How to use PowerShell to create new MCS and PVS devices in Citrix Virtual Apps and Desktops along with cmdlets typically used for making changes and troubleshooting.
Delivered, with demos, to Central XL CUGC 14th April 2021
Why? ļµ Usually easier/quicker than using consoles/installers from (multiple) vendors (once automated) ļµ Save time & increase reliability of bulk/repeated operations ļµ Repeatability ļµ Eliminate human error (once you've tested scripts thoroughly) ļµ Scheduled tasks ļµ Easy to import/export to csv/xml/json and send emails & other methods of notification ļµ Large number of scripts and learning resources out there ļµ But check/test all scripts before running them as admin on production systems! @guyrleech
Creating New PVS Devices ļµ Active Directory Machine Accounts ļµ Citrix won't do it for you ā use ActiveDirectory module or ADSI to find unused machine ļµ Also check PVS, Hypervisor & CVAD for orphans/remnants ļµ Create new machine ļµ New-VM via VMware PowerCLI (-template) ļµ Add to PVS ļµ New-PvsDevice with MAC address via Get-NetworkAdapter ļµ Add-PvsDiskLocatorToDevice ļµ Add-PvsDeviceToDomain ļµ Add to Machine Catalog ļµ New-BrokerMachine (must specify -HypervisorConnectionUid & -HostedMachineId) ļµ Add to Delivery Group ļµ Add-BrokerMachinesToDesktopGroup ļµ Using PowerShell to Create new Citrix PVS Machines | ScriptRunner @guyrleech
CVAD PowerShell Considerations ļµ -AdminAddress (on every call, consider splatting) ļµ Set-PVSConnection (once) ļµ -MaxRecordCount & -ReturnTotalRecordCount ļµ Cloud ā create credential profile via downloaded secrets csv file ļµ But then most things are the same as on-premises, with a few restrictions ļµ PowerShell view in Citrix Studio ā helps you figure out the "how" ļµ (Legacy) Snapins versus Modules (latter from 1912 LTSR onwards) ļµ But still not real modules ā won't work with Pwsh 7.x ļµ Account used to run ā least privileged @guyrleech
Scheduled Tasks ļµ Least privileged service account (with "log on as a batch job" privilege) ļµ Test command line via (legacy) cmd.exe running as account set to run task ļµ Write a log file (Start-Transcript/Stop-Transcript) ļµ Use a single management machine ("jump box") ā install all cmdlets, SDKs, etc ļµ Create separate task folders ļµ Notifications on success/failure - email ļµ Gotchas ļµ Single quotes ļµ Nested quotes (if all else fails, base64 encode the command line) ļµ Array flattening (resurrect with āsplit) ļµ $true/$false treated as string literals (use [switch] or [bool]::Parse() ) ļµ Easy to copy with PowerShell @guyrleech
CVAD PowerShell Pre-requisites ļµ PowerShell cmdlets ļµ Installed with Studio (but don't use a Delivery Controller) ļµ PowerShell MSI files from CVAD ISO ļµ Remote PowerShell SDK (for Cloud ONLY) ļµ PVS (7.8 onwards) uses console dlls for modules ļµ Not available on PowerShell Gallery, etc @guyrleech
Guy's Top Tips ļµ Test, test, test (automate with Pester?) ļµ Boundary conditions ā too big/small? ļµ Bad input ā users do the stupidest things ļµ Scale ā works ok with 2 but what about 2222 ? ļµ What if ("no sane person should ever do this but ā¦") ļµ Document ā are comments in the code really enough? ļµ No Clear Text Passwords ļµ Least Privilege ļµ Annotate ļµ Error Handling & Reporting ļµ Change & Version Control ļµ Use a Jump Box, not production servers ļµ Backup ļµ Systems before changing ļµ Scripts, config files, command lines, scheduled tasks ļµ Audit trail (Write-EventLog) @guyrleech