This blog post was co-authored by Paul Carley, Sr. Product Marketing Manager at Citrix.

With the continued maturation and adoption of cloud services, Citrix is always looking to improve the management experience for admins. Previously, with Microsoft Azure, there was a limit on the number of VMs that could be accommodated in a single resource group. Admins with narrow scoped service principal had to manually forecast the number of resource groups they planned on creating based on the number of VMs, which is time consuming. With the recent updates from Microsoft and enhancements from Citrix Machine Creation Services (MCS), admins can greatly reduce this time-consuming activity. Let’s take a closer look.

Support for Azure Resource Manager is encapsulated in a plugin called AzureRM. To provision machines, the AzureRM plugin needs to be granted access to your subscription via a service principal that has been assigned permissions to access the relevant resources in your Azure subscription.

A service principal’s purpose is similar to a user account. It provides the AzureRM plugin with Azure Active Directory identity credentials for authentication and permission on Azure resources. Service principals are configured using Role Based Access Control (RBAC).

Previously, for narrow-scoped service principals, admins had to forecast and manually create resource groups based on the expected number of machines in a catalog. Azure had a limit of provisioning 800 managed disks, which equates to 240 VMs, in a single resource group.

Azure has now removed that limit and a single resource group can contain infinite images, virtual machines, snapshots, and managed disks, as highlighted here.

Citrix MCS has made an enhancement to ensure admins have a better customer experience.

  • For full-scoped service principals, when admins create a machine catalog, it will result in only a single resource group being created for the entire life of the catalog, no matter how many additional updates are made or machines are added.
  • For narrow-scoped service principals, admins need to only supply a single empty pre-created resource group for the entire life cycle of the catalog.

To learn more about service principals and how to create them, check out this blog post. Please note, the Citrix Studio UI will still provide the ability to choose multiple resource groups, but MCS will use only one resource group. This Studio UI capability will be changed in an upcoming release.

For customers with existing machine catalogs that use multiple resource groups, MCS will select the resource group with the most storage accounts and continue provisioning VMs within that resource group.

The AzureRM plugin will create the necessary infrastructure in each resource group consisting of storage accounts, security groups, network interfaces, and virtual machines. Storage accounts are created on demand, as needed, when and if machines are added to the catalog. Once a storage account has been created, it is not deleted until the catalog is deleted.

The advent of single resource group provides security and cost benefits, as well. Previously, with multiple resource groups, admins had to dig through all the resource groups and tag the resources to track cost. With the availability of Single Resource Group, admins are now able to effectively add tags to only one resource group and all resources within that resource group inherit that tag. This helps organizations track cost and ensure security protocols are followed.

For full guidance on Citrix Virtual Apps and Desktops service on Azure, check out our Citrix Virtual Apps and Desktops Service on Azure page on the Citrix Tech Zone.