VDA registration 编辑
Introduction
Note:
In an on-premises environment, VDAs register with a Delivery Controller. In a Citrix Cloud service environment, VDAs register with a Cloud Connector. In a hybrid environment, some VDAs register with a Delivery Controller while others register with a Cloud Connector.
Before a VDA can be used, it must register (establish communication) with one or more Controllers or Cloud Connectors on the site. The VDA finds a Controller or Connector by checking a list called the ListofDDCs
. The ListOfDDCs
on a VDA contains DNS entries that point that VDA to Controllers or Cloud Connectors on the site. For load balancing, the VDA automatically distributes connections across all Controllers or Cloud Connectors in the list.
Why is VDA registration so important?
- From a security perspective, registration is a sensitive operation. You’re establishing a connection between the Controller or Cloud Connector and the VDA. For such a sensitive operation, the expected behavior is to reject the connection if everything is not in perfect shape. You are effectively establishing two separate communication channels: VDA to Controller or Cloud Connector, and Controller or Cloud Connector to VDA. The connection uses Kerberos, so time synchronization and domain membership issues are unforgiving. Kerberos uses Service Principal Names (SPNs), so you cannot use load balanced IP\hostname.
- If a VDA does not have accurate and current Controller or Cloud Connector information as you add and remove Controllers (or Cloud Connectors), the VDA might reject session launches that are brokered by an unlisted Controller or Cloud Connector. Invalid entries can delay the startup of the virtual desktop system software. A VDA won’t accept a connection from an unknown and untrusted Controller or Cloud Connector.
In addition to the ListofDDCs
, the ListOfSIDs
(Security IDs) indicates which machines in the ListofDDCs
are trusted. The ListofSIDs
can be used to decrease the load on Active Directory or to avoid possible security threats from a compromised DNS server. For more information, see ListOfSIDs.
If a ListofDDCs
specifies more than one Controller or Cloud Connector, the VDA attempts to connect to them in random order. In an on-premises deployment, the ListofDDCs
can also contain Controller groups. The VDA attempts to connect to each Controller in a group before moving to other entries in the ListofDDCs
.
Citrix Virtual Apps and Desktops automatically tests the connectivity to configured Controllers or Cloud Connectors during VDA installation. Errors are displayed if a Controller or Cloud Connector cannot be reached. If you ignore a warning that a Controller or Cloud Connector cannot be contacted (or when you do not specify Controller or Cloud Connector addresses during VDA installation), messages remind you.
Methods for configuring Controller or Cloud Connector addresses
The administrator chooses the configuration method to use when the VDA registers for the first time (the initial registration). During the initial registration, a persistent cache is created on the VDA. During subsequent registrations, the VDA retrieves the list of Controllers or Cloud Connectors from this local cache, unless a configuration change is detected.
The easiest way to retrieve that list during subsequent registrations is by using the auto-update feature. Auto-update is enabled by default. For more information, see Auto-update.
There are several methods for configuring Controller or Cloud Connector addresses on a VDA.
- Policy-based (LGPO or GPO)
- Registry-based (manual, Group Policy Preferences (GPP), specified during VDA installation)
- Active Directory OU-based (legacy OU discovery)
- MCS-based (personality.ini)
You specify the initial registration method when you install a VDA. (If you disable auto-update, the method you select during VDA installation is used for subsequent registrations.)
The following graphic shows the Delivery Controller page of the VDA installation wizard.
Policy-based (LGPO\GPO)
Citrix recommends using GPO for initial VDA registration. It has the highest priority. (Although auto-update is listed as the highest priority, auto-update is used only after the initial registration.) Policy-based registration offers the centralizing advantages of using Group Policy for configuration.
To specify this method, complete both of the following steps:
- On the Delivery Controller page in the VDA installation wizard, select Do it later (advanced). The wizard reminds you several times to specify Controller addresses, even though you’re not specifying them during VDA installation. (VDA registration is that important.)
- Enable or disable policy-based VDA registration through Citrix policy with the
Virtual Delivery Agent Settings > Controllers
setting. (If security is your top priority, use theVirtual Delivery Agent Settings > Controller SIDs
setting.)
This setting is stored under HKLM\Software\Policies\Citrix\VirtualDesktopAgent (ListOfDDCs)
.
Registry-based
To specify this method, complete one of the following steps:
- On the Delivery Controller page in the VDA installation wizard, select Do it manually. Then, enter the FQDN of an installed Controller and then click Add. If you’ve installed more Controllers, add their addresses.
- For a command-line VDA installation, use the /controllers option and specify the FQDNs of the installed Controllers or Cloud Connectors.
This information is stored in registry value ListOfDDCs
under registry key HKLM\Software\Citrix\VirtualDesktopAgent
or HKLM\Software\Wow6432Node\Citrix\VirtualDesktopAgent
.
You can also configure this registry key manually or use Group Policy Preferences (GPP). This method might be preferable to the policy-based method (for example, if you want conditional processing of different Controllers or Cloud Connectors, such as: use XDC-001 for computer names that begin with XDW-001-).
Update the ListOfDDCs
registry key, which lists the FQDNs of all the Controllers or Cloud Connectors in the site. (This key is the equivalent of the Active Directory site OU.)
HKEY_LOCAL_MACHINE\Software\Citrix\VirtualDesktopAgent\ListOfDDCs (REG_SZ)
If the HKEY_LOCAL_MACHINE\Software\Citrix\VirtualDesktopAgent
registry location contains both the ListOfDDCs
and FarmGUID
keys, ListOfDDCs
is used for Controller or Cloud Connector discovery. FarmGUID
is present if a site OU was specified during VDA installation. (This might be used in legacy deployments.)
Optionally, update the ListOfSIDs
registry key (for more information, see ListOfSIDs:
HKEY_LOCAL_MACHINE\Software\Citrix\VirtualDesktopAgent\ListOfSIDs (REG_SZ)
Remember: If you also enable policy-based VDA registration through Citrix policy, that overrides settings you specify during VDA installation, because it is a higher-priority method.
Active Directory OU-based (legacy)
This method is supported primarily for backward compatibility and is not recommended. If you’re still using it, Citrix suggests changing to another method.
To specify this method, complete both of the following steps:
- On the Delivery Controller page in the VDA installation wizard, select Choose locations from Active Directory.
- Use the
Set-ADControllerDiscovery.ps1
script (available on every Controller). Also, configure theFarmGuid
registry entry on each VDA to point to the right OU. This setting can be configured using Group Policy.
For details, see Active Directory OU-based discovery.
MCS-based
If you plan to use only MCS to provision VMs, you can instruct MCS to set up the list of Controllers or Cloud Connectors. This feature works with auto-update. When creating the catalog, MCS injects the list of Controllers or Cloud Connectors into the Personality.ini
file during initial provisioning. Auto-update keeps the list current.
This method is not recommended for use in large environments. You can use this method if you:
- Have a small environment
- Will not move VDAs between sites
- Use only MCS to provision VMs
- Don’t want to use Group Policy
To specify this method, on the Delivery Controller page in the VDA installation wizard, select Let Machine Creation Services do it.
Review and recommendations
As best practice:
- Use the Group Policy registration method for initial registration.
- Use auto-update (enabled by default) to keep your list of Controllers up-to-date.
- In a multi-zone deployment, use Group Policy for initial configuration (with at least two Controllers or Cloud Connectors). Point VDAs to Controllers or Cloud Connectors local to (in) their zone. Use auto-update to keep them up-to-date. Auto-update automatically optimizes the
ListofDDCs
for VDAs in satellite zones. List more than one controller on the
ListOfDDCs
registry key, separated by a space, to prevent registration issues if a Controller is not available. For example:DDC7x.xd.local DDC7xHA.xd.local 32-bit: HKEY_LOCAL_MACHINE \Software\Citrix\VirtualDesktopAgent\ListOfDDCs HKEY_LOCAL_MACHINE \Software\Citrix\VirtualDesktopAgent\ListOfDDCs (REG_SZ) <!--NeedCopy-->
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论