VDA registration 编辑

Introduction

Note:

In an on-premises environment, VDAs register with a Delivery Controller. In a Citrix Cloud service environment, VDAs register with a Cloud Connector. In a hybrid environment, some VDAs register with a Delivery Controller while others register with a Cloud Connector.

Before a VDA can be used, it must register (establish communication) with one or more Controllers or Cloud Connectors on the site. The VDA finds a Controller or Connector by checking a list called the ListofDDCs. The ListOfDDCs on a VDA contains DNS entries that point that VDA to Controllers or Cloud Connectors on the site. For load balancing, the VDA automatically distributes connections across all Controllers or Cloud Connectors in the list.

Why is VDA registration so important?

• From a security perspective, registration is a sensitive operation. You’re establishing a connection between the Controller or Cloud Connector and the VDA. For such a sensitive operation, the expected behavior is to reject the connection if everything is not in perfect shape. You are effectively establishing two separate communication channels: VDA to Controller or Cloud Connector, and Controller or Cloud Connector to VDA. The connection uses Kerberos, so time synchronization and domain membership issues are unforgiving. Kerberos uses Service Principal Names (SPNs), so you cannot use load balanced IP\hostname.
• If a VDA does not have accurate and current Controller or Cloud Connector information as you add and remove Controllers (or Cloud Connectors), the VDA might reject session launches that are brokered by an unlisted Controller or Cloud Connector. Invalid entries can delay the startup of the virtual desktop system software. A VDA won’t accept a connection from an unknown and untrusted Controller or Cloud Connector.

In addition to the ListofDDCs, the ListOfSIDs (Security IDs) indicates which machines in the ListofDDCs are trusted. The ListofSIDs can be used to decrease the load on Active Directory or to avoid possible security threats from a compromised DNS server. For more information, see ListOfSIDs.

If a ListofDDCs specifies more than one Controller or Cloud Connector, the VDA attempts to connect to them in random order. In an on-premises deployment, the ListofDDCs can also contain Controller groups. The VDA attempts to connect to each Controller in a group before moving to other entries in the ListofDDCs.

Citrix Virtual Apps and Desktops automatically tests the connectivity to configured Controllers or Cloud Connectors during VDA installation. Errors are displayed if a Controller or Cloud Connector cannot be reached. If you ignore a warning that a Controller or Cloud Connector cannot be contacted (or when you do not specify Controller or Cloud Connector addresses during VDA installation), messages remind you.

Methods for configuring Controller or Cloud Connector addresses

The administrator chooses the configuration method to use when the VDA registers for the first time (the initial registration). During the initial registration, a persistent cache is created on the VDA. During subsequent registrations, the VDA retrieves the list of Controllers or Cloud Connectors from this local cache, unless a configuration change is detected.

The easiest way to retrieve that list during subsequent registrations is by using the auto-update feature. Auto-update is enabled by default. For more information, see Auto-update.

There are several methods for configuring Controller or Cloud Connector addresses on a VDA.

• Policy-based (LGPO or GPO)
• Registry-based (manual, Group Policy Preferences (GPP), specified during VDA installation)
• Active Directory OU-based (legacy OU discovery)
• MCS-based (personality.ini)

You specify the initial registration method when you install a VDA. (If you disable auto-update, the method you select during VDA installation is used for subsequent registrations.)

The following graphic shows the Delivery Controller page of the VDA installation wizard.

Policy-based (LGPO\GPO)

Citrix recommends using GPO for initial VDA registration. It has the highest priority. (Although auto-update is listed as the highest priority, auto-update is used only after the initial registration.) Policy-based registration offers the centralizing advantages of using Group Policy for configuration.

To specify this method, complete both of the following steps:

• On the Delivery Controller page in the VDA installation wizard, select Do it later (advanced). The wizard reminds you several times to specify Controller addresses, even though you’re not specifying them during VDA installation. (VDA registration is that important.)
• Enable or disable policy-based VDA registration through Citrix policy with the Virtual Delivery Agent Settings > Controllers setting. (If security is your top priority, use the Virtual Delivery Agent Settings > Controller SIDs setting.)

This setting is stored under HKLM\Software\Policies\Citrix\VirtualDesktopAgent (ListOfDDCs).

Registry-based

To specify this method, complete one of the following steps:

• On the Delivery Controller page in the VDA installation wizard, select Do it manually. Then, enter the FQDN of an installed Controller and then click Add. If you’ve installed more Controllers, add their addresses.
• For a command-line VDA installation, use the /controllers option and specify the FQDNs of the installed Controllers or Cloud Connectors.

This information is stored in registry value ListOfDDCs under registry key HKLM\Software\Citrix\VirtualDesktopAgent or HKLM\Software\Wow6432Node\Citrix\VirtualDesktopAgent.

You can also configure this registry key manually or use Group Policy Preferences (GPP). This method might be preferable to the policy-based method (for example, if you want conditional processing of different Controllers or Cloud Connectors, such as: use XDC-001 for computer names that begin with XDW-001-).

Update the ListOfDDCs registry key, which lists the FQDNs of all the Controllers or Cloud Connectors in the site. (This key is the equivalent of the Active Directory site OU.)

HKEY_LOCAL_MACHINE\Software\Citrix\VirtualDesktopAgent\ListOfDDCs (REG_SZ)

If the HKEY_LOCAL_MACHINE\Software\Citrix\VirtualDesktopAgent registry location contains both the ListOfDDCs and FarmGUID keys, ListOfDDCs is used for Controller or Cloud Connector discovery. FarmGUID is present if a site OU was specified during VDA installation. (This might be used in legacy deployments.)

Optionally, update the ListOfSIDs registry key (for more information, see ListOfSIDs:

HKEY_LOCAL_MACHINE\Software\Citrix\VirtualDesktopAgent\ListOfSIDs (REG_SZ)

Remember: If you also enable policy-based VDA registration through Citrix policy, that overrides settings you specify during VDA installation, because it is a higher-priority method.

Active Directory OU-based (legacy)

This method is supported primarily for backward compatibility and is not recommended. If you’re still using it, Citrix suggests changing to another method.

To specify this method, complete both of the following steps:

• On the Delivery Controller page in the VDA installation wizard, select Choose locations from Active Directory.
• Use the Set-ADControllerDiscovery.ps1 script (available on every Controller). Also, configure the FarmGuid registry entry on each VDA to point to the right OU. This setting can be configured using Group Policy.

For details, see Active Directory OU-based discovery.

MCS-based

If you plan to use only MCS to provision VMs, you can instruct MCS to set up the list of Controllers or Cloud Connectors. This feature works with auto-update. When creating the catalog, MCS injects the list of Controllers or Cloud Connectors into the Personality.ini file during initial provisioning. Auto-update keeps the list current.

This method is not recommended for use in large environments. You can use this method if you:

• Have a small environment
• Will not move VDAs between sites
• Use only MCS to provision VMs
• Don’t want to use Group Policy

To specify this method, on the Delivery Controller page in the VDA installation wizard, select Let Machine Creation Services do it.

Review and recommendations

As best practice:

• Use the Group Policy registration method for initial registration.
• Use auto-update (enabled by default) to keep your list of Controllers up-to-date.
• In a multi-zone deployment, use Group Policy for initial configuration (with at least two Controllers or Cloud Connectors). Point VDAs to Controllers or Cloud Connectors local to (in) their zone. Use auto-update to keep them up-to-date. Auto-update automatically optimizes the ListofDDCs for VDAs in satellite zones.

• List more than one controller on the ListOfDDCs registry key, separated by a space or a comma, to prevent registration issues if a Controller is not available. For example:

   DDC7x.xd.local DDC7xHA.xd.local
  
   32-bit: HKEY_LOCAL_MACHINE \Software\Citrix\VirtualDesktopAgent\ListOfDDCs
  
   HKEY_LOCAL_MACHINE \Software\Citrix\VirtualDesktopAgent\ListOfDDCs (REG_SZ)
   <!--NeedCopy-->