Automating Citrix - Chicago CUGC Dec 2020

Transcript

1. Automating Citrix GUY LEECH (@GUYRLEECH) CHICAGO CUGC , DECEMBER 2020

2. Why?  Usually easier/quicker than using consoles/installers from (multiple) vendors

   (once automated)  Save time & increase reliability of bulk/repeated operations  Repeatability  Eliminate human error (once you've tested scripts thoroughly)  Scheduled tasks  Easy to import/export to csv/xml/json and send emails & other methods of notification  Large number of scripts and learning resources out there  But check untrusted scripts before running them as admin on production systems! @guyrleech

3. What?  CVAD builds – install and configure  Creating

   new end-points  Reboot schedules  Updates  Backups  Problem identification/mitigation  Daily Checks  NetScaler builds & configuration  … whatever is tedious, time consuming, error prone, boring, not fun, etc  But only if it's worthwhile/time efficient @guyrleech

4. How?  PowerShell  Ansible  Puppet  MDT 

   DSC  Terraform  Packer  Xenappblog Automation Framework  … @guyrleech

5. CVAD PowerShell Pre-requisites  PowerShell cmdlets  Installed with Studio

   (but don't use a Delivery Controller)  PowerShell MSI files from CVAD ISO  Remote PowerShell SDK (for Cloud ONLY)  PVS (7.8 onwards) uses console dlls for modules  Not available on PowerShell Gallery, etc @guyrleech

6. CVAD Configuration via PowerShell  Set-BrokerMachine  -InMaintenanceMode  Set-BrokerDesktopGroup

   (aka Delivery Group)  -InMaintenanceMode  -Enabled  Set-BrokerCatalog  New-BrokerMachine  Add-BrokerMachinesToDesktopGroup  New-PVSDevice (use with VMware PowerCLI New-VM)  Add-PvsDiskLocatorToDevice  New-ProvVM (MCS) @guyrleech

7. CVAD PowerShell Considerations  -AdminAddress (on every call, consider splatting)

    Set-PVSConnection (once)  -MaxRecord count  Cloud – create credential profile via downloaded secrets csv file  But then most things are the same as on-premises, with some restrictions  PowerShell view in Studio – helps you figure out the "how"  (Legacy) Snapins versus Modules (latter from 1912 LTSR onwards)  Account used to run @guyrleech

8. Scheduled Tasks  Least privileged service account (with "log on

   as a batch job" privilege)  Test via (legacy) cmd.exe running as account set to run task  Write a log file (Start-Transcript/Stop-Transcript)  Use a single management machine ("jump box")  Create separate task folders  Notifications on success/failure  Gotchas  Single quotes  Nested quotes (if all else fails, base64 encode the command line)  Array flattening (resurrect with –split)  $true/$false treated as string literals (use [switch] or [bool]::Parse() )  Easy to copy with PowerShell @guyrleech

9. Guy's Golden Rules  Test, test, test (automate with Pester?)

    Boundary conditions  Bad input  Scale  What if ("no sane person should ever do this but …")  Document – are comments in the code really enough?  No Clear Text Passwords  Annotate  Error Handling & Reporting  Change & Version Control  Backup  Systems before changing  Scripts, config files, command lines, scheduled tasks  Audit trail (Write-EventLog) @guyrleech

10. Useful Resources  github.com/guyrleech  carlwebster.com  workspace-guru.com  github.com/citrix

     www.scriptrunner.com/en/software/script-collections/  developer.cloud.com  jgspiers.com @guyrleech