Citrix to AWS Deployment Considerations
This article describes the most common Citrix to AWS deployment models along with they key considerations associated with each. Additionally we detail the licensing requirements aligned with each deployment to ensure customers remain compliant when deploying Citrix on AWS. Lastly, we discuss AWS Amazon WorkSpaces as a managed service option for hosting Virtual Desktop infrastructure.
Pete Fergus
Amazon Employee
Published Sep 12, 2024
Last Modified Sep 13, 2024
By deploying or extending a Citrix deployment into the AWS cloud, customers can benefit from cloud elasticity, cost savings, going global in minutes and more. This guide attempts to outline some of the common Citrix deployment options onto AWS’ public cloud & also how customers might modernize with Amazon Workspaces - Amazons fully managed cloud native DaaS solution.
There are a number of key decisions to make prior to deploying Citrix on AWS. In this article we take a look at some common deployment methodologies along with the advantages, considerations and licensing requirements associated with each.
Let’s discuss the different Citrix Virtual Apps and Desktops (CVAD) to AWS deployment options available. The following deployment models will be reviewed: -
- Citrix Virtual Apps and Desktops on AWS EC2
- Citrix DaaS with Resource Location on EC2
- Citrix DaaS on Amazon WorkSpaces Core
- Amazon WorkSpaces
The illustration below shows the component distribution for each of these deployment models and where deployed infrastructure is the responsibility of the customer, Citrix or Amazon to manage.
In this scenario, customers essentially move or redeploy their self-managed Citrix infrastructure into AWS, treating the deployment on AWS just like their existing customer managed deployment. This model does not utilize any Citrix Cloud services and all infrastructure components are deployed into the customers AWS VPC on Windows Server EC2 instances. This model provides the most flexibility and customization of the environment but also comes with the highest operational overhead in addition to the highest run costs as many components of the site must be deployed resiliently and kept running 24×7.
Advantages
- Most flexibility to customize and manage infrastructure
- Customers can leverage AWS Managed Services e.g. AWS Managed Microsoft AD, Amazon FSx
- Capability to migrate a master image to AWS EC2 with Application Migration Service (MGN) for use with Machine Creation Service (MCS)
- StoreFront on EC2 provides maximum customization capabilities
- Citrix Gateway on EC2 provides the greatest flexibility for authentication and provides load balancing for Citrix control plane components
- Suitable for use with AWS MGN as a lift & shift migration for all Windows server components
Considerations
- Requires specific Citrix license versions which allow Public Cloud / Hybrid VDA deployment
- Requires dedicated tenancy for Windows Desktop BYOL (see Licensing Requirements)
- Running Desktop OS on EC2 is expensive considering the costs incurred. These costs include a Citrix License, Desktop License and EC2 Dedicated Host cost
- Customer responsible for securing, patching, maintaining and upgrading the environment themselves
- Customer responsible for backup and disaster recovery of all Citrix infrastructure components
- Citrix Machine Creation Service (MCS) is supported on native EC2
- Note: - Citrix Provisioning Service (PVS) is NOT supported on native EC2
- Larger Amazon EC2 footprint with higher compute and storage costs
- Need to ensure sufficient EC2 capacity in target region
- Citrix & AWS’ leading best practice for customers recommends avoiding a full lift and shift due to the considerations outlined above
- M365 - Customers are prohibited from running their M365 or O365 licenses with Citrix on EC2. As per the public announcement on 1st August 2023
- Microsoft Windows Server - EC2 instances include the license fee as part of public pricing – known as License Included (LI) EC2 instances. Alternatively, customers can choose bring their own (BYOL) server licenses. See the AWS Microsoft Licensing on AWS documentation for details
- Windows 10/11 - Microsoft requires VDA E3/E5 user licenses (purchased under subscription from Microsoft) for Windows Desktop Client BYOL on AWS. Dedicated infrastructure is also a requirement, and options include EC2 Dedicated Host, EC2 Dedicated Instance
- Microsoft SQL Server– customer can BYOL SQL licenses or choose license included SQL AMI’s, additionally customers can consider Amazon RDS for SQL Server
- Citrix - required per user/per device, review the current Citrix documentation to ensure entitlement to use Citrix in Public Cloud
- ADC Gateway (HDX Proxy) - customers can choose to bring their perpetual license or purchase through AWS MarketPlace utility license model
Using Citrix DaaS with Resource Locations on EC2, the Control Plane is delivered by Citrix cloud whilst the VDA session hosts run on AWS EC2. Citrix Cloud Connectors act as a proxy for the communications between AWS and the Citrix Cloud control plane. At least two Cloud Connectors in each resource location are required in order to ensure a highly available connection with Citrix Cloud.
Advantages
- Citrix Cloud manages & maintains control plane components e.g., brokers, licenses, authentication
- Significantly fewer Citrix control plane components drives a lower cost of deployment
- Citrix's managed brokering service (DaaS) includes the Citrix AutoScale feature. This provides built-in VDA capacity and cost management capabilities which can result in substantial savings
- Customers can leverage AWS Managed Services such as Amazon FSx, AWS Managed AD, Amazon RDS
- Virtual Apps and Desktops workloads can be deployed on EC2, on-premise or in a hybrid deployment model
- Subscription based licensing model
- Fastest route to Citrix on AWS with lowest ongoing maintenance model
- Solution can run offline if Citrix Cloud or DaaS control plane is unavailable
Considerations
- Select the most appropriate regional Citrix Cloud control plane location, typically the one closest to the highest user population
- Consider Citrix Cloud resource location alignment with AWS Regions and Availability Zones to meet your specific resilience and recovery requirements
- The Gateway Service can be used to remove the need to deploy StoreFront and Citrix Gateway but this service does not provide the same level of customization and features as a StoreFront or Gateway hosted on EC2
- Citrix hosted StoreFront and Gateway services require Citrix Federated Authentication (FAS) to federate SAML logon to VDA with Single Sign-On (virtual smartcard logon)
- Citrix Rendezvous can be implemented to eliminate scalability concerns if using the Cloud Connectors as a proxy for HDX connections
- Citrix DaaS can utilize customer managed StoreFront and Gateway on EC2 if required
- Citrix Machine Creation Service (MCS) is supported on native EC2
- Note: - Citrix Provisioning Service (PVS) is NOT supported on native EC2
- Citrix Machine Creation Services (MCS) IS supported on native EC2
- Need to ensure sufficient EC2 capacity in target region for VDAs
· M365 - Customers are prohibited from running their M365 or O365 licenses with Citrix on EC2. As per the public announcement on 1st August 2023
· Microsoft Windows Server - EC2 instances include the license fee as part of public pricing – known as License Included (LI) EC2 instances. Alternatively, customers can choose bring their own (BYOL) server licenses. See the AWS Microsoft Licensing on AWS documentation for details
· Windows 10/11 - Microsoft requires VDA E3/E5 user licenses (purchased under subscription from Microsoft) for Windows Desktop Client BYOL on AWS. Dedicated infrastructure is also a requirement, and options include EC2 Dedicated Host, EC2 Dedicated Instance
· Microsoft SQL Server– customer can BYOL SQL licenses or choose license included SQL AMI’s, additionally customers can consider Amazon RDS for SQL Server
· Citrix - required per user/per device, review the current Citrix documentation to ensure entitlement to use Citrix in Public Cloud
· ADC Gateway (HDX Proxy) - customers can choose to bring their perpetual license or purchase through AWS MarketPlace utility license model
With Citrix on WorkSpaces Core (CoWSC) customers continue using their Citrix control plane to provision virtual desktops but they are hosted on Amazon WorkSpaces in the AWS cloud. This approach allows customers to offload the virtual desktop infrastructure to AWS whilst continuing with the familiarity and licensing investment made on Citrix. CoWSC enables customers to continue using Citrix' HDX protocol so no change in end user experience. Additionally, customers can persist with the full portfolio of features HDX has to offer.
This deployment model provides access to a set of WorkSpaces Core API’s that are used to integrate the creation and management of WorkSpaces desktops into Citrix Studio. The creation and maintenance of machine catalogs and delivery groups are hidden from the Citrix administrator.
Advantages
- CoWSC leverages the WorkSpaces Core API which provides communication between the Citrix DaaS and AWS WorkSpaces managed services. As the core infrastructure for these services is managed by the respective vendor, the overheads of management and maintenance are drastically reduced
- CoWSC pricing is cheaper that standard Amazon WorkSpaces BYOL pricing to accommodate for the dual licensing requirements and data egress costs
- Customers can bring their existing Windows 10 & Windows 11 licenses to CoWSC, alternatively customers can choose AWS license included Windows Server 2019 & 2022 bundles
- Customers can bring their existing M365 licenses to run on CoWSC virtual desktops. Eligible M365 licenses include E3/E5, A3/A5, G3/G5, Business Premium. See Microsoft documentation for more details. Note O365 do not qualify and are not permitted as per Microsoft licensing terms.
- CoWSC offers a portfolio of compute profiles to choose from included GPU enabled G4DN & G4DN Pro bundle types
Considerations
- Customers must comply with Amazon WorkSpaces BYOL requirement of a minimum of 100 BYOL WorkSpaces per account per region
- Customers are billed for data egress streaming traffic
- Citrix Cloud licenses are required - perpetual licenses are not supported due to lack of license mobility
- Customers must manage and maintain Citrix Cloud connectors on EC2
- WorkSpaces are AlwaysOn due to lack of power management
- The WorkSpaces Core API supports an hourly billing model which will allow the ‘Auto-Stop’ WorkSpace type to be supported at a future date
- Microsoft Windows Server - EC2 instances include the license fee as part of public pricing – known as License Included (LI) EC2 instances. Alternatively, customers can choose bring their own (BYOL) server licenses. See the AWS Microsoft Licensing on AWS documentation for details
- Windows 10/11 - Microsoft requires VDA E3/E5 user licenses (purchased under subscription from Microsoft) for Windows Desktop Client BYOL on AWS. Dedicated infrastructure is also a requirement, and options include EC2 Dedicated Host, EC2 Dedicated Instance
- Citrix DaaS - Licenses are required per user/per device, review the current Citrix documentation to ensure entitlement to use Citrix in Public Cloud
- Amazon WorkSpaces – Monthly flat rate pricing at time of writing. See the Amazon WorkSpaces Core Pricing page for details.
- ADC Gateway (HDX Proxy) - customers can choose to bring their perpetual license or purchase through AWS MarketPlace utility license model
Amazon WorkSpaces enables you to provision virtual, cloud-based Microsoft Windows, Amazon Linux, Red Hat Enterprise Linux or Ubuntu Linux desktops for your users. As an AWS Managed Service, WorkSpaces eliminates the need to procure and deploy hardware or install complex software to make you desktop cloud native. You can quickly add or remove users as your needs change. Users can access their virtual desktops from multiple devices or web browsers. WorkSpaces are all-inclusive virtual desktops that offer both persistent (WorkSpaces Personal) or non-persistent (WorkSpaces Pools) deployment options.
Advantages
- Fully managed virtual desktop infrastructure service with a financially backed 99.9% uptime SLA
- Flexibility to Bring Your Own M365 licenses
- Simplified virtual desktop management with a choice of both persistent and non-persistent virtual desktops deployment options
- Scale on demand with flexible, cost-effective pricing
- Choose from a number of different operating system options including Windows Server, Windows Desktop (BYOL), Amazon Linux, Ubuntu, Red Hat Linux
- Choose from a portfolio of different hardware options including GPU capable bundles
- Pay-as-You-Go (PAYG) with On-Demand and Always-On models available
- Bring Your Own License (BYOL) or License Included (LI) options available for Windows Desktop OS license and RDS CAL
- WorkSpaces Personal offers a persistent dedicated virtual desktop per user – available with Windows Server, Windows Desktop, Ubuntu, Linux
- WorkSpaces Pools offers a non-persistent dedicated virtual desktop per user – available with Windows Server OS
- Choice of two streaming protocols when provisioning – WorkSpaces Streaming Protocol (WSP) & PC over IP (PCoIP)
Considerations
- Only M365 licenses are eligible for BYOL to Amazon WorkSpaces, not O365
- WSP & PCoIP streaming protocols offer different capabilities. Refer to our documentation to review the feature characteristics of each
- Customers must manage and maintain their WorkSpaces custom images. This includes patching of the operating system and application updates
- For BYOL Windows 10/11 desktop licenses, customers must meet a minimum commitment threshold as detailed in our Bring Your Own Windows desktop licenses in WorkSpaces Personal documentation
Customers can choose from the following licensing options when deploying Amazon WorkSpaces Personal and Amazon WorkSpaces Pools: -
Operating System
- Windows Server License Included – RDS SAL for each user included in public pricing or BYOL RDS SAL if covered under Microsoft License Mobility
- Windows 10/11 – BYOL options available for Personal & Pools detailed here
Microsoft Office
- BYOL existing M365 licenses on both WorkSpaces Personal & WorkSpaces Pools (A3, A5, E3, E5, G3, G5 & Business Premium). O365 licenses cannot be migrated.
- Pay as You Go Microsoft Office Licensing with WorkSpaces bundles on both WorkSpaces Personal & WorkSpaces Pools. Office versions include Office 2016, 2019, 2021 Std, 2021 Pro
As outlined in this article, there are many points to consider as you plan your Citrix on AWS public cloud journey and we've merely skimmed the surface of many deep topics as well as outlined only a few deployment scenarios that customers might consider. To discuss and plan your Citrix migration to AWS it is recommended to reach out to an AWS End User Compute Solutions Architect to discuss best practices for deployment, cost savings and licensing compliance. See our contact page for details on how you can align with an AWS representative.
Peter Fergus - Pete is a Senior Specialist Solutions Architect based in Dublin, Ireland. Pete has been working with AWS cloud computing services for more than five years and enterprise infrastructure for over fifteen. Pete is passionate about collaborating with customers to help build optimal EUC solutions in AWS Cloud.
Martin Fluck - Martin is a Senior Application Architect for AWS ProServe based in the UK. Martin has been with ProServe for more than five years with thirteen years working in the Enterprise Virtualization and End User Computing space prior. Focusing on Migration and Modernization on AWS, Martin helps customers across a broad range of industries on their journeys to the cloud.
Any opinions in this post are those of the individual author and may not reflect the opinions of AWS.