Nutanix.dev

Replicating Images for Citrix MCS with Prism Central (Protection Policies and Recovery Points)

Nutanix.dev-ReplicatingImagesforCitrixMCSwithPrismCentral

Table of Contents

Citrix Machine Creations Services (MCS) and Nutanix have always been a perfect match due to the simplicity of storage and benefits of data locality. 

MCS provisioning with Nutanix for most scenarios is currently based on Prism Element integration and requires the use of a Snapshot for Citrix Catalog creation and updates. There are two exceptions to this rule as at the time of writing: 

  • Citrix integration with Nutanix Disaster Recovery as a Service (DRaaS) uses Prism Central integration and Recovery Points for provisioning. 
  • Citrix integration with Nutanix Cloud Clusters (NC2) on Microsoft Azure uses Prism Central integration and VM Templates for provisioning. 

Due to the current Prism Element integration point, every cluster that Citrix uses MCS to provision and manage workloads onto requires a copy of the Snapshot built from the base image virtual machine. You can think of this as a cluster-unit-to-image-update point. 

We recently released a technote for Citrix Base Image Migrations and MCS Considerations on Nutanix AHV where we discussed techniques customers can use to replicate images and workloads around different clusters, including Protection Domains, Templates, Recovery Points and Protection Policies. 

In our previous article and script example, Replicating Images for Citrix MCS with Prism Element, we referenced customers using Protection Domains to handle the replication of their base images to multiple clusters. 

However, customers may be managing their clusters with Prism Central which provides a robust set of Disaster Recovery and Protection options, including the concept of Protection Policy. A Protection Policy is a configurable policy that takes recovery points of the protected entities, in the context of this article, a virtual machine. A Recovery Point replicates snapshots across clusters under the same Prism Central instance or across multiple Prism Central instances. 

A Recovery Point is a Prism Central construct which Citrix, under normal circumstances, does not understand. (Citrix understands a Prism Element Snapshot), but this does not mean that we cannot use the elegant concept of a Recovery Policy to ensure a Snapshot available for Citrix MCS provisioning on every managed cluster under Prism Central.

The Script Purpose and Logic

To help automate and simplify the process of using Protection Policy based Recovery Point replication, and creation of a Prism Element based Snapshot for MCS provisioning, we have written an example PowerShell script to demonstrate how automation of this process could be achieved. The script operates with the following logic: 

  • Connects to the specified Prism Central (PC) instances via Nutanix Prism Central v3 APIs. This PC is where the base image for Citrix MCS provisioning is managed. It discovers details about Availability Zones, Clusters, and Virtual Machines. 
  • Queries the specified Protection Policy for Cluster memberships so that it knows which Clusters to target. 
  • Restores the latest Recovery Point to a temporary virtual machine in each of the Clusters defined in the Protection Policy. 
  • Iterates over each target Cluster and connects via the Prism Element v2 API.  
  • Discovers the existing virtual machines and does a match to find the temporary VM we created in PC. 
  • Takes a Snapshot of the virtual machine ready for MCS provisioning. 
  • Deletes the temporary virtual machine on the PE instance. 

Now each cluster under the Protection Policy, which is replicating the base image Recovery Point, now has an identical Snapshot ready for provisioning by Citrix MCS without any need for manual interaction with the Protection Policy or PE instances. 

Additionally, to prove the art of what is possible with some basic automation, the script can also update a list of Citrix Catalogs across a range of Citrix Sites. To do this, the script uses the following logic: 

  • Validates that Citrix PowerShell snapins can be imported and used before doing anything else. 
  • Validates that the Citrix Sites and Catalogs are all reachable. 
  • Will only process Citrix configurations if all Nutanix replication components are successful. 

The script has advanced parameter and scenarios included in the appropriate ReadMe within GitHub to address commonly understood potential scenarios.

Operational Model

The envisaged model of operation is as follows: 

  • A Nutanix Protection Policy is configured under Prism Central. 
  • The base image virtual machine is tagged with an appropriate category which will add it to the Protection Policy. 
  • The Protection Policy includes all Clusters that need a copy of the base image. 
  • An Administrator updates the Citrix base with appropriate updates. They then seal this image and shut it down. 
  • Based on the appropriate schedule, the base virtual machine Recovery Point is replicated to all clusters within the scope of the Protection Policy.
  • Post this replication, the Administrator now runs the update script to create the appropriate Snapshot in each Cluster.
  • The Administrator can either choose to manually update the appropriate Citrix Catalogs with the new snapshot or can allow the script to do so by defining which Catalogs in which sites should be processed by either parameters or a JSON configuration file for more advanced scenarios.

Nutanix Automation Components Used

The script used the following API components as an example of what can be achieved via both v3 and v2 APIs:

Prism Central API v3 Usage

  • api/nutanix/v3/tasks/: To capture details of committed tasks for status.
  • api/nutanix/v3/clusters/list: To capture details of clusters under management.
  • api/nutanix/v3/availability_zones/list: To capture details of Availability Zones.
  • api/nutanix/v3/vms/list: To capture details of virtual machines.
  • api/nutanix/v3/protection_rules/list: To capture details of Protection Policies.
  • api/nutanix/v3/vm_recovery_points/list: To capture details of Recovery Points.
  • api/nutanix/v3/vm_recovery_points/(uuid)/validate_restore: To ensure there are no showstoppers on validation of the Recovery Point.
  • api/nutanix/v3/vm_recovery_points/(uuid)/restore: To restore the Recovery Point to a VM.
  • api/nutanix/v3/tasks/(uuid): To capture more specific details about creation jobs.

Prism Element API v2 Usage

  • PrismGateway/services/rest/v2.0/tasks: To capture details of committed tasks for status.
  • PrismGateway/services/rest/v2.0/vms: To capture details of virtual machines.
  • PrismGateway/services/rest/v2.0/snapshots: To handle snapshot tasks.
  • PrismGateway/services/rest/v2.0/snapshots/(uuid): To handle snapshot delete tasks.
  • PrismGateway/services/rest/v2.0/vms/(uuid): To handle virtual machine delete tasks.

Summary and Technical Requirements

This script example is serving the sole purpose of reducing the administration burden for Citrix administrators using MCS provisioning across multi-cluster Nutanix deployments. The script focuses on Protection Policy Recovery Point replication via Prism Central and relies on the Nutanix API called via PowerShell, both v3 and v2 to achieve the Nutanix portion of the solution. It relies on PowerShell and the associated Citrix snapins to achieve the Citrix catalog updates. 

To successfully execute the script, the following requirements must be met: 

  • An appropriate credential for the Prism Central tasks. We recommend a service account is used. For our testing of all components in the script, we used a Super Admin level account. 
  • An appropriate credential for the Prism Element tasks. The script assumes a single account across all Prism Element instances and we recommend a service account is used. For our testing of all components in the script, we used a cluster admin level account. 
  • The user account executing the script has appropriate permissions to the Citrix environment to perform the update tasks. 
  • A Windows based machine with the Citrix PowerShell cmdlets installed to execute the Citrix Catalog update tasks. These can simply be installed by installing Citrix Studio. Alternatively, you can follow Citrix guidance to install the required snapins manually. You must use PowerShell 5.1 due to the Snapin requirements. 

If the script is being used to execute only the Nutanix replication components, PowerShell 5.1 onwards can be used, including PowerShell 7. 

You can find the script below on our GitHub Repository: 

© 2024 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and all Nutanix product, feature and service names mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. Other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). This post may contain links to external websites that are not part of Nutanix.com. Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such a site. Certain information contained in this post may relate to or be based on studies, publications, surveys and other data obtained from third-party sources and our own internal estimates and research. While we believe these third-party studies, publications, surveys and other data are reliable as of the date of this post, they have not independently verified, and we make no representation as to the adequacy, fairness, accuracy, or completeness of any information obtained from third-party sources.