Provisioning Services 7.0 Requirements List

Image may be NSFW.
Clik here to view.

In this post, I will try to summarize and list basic requirements regarding Provisioning Services 7.0. This will probably be a reference point while building the Provisioning Services infrastructure.

Lets look at the requirements for each component:

Requirements:

Provisioning Services

Minimum requirements:

Operation System:

• Windows 2008 (32 or 64-bit); all editions
• Windows 2008 R2 and Windows 2008 R2 SP1; Standard, Enterprise, DataCenter
• Windows 2012: Standard, Essential, and Datacenter editions

CPU

• Intel or AMD x86 or x64 compatible
• 2 GHz minimum – 3 GHz preferred
• 3.5 GHz Dual Core/HT or similar for loads greater than 250 target devices.

Memory

(~depends on the vDisks)
• Minimum of 2 GB RAM; 4 GB preferred;
• 4 GB is required for a larger number of vDisks (greater than 250).

Hard Disk and Storage (~depends on the vDisks)

• IOPS need also be calculated to determine RAID Level.

Network Adapter

• Static IP
• Min. 100 MB, 1 GB preferred
• Dual 1 GB Ethernet for more than 250 target devicesNote: Prefer to have two NICs rather that a dual ported NICs as it often performs better.

PVS software

• NET 4.0 and PowerShell 2.0
• If using PVS with XenDesktop, NET 3.5 SP1
• If using PVS with SCVMM 2012 SP1, PowerShell 3.0

Network:

PVS <> PVS:

• Each PVS must be configured to use the same UDP ports to communicate with each other (Messaging Manager).
• Default range is UDP 6890-6909.

PVS >> target device:

• Each PVS must be configured to use the same UDP ports to communicate with targets (StreamProcess)
• Default ports: UDP 6910-6930.
  The first 3 ports (6910, 6911, 6912) are reserved for Provisioning Services.

Target device >> PVS

• UDP 6901, 6902, 6905 portsNote: target device to Provisioning Services cannot be configured.

Login server communication

• Each Provisioning Server used as a login server must be configured on the Stream Servers Boot List dialog when the Configuration wizard is run
• The default port for login servers to use is UDP 6910

Console communication

• The SOAP Server is used when accessing the Console.
  The TCP ports are configured on the Stream Services dialog (Configuration wizard)
• Powershell:
  MCLI-Run SetupConnection

TFTP communication

• TFTP port: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BNTFTP\Parameters Port
• The defaults is UDP 69

TSB communication

• TSB port: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PVSTSB\Parameters Port
• The default is UDP 6969

Port Fast

• Port Fast must be enabled

Network Card

• PXE 0.99j, PXE 2.1 or later

Network addressing

• DHCP

Notes:

“System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing security” should not be ENABLED as the Provisioning services is not compatible.

Target  Device Requirements

PVS target devices without the VDA:

• Windows 8 (32 or 64-bit) all editions
• Windows 7 SP1 (32 or 64-bit): Enterprise, Professional, Ultimate (Ultimate is only supported in Private Image mode)
• XP Professional SP3 32-bit
• XP Professional SP2 64-bit
• Windows 2008 R2 SP1: Standard, DataCenter, EnterpriseKnown issues with Windows 2008: http://support.citrix.com/article/CTX131944.
• Windows 2012: Standard, Essential, and Datacenter

XenDesktop target devices with the latest version of VDA:

• Windows 8 (32 or 64-bit): all editions
• Windows 7 SP1 (32 or 64-bit): Enterprise, Professional, Ultimate(Ultimate edition is only supported in Private Image mode)
• Windows 2008 R2 SP1: Standard, DataCenter, EnterpriseKnown issues with Windows 2008: http://support.citrix.com/article/CTX131944.
• Windows 2012: Standard, Essential, and Datacenter

Target device software requirements

• .NET 4.0 (default).
• Optional: If using XenDesktop and the Image Update Management feature, Microsoft .NET 3.5 SP1 is also required.

Notes:

• Microsoft NIC teaming (2012) or OEM NIC teaming software should be installed and configured prior to the Target Device software.

Licensing

• In order for MAK licensing to work, Volume Activation Management Tool (VAMT) must be installed on all login servers within a farm: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ec7156d2-2864-49ee-bfcb-777b898ad582&displaylang=en.

Database:

SQL 2008, SQL 2008 R2, and SQL 2012 Server (32 or 64-bit)

• SQL Server Express Edition
• SQL Server Workgroup Edition
• SQL Server Standard Edition
• SQL Server Enterprise Edition

Notes:

• Windows Auth only
• Privileges required:
  dbcreator: for creating the database
  securityadmin: for creating the SQL logins for the Stream and SOAP
  If an empty DB created, user running the Config wizard must be the owner of the DB and have the “View any definition permission“
• Mirroring requires SQL native client, DB needs to be High-safety mode with a witness (synchronous)
• Clustering is supported.
• Initial size of database is 20 MB with a growth size of 10 MB.
• DB Log initial size is 10 MB with a growth size of 10%.

Service Accounts:

• db_datareader (configured automatically for Stream & SOAP if user has securityadmin)
• db_datawriter (configured automatically for Stream & SOAP if user has securityadmin)
• execute permissions on stored procedures

Service account needs to have the following privileges on the OS

• Run as service
• Registry read access
• Access to Program Files\Citrix\Provisioning Services
• Read and write access to any vDisk location
  

  Network service	Minimum privilege local account, which authenticates on the network as computers domain machine account
  Specified user	(required when using a Windows Share)Workgroup or domain user account
  Local system	for use with SAN

• PVS support for KMS requires that SOAP Server user account be a member of the local administrators
• With Personal vDisks, SOAP service account must be XenDesktop Full administrator
• Windows 2000 Domains are no longer supported

Kerberos

SOAP Service registers/unregisters SPNs every time when service starts and stops. If the account does not have permission to create/delete, it may fail. When this happens, authentication will fall back to NTLM.

Workaround:

• Use a different account that has permissions to create SPNs.
• Assign the following permissions to the service account.
  

  Computer Account – Write Validated SPN

  User Account – Write Public Information

• Create the SPNs manually
  • setspn -a PVSSoap/<hostname> <username>
  • setspn -a PVSSoap/<fully qualified domain name> <username>

XenDesktop Setup Wizard requirements

System Center Virtual Machine Management (SCVMM):

• SCVMM requires PowerShell 2.0
• The number of required connections for an SCVMM should be >= the number of hosted hypervisors used by the setup wizard for virtual machine cloning.
• F.E.: to set connections to 25

winrm set winrm/config/winrs @{MaxShellsPerUser=”25″}

winrm set winrm/config/winrs @{MaxConcurrentUsers=”25″}.

• SCCM 2012 SP1 requires PowerShell 3.0.
• For SCVMM to work with XenDesktop, on SCVMM run

set-ExecutionPolicy unrestricted

VCenter:

• If vCenter is using non-default ports: change the following registry to connect to it from Provisioning Services:
  • A new key HKLM\Software\Citrix\ProvisioningServices\PlatformEsx
  • A new string in the PlatformEsx key named ServerConnectionString and set it to http://{0}:PORT#/sdkNote: If using port 300, ServerConnectionString= http://{0}:300/sdk

NOTES:

• If using multiple NICs, the XenDesktop wizard assumes that the first NIC is the Provisioning Services NIC
• To use Synthetic switch-over feature, both the first legacy NIC and the synthetic NIC must be on the same network. If Provisioning Services XenDesktop Set Up Wizard is used with SCVMM, both the first legacy and the synthetic NICs’ network will change according to the network resource set by XenDesktop, or by the user if SCVMM host has multiple network resources.
• Multi-NIC support for XenDesktop private virtual machine desktops.
• Legacy XenDesktop Virtual Desktop Agents (VDA) are supported on VMs.

Streamed VM Setup wizard requirements

• Image Update Management requires .NET 4.0 and .NET SP1 3.5 on the client.
  The client installer only provides .NET 3.0, a minimum prerequisite on the client.
• Template VM requirements:
  • Boot order: Network/PXE first in list (as with physical machines).
  • Hard disks: If using local write cache, an NTFS formatted disk large enough for the cache must exist. Otherwise, no hard disks are required.
  • Network: Static MAC. With XenServer, address cannot be 00-00-00-00-00-00
• Permissions:
  • PVS Console user account needs to be in “PVS SiteAdmin” group or above.

ESD servers requirements for vDisk Update Management

• WSUS Server – 3.0 SP2
• Microsoft System Center Configuration Management (SCCM):
  • SCCM ConfigMgr 2007 SP2
  • SCCM 2012
  • SCCM 2012 SP1

Hypervisor requirements

• XenServer 6.0 ???Note: XenServer 5.6 SP2 is not supported in this release.
• Microsoft System Center Virtual Machine Management (SCVMM):
  • SCVMM 2012 with Hyper-V 2.0
  • SCVMM 2012 SP1 with Hyper-V 3.0
• ESX 4.1, ESX 5, ESX 5 Update 1
• HyperV 2008 R2 SP1 Enterprise Edition SP1 (Hyper-V Server 2008 R2 is supported for Windows Server 2008 but has not been tested for scalability)
• vSphere 5.0 (vSphere 4.1 Update 1 is supported but has not tested for scalability), 5.1, 5.1 Update 1
• Physical Devices for 3D Pro Graphics (Blade Servers, Windows Server OS machines, and Windows Desktop OS machines with XenDesktop Virtual Desktop Agent installed)

Console requirements

• Minimum 1 GHz, 2 GHz preferred
• Minimum 1 GB, 2 GB preferred
• Minimum 500 MB
• Operating Systems:
  • Windows 2008 (32 or 64-bit); all editions
  • Windows 2008 R2; Standard, DataCenter and Enterprise
  • Windows 2012: Standard, Essential, and Datacenter
  • Windows 7 (32 or 64-bit)
  • Windows XP Professional (32 or 64-bit)
  • Windows Vista (32 or 64-bit): Business, Enterprise, Ultimate (retail)
  • Windows 8 (32 or 64-bit) all editions
• Software:
  • MMC 3.0
  • .NET 4.0
  • PowerShell 2.0
  • If PVS with XenDesktop, NET 3.5 SP1
  • If PVS with SCVMM 2012 SP1, PowerShell 3.0