AWS Logo
Menu
Citrix on AWS - Deployment Considerations

Citrix on AWS - Deployment Considerations

By deploying or extending you Citrix deployment on AWS, customers benefit from cloud elasticity, cost savings, going global in minutes and more. This guide assesses some common Citrix on AWS deployment options, the benefits & considerations associated with each and the Microsoft licensing requirements associated per deployment model. Lastly we discuss Amazon Workspaces - Amazons fully managed cloud native DaaS solution.

workspacesamazon-workspacescitrixeuccitrixonworkspacescore
Pete Fergus
Amazon Employee
Published Sep 12, 2024
Last Modified Nov 12, 2024

Deployment Options

Citrix on EC2 (Lift & Shift)

Architecture

Licensing Requirements

Citrix DaaS with Resource Location on EC2

Architecture

Licensing Requirements

Citrix DaaS with Amazon WorkSpaces Core

Architecture

Licensing Requirements

Amazon WorkSpaces

Architecture

Licensing Requirements

Conclusion

Authors

There are a number of key decisions to make prior to deploying Citrix on AWS. Let's take a look at some common deployment methodologies along with the advantages, considerations and licensing requirements associated with each.

Deployment Options

The following deployment models will be reviewed: -
  • Citrix Virtual Apps and Desktops on AWS EC2
  • Citrix DaaS with Resource Location on EC2
  • Citrix DaaS on Amazon WorkSpaces Core
  • Amazon WorkSpaces
The illustration below shows the component distribution for each of these deployment models and where deployed infrastructure is the responsibility of the customer, Citrix or Amazon to manage.
Citrix on AWS Component Stack
Figure 1: Deployment model components

Citrix on EC2 (Lift & Shift)

In this scenario, customers essentially move or redeploy their self-managed Citrix infrastructure into AWS, treating the deployment on AWS just like their existing customer managed deployment. This model does not utilize any Citrix Cloud services and all infrastructure components are deployed into the customers AWS VPC on Windows Server EC2 instances. This model provides the most flexibility and customization of the environment but also comes with the highest operational overhead in addition to the highest run costs as many components of the site must be deployed resiliently and kept running 24×7.

Architecture

Citrix on EC2 Architecture
Figure 2: Citrix on EC2 Architecture
Advantages
  • Most flexibility to customize and manage infrastructure
  • Customers can leverage AWS Managed Services e.g. AWS Managed Microsoft AD, Amazon FSx
  • Capability to migrate a master image to AWS EC2 with Application Migration Service (MGN) for use with Machine Creation Service (MCS)
  • StoreFront on EC2 provides maximum customization capabilities
  • Citrix Gateway on EC2 provides the greatest flexibility for authentication and provides load balancing for Citrix control plane components
  • Suitable for use with AWS MGN as a lift & shift migration for all Windows server components
Considerations
  • Requires specific Citrix license versions which allow Public Cloud / Hybrid VDA deployment
  • Requires dedicated tenancy for Windows Desktop BYOL (see Licensing Requirements)
  • Running Desktop OS on EC2 is expensive considering the costs incurred. These costs include:-
    • Citrix License
    • Desktop License - VDA User Subscription License or VDA Add-On (for customers with M365 license)
    • EC2 Dedicated Host cost
    • EC2 Dedicated Instance (allowed for desktop OS)
  • Customer responsible for securing, patching, maintaining and upgrading the environment themselves
  • Customer responsible for backup and disaster recovery of all Citrix infrastructure components
  • Citrix Machine Creation Service (MCS) is supported on native EC2
  • Note: - Citrix Provisioning Service (PVS) is NOT supported on native EC2
  • Larger Amazon EC2 footprint with higher compute and storage costs
  • Need to ensure sufficient EC2 capacity in target region
  • Citrix & AWS’ leading best practice for customers recommends avoiding a full lift and shift due to the considerations outlined above

Licensing Requirements

  • M365 - Customers are prohibited from running their M365 or O365 licenses with Citrix on EC2 as per Microsoft's October 1, 2019 licensing changes. Prior to these changes customers were entitled to bring both M365 or O365 to dedicated infrastructure.
  • Microsoft Windows Server - EC2 instances include the license fee as part of public pricing – known as License Included (LI) EC2 instances. Alternatively, customers can choose bring their own (BYOL) server licenses. See the AWS Microsoft Licensing on AWS documentation for details
  • Windows 10/11 - Microsoft requires VDA E3/E5 user licenses (purchased under subscription from Microsoft) for Windows Desktop Client BYOL on AWS. Dedicated infrastructure is also a requirement, and options include EC2 Dedicated Host, EC2 Dedicated Instance
  • Microsoft SQL Server– customer can BYOL SQL licenses (with Active Software Assurance or eligible subscriptions) or choose license included SQL AMI’s, additionally customers can consider Amazon RDS for SQL Server. Amazon RDS SQL Server supports License Included only (except RDS Custom for SQL Server).
  • Citrix - required per user/per device, review the current Citrix documentation to ensure entitlement to use Citrix in Public Cloud
  • ADC Gateway (HDX Proxy) - customers can choose to bring their perpetual license or purchase through AWS MarketPlace utility license model
Citrix on EC2 Licensing Requirements
Figure 3: Citrix on EC2 Licensing Requirements

Citrix DaaS with Resource Location on EC2

Using Citrix DaaS with Resource Locations on EC2, the Control Plane is delivered by Citrix cloud whilst the VDA session hosts run on AWS EC2. Citrix Cloud Connectors act as a proxy for the communications between AWS and the Citrix Cloud control plane. At least two Cloud Connectors in each resource location are required in order to ensure a highly available connection with Citrix Cloud.

Architecture

Citrix DaaS with Resource Location on EC2 Architecture
Figure 4: Citrix DaaS with Resource Location on EC2 Architecture
Advantages
  • Citrix Cloud manages & maintains control plane components e.g., brokers, licenses, authentication
  • Significantly fewer Citrix control plane components drives a lower cost of deployment
  • Citrix's managed brokering service (DaaS) includes the Citrix AutoScale feature. This provides built-in VDA capacity and cost management capabilities which can result in substantial savings
  • Customers can leverage AWS Managed Services such as Amazon FSx, AWS Managed AD, Amazon RDS
  • Virtual Apps and Desktops workloads can be deployed on EC2, on-premise or in a hybrid deployment model
  • Subscription based licensing model
  • Fastest route to Citrix on AWS with lowest ongoing maintenance model
  • Solution can run offline if Citrix Cloud or DaaS control plane is unavailable
Considerations
  • Select the most appropriate regional Citrix Cloud control plane location, typically the one closest to the highest user population
  • Consider Citrix Cloud resource location alignment with AWS Regions and Availability Zones to meet your specific resilience and recovery requirements
  • The Gateway Service can be used to remove the need to deploy StoreFront and Citrix Gateway but this service does not provide the same level of customization and features as a StoreFront or Gateway hosted on EC2
  • Citrix hosted StoreFront and Gateway services require Citrix Federated Authentication (FAS) to federate SAML logon to VDA with Single Sign-On (virtual smartcard logon)
  • Citrix Rendezvous can be implemented to eliminate scalability concerns if using the Cloud Connectors as a proxy for HDX connections
  • Citrix DaaS can utilize customer managed StoreFront and Gateway on EC2 if required
  • Citrix Machine Creation Service (MCS) is supported on native EC2
    • Note: - Citrix Provisioning Service (PVS) is NOT supported on native EC2
  • Citrix Machine Creation Services (MCS) IS supported on native EC2
  • Need to ensure sufficient EC2 capacity in target region for VDAs

Licensing Requirements

· M365 - Customers are prohibited from running their M365 or O365 licenses with Citrix on EC2 as per Microsoft's October 1, 2019 licensing changes. Prior to these changes customers were entitled to bring both M365 or O365 to dedicated infrastructure.
· Microsoft Windows Server - EC2 instances include the license fee as part of public pricing – known as License Included (LI) EC2 instances. Alternatively, customers can choose bring their own (BYOL) server licenses (once inline with Microsoft licensing requirements). See the AWS Microsoft Licensing on AWS documentation for details
· Windows 10/11 - Microsoft requires VDA E3/E5 user licenses (purchased under subscription from Microsoft) for Windows Desktop Client BYOL on AWS. Dedicated infrastructure is also a requirement, and options include EC2 Dedicated Host, EC2 Dedicated Instance
· Microsoft SQL Server– customer can BYOL SQL licenses (with Active Software Assurance or eligible subscriptions) or choose license included SQL AMI’s, additionally customers can consider Amazon RDS for SQL Server. Amazon RDS SQL Server supports License Included only (except RDS Custom for SQL Server).
· Citrix - required per user/per device, review the current Citrix documentation to ensure entitlement to use Citrix in Public Cloud
· ADC Gateway (HDX Proxy) - customers can choose to bring their perpetual license or purchase through AWS MarketPlace utility license model
Citrix DaaS & EC2 Licensing Requirements
Figure 5: Citrix DaaS & EC2 Licensing Requirements

Citrix DaaS with Amazon WorkSpaces Core

With Citrix on WorkSpaces Core (CoWSC) customers continue using their Citrix control plane to provision virtual desktops but they are hosted on Amazon WorkSpaces in the AWS cloud. This approach allows customers to offload the virtual desktop infrastructure to AWS whilst continuing with the familiarity and licensing investment made on Citrix. CoWSC enables customers to continue using Citrix' HDX protocol so no change in end user experience. Additionally, customers can persist with the full portfolio of features HDX has to offer.
This deployment model provides access to a set of WorkSpaces Core API’s that are used to integrate the creation and management of WorkSpaces desktops into Citrix Studio. The creation and maintenance of machine catalogs and delivery groups are hidden from the Citrix administrator.

Architecture

Citrix DaaS with Amazon WorkSpaces Core Architecture
Figure 6: Citrix DaaS with Amazon WorkSpaces Core Architecture
Advantages
  • CoWSC leverages the WorkSpaces Core API which provides communication between the Citrix DaaS and AWS WorkSpaces managed services. As the core infrastructure for these services is managed by the respective vendor, the overheads of management and maintenance are drastically reduced
  • CoWSC pricing is cheaper that standard Amazon WorkSpaces BYOL pricing to accommodate for the dual licensing requirements and data egress costs
  • Customers can bring their existing Windows 10 & Windows 11 licenses to CoWSC, alternatively customers can choose AWS license included Windows Server 2019 & 2022 bundles
  • Customers can bring their existing M365 licenses to run on CoWSC virtual desktops. Eligible M365 licenses include E3/E5, A3/A5, G3/G5, Business Premium. See Microsoft documentation for more details. Note O365 do not qualify and are not permitted as per Microsoft licensing terms.
  • CoWSC offers a portfolio of compute profiles to choose from included GPU enabled G4DN & G4DN Pro bundle types
Considerations
  • Customers must comply with Amazon WorkSpaces BYOL requirement of a minimum of 100 BYOL WorkSpaces per account per region
  • Customers are billed for data egress streaming traffic
  • Citrix Cloud licenses are required - perpetual licenses are not supported due to lack of license mobility
  • Customers must manage and maintain Citrix Cloud connectors on EC2
  • WorkSpaces are AlwaysOn due to lack of power management
  • The WorkSpaces Core API supports an hourly billing model which will allow the ‘Auto-Stop’ WorkSpace type to be supported at a future date

Licensing Requirements

  • Microsoft Windows Server - EC2 instances include the license fee as part of public pricing – known as License Included (LI) EC2.
  • Microsoft Windows Server BYOL - Customers can choose bring their own (BYOL) server licenses. In order to be eligible for BYOL, Windows Server must be brought to Dedicated Hosts (where the total physical cores of the host(s) are made available to the customer because they must license all of the physical cores of the host(s), the version deployed must be 2019 or earlier only, and the licenses must be perpetual (not subscription), and originally purchased before October 1, 2019 (or purchased within a Microsoft EA term that started before October 1, 2019). See the AWS Microsoft Licensing on AWS documentation for details
  • Windows 10/11 - Microsoft requires VDA E3/E5 user licenses (purchased under subscription from Microsoft) for Windows Desktop Client BYOL on AWS. Dedicated infrastructure is also a requirement, and options include EC2 Dedicated Host, EC2 Dedicated Instance
  • Citrix DaaS - Licenses are required per user/per device, review the current Citrix documentation to ensure entitlement to use Citrix in Public Cloud
  • Amazon WorkSpaces – Monthly flat rate pricing at time of writing. See the Amazon WorkSpaces Core Pricing page for details.
  • ADC Gateway (HDX Proxy) - customers can choose to bring their perpetual license or purchase through AWS MarketPlace utility license model
Citrix DaaS on WorkSpaces Core Licensing Requirements
Figure 7: Citrix DaaS on WorkSpaces Core Licensing Requirements

Amazon WorkSpaces

Amazon WorkSpaces enables you to provision virtual, cloud-based Microsoft Windows, Amazon Linux, Red Hat Enterprise Linux or Ubuntu Linux desktops for your users. As an AWS Managed Service, WorkSpaces eliminates the need to procure and deploy hardware or install complex software to make you desktop cloud native. You can quickly add or remove users as your needs change. Users can access their virtual desktops from multiple devices or web browsers. WorkSpaces are all-inclusive virtual desktops that offer both persistent (WorkSpaces Personal) or non-persistent (WorkSpaces Pools) deployment options.

Architecture

Amazon WorkSpaces Architecture
Figure 8: Amazon WorkSpaces Architecture
Advantages
  • Fully managed virtual desktop infrastructure service with a financially backed 99.9% uptime SLA
  • Flexibility to Bring Your Own M365 licenses, see Microsoft's licensing terms for details
  • Simplified virtual desktop management with a choice of both persistent and non-persistent virtual desktops deployment options
  • Scale on demand with flexible, cost-effective pricing
  • Choose from a number of different operating system options including Windows Server, Windows Desktop (BYOL), Amazon Linux, Ubuntu, Red Hat Linux
  • Choose from a portfolio of different hardware options including GPU capable bundles
  • Pay-as-You-Go (PAYG) with On-Demand and Always-On models available
  • Bring Your Own License (BYOL) or License Included (LI) options available for Windows Desktop OS license and RDS CAL
  • Bring Your Own License (BYOL) options are available for Windows Desktop OS and Remote Desktop Services (RDS) User CALs with Software Assurance
  • License Included (LI) options available for Windows Desktop Experience built on Windows Server and Remote Desktop Services (RDS).
  • WorkSpaces Personal offers a persistent dedicated virtual desktop per user – available with Windows Server, Windows Desktop, Ubuntu, Linux
  • WorkSpaces Pools offers a non-persistent dedicated virtual desktop per user – available with Windows Server OS
  • Choice of two streaming protocols when provisioning – WorkSpaces Streaming Protocol (WSP) & PC over IP (PCoIP)
Considerations

Licensing Requirements

Customers can choose from the following licensing options when deploying Amazon WorkSpaces Personal and Amazon WorkSpaces Pools: -
Operating System
  • Windows Server License Included – RDS SAL for each user included in public pricing or BYOL RDS SAL if covered under Microsoft License Mobility
  • Windows 10/11 – BYOL options available for Personal & Pools detailed here
Microsoft Office
  • BYOL M365 licenses on both WorkSpaces Personal & WorkSpaces Pools (A3, A5, E3, E5, G3, G5 & Business Premium). O365 licenses cannot be migrated.
  • Pay as You Go Microsoft Office Licensing with WorkSpaces bundles on both WorkSpaces Personal & WorkSpaces Pools. Office versions include Office 2016, 2019, 2021 Std, 2021 Pro
Amazon WorkSpaces Licensing Requirements
Figure 8: Amazon WorkSpaces Licensing Requirements

Conclusion

As outlined in this article, there are many points to consider as you plan your Citrix on AWS public cloud journey and we've merely skimmed the surface of many deep topics as well as outlined only a few deployment scenarios that customers might consider. To discuss and plan your Citrix migration to AWS it is recommended to reach out to an AWS End User Compute Solutions Architect to discuss best practices for deployment, cost savings and licensing compliance. See our contact page for details on how you can align with an AWS representative.

Authors

Peter Fergus - Pete is a Senior Specialist Solutions Architect based in Dublin, Ireland. Pete has been working with AWS cloud computing services for more than five years and enterprise infrastructure for over fifteen. Pete is passionate about collaborating with customers to help build optimal EUC solutions in AWS Cloud.
Martin Fluck - Martin is a Senior Application Architect for AWS ProServe based in the UK. Martin has been with ProServe for more than five years with thirteen years working in the Enterprise Virtualization and End User Computing space prior. Focusing on Migration and Modernization on AWS, Martin helps customers across a broad range of industries on their journeys to the cloud.
 

Any opinions in this post are those of the individual author and may not reflect the opinions of AWS.

Comments