Citrix 3D Graphics Cheat Sheet (and how to do Community right!)

One of the most exciting developments recently in the Virtualization World is the emergence of mature and highly performant remote 3D Graphics solutions. As expected, Citrix and NVIDIA are leading the charge here with full support for virtualized GPUs in the XenServer hypervisor. This is revolutionizing the delivery of high end graphical computing workloads remotely that, until recently, required dedicated local hardware to perform adequately. There is a groundswell occurring in industry, and among my consulting peers, in learning the best practices and approaches. In this regard, NVIDIA has done an oustanding job of collecting and sharing the relevant information. I received the data below from John Rendek at NVIDIA yesterday and was really pleased to see what they have assembled and shared here in full- Thank You NVIDIA for “Getting It”! **UPDATE** Jared Cowart filled me in that most of this of this data was compiled by Angelo Oddo, Senior Sales Engineer at Citrix. Mad Props to Angelo!

 

Citrix 3D Graphics Cheat Sheet   2/04/2014

Guides and Optimizations:

 

NVIDIA Resources:

 

 

NVIDIA-vGPU

VMware HDX Resources:

XenServer HDX Resources:

 

XenServer GPU commands:

 

List GPUs

lspci | grep VGA

 

Validate iommu is enabled

xe host-param-get uuid=<uuid_of_host> param-name=chipset-info param-key=iommu

 

Attach a VM to GPU

xe vm-shutdown

 

Find the UUID of the GPU Group

xe gpu-group-list

 

Attach GPU

xe vgpu-create gpu-group-uuid=<uuid_of_gpu_group> vm-uuid=< uuid_of_vm>

 

Validate GPU is Attached

xe vgpu-list

 

Start the VM

 xe vm-start

 

Detach a GPU

First, Shut down the VM using xe vm-shutdown

 

Find the UUID of the vGPU attached to the VM by entering the following:

xe vgpu-list vm-uuid=<uuid_of_vm>

 

Detach the GPU from the VM

xe vgpu-destroy uuid=<uuid_of_vgpu>

 

How to implement Citrix 3D Graphics Pack

Download Citrix XenServer 6.2 + SP1
Download NVIDIA GRID vGPU Pack for GRID K1 or GRID K2
Download Citrix XenDesktop 7.1 99 user trial or licensed software here (requires a MyCitrix ID)

1)     Start with a fresh XenServer 6.2 installation on GRID supported hardware

2)     Install XenServer 6.2 SP1

3)     Download the NVIDIA GRID vGPU Pack & install NVIDIA GRID manager in XenServer from CLI

4)     Create a base Windows 7 VM

5)     From XenCenter, assign a vGPU type to the base image

6)     Install NVIDIA GPU guest OS driver in the base image (available in the NVIDIA GRID vGPU Pack)

7)     Note: Drivers will not install if a GPU has not been assigned to the VM

8)     Install the XenServer Tools

9)     Install the latest version of Citrix HDX 3D Pro VDA 7.1

10)   Create a Machine Catalog using MCS or PVS

11)   Create a Delivery Group, assign users and publish the desktops

NVIDIA-XD7x

Tweaks for XenDesktop VDA:

  • The following Registry key setting will increase Frames per Second (FPS)

[HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Graphics]“EncodeSpeed”=dword:00000001

 

  • The following registry key setting will ensure the screen is refreshed and eliminate artifacts of previously opened windows:

[HKEY_LOCAL_MACHINE\Software\Citrix\HDX3D\BitmapRemotingConfig]“HKLM_EnabledDirtyRect”=dword:00000000

 

Hotfixes, Drivers and Tool Downloads

*Primary Source

Microsoft App-V 5.0 Load Balancing

I have had the pleasure of working with Microsoft App-V for a while now and HA has always been a very important item.   Load Balancing has been a breeze in the App-V 4.x environments.  All you needed was a load balancer that could pass * for the port and * for the protocol and everything worked great.  Yes, you can argue that RTSP used 554 TCP but the random port is chose after was the killer.

That has all changed in App-V 5.0.  Now Kerberos is a huge deal.  Anyone that has worked with SQL clusters will understand how temperamental Kerberos can be without being properly setup.  After I have had the fun of translating Microsoft language into a usable format, I figured I would document to the best of my ability how to setup App-V 5 to use Kerberos and be load balanced.

Before I start, I would like to share some of the articles that were used or discarded in getting this to work

Microsoft has a “Planning for High Availability” article which can be found here http://technet.microsoft.com/en-us/library/dn343758.aspx.  This article talks about HA for the entire environment and a pretty good read except for the Web Services load balancing

Microsoft has another article on “How to provide fault tolerance and load balancing in Microsoft App-V v5”, http://support.microsoft.com/kb/2780309.   I didn’t find this article very useful

After combining the 2 articles above and many others, I have found these steps to be pretty straight forward and easy to do.

Assumptions:  I am assuming you have 2 or more App-V 5 servers installed with Management and Publishing working in the environment.  I put both Management and Publishing on the same servers, but it is up to your design.  I have performed these steps in Windows 2012 R2 Standard

I will be using the following as examples

Server Names:  vAppV01 and vAppV02
Load Balanced Name:  AppV
FQDN:  dummy.lcl
App-V Management port: 8080
App-V Publishing port: 8081

Step 1:  Have a Load Balancer and DNS A record

I tend to use Citrix Netscalers for LB on the projects I work on, but any should work.  Just like App-V 4.0, it is easiest to use a LB with * for ports and * for protocols.  Again the security guys will argue with me about you are opening to much.  My point is it is internal traffic and not transferring in company data.  All that is being transmitted is bits to launch an application.

Step 2:  Setup an AD Computer Account

Create a computer account in Active Directory with the Load Balanced Name.  This will be used to assign the SPN’s to later.

Step 3:  Change the IIS ApplicationPool Identity

This is where all the confusion comes in.  If you read all the information out there regarding the ApplicationPool Identity, it leads you to believe that you need to change this to run as a service account.  Performing this step will break the syncing of your publishing servers with the Management service.  We will just skip that part and allow the KernelMode to take care of Kerberos for you:

  • Navigate to c:\windows\system32\inetsrv\config and make a backup of ApplicationHost.config
  • Now we need to edit 2 parts of this file, both are found at the bottom of the file and crossed out below.
    <location path=”Microsoft App-V Management Service”>
    <system.webServer>
    <security>
    <authentication>
    <digestAuthentication enabled=”false” />
    <basicAuthentication enabled=”false” />
    <anonymousAuthentication enabled=”false” />
    <windowsAuthentication enabled=”true” />
    </authentication>
    </security>
    <webdav>
    <authoring enabled=”false” />
    </webdav>
    </system.webServer>
    </location>
    <location path=”Microsoft App-V Publishing Service”>
    <system.webServer>
    <security>
    <authentication>
    <digestAuthentication enabled=”false” />
    <basicAuthentication enabled=”false” />
    <anonymousAuthentication enabled=”false” />
    <windowsAuthentication enabled=”true” />
    </authentication>
    </security>
    </system.webServer>
    </location>
  • These sections need to read as the following:
    <windowsAuthentication enabled=”true” useKernelMode=”true” useAppPoolCredentials=”true” />

Now reboot your server to verify that changes have taken effect.

Step 4:  Adding SPN’s to Active Directory

Now that your file has been changed, we need to setup the following SPN’s to help allow AD to provide the Kerberos authentication for both App-V Publishing and Management Roles

Run the following commands with Domain Admin rights

Setspn –a http/<server>:<port> <domain>\<LB Name>
Setspn –a http/<server.FQDN>:port <domain>\<LB Name>

Examples below

  • • setspn –a http/appv:8080 dummy\appv
  • • setspn –a http/appv:8081 dummy\appv
  • • setspn –a http/appv.dummy.lcl:8080 dummy\appv
  • • setspn –a http/appv.dummy.lcl:8081 dummy\appv

Step 5:  Your Database

Nothing to add or change to the DB

Step 6:  Your Content Share

Nothing to add or change to the Content Share

Step 7:  Final Step

Now to make sure we don’t have the Publishing Servers going across to the other Management Server, I make one final change

Edit the Hosts file on each App-V Server to point to its own IP for the LB name

example:

If the IP for vAppV01 is 192.168.1.1 and IP for vAppV02 is 192.168.1.2 and the LB Name of AppV is 192.168.1.3, the hosts files should read like this:

Hosts File vAppV01:

192.168.1.1                 AppV

Hosts File vAppV02:

192.16.1.2                  AppV

 

Conclusion:

Now you have successfully setup the load balancing for App-V 5.  It is not as complicated as it seemed when I first started this journey, but again, there was no place that I found that had everything needed for App-V documented.