Nutanix.dev

Replicating Images for Citrix MCS with Prism Element (Protection Domains and PowerShell)

Nutanix.dev-ReplicatingImagesforCitrixMCSwithPrismElement

Table of Contents

Citrix Machine Creations Services (MCS) and Nutanix have always been a perfect match due to the simplicity of storage and benefits of data locality. 

MCS provisioning with Nutanix for most scenarios is currently based on Prism Element integration and requires the use of a Snapshot for Citrix Catalog creation and updates. There are two exceptions to this rule as at the time of writing: 

  • Citrix integration with Nutanix Disaster Recovery as a Service (DRaaS) uses Prism Central integration and Recovery Points for provisioning. 
  • Citrix integration with Nutanix Cloud Clusters (NC2) on Microsoft Azure uses Prism Central integration and VM Templates for provisioning. 

Due to the current Prism Element integration point, every cluster that Citrix uses MCS to provision and manage workloads onto requires a copy of the Snapshot built from the base image virtual machine. You can think of this as a cluster-unit-to-image-update point. 

We recently released a technote for Citrix Base Image Migrations and MCS Considerations on Nutanix AHV where we discussed techniques customers can use to replicate images and workloads around different clusters, including Protection Domains, Templates, Recovery Points and Protection Policies. 

To ensure that a snapshot is available across each cluster that Citrix integrates with, we see customers typically using Protection Domain methodology to protect the base Image, replicate it, restore, and snapshot it at each destination cluster. From there, a Citrix administrator will update the appropriate Catalog tied to the appropriate Nutanix Prism Element instance.

The Script Purpose and Logic

To help automate and simplify the Protection Domain replication scenarios, we have written an example PowerShell script to demonstrate how automation of this process could be achieved. The script operates with the following logic: 

  • Connects to a specified source Prism Element cluster via either Nutanix PowerShell or Nutanix Prism v2 API (depending on your choice of script). This cluster is where the base image for Citrix MCS provisioning lives. The script connects via Prism Element regardless of If the cluster is PC-managed or not. 
  • Queries a Protection Domain that is specified for the base image. It is assumed that the Protection Domain relationships are configured and healthy. The script will not touch any form of alteration to the Protection Domains outside of creating an out-of-band replication job. 
  • Optionally creates an out-of-band replication job to each of the target clusters configured on the Protection Domain. The script monitors for completion of these replication jobs before proceeding. 
  • To ensure that all clusters, including the source, have an identical snapshot, the script processes the specified base virtual machine on the source Cluster. It creates a snapshot of the virtual machine ready for Citrix Provisioning. Of course, we assume that the image has been sealed and is ready to go. We do this to ensure that all clusters in scope have an identically named snapshot which will be used for Citrix Catalog updates. 
  • The script learns the remote sites associated with Protection Domain and processes each site (cluster) via PE connectivity. It actions the following: 
  • Looks (by default) for the latest Protection Domain Snapshot and ensures that this is consistent across the source and target Cluster. If the Protection Domain Snapshots are out of sync (say the source has a newer snapshot than the target) then the target is not processed so that we do not have a lack of consistency. You can override this with a specific Protection Domain snapshot ID using the appropriate script parameters if desired. This is mostly of importance if the script does not handle the out-of-band replication (it can be excluded). 
  • Restores the protected virtual machine entity (base image) from the Protection Domain to a local temporary virtual machine. 
  • Takes a snapshot of that restored virtual machine. 
  • Deletes the temporary virtual machine. 
  • The script has a retention mode to assist in snapshot maintenance. It will retain the last x number of snapshots based on the retention period set and delete any others. It only touches snapshots that it has created based on specific naming patterns. 

Now each cluster in the Protection Domain has an identical Snapshot ready for provisioning by Citrix MCS without any need for manual interaction with Protection Domains.  

Additionally, to prove the art of what is possible with some basic automation, the script can also update a list of Citrix Catalogs across a range of Citrix Sites. To do this, the script uses the following logic: 

  • Validates that Citrix PowerShell snapins can be imported and used before doing anything else. 
  • Validates that the Citrix Sites and Catalogs are all reachable. 
  • Will only process Citrix configurations if all Nutanix replication components are successful. 

The script has advanced parameter and scenarios included in the appropriate ReadMe within GitHub to address commonly understood potential scenarios.

Operational Model

The envisaged model of operation is as follows: 

  • A Nutanix Protection Domain is configured on the source cluster where the base image virtual machine instance lives and is configured to replicate to one or many target clusters. 
  • The base image virtual machine is a member of this Protection Domain. 
  • An Administrator updates the Citrix base with appropriate updates. They then seal this image and shut it down. 
  • The Administrator now runs the update script including the option to process the source cluster and force an out-of-band Protection Domain replication. 
  • The Administrator can either choose to manually update the appropriate Citrix Catalogs with the new snapshot or can allow the script to do so by defining which Catalogs in which sites should be processed by either parameters or a JSON configuration file for more advanced scenarios.

Nutanix Automation Components Used

The script is available in two versions, one using the PowerShell Cmdlets (NutanixCmdLets) and the other using the native Prism v2 API.

Nutanix PowerShell Cmdlets Based

The script uses the following commands as an example of what can be achieved via PowerShell: 

  • Connect-NTNXCluster: To connect and basic properties about the Nutanix Cluster via Prism Element.
  • Get-NTNXProtectionDomain: To query and understand details about the specified Protection Domain via Prism Element. 
  • Get-NTNXRemoteSite: To learn about Remote Sites configured on the source cluster and align them to those configured on the Protection Domain. 
  • Add-NTNXOutOfBandSchedule: To trigger an immediate out-of-band replication of the Protection Domain.
  • Get-NTNXProtectionDomainEvent: To monitor for success of the out-of-band replication.
  • Get-NTNXProtectionDomainSnapshot: To learn about the current Protection Domain snapshots.
  • Get-NTNXVM: To get the Nutanix virtual machines.
  • New-NTNXObject: To build a new snapshot configuration spec.
  • New-NTNXSnapshot: To take snapshots of the virtual machines.
  • Remove-NTNXSnapshot: To remove snapshots based on a selected criteria.
  • Disconnect-NTNXCluster: To gracefully disconnect from each cluster.
  • Restore-NTNXEntity: To restore the virtual machine from the Protection Domain.
  • Remove-NTNXVirtualMachine: To delete the virtual machine used for temporary purposes.

Nutanix API Based

The script uses the following API components as an example of what can be achieved via Prism v2 APIs.

  • PrismGateway/services/rest/v2.0/tasks: To capture details of committed tasks for status.
  • PrismGateway/services/rest/v2.0/cluster: To ensure we can reach specific PE clusters.
  • PrismGateway/services/rest/v2.0/protection_domains: To capture details about the required Protection domain.
  • PrismGateway/services/rest/v2.0/remote_sites: To capture details about Remote Sites.
  • PrismGateway/services/rest/v2.0/protection_domains/(pd)/oob_schedules: To create out-of-band protection schedules.
  • PrismGateway/services/rest/v2.0/events: To capture details of Protection Domain out-of-band replication jobs.
  • PrismGateway/services/rest/v2.0/protection_domains/(pd)/dr_snapshots: To capture details of the Protection Domain snapshots.
  • PrismGateway/services/rest/v2.0/vms: To capture details of virtual machine entities.
  • PrismGateway/services/rest/v2.0/snapshots: To capture information about snapshots and create snapshots.
  • PrismGateway/services/rest/v2.0/snapshots/(uuid): To handle snapshot deletions.
  • PrismGateway/services/rest/v2.0/protection_domains/(pd)/restore_entities: To handle Restoration of Protection Domain entities (virtual machines).
  • PrismGateway/services/rest/v2.0/vms/(uuid): To handle the deletion of virtual machines.

Summary and Technical Requirements

This script example serves the sole purpose of reducing the administrative burden for Citrix administrators using MCS provisioning across multi-cluster Nutanix deployments. The script focuses on Protection Domain replication methodology and relies solely on PowerShell to drive the outcome. 

To successfully execute the script, the following requirements must be met: 

  • A Windows based machine with the Nutanix PowerShell Cmdlets (v1) installed to execute the Nutanix tasks if you are using the PowerShell SDK version of this script. You must use PowerShell 5.1 due to the Snapin requirements. 
  • A Windows based machine with the Citrix PowerShell Cmdlets installed to execute the Citrix Catalog update tasks. These can simply be installed by installing Citrix Studio. Alternatively, you can follow Citrix guidance to install the required snapins manually. You must use PowerShell 5.1 due to the Snapin requirements. 
  • An appropriate credential for the Prism Element tasks. The script assumes a single account across all Prism Element instances and we recommend a service account is used. For our testing of all components in the script, we used a cluster admin level account.
  • The user account executing the script has appropriate permissions to the Citrix environment to perform the update tasks. 

You can find the scripts below on our GitHub Repository: 

© 2024 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and all Nutanix product, feature and service names mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. Other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). This post may contain links to external websites that are not part of Nutanix.com. Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such a site. Certain information contained in this post may relate to or be based on studies, publications, surveys and other data obtained from third-party sources and our own internal estimates and research. While we believe these third-party studies, publications, surveys and other data are reliable as of the date of this post, they have not independently verified, and we make no representation as to the adequacy, fairness, accuracy, or completeness of any information obtained from third-party sources.