Cloud Guidepost: Common configuration mistakes for Cloud Connectors
Author: Colin Nolan Cherry, Citrix Staff Consultant
Citrix Cloud is a revolutionary way to deliver Citrix products by offloading the control plane and providing companies with one of the fastest ways to deploy Citrix into a production-ready environment.
Setting up Citrix has never been simpler and quicker than it is today with Citrix Cloud. Instead of hosting all of your Citrix infrastructure workloads in your own data centre, Citrix maintains, patches, and updates the back-end components for you. The process is also quite flexible, offering administrators an easier way to connect to the resource location of their choice whether in a public cloud, private cloud, private data centre, or any combination.
No matter where your applications and desktops are located, all your resource locations can be connected to Citrix Cloud by setting up a pair of Cloud Connectors within each resource location. Cloud Connectors play an important role by enabling communication between the Citrix Cloud Platform and your resource locations without requiring network configuration. If you’ve ever run into trouble setting up Cloud Connectors or if you plan to set up Cloud Connectors soon, consider some of these prerequisites and common mistakes to look out for.
Prerequisites and Preparation
First things first, make sure you are using one of the supported operating systems (OS), either Windows Server 2012 R2 or Windows Server 2016 (Windows Server Core is not supported). After you decide on an OS for your Cloud Connectors, create at least two virtual machines for redundancy.
You can start by creating your virtual machines with 4 vCPU and 8 GB RAM. It is generally recommended to configure at least n+1 Cloud Connectors for high availability, with a single Cloud Connector capable of supporting up to 5,000 connections. (Scalability testing is recommended, and this number will shrink to about 1,000 if you are not using the Rendezvous protocol.)
This will mitigate having a single point of failure in the case of an outage or while Cloud Connectors are updating, enabling users to still access and launch Citrix applications and desktops.
Each server will need to be joined to the domain where your resources are located. The Cloud Connectors depend on communicating with the resource location for authentication with Active Directory and brokering connections to your application and desktop resources.
A few commonly overlooked configurations:
- Cloud Connectors only require outbound connectivity on port 443
- Disable IE enhanced settings to prevent connectivity issues • Validate the server clock UTC time is correct
- Ensure the Cloud Connector is installed in the domains that the VDAs and users live
- Downloading and Installing Cloud Connectors
Download the Cloud Connector installer from the Citrix Cloud admin console. Don’t be tempted to hit run from the downloads in your browser because the installer requires administrative privileges to run, so make sure you run the executable as an administrator.
Open the folder of the file location and right click to get to Properties. It is good practice to uncheck the box marked Unblock (indicated in the screenshot below), located in the General tab of the connector properties. This disables the built-in security feature that may prevent the computer from running the software.
As of March 15, Citrix began blocking all communication via TLS 1.0 and 1.1 and will require Cloud Connectors to communicate to Citrix Cloud via TLS 1.2 to enhance security. If your company’s security strictly enforces TLS 1.2 only, you will have to make some registry setting edits to account for the .NET framework installs with the Cloud Connectors. You can find a reference article for the specific registry key edits here.
Maintaining Cloud Connectors
Because Cloud Connectors are stateless servers brokering connections with Citrix Cloud, they are able to load balance themselves and receive updates automatically. It’s important to keep all Cloud Connectors on and connected to the internet so Citrix Cloud can contact your Cloud Connectors for automatic software updates and, with the automatic update process, ensure that the Cloud Connectors are installed on dedicated machines (they are prone to reboots during updates).
In the case that your Cloud Connectors are turned off for too long, the software may go out of date. If the Cloud Connectors become out of date, remove the Cloud Connector from the Resource Locations node in Citrix Cloud. Then uninstall the old Cloud Connector software and reinstall the latest version after obtaining from the Citrix Cloud portal.
Attempting to upgrade an existing Cloud Connector manually will result in an error. For this reason, we strongly recommend that you enable Windows Updates with automatic downloads and installs but disable automatic restarts. With this setup, the Citrix Cloud platform can manage the machine restarts as necessary to ensure that only one Cloud Connector is restarted at a time.
To discuss more about cloud connectors or to meet with Citrix, why not register for Digital Transformation EXPO Europe, Register free now! ____________________________________________________________________________________________________________________________________________________