When you are using VMWare ESX as Hypervisor you need to configure some setting on the Desktop Delivery Controller and on the VCenter server before you can add the VMWare vCenter host to the XenDesktop environment. First you need to create a user or a role where you can add multiple users in the vCenter environment. In the following steps I explain how to create a Role with all the necessary right.
Create Security Role vCenter
Based on the following Article: Using VMware with XenDesktop provided by Citrix, I create a new role which I will name XenDesktop. Then I added the appropriate settings as described in the following table:
Datastore.AllocateSpace | Datastore > Allocate space |
Datastore.Browse | Datastore > Browse datastore |
Datastore.FileManagement | Datastore > Low level file operations |
Network.Assign | Network > Assign network |
Resource.AssignVMToPool | Resource > Assign virtual machine to resource pool |
System.Anonymous | Added automatically. |
System.Read | Added automatically. |
System.View | Added automatically. |
Task.Create | Tasks > Create task |
VirtualMachine.Config.AddRemoveDevice | Virtual machine > Configuration > Add or remove device |
VirtualMachine.Config.AddExistingDisk | Virtual machine > Configuration > Add existing disk |
VirtualMachine.Config.AddNewDisk | Virtual machine > Configuration > Add new disk |
VirtualMachine.Config.CPUCount | Virtual machine > Configuration > Change CPU Count |
VirtualMachine.Config.Memory | Virtual machine > Configuration > Memory |
VirtualMachine.Config.RemoveDisk | Virtual machine > Configuration > Remove disk |
VirtualMachine.Config.Resource | Virtual machine > Configuration > Change resource |
VirtualMachine.Interact.PowerOff | Virtual machine > Interaction > Power Off |
VirtualMachine.Interact.PowerOn | Virtual machine > Interaction > Power On |
VirtualMachine.Interact.Reset | Virtual machine > Interaction > Reset |
VirtualMachine.Interact.Suspend | Virtual machine > Interaction > Suspend |
VirtualMachine.Inventory.Create | Virtual machine > Inventory > Create new |
VirtualMachine.Inventory.CreateFromExisting | Virtual machine > Inventory > Create from existing |
VirtualMachine.Inventory.Delete | Virtual machine > Inventory > Remove |
VirtualMachine.Inventory.Register | Virtual machine > Inventory > Register |
VirtualMachine.Provisioning.Clone | Virtual machine > Provisioning > Clone virtual machine |
VirtualMachine.Provisioning.DiskRandomAccess | Virtual machine > Provisioning > Allow disk access |
VirtualMachine.Provisioning.GetVmFiles | Virtual machine > Provisioning > Allow virtual machine download |
VirtualMachine.Provisioning.PutVmFiles | Virtual machine > Provisioning > Allow virtual machine files upload |
VirtualMachine.Provisioning.DeployTemplate | Virtual machine > Provisioning > Deploy template |
VirtualMachine.Provisioning.MarkAsVM | Virtual machine > Provisioning > Mark as virtual machine |
VirtualMachine.State.CreateSnapshot | Virtual machine > State > Create snapshot |
VirtualMachine.State.RemoveSnapshot | Virtual machine > State > Remove snapshot |
VirtualMachine.State.RevertToSnapshot | Virtual machine > State > Revert to snapshot |
All the above settings are applied in the “Add New Role” screen as you can see below. I didn’t add all screenshot because that’s too much.
If you want XenDesktop to tag VMs you create, the user account must also have the following permissions:
Global.ManageCustomFields | Global > Manage custom attributes |
Global.SetCustomField | Global > Set custom attribute |
After I applied the settings I need to add a User to vCenter and give the user the XenDesktop Role. When logged in to vCenter go to the Datacenter and the go to permissions and add the user, then select the XenDesktop role and click OK.
Now the configured user has the rights to perform the necessary processes with in vCenter. But before we now can add the vCenter host to the Desktop Delivery Controller we need to install the certificate of the vCenter environment on the Desktop Delivery Controller server. To accomplish that we logon to the Desktop Delivery Server and open a browser and goto the following address:
Https://NameOfVcenterSever.domain/
[update] first add the address to the trusted sites within IE. When you don’t you can’t install the certificate.
You will receive a certificate error but select continue and then select the certificate and install it into the following Certificate store: Trusted People\Local Computer.
Now you can add the vCenter host to the Desktop Delivery Controller without receiving errors.