Design GuideTransformingCall CentersXenDesktop 7.5 Design Guide onHyper-V

Design GuideTable of ContentsAbout FlexCast Services Design GuidesProject overviewObjectiveAssumptionsConceptual architectureDetailed architectureUser layerAccess layerResource layerControl layerHardware layerValidationNext stepsAppendix: Authentication and Enumeration Processcitrix.com333456678910131414

Design GuideTransforming Call CentersAbout FlexCast Services Design GuidesCitrix FlexCast Services Design Guides provide an overview of avalidated architecture based on many common scenarios. Eachdesign guide relies on Citrix Consulting best practices andin-depth validation by the Citrix Solutions Lab to provideprescriptive design guidance on the overall solution.Each FlexCast Services Design Guide incorporates generallyavailable products and employs a standardized architecture,allowing multiple design guides to be combined into a larger,all-encompassing solution.Project overviewCost effective call centers often pose operational and technical challenges for organizations. Toeffectively run a call center, organizations must Maintain adequate staffing, which fluctuates daily and seasonally Focus on cost containment from a real estate and technology infrastructure perspective Utilize technology that provides call center agents with the right information to improvecustomer satisfactionCitrix XenDesktop solves these challenges with a scalable solution allowing organizations toenable dozens, hundreds or thousands of call center agents to work onsite or remotely on aschedule tailored to the actual demand without needing office space and equipment sized forpeak times.ObjectiveThe objective of the FlexCast Services Design Guide is to construct and demonstrate a costeffective way of delivering a call center computing environment with integrated telephony tointernal and external users.This is the challenge impacting WorldWide Corporation (WWCO), a hypothetical organization thatwould like to provide increased customer service with proper staffing but without largeinvestments in real estate and technology.citrix.com3

Design GuideTransforming Call CentersTo address these challenges, IT decided to implement a Citrix XenDesktop 7.5 environment todeliver a call center virtual desktop to internal and external call center agents. To properly validatethe solution, IT identified a 500-user division for the project.WWCO business objectives Provide an integrated solution for local and remote call center agents Deliver a standard computing environment with all the necessary call center agent tools Quickly scale up/down to accommodate temporary, external call center agents during seasonalstaffing fluctuations Centrally manage a single master image to all users to help reduce troubleshooting andsupport incidentsWWCO technical objectives Support access to a Windows desktop from employee-owned devices with different formfactors, including tablets, phones, desktops and laptops, and different operating systems, whichinclude iOS, Mac, Android, Linux and Windows. Build a solution that scales from a few hundred users to thousands with minimal changes tothe infrastructure Implement an N 1 highly available solution without large cost increases Centrally manage and control employee access and permissions Utilize virtualized components, where possible, to reduce costsAssumptionsThe following assumptions played a role in defining the overall strategy for WWCO: All resources (physical servers, virtual servers, Windows applications) will be hosted from a singledatacenter running Microsoft Hyper-V 2012R2. High availability is required for all critical components in N 1 mode, where enough sparecapacity will be built into the system to allow for the failure of one component withoutimpacting user access. WWCO’s existing Microsoft Active Directory and DNS/DHCP will be reused. The master image will consist of call center applications.citrix.com4

Design GuideTransforming Call CentersConceptual architectureFigure 1, based on the overall business and technical objectives for the project as well as theassumptions, provides a graphical overview of the solution architecture.Figure 1: Conceptual architectureThis architecture is suitable for 500 users requiring local and remote access to a standardized callcenter configured virtual desktop.At a high level, the following information can be ascertained from the conceptual architecture: The 500-user division used in the first phase of the rollout is called Call Center. This group willutilize personal and thin client endpoints to connect to the environment from the local office andhome offices (for temporary employees). The allocated resources for the Call Center user group is a single, non-persistent desktop preconfigured with a set of standardized, call-center applications. The base operating system, Windows 7, is delivered to the appropriate virtual machines viaMachine Creation Services. User customization is denied in order to keep users in a standard environment, helping to reducepotential issues. The total hardware allocation requirement for the solution is 5 physical servers.Each layer of the architecture diagram and the relevant components are discussed in greaterdetail below.citrix.com5

Design GuideTransforming Call CentersDetailed architectureThe overall solution for WWCO is based on a standardized five-layer model, providing a frameworkfor the technical architecture. At a high level, the 5-layer model comprises:User LayerUser LayerUser LayerAccess LayerAccess LayerAccess LayerResource LayerResource LayerResource LayerControl LayerHardware Layer1. User layer. Defines the unique user groups and overall endpoint requirements.2. Access layer. Defines how user groups will gain access to their resources. Focuses on secureaccess policies and desktop/application stores.3. Resource layer. Defines the virtual resources, which could be desktops or applications, assignedto each user group4. Control layer. Defines the underlying infrastructure required to support the users in accessingtheir resources.5. Hardware layer. Defines the physical implementation of the overall solution with a focus onphysical servers, storage and networking.User layerThe user layer focuses on the logistics of the user groups, which includes client software,recommended endpoints and office locations. This information helps define how users will gainaccess to their resources, which could be desktops, applications or documents. Citrix Receiver client. This client software, which runs on virtually any device and operatingplatform, including Windows, Mac, Linux, iOS and Android, must be downloaded onto userendpoints to access virtual desktops, which are hosted in the datacenter. Citrix Receiver providesthe client-side functionality to secure, optimize and transport the necessary information to/fromthe endpoint/host over Citrix HDX , a set of technologies built into a networking protocol thatprovides a high-definition user experience regardless of device, network or location.citrix.com6

Design GuideTransforming Call Centers Endpoints. The physical devices used by the internal Call Center user group are thin clientsconfigured with Citrix Receiver while external users will be able to use their own traditional(desktop or laptop) personal device. Due to the application and job requirements, WWCO hasdecided that mobile devices are not acceptable endpoints. Location. The Call Center user group will work from local offices, over secure network connectionsas well as external locations, over un-secure network connections. All traffic must be encrypted.Access layerThe access layer defines the policies used to properly authenticate users to the environment,secure communication between the user layer and resource layer and deliver the applications tothe endpoints.The following displays access layer design decisions based on WWCO requirementsUsers connecting from Remote, untrusted networkLocal, trusted networkAuthentication pointNetScaler Gateway StoreFrontAuthentication policyMulti-factor authentication (username,password and token)Single-factor authentication(username and password)Session policyMobileTraditionalNot applicableSession profileNo AccessICA ProxyNot applicableUser groupCall CenterCall Center Authentication. For internal users, single factor authentication, using a username and password,will be satisfactory. However, allowing external users to access the environment from a remotelocation without more stringent authentication requirements would pose security risks toWWCO. When external users access the environment, the external URL will direct requests toNetScaler Gateway, which is deployed within the DMZ portion of the network. NetScalerGateway will accept multi-factor authentication credentials from users and pass them to theappropriate internal resources (Active Directory domain controllers and token authenticationsoftware such as RADIUS). Session policy. NetScaler Gateway can detect the type of endpoint device and deliver a specificaccess experience based on device properties and policy. WWCO policies are:- Mobile. When users connect with a mobile device, a separate policy will be applied to blockaccess, based on WWCO requirements. By using the following expression within the NetScalerGateway session policy configuration, this policy will only be applied to mobile devices: “REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver”- Traditional. This policy will be applied to all non-mobile devices by using the followingexpression within the NetScaler Gateway session policy configuration: “ns true” Session profile. As Call Center group members only require access to their respective virtualdesktops from traditional endpoints, the session profile will be configured as ICA proxy instead offull VPN mode. ICA proxy allows only HDX traffic to pass from the endpoint to the user’s physicaldesktop through NetScaler Gateway, while full VPN mode makes the endpoint act as if it isphysically on the internal network. Using an ICA proxy session profile helps protect theenvironment by allowing only session-related traffic to pass, while blocking all other traffic.citrix.com7

Design GuideTransforming Call CentersIn order to support the access layer design, the following components are required:ParameterNetScaler GatewayLoad BalancerStoreFrontInstances2 virtual servers2 virtual servers.2 virtual serversCPU2 vCPU2 vCPU2 vCPUMemory2 GB RAM2 GB RAM4 GB RAMDisk3.2 GB3.2 GB60 GBCitrix product versionNetScaler VPX forHyper-V 10.1 Build 126.12NetScaler VPX Express forHyper-V 10.1 Build 126.12StoreFront 2.5Microsoft product versionNot applicableNot applicableNetwork ports443443RedundancyHigh-availability pairHigh-availability pairWindows Server 2012R2Standard443Load balanced via NetScalerExpressResource layerThe resource layer defines the underlying image, how to deliver the image to the associated virtualmachines, which applications to deliver and how to provide the right level of personalization forthe respective user group.CriteriaDecisionOperating systemWindows 7DeliveryMachine Creation ServicesCPU2 vCPUMemory2 GB RAMImage size30 GBDisk cacheDifferencing Disk: 5 GBPage file size2 GB (contained within differencing disk)Application(s)Call center routing (VoIP)Call center agentCall center chatProfileMandatory profilePolicy(s)Hi-def experienceSecureOptimized for WANPeripheralsUSB headphonesUser groupCall Center Machine Creation Services is not limited by scale, but rather by the type of delivery target:physical or virtual machine. As the project is based on resource delivery to virtual machines,Machine Creation Services is the ideal solution. Machine Creation Services does not requireadditional hardware or resources as it simply utilizes the hypervisor and local storage to createunique, thin, provisioned clones of a master image, resulting in a solution that is simple to deployand easy to scale. Because call center agents only require a small set of predefined/preconfigured applications,personalization will be prevented with the use of mandatory profiles. Each call center agent usingthe environment will have an environment that is identical to another agent. This allows eachagent to work through the structured task list as quickly as possible.citrix.com8

Design GuideTransforming Call Centers WWCO must create a user experience that can accommodate voice communication for internaland external users while keeping the environment secure. As the network link between externalusers and resource is dynamic and uncontrolled, policies are needed to optimize the user experiencefor the WAN. Based on these requirements, the following policies will be used for the environmentPolicySettingsApplied to Optimized for WANBased on the template “Optimized for WAN”Any user connecting through NetScaler GatewaySecure resourcesBased on the template “Secure and Control”Delivery groupHi-Def experienceBased on the template “High Definition UserExperience”Any user not connecting through NetScalerGatewayControl layerThe control layer of the solution defines the virtual servers used to properly deliver the prescribedenvironment detailed in the user, access, and resource layers of the solution, including requiredservices, virtual server specifications and redundancy options.The decisions for the Call Center group are met by correctly incorporating and sizing the controllayer components, which include delivery and infrastructure controllers.Delivery controllersThe delivery controllers manage and maintain the virtualized resources for the environment. Inorder to support the resource layer design, the following components are required:ParameterDelivery ControllerInstances2 virtual serversCPU2 vCPUMemory4 GB RAMDisk60 GBCitrix product versionXenDesktop 7Microsoft product versionWindows Server 2012R2 StandardNetwork ports80, 443RedundancyLoad balanced via NetScaler VPX ExpressNotesSystem Center Virtual Machine Manager (SCVMM)management console installedA single delivery controller can easily support the load of 500 users. However, to provide N 1 faulttolerance, a second virtual server will provide redundancy in case one virtual server fails.Infrastructure controllersIn order to have a fully functioning virtual desktop environment, a set of standard infrastructurecomponents are required.citrix.com9

Design GuideTransforming Call CentersParameterSQL ServerLicense ServerHyper-V SCVMMInstances3 virtual servers1 virtual servers1 virtual serverCPU2 vCPU2 vCPU2 vCPUMemory4 GB RAM4 GB RAM4 GB RAMDisk60 GB60 GB100 GBVersion(s)Not ApplicableCitrix License Server 11.12Not applicableMicrosoft product versionWindows Server 2012R2StandardSQL Server 2012 Standard (x2)SQL Server 2012 Express (x1)Windows Server 2012R2StandardWindows Server 2012R2StandardSCVMM 2012R2Network ports143327000, 7279, 8082135, 443, 2179, 3389, 59855986, 8100-8013RedundancySQL Mirroring with WitnessNone due to 30 day graceperiodNoneTo provide fault tolerance, the following options were used: The XenDesktop database was deployed on an HA pair of Microsoft SQL Server 2012 serversutilizing mirroring across two virtual servers. A third virtual server running Microsoft SQL Server 2012Express was used as a witness. Once active, a XenDesktop environment can continue to function for 30 days without connectivityto the Citrix License Server. Due to the integrated grace period, no additional redundancy is required. Only a single Hyper-V SCVMM server was used, as the loss of the server has minimal impact on aXenDesktop environment. Without the SCVMM server, only the power functions of the virtualmachine are affected. All virtual servers that are currently running will continue to run, any connecteduser will notice no service disruption and any user who tries to connect to a session will succeed.Power functions can still be managed manually from the local console if necessary.Hardware layerThe hardware layer is the physical implementation of the solution. It includes server, networkingand storage configurations needed to successfully deploy the solution.ServerFollowing is the physical server implementation for the WWCO solution:ComponentDescriptionQuantityTotalServer modelHP DL380P G855 serversProcessor(s)Intel Xeon [email protected]9GHz102 processors per server (16cores)Memory8GB DDR3-1333120192 GB per serverDisk(s)300GB SAS @ 15,000RPMHP Smart Array P420iController 2 GB cacheWindows Server 2012R2datacenter402.4 TB per server151 controller per server51 per serverStorage Array ControllerMicrosoft product versioncitrix.com10

Design GuideTransforming Call CentersTo provide fault tolerance within the solution, the virtual servers were distributed so redundantcomponents were not hosted from the same physical server. Systems Center Availability Sets werealso defined for Delivery Controller, StoreFront and SQL Servers to prevent redundant componentsfrom migrating to the same server. The virtual server allocation is depicted in Figure 3.Figure 3: Virtual machine server allocationNote: The resource load on the physical hardware for the access and control layer components isminimal, which is why the hosts are also able to support VDI virtual machines.Note: This design can accommodate a single server failure. However, when all servers areoperational, only 500 desktops will be powered on at a time, conserving resources.Note: The entire environment can scale much higher by adding additional physical servers thatmimic the configuration of Server 4 and 5.StorageThe storage architecture for the solution is based on the use of inexpensive local storage. Toensure an acceptable user experience, the storage architecture must have enough throughputcapacity as well as fault tolerance to overcome the potential failure of a single drive.ParameterHostsDrive count8Drive speed15,000 RPMRAIDRAID 10IOPS per user20Read/write ratio40/60CharacteristicsRandom, 4K blocksBased on tests, each user accessing a virtual desktop will generate, on average, roughly 20 IOPSduring their steady state activity.citrix.com11

Design GuideTransforming Call CentersIn addition to the resource layer virtual servers, the control and access layer systems generate IOPSactivity. However, the impact on storage is minimal when compared to the active sessionsgenerated by users.As the overall solution is more write intensive, it is recommended to utilize a RAID 10 configurationacross the eight hard disk drives, as RAID 10 provides fault tolerance and better write performancethan RAID 5.NetworkingIntegrating the solution into the network requires proper configuration to have the rightcomponents communicate with each other. This is especially important for NetScaler Gateway,which resides in the DMZ. The network is configured based on each physical server’s having fournetwork ports:NIC instanceFunctionSpeedVLAN ID1Management VLAN1 Gbps12Virtual machine VLAN1 Gbps23DMZ VLAN1 Gbps34DisabledThe three VLANs are divided among the physical servers, NetScaler Gateway and remaining virtualservers as shown in Figure 4.Figure 4: Networking architecturecitrix.com12

Design GuideTransforming Call CentersAs depicted in the diagram, the VLAN is configured as follows: NetScaler Gateway is configured to use the DMZ VLAN. This VLAN does not connect with anyother internal networks, which helps keep the DMZ and internal traffic separated. The management VLAN is only connected to the physical hosts and not the virtual machines. ThisVLAN is for management calls to/from the physical server’s hypervisor. The virtual machine VLAN, meant for all non-DMZ virtual machines, allows them to connect tothe internal datacenter network.ValidationThe defined solution was deployed and validated by the Citrix Solutions Lab. The key findings fromthe validation are: CPU was the limiting factor in scaling out the environment. The physical servers supported roughly 135 Windows 7 desktops. At peak, the control layer components of SQL Server, StoreFront and desktop delivery controllersconsumed less than 30 percent of CPU and had over 20 percent of available memory. The NetScaler Gateway CPU, memory and network utilization was under 10 percent for the 500user load. Based on the overall solution, a 1 Gbps switch would provide sufficient network capacity.Figure 5 provides a graphical representation of the utilization of the control layer components asthe user load increased.Figure 5: Processor Utilization for Control Layer Componentscitrix.com13

Design GuideTransforming Call CentersBased on the analysis, the user experience started to degrade above 589 users utilizing 4 physical servers.Although the solution was designed to only support 500 users, the control layer components,responsible for supporting and maintaining the environment, are minimally utilized and are capable ofmuch higher user loads with the inclusion of additional physical servers.Next stepsOrganizations must constantly expand and contract their workforce to align with customerdemands. This is easily observed in a call center environment where the number of call centeragents must fit the anticipate call volume without requiring long hold times or idle agents. Manyorganizations know how many agents they need based on the seasonality of their business, butthey struggle to expand and contract the desktop infrastructure to accommodate the seasonalshifts.Citrix XenDesktop solves these challenges with a scalable solution allowing organizations toenable dozens, hundreds or thousands of call center agents to work onsite or remotely on aschedule tailored to the actual demand without needing office space and equipment sized forpeak times.To help you learn more about the potential benefits that XenDesktop 7.5 can provide, Citrix hasprepared the following resources: XenDesktop 7.5 Blueprint: A layered solution for all successful designs and deployments,focusing on the common technology framework and core decisions Getting Started Guide: Prescriptive guide for deploying the solution to five or 10 users quicklyand easily in a non-production environment FlexCast Services Design Guides: Recommended designs, with hardware layer planning numbers,for commonly used implementations, which can be combined to form a complete solutionCorporate HeadquartersFort Lauderdale, FL, USAIndia Development CenterBangalore, IndiaLatin America HeadquartersCoral Gables, FL, USASilicon Valley HeadquartersSanta Clara, CA, USAOnline Division HeadquartersSanta Barbara, CA, USAUK Development CenterChalfont, United KingdomEMEA HeadquartersSchaffhausen, SwitzerlandPacific HeadquartersHong Kong, ChinaAbout CitrixCitrix (NASDAQ:CTXS) is a leader in mobile workspaces, providing virtualization, mobility management, networking and cloud services toenable new ways to work better. Citrix solutions power business mobility through secure, personal workspaces that provide people withinstant access to apps, desktops, data and communications on any device, over any network and cloud. This year Citrix is celebrating 25years of innovation, making IT simpler and people more productive. With annual revenue in 2013 of 2.9 billion, Citrix solutions are in use atmore than 330,000 organizations and by over 100 million users globally. Learn more at 2014 Citrix Systems, Inc. All rights reserved. Citrix, XenDesktop, NetScaler Gateway, Citrix Receiver, NetScaler VPX, FlexCast, ICA,and HDX are trademarks of Citrix Systems, Inc. and/or one of its subsidiaries, and may be registered in the U.S. and other countries. Otherproduct and company names mentioned herein may be trademarks of their respective companies.0714/PDFcitrix.com14

Call center routing (VoIP) Call center agent Call center chat Profile Mandatory profile Policy(s) Hi-def experience Secure Optimized for WAN Peripherals USB headphones User group Call Center Machine Creation Services is not limited by scale, but rather by