磁碟 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) :::spoiler 帳戶 o0ososo@yahoo/!03R 0973/oo_0507 ::: 過去祼機安裝，現使用VM Workstation安裝 [下載：XenServer](https://www.citrix.com/downloads/citrix-hypervisor/product-software/xenserver-70-standard-edition.html) XenServer＝HyperVisor ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) XenApp是虛擬App與虛擬桌面 # 安裝 Xen02 **VM**:Ram:96G,Nic:BG,HDD:650G ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x3 **CPU虛擬化VT要勾** ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x4 **XenServer** ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) root/!qaz.... Disk：安裝過程可選動態或固定，選定後將無法再更改 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x2 改選不檢查安裝檔(很耗時) ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x2 LAN ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x4 NTP ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) Install ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x6 :::info DNS於AD中設備關機需依序先將有關連DNS解析的先關(Ex:ExChange、ERP等) 最後才關AD與其Host和Storaeg NTP需指向同一處，若相差5分鐘容易產生異常廠商維護時需檢查DNS與NTP ::: XenCenter(類似vCenter) 安裝在教室實機上(Xen是Lan BG可直連) # XenCenter 以IP連至XenServer上下載(與ESXi v6版相同) ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 下載後安裝**XenCenter.msi** ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x2 Add XenServer進來 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x5 VM-Workstation建Win S2016(不加入網域) 建D:\ISO夾放入WS2016,Win10,XenAPP7.5 :::danger **ISO檔需放ISO當層目錄中** 不可再開目錄分類放下層裡，XS會讀不到ISO層的下一層的目錄) 此夾用Administrator可讀(不可用Everyone) 若用Win10網芳分享需開(安裝)SMB1.0,且雙邊皆需開啟 ::: \\192.168.65.237\ISO ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x3 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) New SR：加入NFS、CIFS Nmae： Share Nmae：\\192.168.65. ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x3 掛載.94的iSCSI ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x3 建VM：4C，4G，HDD：150GB S2016 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x5 選存放磁碟:本地,HDD:150GB ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x2 先跑安裝後面再設定網路 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x2 若有HVM錯誤要開啟**CPU虛擬化VT-X** ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 接著安裝**XenTools** ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x2 重啟-Yes ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 檢查裝置管理員(NIC留一張就好) ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) :::info 主機名稱與IP都不用設定直接做sysprep (勾一般化、選關機) ::: ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 轉成模板 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 轉成模板後 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) # 建置 3/6 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) AD:Win的DC 4C,4G,100GB X_DC:Delivery Controller 4C,32G,200GB XA:Xen App7.9(7.5只到2012) 4C,16G,150GB 新增Network有3種模式 Private:私域 External:等同BG Bonded:多張NIC做LACP ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x4 XenCenter-Xen02(Xen Server) 用上次的S2016做模版並用Quick建成AD、X_DC、XA ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 三台NIC皆選Private， ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 從範本建立VM方法有三種(按右鍵) New VM：可選範本檔或正常流程安裝 Quick： Copy(Clone):Fast clone會等很久、Full Copy會更久 Export Fire：匯出範本檔 Quick建立後 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 使用New VM建立 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x6 設定IP與改電腦名稱AD,DC,XA AD:10.0.0.1/8 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) Xen_DC:10.0.0.2/8 XA:10.0.0.3/8 AD升DC(wda02.local) ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x3 再將X_DC與XA加入網域 (DNS指向AD 10.0.0.1) 掛載NFS New SR ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x3 New VM(透過網路建立會較慢) ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x2 檢查AD後再升DC hostname DNS(指自己) # **AD Health Check**健檢正式環境建議先做AD健檢後再升DC ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 工具有：Dcdiag、REPadmin、NETdom...等 Tool-MAP 4.0:取得DC主機軟硬體資料 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 目視檢查項目 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x5 # 安裝Xen DC、App 安裝步驟文件：**xenapp75-reviewers-guide.pdf** **登網域**安裝DC **XenApp_and_XenDesktop_7_9_AE.iso** (丟到ISO的NFS或NAS上再掛載到X_DC上) ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 依P10～P12安裝(皆預設值) Xen Desktop(應該安裝Xen APP？) ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) Delivery Controller ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 若架構大，可拆分功能至它台主機 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x3 Summary ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) Installing ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 過程中會重開機 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 續跑 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x2 Finish ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 新增管理單元可能會有錯，重開機即可 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 成功後會有 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) --- # Citrix Studio設定 ## 1.Site Setup ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 識別用可任Key ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) Create連結SQL Server (可連至公司實際的DB)(7.9新版與P15～16不同) ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) **需為綠色鎖頭**:連至License Server ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 前面己一起安裝 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) **要改選No Machine Management** ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 因為Private網域,也非MS,也非VMware ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 非Hyper-V裡的APP-V,故跳過 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) Summary,設定過程會很久 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 完成**Step 1** ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) --- ## 2.1 Prepare Machines & Images 在XA上佈署Delivery Agent P.19～21 可在XA裡安裝程式後發佈出來 **在XA上**安裝Server OS ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) Create a Master Image(非Physical) ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) Server是被連線的，故Receiver不用裝 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) ==重要== :::danger 自動失敗率高，改手動輸入dc.wda02.local ::: ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 需與X-DC的完整電腦名稱相同 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 若不同,測試是紅X ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x2 FW:auto ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) Installing:過程會需重開約3次,且很久 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x3 ## 2.2 Machine Catalog 從X_DC將XA收納進AD目錄去 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)2x ServerOS(XA這台) ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 預設Another(後面說明MCS、PVS) ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 選XA加入 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) name：WinS2016_OA ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 完成 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x2 --- **Delivart Groups** Page.25要注意,失敗率高可能要重裝幾次 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x4 Add App:小畫家、計算機 ![](https://i.imgur.com/lDB1Wbi.png) 若App沒出來就要重來一次 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x2 Add Desktop:取個名稱 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x3 **Applications** ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 連結的網址 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) **StoreFront**,上面點過才會出來 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 用AD替代實際的NB或PC進行連線 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) **安裝CitrixReceiver** 無外網無法下載 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 直接掛載安裝 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x2 SSO(視需求) ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x6 開啟程式 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x2 --- # XD(Xen Desktop) 3/6先建1台Win10做範本,明天約需建3~5台XD 4C,4B,80G,NIC Private ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x2 # 3/7 **4_Citrix 虛擬化解決方案.pdf** ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 伺服與客端只傳送圖像與鍵鼠訊號 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) Hack手法：打開SSH進入VCSA後加密，並會斷網讓管理員無法連入參考解法架認證伺服器,透過雙因子驗證全景：身份認證，雙因子驗證權威開機先開iSCCI、NFS等Share Storage 再依序開AD,X_DC,XD (XA己設定好App，無需開機) # Xen Desktop **AD**: *建立使用者與群組* ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x3 4個User分屬2個群組 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) **XD1~5**: *設定IP、主機名稱、加網域* ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x2 5台XD ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) --- **xendesktop75-reviewers-guide.pdf** ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x2 7.5的支援，7.9才支援Win10 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x6 ==手動輸入網域== ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 用預設 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) FW:auto ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) **X_DC納管XD到AD目錄內** *1.Machine Catalogs* ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) Desktop OS (Server可APP＋Desktop) ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x2 都固定連到這台(或隨機) ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 把XD1收納成1個工具 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x2 *2.Delivery Group* ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x3 授㩲給OA_Group ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png)x5 YES ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) --- 用Console登本機帳戶，打開Web連過去，以網域Admin登入，此時不成功，沒有出現要重開機XD1 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) Win10_OA出現 ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) 此遠端桌面是ICA(非RDP) ![image](https://hackmd.io/_uploads/HyG5eTcfkg.png) :::success 常會使用WSUS大量佈署、GPO規則限制各項權限 :::