It has been a short time since I wrote the Unidesk 3.x blogs and a lot has changed with Unidesk in version 4. Firstly, the company itself has been bought by Citrix, which was announced at Summit in January 2017. At a software level, the main Unidesk infrastructure components have been simplified from 2.x and 3.x by merging them all in to one component. The deployment model has also been made easier, making Unidesk the layer composer and Provisioning Services or Machine Creation Services the deployer to the masses.
Recap on Unidesk 3.x:
http://www.jgspiers.com/installing-configuring-unidesk-3-4-hyperv/
http://www.jgspiers.com/unidesk-os-layer-creation-process/
http://www.jgspiers.com/creating-unidesk-desktops/
http://www.jgspiers.com/updating-unidesk-os-layer/
http://www.jgspiers.com/creating-unidesk-application-layers/
http://www.jgspiers.com/unidesk-maintenance-schedules/
http://www.jgspiers.com/unidesk-high-availability/
Back to Unidesk 4.x.
♣ Unidesk Introduction
♣ ELM Hypervisor Support
♣ File Share Support
♣ OS Support for OS Layers
♣ UMC Browser Support
♣ Storage Requirements
♣ Firewall Rules
♣ Unidesk Layers Explained
♣ Image Templates and Connectors Explained
♣ Installing Unidesk ELM
♣ ELM CLI Configuration
♣ Upload License
♣ Change GUI Password
♣ Integrate ULM with Active Directory
♣ Assign User Roles
♣ Configure HTTPS to UMC
♣ Create ELM Share
♣ Expand ELM Layering Service Storage
♣ Install Unidesk Agent on PVS
As of the time of this writing, the Citrix aquisition of Unidesk is so new such that there will be many changes in the next few months to the Unidesk software that will likely require some rewrites to this post but for now the Unidesk software I am focusing on is version 4.0.8 which was released December 28th 2016. The version 4 release of Unidesk has won Best of Citrix Synergy and Best of VMworld in the past year to no surprise as it is an excellent desktop and application image management platform and a great move by Citrix to bring it under their portfolio of products.
The Unidesk software will replace Citrix AppDisks, as Unidesk offers a lot more in terms of layering applications together to create a desktop. Unidesk 4.x also sees the release of a new feature currently called “Elastic Layering” that layers applications on to a VDI desktop or Session Host on-demand as a user logs on. This means applications that only a small amount of users need can be dynamically layered rather than creating specific desktops or Session Hosts for these users or layering the application to more users than needed. What’s even better is that when a layer is elastically added to a machine once, it doesn’t need added again. So if a XenApp RDSH host is used and User A logs on, they may receive Firefox elastically, and User B with the same Elastic Layer logs on, but Firefox is already available so does not need to be layered again. The support of XenApp and Session Hosts also means that some businesses may be able to reduce their persistent desktop farms saving on the extra compute needed to power persistent desktops. Many times a persistent desktop is required because users need a different set of applications and customisations than the rest of us. Now with Unidesk Elastic Layering and Citrix Workspace Environment Management XenApp shared desktops have more room to grow in the datacentre because of the way we can configure sessions to be more unique than ever before based on the user logging on.
This version of Unidesk is also hypervisor agnostic, allowing you to run Unidesk and deploy layers across different hypervisors at the same time without redeploying components or the layers. This is a package once and deploy to many approach with support for Nutanix and XenServer, Hyper-V, vSphere and more.
This guide will cover installing Unidesk 4.0.8 on Hyper-V. For a guide on VMware deployment of the ELM appliance, see Carl Stalhood’s Unidesk Enterprise Layer Manager post.
Unidesk system requirements:
Unidesk 4.x ELM hypervisor support:
- Azure ARM.
- Citrix XenServer 6.5, 7.0.
- Windows Server 2012 R2 Hyper-V.
- vSphere vCenter 5.5.x, 6.0.x.
- Nutanix AHV.
Network File Share supported protocols:
- SMB (Server Message Block) – Elastic Layers only supported on SMB file shares.
- NFS (Network File System) – Elastic Layers not supported on NFS file shares.
Note: A 10GB network connection between the ELM and file share is recommended.
Unidesk 4.x can publish layers to:
- Microsoft Azure.
- Note: Unidesk recommend a 10GB connection to the Azure publishing location.
- Citrix MCS on XenServer, Nutanix (new in 4.0.8) and vSphere.
- Citrix Provisioning Services 7.1+ up to 7.11.
- Note: Unidesk recommend a 10GB connection between ELM and the PVS store.
- Citrix XenApp 6.5 and XenApp/XenDesktop 7.0 to 7.11.
- VMware Horizon View 6.x & 7.x.
- Note: View Persona Management is not supported with Elastic Layering.
Unidesk 4.x supports the following OS for OS Layer images:
- Windows Server 2008 R2, Server 2012 R2 & Server 2016 (new in 4.0.8) Standard and Datacenter editions.
- Windows 7 32 & 64bit.
- Windows 10 64bit.
Unidesk Enterprise Layer Manager browser support:
- Internet Explorer 11.
- Firefox version 45+.
Note: Browsers must have Silverlight 4 installed.
Storage requirements:
- Network file share running SMB for Elastic Layering. This share is attached to the ELM appliance. Recommended 40-100GB. The size is dependant on how many Elastic Layers you create. This share is also used to convert VHDX disks in to OS Layers and I also use it to create Platform Layers.
- Local storage attached to the ELM appliance used for temporary files and finalized layers. Recommended 300-500GB. The size is dependant on how many layers you create. The size can be expanded which I show later.
Source | Destination | Purpose | Protocol & Port |
UMC User/Administrator | ELM/UMC Console | Log on to and use UMC Console | TCP 80 or 443 |
ELM | ELM | ActiveMQ Console | TCP 8161 |
ELM | Log deliveries from Unidesk Agent | TCP 8787 | |
ELM | Log deliveries from users | TCP 8888 | |
Unidesk Agent | Communication | TCP 8016 | |
Unidesk Agent | Log gathering | TCP 14243 | |
Active Directory | LDAP | TCP 389 or 636 | |
Connector for Azure | Communication | TCP 3000 (HTTP) 3500 (HTTPS) | |
Connector for PVS | Communication | TCP 3009 (HTTP) 3509 (HTTPS) | |
Connector for vSphere | Communication | TCP 3004 (HTTP) 3504 (HTTPS) | |
Connector for XenServer | Communication | TCP 3022 (HTTP) 3502 (HTTPS) | |
ELM | api.unidesk.com | Logs and Phone Home data | TCP 443 |
OS Image | XenServer XenCenter | Communications | 5900 |
The layers that make up a complete image:
- OS Layer – Contains the base OS image i.e. Windows 7, Windows 10, Windows Server 2012 R2, Windows Server 2016. The OS layer is read-only and shared between many different virtual machines.
- Platform Layer (NEW) – This new type of layer is what really makes Unidesk OS Layers hypervisor agnostic. You can build one OS Layer and deploy it to Hyper-V, vSphere and XenServer at the same time for example. This means the management of one single image across multiple hypervisors. This is achievable all by using Platform Layers. The Platform Layer holds the hypervisor tools, PVS tools and the VDA software. You could have a Platform Layer containing Hyper-V integration tools and a second Platform Layer containing VMware Tools. It doesn’t matter to the OS Layer, as using a Platform Layer dictates which environment an OS Layer will run under. There are also two types of Platform Layers:
- Platform Layer for packaging layers and versions – If you are packaging layers on a Hypervisor different from the one used during the OS Layer creation, the Platform Layer is used to ensure that any hypervisor dependant software is available to you during the Application Layer creation process. This Platform Layer is only used during layer creation across different hypervisors and does not restrict the ability for the layer to be published across different hypervisors in production.
- Platform Layer for publishing layered images – The publishing Platform Layer is always required when you publish layered images. The Platform Layer consists of the hypervisor tools and virtualization tools needed to run under a specific environment. If we want to deploy XenDesktop machines running on Hyper-V with PVS and XenDesktop, we would create a Platform Layer containing the PVS Target Device software, XenDesktop VDA and Hyper-V integration services tools.
- Application Layer – Contains applications such as Adobe Reader, Office, Firefox etc. which is layered on top of the OS layer to achieve a complete desktop build. Application layers are also read-only and shared between many different virtual machines. Apps can be bundled together or kept in separate layers depending on the requirements. An Application Layer is tied to an OS Layer, so you can’t use the same layer on a Windows 7 and Windows 10 OS Layer for example.
- User Layer – This layer is not available in Unidesk 4.0.8 currently so no personlization is available using Unidesk. This layer is currently in testing (supported on W7 64bit curently for XenDesktop and VMware View) and is aimed to be the replacement of the Personalization Layer.
- Connectors – Platform Connectors provide the connection to MCS or PVS, allowing you to publish layers out to your desired target platforms. Connectors can also connect to Azure etc.
- Image Templates – An Image Template consists of an OS Layer, Platform Layer and any number of Application Layers. These templates allow you to publish layered images out to your desired destination platform such as PVS running on Hyper-V.
Installing Unidesk Enterprise Layer Manager:
Before we begin, Enterprise Layer Manager is the replacement of the Unidesk Management Appliance if you were familiar with earlier versions. The Unidesk Management Console built inside of ELM is simplified, so for those that used the Unidesk Management Console before you’ll notice it is easier to navigate and understand this iteration. Master and Secondary Cachepoints are also gone, handing that job over to MCS & PVS. With a single appliance, it is now easier than ever to configure Unidesk and backup and restore not just the Unidesk appliance but the layers that make up your VDA virtual desktops. Everything in 4.x is simplified and easier for the administrator.
Enough of the talking.
The ULM install media can be downloaded direct from Unidesk’s website. This install shows ELM installed on Hyper-V Windows Server 2012 R2.
Once you’ve downloaded the media. Extract the unidesk_install_hyperv_pkg_4.0.8 folder.
Using the Hyper-V manager or SCVMM, right-click your Hyper-V server and select New -> Virtual Machine.
Select Next.
Enter a name and location for the ELM virtual machine and click Next.
Specify the machine as Generation 1. Currently Generation 2 is not supported to run ELM.
Specify 8GB RAM, a recommendation from Unidesk. Make sure Use Dynamic Memory for this virtual machine is left unticked.
Specify a virtual switch and click Next.
Select Use an existing virtual hard disk and browse for the unidesk_hyperv_system.vhdx VHDX file that comes with the Unidesk install media. This is your ELM operating system which is based on CentOS. You should have already moved this OS disk to shared/highly available production storage that your production cluster Hyper-V servers use. Click Next.
Click Finish.
Now that the virtual machine is created, right-click it and select Settings.
Change the virtual processors to 4, a Unidesk recommendation.
Click on IDE Controller 0 -> Hard Drive -> Add.
Click Browse.
Select the unidesk_hyperv-repository virtual hard disk. This disk is where temporary files and finalized layers reside.
Remove the virtual DVD Drive by selecting it and choosing Remove. Click OK. Now power on the ELM VM.
Once the ELM has started we need to perform some initial configuration. Log on to the console using default credentials administrator/Unidesk1. You can also shell on to the appliance using PuTTy.
Type C and press enter. This allows us to configure a network address.
Select S for a static IP setup.
Enter the IP address, gateway and DNS addresses that the ELM VM should be configured with.
Press Y to save the settings and restart networking.
Network services are restarting.
To change the CLI default username/password. Enter P and press enter.
Specify a new password. This is for the CLI administrator account. It is not for the UMC GUI administrator account whose password can be changed via GUI later.
To change the timezone, choose T followed by pressing enter to see a list of available timezones.
You can search for your timezone if preferred. Once you see your timezone, simply enter the associated number and press enter.
Press enter again.
To change NTP servers, select N. You can specify up to a maximum of 6 NTP servers. By default, 4 NTP servers from centos.pool.ntp.org are already configured. At this stage the basic configuration is complete and you can log onto the Unidesk Management Console.
Using the IP you specified for the ELM appliance, connect to the GUI. Your browser will need to support/have Silverlight 4. Enter the default credentials of administrator/Unidesk1.
Note: Unlike previous versions, you do not need to append /udmc to the end of the URL as it is now automatically inserted. Attention to detail!Accept the Terms and Conditions.
>At this stage you are prompted for a license key. You can upload one now or later.
You can upload a license file or automatically provision the license file using your Unidesk credentials that has a license associated. Enter credentials and press the down arrow.
A license all being well should be retrieved. Click Finish.
Click Close.
To change the default GUI administrator password using the UMC click on Users. Select Administrator and click Edit Properties.
Enter a password, then click the down arrow.
You can add some additional information such as phone, email address etc.
Roles cannot be assigned since this is the built-in administrator account.
Click Update User to update the administrator account with a new password.
Unidesk must be connected to your Active Directory domain in order to assign roles and desktops to users. To make the association, navigate to Users -> Directory Service -> Create Directory Junction.
Specify a name, server address and port. You can use ports 389 or 636 for secure LDAP. Under the server address enter your domain FQDN. This ensures Unidesk will use all available Domain Controllers in your domain and prevent a single point of failure. Click Test Connection.
The connection should succeed so long as the ELM appliance is allowed to contact Active Directory over 389 or 636.
Enter a service account to be used for Active Directory queries. Click Test Authentication and make sure you get a succeeded response.
Specify a search point Unidesk will use to discover users and groups. This search point should be the OU that contains users you want to receive Unidesk desktops. Avoid creating overlapping Directory Junctions. In this example I am using a high level users OU that contains all business user accounts. Click Test Base DN. The DN is valid so continue on.
User Attributes are automatically configured for Active Directory and should not be changed away from the default values unless you have a good reason. Click the down arrow to continue.
Click Create Directory Junction.
The Directory Junction now appears as below.
Now when you go to Users -> Directory you are shown the list of users and groups that are in Active Directory.
If you click on a user you can edit account properties by selecting Edit Properties.
Unidesk has a read-only connection to Active Directory so you cannot change any information from the UMC. You can however assign Unidesk roles to a user such as the Administrator role or more specific roles.
When a user is assigned a role or a desktop, the user icon turns green.
The user will also appear under the Users tab when configured with a desktop or role.
You can delete a user from Unidesk, which removes any desktops and roles. Note again that this does not affect Active Directory.
You can also edit groups, including associating machines with the group.
You can also specify roles at a group level.
When groups are configured with desktops or roles, they appear under the Groups tab.
As you may have noticed, we connected to the UMC over HTTP. It is also possible to connect over HTTPS however you will need to install a certificate matching whichever host name you decide to use, to ensure you don’t get any certificate prompts. To upload a certificate which can be self-signed, navigate to System -> Settings and Configuration -> HTTP Certificate Settings -> Edit.
Click Upload.
Select the PEM certificate. The certificate must be in PEM format and the private key must not be password protected.
Click Save.
Click Yes.
The certificate install completes and the ELM appliance restarts.
Now we can connect to the console over HTTPS.
The next thing you need to do is create a share which will house your Elastic Layers and act as the staging area for new OS Layer creations. This share will typically be a DFS Namespace so that layers are replicated between file servers and kept highly available. It is recommended this share be on a 40-100GB disk. This is all dependant on how many Elastic Layers you will have. Create a service account and assign the account Full Control permissions to the share. All other users must have read permissions to the share.
Over in the UMC, navigate to System -> Settings and Configuration -> Network File Shares -> Edit. Enter the share location followed by the service account credentials. Click Test Network File Share followed by Save once the test is complete.
There are also some other settings you can configure under Settings and Configuration such as UMC session timeouts and log settings.
You can expand the ELM Layering Service storage upwards from 300GB by simply adding another virtual disk to the ELM appliance. Once the virtual disk is added, use the UMC and browse to System -> Manage Appliance -> Expand Storage.The appliance will scan for any unformatted virtual disks. Select the virtual disk you want to add to the storage pool and click the down arrow.
Click Expand Storage.
A new task is created which you can view the status of.
After a few seconds the storage expansion task should complete and the Layering Service disk space size will reflect the expansion. It is recommended to reboot the ELM appliance once the storage expansion is complete.
To register ELM with Citrix Provisioning Services we need to install the Unidesk Agent on each PVS server, or a master PVS server.
Note: The Unidesk Agent requires .NET Framework 4.5 to be installed and the PVS Console must be installed on all the PVS servers that you are installing the agent on.
Before installing the agent you must install the PVS PowerShell snap-in.
If using PVS 7.1 – 7.6 – Run command C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe McliPSSnapIn.dll from directory C:\Program Files\Citrix\Provisioning Services Console\
If using PVS 7.7+ – Run command C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe Citrix.PVS.snapin.dll from directory C:\Program Files\Citrix\Provisioning Services Console\
If your PVS server runs Server 2008 R2 OS then also run PowerShell command Enable-PSRemoting.
We can now install the agent. Run unidesk_agent_installer.exe as an administrator.
Click Next.
Accept the License Agreement. Click Next.
Click Next. An inbound firewall rule is created for this port. You can change the port if desired.
Click Install.
Now enter the FQDN of the ELM appliance including Unidesk Administrator account credentials.
Click Finish.
At this stage you are ready to provision your first OS Layer and import it in to ELM. For that, see http://www.jgspiers.com/create-update-os-layer-unidesk-4/