Jump to content

Deploying Citrix VDA for macOS on AWS EC2 Mac Instances

  • Contributed By: Jiaping Liu Special Thanks To: Chris Li, Yanyan Ding, Steve Beals

Introduction

AWS EC2 supports launching Mac instances from a custom base image. The succeeding instances will inherit the same applications and configurations. Hence, installing and pre-configuring Citrix Virtual Delivery Agent for macOS (Mac VDA) in a custom base image for further volume deployment can be automated without any manual intervention, providing enterprise administrators ultimate flexibility in their daily workflows. The following steps are covered in this guide:

  • Launch a new Mac instance from AWS EC2.
  • Install and configure Mac VDA on this instance.
  • Set the essential permissions, such as Screen Recording and Accessibility enabled for the instance.
  • Create a custom base image from this instance.
  • The base image can be used to create new Mac instances in AWS EC2
  • On new instances, enroll Mac VDA to CVAD or DaaS.
    • This can be automated by integrating with MDM solutions such as Jamf Pro

AWS EC2 supports automatic enrollments into Jamf Pro when creating a new instance. Combined with the Jamf PRO guide in the Mac VDA product document, enterprises can now deploy Citrix VDA for macOS with “zero-touch.”

Prerequisites

This guide uses Citrix DaaS as the deployment option. Mac VDA needs to communicate with Citrix Cloud for registration and HDX traffic (when Rendezvous is enabled). Follow the Rendezvous V2 | Citrix DaaS to configure firewalls in the Amazon VPC.

Creating an Amazon EC2 Mac instance

To create an Amazon EC2 Mac instance from instance family mac2, which is M1/M2 Mac, follow this guide to launch and connect to an Amazon EC2 Mac instance through SSH. Then, follow this guide to enable GUI access to this Mac instance.

We will install Mac VDA and perform some basic configurations on this instance. This instance will be used to create an Amazon Machine Image (AMI), so the subsequent instances from this image will automatically have Mac VDA installed and configured.

Installing Mac VDA on the Mac instance

First, we need to upload the Mac VDA install package to the Mac instance using the following command:

$ scp -i /path/to/your/private/key/file mac-vda.dmg ec2-user@mac-instance-fqdn-or-ip-address:/Users/ec2-user/

Once the package is copied, we can access the Mac instance using a VNC client and install Mac VDA.

Important:

DO NOT try to enroll the VDA into Citrix DaaS.

 

  1. Install dotnet 8.0 by downloading .NET Runtime 8.0 installer for macOS.
  2. Run the install package to install Mac VDA to the system.
  3. Enable Screen & System Audio Recording for the Citrix Graphics Service.image.png
  4. Enable Accessibility for Citrix Input Service.

image.png

Refer to the installation guide for additional details.

(Optional) Enrolling the Mac instance into Jamf Pro

Follow this guide to preconfigure some profiles, restrictions, or apps on this Mac instance with Jamf Pro.

Creating an Amazon Machine Image based on the Mac instance

Creating an image of an EC2 Mac instance allows you to launch new instances.

  1. In the AWS console, click Amazon EC2, Instances, and the running instance in the list.
  2. Click Actions > Image > Templates, and finally, the Create image button at the bottom right.
  3. If No Reboot is checked, the instance will not reboot before creating the image and will create the image in the background. If Delete on termination is checked, new instances launched from this image will not have their root volume deleted when the instance is terminated.

image.png

Creating a new Amazon EC2 Mac instance from the AMI

Once the AMI is created, we can then create a new instance from this AMI. The new instance will have Mac VDA installed and configured automatically.

Enrolling Mac VDA into Citrix DaaS

Mac VDA needs to be enrolled into Citrix DaaS before it can be launched from a storefront or workspace. You need to create an enrollment token from the Citrix Cloud console or Citrix Web Studio.

See Prepare Installation Non-Domain joined VDAs | Citrix Virtual Delivery Agent for macOS on creating an enrollment token.

Once an enrollment token has been created, you can then enroll Mac VDA from the VDA Configuration app.

image.png

If you use Jamf Pro to manage these subsequent instances, you can also deploy and run a script to complete the enrollment automatically from Jamf Pro onto this instance.

# /opt/Citrix/VDA/bin/VdaEnrollmentTool -EnrollmentToken:<your-enrollment-token> -Restart

Refer to Example using UEM / MDM | Citrix Virtual Delivery Agent for macOS for more details.

Once the VDA is enrolled, admins can create delivery groups to publish this VDA to users.

(Optional) Connecting Amazon VPC and Your Remote Network

If you want users to access Mac VDAs from your internal corporate network via a NetScaler Gateway or Citrix Virtual Apps and Desktops instead of Citrix DaaS, you must connect the Amazon VPN and your corporate network. See Amazon Virtual Private Cloud Connectivity Options for details and instructions on this.


User Feedback


There are no comments to display.



Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...