Using VMWare with XenDesktop

When you are using VMWare ESX as Hypervisor you need to configure some setting on the Desktop Delivery Controller and on the VCenter server before you can add the VMWare vCenter host to the XenDesktop environment. First you need to create a user or a role where you can add multiple users in the vCenter environment. In the following steps I explain how to create a Role with all the necessary right.

Create Security Role vCenter

Based on the following Article: Using VMware with XenDesktop provided by Citrix, I create a new role which I will name XenDesktop. Then I added the appropriate settings as described in the following table:

Datastore.AllocateSpace

Datastore > Allocate space

Datastore.Browse

Datastore > Browse datastore

Datastore.FileManagement

Datastore > Low level file operations

Network.Assign

Network > Assign network

Resource.AssignVMToPool

Resource > Assign virtual machine to resource pool

System.Anonymous

Added automatically.

System.Read

Added automatically.

System.View

Added automatically.

Task.Create

Tasks > Create task

VirtualMachine.Config.AddRemoveDevice

Virtual machine > Configuration > Add or remove device

VirtualMachine.Config.AddExistingDisk

Virtual machine > Configuration > Add existing disk

VirtualMachine.Config.AddNewDisk

Virtual machine > Configuration > Add new disk

VirtualMachine.Config.CPUCount

Virtual machine > Configuration > Change CPU Count

VirtualMachine.Config.Memory

Virtual machine > Configuration > Memory

VirtualMachine.Config.RemoveDisk

Virtual machine > Configuration > Remove disk

VirtualMachine.Config.Resource

Virtual machine > Configuration > Change resource

VirtualMachine.Interact.PowerOff

Virtual machine > Interaction > Power Off

VirtualMachine.Interact.PowerOn

Virtual machine > Interaction > Power On

VirtualMachine.Interact.Reset

Virtual machine > Interaction > Reset

VirtualMachine.Interact.Suspend

Virtual machine > Interaction > Suspend

VirtualMachine.Inventory.Create

Virtual machine > Inventory > Create new

VirtualMachine.Inventory.CreateFromExisting

Virtual machine > Inventory > Create from existing

VirtualMachine.Inventory.Delete

Virtual machine > Inventory > Remove

VirtualMachine.Inventory.Register

Virtual machine > Inventory > Register

VirtualMachine.Provisioning.Clone

Virtual machine > Provisioning > Clone virtual machine

VirtualMachine.Provisioning.DiskRandomAccess

Virtual machine > Provisioning > Allow disk access

VirtualMachine.Provisioning.GetVmFiles

Virtual machine > Provisioning > Allow virtual machine download

VirtualMachine.Provisioning.PutVmFiles

Virtual machine > Provisioning > Allow virtual machine files upload

VirtualMachine.Provisioning.DeployTemplate

Virtual machine > Provisioning > Deploy template

VirtualMachine.Provisioning.MarkAsVM

Virtual machine > Provisioning > Mark as virtual machine

VirtualMachine.State.CreateSnapshot

Virtual machine > State > Create snapshot

VirtualMachine.State.RemoveSnapshot

Virtual machine > State > Remove snapshot

VirtualMachine.State.RevertToSnapshot

Virtual machine > State > Revert to snapshot

All the above settings are applied in the “Add New Role” screen as you can see below. I didn’t add all screenshot because that’s too much.

Add New Role

If you want XenDesktop to tag VMs you create, the user account must also have the following permissions:

Global.ManageCustomFields

Global > Manage custom attributes

Global.SetCustomField

Global > Set custom attribute

After I applied the settings I need to add a User to vCenter and give the user the XenDesktop Role. When logged in to vCenter go to the Datacenter and the go to permissions and add the user, then select the XenDesktop role and click OK.

Adding the user

 Now the configured user has the rights to perform the necessary processes with in vCenter. But before we now can add the vCenter host to the Desktop Delivery Controller we need to install the certificate of the vCenter environment on the Desktop Delivery Controller server. To accomplish that we logon to the Desktop Delivery Server and open a browser and goto the following address:

Https://NameOfVcenterSever.domain/

[update] first add the address to the trusted sites within IE. When you don’t you can’t install the certificate.

You will receive a certificate error but select continue and then select the certificate and install it into the following Certificate store: Trusted People\Local Computer.

VMWare Certicate

Now you can add the vCenter host to the Desktop Delivery Controller without receiving errors.

 
banner