Hosting Citrix Virtual Desktops on AWS Outposts
In this blog
Of the many potential use cases for AWS Outposts, one of the most intriguing is its ability to support local GPU-enabled virtual desktops to support professional graphics applications that require low latency access to on-premises systems.
Put simply, an AWS Outpost is a fully managed service that allows you to host AWS infrastructure (compute and storage) and services (EC2, EBS, RDS, S3, EKS, etc.) in virtually any data center or on-premises facility. An AWS Outpost enables an organization to manage their on-premises environment using the same AWS tools, APIs and services they use in the cloud today and is ideal for:
- Workloads that require low latency access to on-premises resources.
- Local data processing.
- Data resiliency.
Today, an AWS Outpost is delivered to you from AWS as a 42U rack that can be expanded to 96 racks, should you need additional compute and storage capacity. At Re:Invent 2020, AWS announced that in 2021, Outposts will be available in 1U and 2U small form factors for locations with limited space or environment capabilities.
AWS created the AWS Outposts Ready designation to recognize solutions that have been tested and validated by AWS to work on AWS Outposts. Citrix has been fully tested and has demonstrated successful integration with AWS Outposts deployments. Perhaps surprisingly, Amazon WorkSpaces is not currently supported on AWS Outposts and at the time of this writing, Citrix is the only VDI vendor that has achieved the AWS Outposts Ready designation.
Though Citrix may be the only Outposts ready VDI solution today, a reasonable expectation would be that other VDI solutions such as Amazon's native WorkSpaces and AppStream would follow suit. Perhaps even VMware Horizon, with the upcoming introduction of VMware Cloud on AWS Outposts, will soon be available. Be sure to regularly check the WWT platform for new content as new services and solutions become Outposts Ready!
At WWT, our Advanced Technology Center (ATC) is an "innovation ecosystem" that allows us to design, build and test the latest technology products and solutions. We, and especially our customers, are fortunate to have an AWS Outpost within the ATC which allows us to quickly test architectural designs and deployment scenarios.
In terms of deployment, Citrix is certainly flexible enough to support a desktop and publishing infrastructure with components in multiple locations. Citrix resources could have been deployed in the "local" data center or the AWS region, but for the purposes of testing an Outposts-based Citrix VDI platform from the local ATC data center, a new Citrix environment was deployed with all components running and hosted on the AWS Outpost.
A high-level architecture of the Citrix environment that was deployed and tested on Outposts is shown below. Most virtual machines were deployed using m5.large instances while the graphics instance was deployed using a g4dn.xlarge instance, which includes an Nvidia T4 GPU to support workloads using graphics applications.
Accessing Citrix resources hosted on AWS Outpost — this is where the fun really starts. It's important to understand, at least in some measure, the Outpost networking components called the local gateway and the customer-owned IP address pool.
Each Outpost supports a single local gateway which serves two purposes. First, any network traffic originating on the Outpost and destined for the local data center will use the local gateway as the target for that traffic. Second, should a local resource want to communicate with an instance hosted on the Outpost, the local gateway performs NAT for any instances that have been assigned an address from the customer-owned IP pool.
A high-level functional overview of the AWS Outposts networking and local gateway components are shown below.
During the Outpost installation process, you are required to provide a CIDR block to serve as the customer-owned IP (CoIP) pool. This CIDR block is assigned to the local gateway for use and is advertised to the on-prem network via BGP. IP addresses from this block are then assigned to resources on your Outpost. Perhaps a very simple example would be helpful to reinforce the concept. When the Outposts-based EC2 instance communicates with the local data center, it will traverse the local gateway and it gets translated to the CoIP of 10.23.7.44. When a local server wants to communicate with instances on the Outpost, the traffic traverses the on-prem network using the CoIP and is translated back to the 172.16.3.23 address at the local gateway to reach the Outpost instance.
What impact does the local gateway and NAT have on Citrix connectivity? To support NAT through the local gateway, local users must access published resources using a CoIP assigned to an ENI connected to a Citrix NetScaler.
In this instance shown below, a NetScaler with (3) elastic network interfaces (ENIs) was deployed and an IP address from the CoIP was assigned to eth2. A new host record for that IP address was added into DNS to allow local on-prem users to connect to Citrix resources using an easy to remember FQDN by which to access their GPU-enabled virtual desktops and/or published applications.
- eth0 Subnet IP (SNIP) on "Servers" subnet to provide access to Citrix servers.
- eth1 NetScaler IP (NSIP) on "Mgmt" subnet to provide management GUI access.
- eth2 Virtual IP (VIP-CoIP) on "Clients" subnet – end user entry point to Citrix.
When the basic setup of the ADC VPX has been completed, the Citrix Gateway feature of the VPX can be integrated with XenApp/XenDesktop running on AWS Outposts. As an example below, users will connect to the Outposts-based Citrix environment using the FQDN outpost-apps.outpostsdemo.net, and the Gateway IP Address is the IP assigned to eth2 from Figure #3 above.
Once the integration setup is complete, users can access Outposts-based Citrix resources via the ADC VPX hosted on AWS Outposts.
The intent of this article is to provide a brief overview on how Citrix technologies have been and can be leveraged to provide GPU-enabled virtual desktops or published applications on AWS Outposts.
Earlier in the post, it was mentioned that WWT is fortunate to have an AWS Outpost in our ATC and it's a benefit we like passing on to our customers. Is there a VDI scenario you'd like tested on Outposts? Let us know. Would you like to test the performance of your own applications/desktops hosted on Outposts and accessed via Citrix? Let us know. Partner with WWT to ensure that AWS Outposts is the right solution for your business need.
Finally, be sure to visit WWT's digital platform regularly for the latest articles on AWS Outposts and contact us at firstname.lastname@example.org with any questions regarding this post, to demo AWS Outposts in the WWT ATC or AWS in general.