Connector Appliance for Cloud Services

The Connector Appliance is a Citrix component hosted in your hypervisor. It serves as a channel for communication between Citrix Cloud and your resource locations, enabling cloud management without requiring any complex networking or infrastructure configuration. Connector Appliance enables you to manage and focus on the resources that provide value to your users.

The Connector Appliance provides the following functions:

• (Preview) Hypervisor Management Service enables you to manage updates to your Citrix Hypervisor 8 Cloud pools from the cloud control plane. By moving to a continuous update model, orchestrated by Citrix Cloud, Citrix Hypervisor customers can benefit from an efficient release process that delivers new features faster. For more information, see Citrix Hypervisor Cloud.

• Image Portability Service simplifies the management of images across platforms. This feature is useful for managing images between an on-premises resource location and one in a public cloud. The Citrix Virtual Apps and Desktops REST APIs can be used to automate the administration of resources within a Citrix Virtual Apps and Desktops site.

  The Image Portability workflow begins when you use Citrix Cloud to initiate the migration of an image from your on-premises location to your public cloud subscription. After preparing your image, the Image Portability Service helps you transfer the image to your public cloud subscription and prepare it to run. Finally, Citrix Provisioning or Machine Creation Services provisions the image in your public cloud subscription.

  For more information, see Image Portability Service.

• Citrix Secure Private Access enables administrators to provide a cohesive experience that integrates single sign-on, remote access, and content inspection into a single solution for end-to-end access control. For more information, see Secure Private Access with Connector Appliance.

There might be other services in preview that also depend on the Connector Appliance.

The Connector Appliance platform is part of Citrix Cloud Platform and Citrix Identity Platform and can process data, including the following information:

• IP addresses or FQDNs
• Device, user, and resource location identifiers
• Timestamps
• Event data
• User and group details from Active Directory (for example, used for authenticating and searching for users and groups)

Details of specific information processed by the Connector Appliance are available in the Data Collected by Citrix Cloud Platform table in the Citrix Cloud Services Data Protection Overview.

Connector Appliance availability and load management

For continuous availability and to manage load, install multiple Connector Appliances in each of your resource locations. Citrix recommends at least two Connector Appliances in each resource location. If one Connector Appliance is unavailable for any time, the other Connector Appliances can maintain the connection. Since each Connector Appliance is stateless, the load can be distributed across all available Connector Appliances. There is no need to configure this load balancing function. It is automated. If at least one Connector Appliance is available, there is no loss in communication with Citrix Cloud.

If you have only one connector configured for a resource location, Citrix Cloud shows a warning on both the Resource Locations and the Connectors page.

Connector Appliance updates

The Connector Appliance is updated automatically. You are not required to take any actions to update your connector.

You can configure your resource location to apply updates either immediately as they become available or during a specific maintenance window. To configure the maintenance window:

1. On your resource location, go to the ellipsis (…) menu and select Manage Resource Location.
2. In the Choose your update method section, select Set a maintenance start time.
3. Choose the start time and timezone from the lists.
4. Click Confirm.

As part of the update the Connector Appliance becomes temporarily unavailable. Automatic update only updates one Connector Appliance in a resource location at a time. For this reason, it is important to register at least two Connector Appliances in each resource location to ensure that at least one Connector Appliance is always available.

Connector Appliance communication

The Connector Appliance authenticates and encrypts all communication between Citrix Cloud and your resource locations. Once installed, the Connector Appliance initiates communication with Citrix Cloud through an outbound connection. All connections are established from the Connector Appliance to the cloud using the standard HTTPS port (443) and the TCP protocol. No incoming connections are allowed.

This is a list of ports that the Connector Appliance requires access to:

To configure the Connector Appliance, IT admins must be able to access the admin interface on port 443 (HTTPS) of the Connector Appliance.

Note: You must include https:// at the start of the IP address.

The Connector Appliance can communicate with both on-premises systems in your resource location and with external systems. If you define one or more web proxies during Connector Appliance registration, only traffic from the Connector Appliance to external systems is routed through this web proxy. If your on-premises system is located in a private address space, traffic from Connector Appliance to this system is not routed through the web proxy.

The Connector Appliance defines private address spaces as the following IPv4 address ranges:

• 10.0.0.0 – 10.255.255.255
• 172.16.0.0 – 172.31.255.255
• 192.168.0.0 – 192.168.255.255

Internet connectivity requirements

Connecting to the Internet from your data centers requires opening port 443 to outbound connections. However, to operate within environments containing an Internet proxy server or firewall restrictions, further configuration might be needed.

To properly operate and consume the Citrix Cloud services, the following addresses must be contactable with unmodified HTTPS connections:

• https://*.cloud.com
• https://*.citrixworkspacesapi.net
• https://*.citrixnetworkapi.net
• https://*.nssvc.net
  • Customers who can’t enable all subdomains can use the following addresses instead
    • https://*.g.nssvc.net
    • https://*.c.nssvc.net
• https://*.servicebus.windows.net
• https://iwsprodeastusuniconacr.azurecr.io
• https://iwsprodeastusuniconacr.eastus.data.azurecr.io

Network requirements

Ensure that your environment has the following configuration:

• Either the network allows the Connector Appliance to use DHCP to get DNS and NTP servers, an IP address, a host name, and a domain name or you can manually set the network settings in the Connector Appliance console.
• The network is not configured to use the link-local IP ranges 169.254.0.1/24, 169.254.64.0/18 or 169.254.192.0/18, which are used internally by the Connector Appliance.
• Either the hypervisor clock is set to Coordinated Universal Time (UTC) and is synchronized with a time server or DHCP provides NTP server information to the Connector Appliance.
• If you use a proxy with Connector Appliance, the proxy must be unauthenticated or use basic authentication.

System requirements

The Connector Appliance is supported on the following hypervisors:

• Citrix XenServer 7.1 CU2 LTSR
• Citrix Hypervisor 8.2 LTSR
• VMware ESXi version 7 update 2
• Hyper-V on Windows Server 2016, Windows Server 2019, or Windows Server 2022.
• Microsoft Azure
• AWS
• Google Cloud Platform

Your hypervisor must provide the following minimum capabilities:

• 20 GiB root disk
• 2 vCPUs
• 4 GiB memory
• An IPv4 network

You can host multiple Connector Appliances on the same hypervisor host. The number of Connector Appliances on the same host is only constrained by the hypervisor and hardware limitations.

Note:

Cloning, suspending, and taking snapshots of the Connector Appliance VM are not supported.

Obtain the Connector Appliance

Download the Connector Appliance software from within Citrix Cloud.

1. Sign in to Citrix Cloud.

2. From the menu in the top left of the screen, select Resource Locations.

3. If you do not already have a resource location, click the plus icon (+) or select Add a Resource Location.

4. In the resource location where you want to register the Connector Appliance, click the Connector Appliances plus icon (+).

   The Install Connector Appliance task opens.

   

5. From the Hypervisor list in Step 1, choose the type of hypervisor or cloud provider that you use to host your Connector Appliance.

   • For on-premises hypervisors and cloud environments, you can download the Connector Appliance here:

     1. Click Download Image.
     2. Review the Citrix End User Service Agreement and, if you agree, select Agree and Continue.

     3. When prompted, save the provided Connector Appliance file.

        The file name extension of the Connector Appliance file depends on the hypervisor that you choose.

   • For some cloud environments, you can instead get the Connector Appliance from the marketplace:

     • AWS
     • Microsoft Azure
     • Google Cloud

6. Keep the Install Connector Appliance task open. After installing the Connector Appliance, you input your registration code into Step 2.

You can also get to the Install Connector Appliance task from the Connectors page. Select the plus icon (+) to add a connector and choose to add a Connector Appliance.

Install Connector Appliance on your hypervisor

• Citrix Hypervisor
• VMware ESXi
• Hyper-V
• Nutanix AHV
• Microsoft Azure
• Google Cloud Platform
• AWS

Citrix Hypervisor

This section describes how to import the Connector Appliance to a Citrix Hypervisor server by using XenCenter.

1. Connect to your Citrix Hypervisor server or pool by using XenCenter on a system that has access to the downloaded Connector Appliance XVA file.
2. Select File > Import.
3. Specify or browse to the path where the Connector Appliance XVA file is located. Click Next.
4. Select the Citrix Hypervisor server where you want to host the Connector Appliance. Alternatively, you can select the pool to host the Connector Appliance in and Citrix Hypervisor chooses a suitable available server. Click Next.
5. Specify the storage repository to use for your Connector Appliance. Click Import.
6. Click Add to add a virtual network interface. From the Network list, select the network for the Connector Appliance to use. Click Next.
7. Review the options to use to deploy the Connector Appliance. If any are incorrect, use Previous to change these options.
8. Ensure that Start the new VM(s) automatically as soon as the import is complete is selected. Click Finish.

After the Connector Appliance is deployed and has successfully started up, its console displays a landing page that contains the Connector Appliance IP address. Use this IP address to connect to the Connector Appliance administration page and complete the registration process.

By default, the Connector Appliance uses DHCP to set its network configuration. If DHCP is not available in your environment, you must set the network configuration at the Connector Appliance console before you can access the Connector Appliance UI. For more information, see Set the network configuration by using the Connector Appliance console.

Next step: Register your Connector Appliance with Citrix Cloud.

VMware ESXi

This section describes how to deploy Connector Appliance on a VMware ESXi host by using the VMware vSphere Client.

1. Connect to your ESXi host by using the vSphere Client on a system that has access to the downloaded Connector Appliance OVA file.
2. Select File > Deploy OVF Template….
3. Specify or browse to the path where the Connector Appliance OVA file is located. Click Next.
4. Review the template details. Click Next.
5. You can specify a unique name for your Connector Appliance instance. By default, the name is set to “Connector Appliance”. Ensure that you choose a name that distinguishes this instance of the Connector Appliance from other instances hosted on this ESXi host. Click Next.
6. Specify the destination storage for your Connector Appliance. Click Next.
7. Choose the format to store the virtual disks in. Click Next.
8. Review the options to use to deploy the Connector Appliance. If any are incorrect, use Back to change these options.
9. Select Power on after deployment. Click Finish.

After the Connector Appliance is deployed and has successfully started up, its console displays a landing page that contains the Connector Appliance IP address. Use this IP address to connect to the Connector Appliance administration page and complete the registration process.

By default, the Connector Appliance uses DHCP to set its network configuration. If DHCP is not available in your environment, you must set the network configuration at the Connector Appliance console before you can access the Connector Appliance UI. For more information, see Set the network configuration by using the Connector Appliance console.

Next step: Register your Connector Appliance with Citrix Cloud.

Hyper-V

This section describes how to deploy Connector Appliance on a Hyper-V host. You can deploy the VM by using the Hyper-V Manager or by using the included PowerShell script.

Deploy the Connector Appliance by using the Hyper-V Manager

1. Connect to your Hyper-V host.
2. Copy or download the Connector Appliance ZIP file to the Hyper-V host.
3. Extract the contents of the ZIP file: A PowerShell script and the connector-appliance.vhdx file.
4. Copy the VHDX file to where you want to keep your VM disks. For example, C:\ConnectorApplianceVMs.
5. Open Hyper-V Manager.
6. Right-click on your server name and select New > Virtual Machine.
7. In the New Virtual Machine Wizard, on the Specify Name and Location panel, enter a unique name to use to identify your Connector Appliance in the Name field. Click Next.
8. On the Specify Generation panel, select Generation 1. Click Next.

9. On the Assign Memory panel:

   1. Assign 4 GB of RAM
   2. Disable dynamic memory

   Click Next.

10. On the Configure Networking panel, select a switch from the list. For example, Default Switch. Click Next.
11. On the Connect Virtual Hard Disk panel, select Use an existing virtual hard disk.
12. Browse to the location of the connector-appliance.vhdx file and select it. Click Next.
13. On the Summary panel, review the values you have chosen and click Finish to create the VM.
14. On the Virtual Machines panel, right-click on the Connector Appliance VM and select Settings.
15. In the Settings window, go to Hardware > Processors. Change the value for Number of virtual processors to 2. Click Apply, then OK.
16. On the Virtual Machines panel, right-click on the Connector Appliance VM and select Start.
17. Right-click on the Connector Appliance VM and select Connect to open the console.

After the Connector Appliance is deployed and has successfully started up, connect to the console using the Hyper-V Manager. The console displays a landing page that contains the Connector Appliance IP address. Use this IP address to connect to the Connector Appliance administration page and complete the registration process.

By default, the Connector Appliance uses DHCP to set its network configuration. If DHCP is not available in your environment, you must set the network configuration at the Connector Appliance console before you can access the Connector Appliance UI. For more information, see Set the network configuration by using the Connector Appliance console.

Next step: Register your Connector Appliance with Citrix Cloud.

Deploy the Connector Appliance by using a PowerShell script

The connector-appliance.zip file contains a PowerShell script that creates and starts a new VM.

Note:

To run this unsigned PowerShell script, you might have to change the execution policies on the Hyper-V system. For more information, see https://go.microsoft.com/fwlink/?LinkID=135170. Alternatively, you can use the provided script as the basis to create or amend your own local script.

1. Connect to your Hyper-V host.
2. Copy or download the Connector Appliance ZIP file to the Hyper-V host.
3. Extract the contents of the ZIP file: A PowerShell script and a VHDX file.

4. In a PowerShell console, change the current directory to where the ZIP file contents are located and run the following command:

   .\connector-appliance-install.ps1