page_title | subcategory | description |
---|---|---|
citrix_delivery_group Resource - citrix |
CVAD |
Manages a delivery group. |
Manages a delivery group.
resource "citrix_delivery_group" "example-delivery-group" {
name = "example-delivery-group"
associated_machine_catalogs = [
{
machine_catalog = citrix_machine_catalog.example-azure-mtsession.id
machine_count = 1
}
]
desktops = [
{
published_name = "Example Desktop"
description = "Description for example desktop"
restricted_access_users = {
allow_list = [
"user1@example.com"
]
block_list = [
"user2@example.com",
]
}
enabled = true
enable_session_roaming = false
}
]
autoscale_settings = {
autoscale_enabled = true
restrict_autoscale_tag = "example-tag"
peak_restrict_min_idle_untagged_percent = 10
off_peak_restrict_min_idle_untagged_percent = 10
disconnect_peak_idle_session_after_seconds = 3600
log_off_peak_disconnected_session_after_seconds = 3600
peak_log_off_action = "Nothing"
power_time_schemes = [
{
days_of_week = [
"Monday",
"Tuesday",
"Wednesday",
"Thursday",
"Friday"
]
name = "weekdays test"
display_name = "weekdays schedule"
peak_time_ranges = [
"09:00-17:00"
]
pool_size_schedules = [
{
time_range = "00:00-00:00",
pool_size = 1
}
]
pool_using_percentage = false
},
]
}
restricted_access_users = {
allow_list = [
"user1@example.com"
]
block_list = [
"user2@example.com",
]
}
reboot_schedules = [
{
name = "example_reboot_schedule_weekly"
reboot_schedule_enabled = true
frequency = "Weekly"
frequency_factor = 1
days_in_week = [
"Monday",
"Tuesday",
"Wednesday"
]
start_time = "12:12"
start_date = "2024-05-25"
reboot_duration_minutes = 0
ignore_maintenance_mode = true
natural_reboot_schedule = false
},
{
name = "example_reboot_schedule_monthly"
description = "example reboot schedule"
reboot_schedule_enabled = true
frequency = "Monthly"
frequency_factor = 2
week_in_month = "First"
day_in_month = "Monday"
start_time = "12:12"
start_date = "2024-04-21"
ignore_maintenance_mode = true
reboot_duration_minutes = 120
natural_reboot_schedule = false
reboot_notification_to_users = {
notification_duration_minutes = 15
notification_message = "test message"
notification_title = "test title"
notification_repeat_every_5_minutes = true
}
}
]
minimum_functional_level = "L7_20"
app_protection = {
# apply_contextually = [
# {
# policy_name = "Citrix Gateway connections"
# enable_anti_key_logging = true
# enable_anti_screen_capture = false
# },
# {
# policy_name = "test_access_policy"
# enable_anti_key_logging = true
# enable_anti_screen_capture = false
# }
# ]
enable_anti_key_logging = true
enable_anti_screen_capture = true
}
default_access_policies = [
{
name = "Citrix Gateway Connections"
enabled = true
allowed_connection = "ViaAG"
enable_criteria_for_include_connections = true
enable_criteria_for_exclude_connections = true
include_connections_criteria_type = "MatchAny"
},
{
name = "Non-Citrix Gateway Connections"
enabled = true
allowed_connection = "NotViaAG"
enable_criteria_for_include_connections = false
enable_criteria_for_exclude_connections = true
}
]
custom_access_policies = [
{
name = "test_access_policy"
enabled = true
allowed_connection = "ViaAG"
enable_criteria_for_include_connections = true
enable_criteria_for_exclude_connections = true
include_connections_criteria_type = "MatchAny"
include_criteria_filters = [
{
filter_name = "test"
filter_value = "test"
},
]
exclude_criteria_filters = [
{
filter_name = "test"
filter_value = "test"
},
]
}
]
}
name
(String) Name of the delivery group.
allow_anonymous_access
(Boolean) Give access to unauthenticated (anonymous) users. When set toTrue
, no credentials are required to access StoreFront.
~> Please Note This feature requires a StoreFront store for unauthenticated users.
app_protection
(Attributes) App Protection, an add-on feature for the Citrix Workspace app, provides enhanced security for Citrix published apps and desktops. The feature provides anti-keylogging and anti-screen capture capabilities for client sessions, helping protect data from keyloggers and screen scrapers.
~> Please Note Before using the feature, make sure that these requirements are met. (see below for nested schema)
associated_machine_catalogs
(Attributes Set) Machine catalogs from which to assign machines to the newly created delivery group. (see below for nested schema)autoscale_settings
(Attributes) The power management settings governing the machine(s) in the delivery group. (see below for nested schema)custom_access_policies
(Attributes List) Custom Access Policies for the delivery group. To manage built-in access policies use thedefault_access_policies
instead. (see below for nested schema)default_access_policies
(Attributes List) Manage built-in Access Policies for the delivery group. These are the Citrix Gateway Connections (via Access Gateway) and Non-Citrix Gateway Connections (not via Access Gateway) access policies.
~> Please Note Default Access Policies can only be modified; they cannot be deleted. If using this property, both default policies have to be specified.
-> Note Use Citrix Gateway connections
as the name for the default policy that is Via Access Gateway and Non-Citrix Gateway connections
as the name for the default policy that is Not Via Access Gateway. (see below for nested schema)
default_desktop_icon
(String) The id of the icon to be used as the default icon for the desktops in the delivery group.
~> Please Note This option is only supported for Citrix Cloud Customer
delivery_group_folder_path
(String) The path of the folder in which the delivery group is located.delivery_type
(String) Delivery type of the delivery group. Available values areDesktopsOnly
,AppsOnly
, andDesktopsAndApps
. Defaults toDesktopsOnly
for Delivery Groups with associated Machine Catalogs that haveallocation_type
set toStatic
and for Delivery Groups that havesharing_kind
set toprivate
. Otherwise defaults to `DesktopsAndAppsdescription
(String) Description of the delivery group.desktops
(Attributes List) A list of Desktop resources to publish on the delivery group. Only 1 desktop can be added to a Remote PC Delivery Group. (see below for nested schema)enabled
(Boolean) Whether the delivery group is enabled or not. Defaults totrue
.make_resources_available_in_lhc
(Boolean) In the event of a service disruption or loss of connectivity, select if you want Local Host Cache to keep resources in the delivery group available to launch new sessions. Existing sessions are not impacted.
~> Please Note This setting only impacts Single Session OS Random (pooled) desktops which are power managed. LHC is always enabled for Single Session OS static and Multi Session OS desktops.
-> Note When set to true
, machines will remain available and allow new connections and changes to the machine caused by a user might be present in subsequent sessions. When set to false
, machines in the delivery group will be unavailable for new connections during a Local Host Cache event.
metadata
(Attributes List) Metadata for the Delivery Group. (see below for nested schema)minimum_functional_level
(String) Specifies the minimum functional level for the VDA machines in the delivery group. Defaults toL7_20
.reboot_schedules
(Attributes List) The reboot schedule for the delivery group. (see below for nested schema)restricted_access_users
(Attributes) Restrict access to this Delivery Group by specifying users and groups in the allow and block list. If no value is specified, all authenticated users will have access to this Delivery Group. To give access to unauthenticated users, use theallow_anonymous_access
property. (see below for nested schema)scopes
(Set of String) The IDs of the scopes for the delivery group to be a part of.session_support
(String) The session support for the delivery group. Can only be set toSingleSession
orMultiSession
. Specify only if you want to create a Delivery Group without anyassociated_machine_catalogs
. Ensure session support is same as that of the prospective Machine Catalogs you will associate this Delivery Group with.sharing_kind
(String) The sharing kind for the delivery group. Can only be set toShared
orPrivate
. Specify only if you want to create a Delivery Group wthout anyassociated_machine_catalogs
.storefront_servers
(Set of String) A list of GUID identifiers of StoreFront Servers to associate with the delivery group.tags
(Set of String) A set of identifiers of tags to associate with the delivery group.
built_in_scopes
(Set of String) The IDs of the built-in scopes of the delivery group.id
(String) GUID identifier of the delivery group.inherited_scopes
(Set of String) The IDs of the inherited scopes of the delivery group.tenants
(Set of String) A set of identifiers of tenants to associate with the delivery group.total_machines
(Number) The total number of machines in the delivery group.
Optional:
apply_contextually
(Attributes List) Implement contextual App Protection using the connection filters defined in the Access Policy rule. (see below for nested schema)enable_anti_key_logging
(Boolean) When enabled, anti-keylogging is applied when a protected window is in focus.enable_anti_screen_capture
(Boolean) Specify whether to use anti-screen capture.
-> Note For Windows and macOS, only the window with protected content is blank. Anti-screen capture is only applied when the window is open. For Linux, the entire screen will appear blank. Anti-screen capture is only applied when the window is open or minimized.
Required:
enable_anti_key_logging
(Boolean) When enabled, anti-keylogging is applied when a protected window is in focus.enable_anti_screen_capture
(Boolean) Specify whether to use anti-screen capture.
-> Note For Windows and macOS, only the window with protected content is blank. Anti-screen capture is only applied when the window is open. For Linux, the entire screen will appear blank. Anti-screen capture is only applied when the window is open or minimized.
policy_name
(String) The name of the policy.
-> Note To refer to default policies, use Citrix Gateway connections
as the name for the default policy that is Via Access Gateway and Non-Citrix Gateway connections
as the name for the default policy that is Not Via Access Gateway.
Required:
machine_catalog
(String) Id of the machine catalog from which to add machines.machine_count
(Number) The number of machines to assign from the machine catalog to the delivery group.
Required:
autoscale_enabled
(Boolean) Whether auto-scale is enabled for the delivery group.
Optional:
disconnect_off_peak_idle_session_after_seconds
(Number) Specifies the time in seconds after which an idle session belonging to the delivery group is disconnected during off-peak time.disconnect_peak_idle_session_after_seconds
(Number) Specifies the time in seconds after which an idle session belonging to the delivery group is disconnected during peak time.log_off_off_peak_disconnected_session_after_seconds
(Number) Specifies the time in seconds after which a disconnected session belonging to the delivery group is terminated during off peak time.log_off_peak_disconnected_session_after_seconds
(Number) Specifies the time in seconds after which a disconnected session belonging to the delivery group is terminated during peak time.log_off_reminder_enabled
(Boolean) Indicates whether log off reminder is enabled. Defaults tofalse
.log_off_reminder_message
(String) The message to be displayed in the log off reminder.log_off_reminder_title
(String) The title of the log off reminder.log_off_warning_message
(String) The message to be displayed in the log off warning.log_off_warning_title
(String) The title of the log off warning.off_peak_buffer_size_percent
(Number) The percentage of machines in the delivery group that should be kept available in an idle state outside peak hours.off_peak_disconnect_action
(String) The action to be performed after a configurable period of a user session disconnecting outside peak hours. Choose betweenNothing
,Suspend
, andShutdown
. Default isNothing
.off_peak_disconnect_timeout_minutes
(Number) The number of minutes before the configured action should be performed after a user session disconnectts outside peak hours.off_peak_extended_disconnect_action
(String) The action to be performed after a second configurable period of a user session disconnecting outside peak hours. Choose betweenNothing
,Suspend
, andShutdown
. Default isNothing
.off_peak_extended_disconnect_timeout_minutes
(Number) The number of minutes before the second configured action should be performed after a user session disconnects outside peak hours.off_peak_limit_seconds_to_force_log_off_user
(Number) Limit in seconds to force log off user after user logs off from their sessions during off-peak hours. Defaults to0
.off_peak_log_off_action
(String) The action to be performed after a configurable period of a user session ending outside peak hours. Choose betweenNothing
,Suspend
, andShutdown
. Default isNothing
.off_peak_log_off_reminder_interval
(Number) The interval in seconds at which the log off reminder is sent during off-peak hours. Defaults to0
.off_peak_log_off_timeout_minutes
(Number) The number of minutes before the configured action should be performed after a user session ends outside peak hours.off_peak_restrict_min_idle_untagged_percent
(Number) Specifies the percentage of remaining untagged capacity to fall below to start powering on tagged machines during off peak hours.
~> Please Note This setting is only applicable when the restrict_autoscale_tag
is set.
peak_autoscale_assigned_power_on_idle_action
(String) The action to be performed on an assigned machine previously started by autoscale that subsequently remains unused. Choose betweenNothing
,Suspend
, andShutdown
. Default isNothing
.peak_autoscale_assigned_power_on_idle_timeout_minutes
(Number) The number of minutes before the configured action is performed on an assigned machine previously started by autoscale that subsequently remains unused.peak_buffer_size_percent
(Number) The percentage of machines in the delivery group that should be kept available in an idle state in peak hours.peak_disconnect_action
(String) The action to be performed after a configurable period of a user session disconnecting in peak hours. Choose betweenNothing
,Suspend
, andShutdown
. Default isNothing
.peak_disconnect_timeout_minutes
(Number) The number of minutes before the configured action should be performed after a user session disconnects in peak hours.peak_extended_disconnect_action
(String) The action to be performed after a second configurable period of a user session disconnecting in peak hours. Choose betweenNothing
,Suspend
, andShutdown
. Default isNothing
.peak_extended_disconnect_timeout_minutes
(Number) The number of minutes before the second configured action should be performed after a user session disconnects in peak hours.peak_limit_seconds_to_force_log_off_user
(Number) Limit in seconds to force log off user after user logs off from their sessions during peak hours. Defaults to0
.peak_log_off_action
(String) The action to be performed after a configurable period of a user session ending in peak hours. Choose betweenNothing
,Suspend
, andShutdown
. Default isNothing
.peak_log_off_reminder_interval
(Number) The interval in seconds at which the log off reminder is sent during peak hours. Defaults to0
.peak_log_off_timeout_minutes
(Number) The number of minutes before the configured action should be performed after a user session ends in peak hours.peak_restrict_min_idle_untagged_percent
(Number) Specifies the percentage of remaining untagged capacity to fall below to start powering on tagged machines during peak hours.
~> Please Note This setting is only applicable when the restrict_autoscale_tag
is set.
power_off_delay_minutes
(Number) Delay before machines are powered off, when scaling down. Specified in minutes.
~> Please Note Applies only to multi-session machines.
-> Note By default, the power-off delay is 30 minutes. You can set it in a range of 0 to 60 minutes.
power_time_schemes
(Attributes List) Power management time schemes.
~> Please Note It is not allowed to have more than one power time scheme that cover the same day of the week for the same delivery group. (see below for nested schema)
restrict_autoscale_tag
(String) Name of the tag on the machines that autoscale will apply on.timezone
(String) The time zone in which this delivery group's machines reside.
Required:
days_of_week
(Set of String) The pattern of days of the week that the power time scheme covers.display_name
(String) The name of the power time scheme as displayed in the console.peak_time_ranges
(Set of String) Peak time ranges during the day. e.g. 09:00-17:00pool_using_percentage
(Boolean) Indicates whether the integer values in the pool size array are to be treated as absolute values (if this value isfalse
) or as percentages of the number of machines in the delivery group (if this value istrue
).
Optional:
pool_size_schedules
(Attributes List) Pool size schedules during the day. Each is specified as a time range and an indicator of the number of machines that should be powered on during that time range.
~> Please Note Do not specify schedules when no machines should be powered on. (see below for nested schema)
Required:
pool_size
(Number) The number of machines (either as an absolute number or a percentage of the machines in the delivery group, depending on the value of PoolUsingPercentage) that are to be maintained in a running state, whether they are in use or not.time_range
(String) Time range during which the pool size applies.
-> Note Time range format is HH:mm-HH:mm
, e.g. 09:00-17:00
Required:
allowed_connection
(String) The behavior of the include filter. Choose betweenFiltered
,ViaAG
, andNotViaAG
.enable_criteria_for_exclude_connections
(Boolean) Whether to enable criteria for exclude connections.enable_criteria_for_include_connections
(Boolean) Whether to enable criteria for include connections.name
(String) The name of the access policy.
-> Note For default_access_policies, use Citrix Gateway connections
as the name for the policy that is Via Access Gateway and Non-Citrix Gateway connections
as the name for the policy that is Not Via Access Gateway.
Optional:
enabled
(Boolean) Whether the access policy is enabled. Default istrue
.exclude_criteria_filters
(Attributes List) The list of filters that meet the criteria for exclude connections. (see below for nested schema)include_connections_criteria_type
(String) The type of criteria for include connections. Choose betweenMatchAny
andMatchAll
.include_criteria_filters
(Attributes List) The list of filters that meet the criteria for include connections. (see below for nested schema)
Read-Only:
id
(String) ID of the resource location.
Required:
filter_name
(String) The name of the filter.filter_value
(String) The value of the filter.
Required:
filter_name
(String) The name of the filter.filter_value
(String) The value of the filter.
Required:
allowed_connection
(String) The behavior of the include filter. Choose betweenFiltered
,ViaAG
, andNotViaAG
.enable_criteria_for_exclude_connections
(Boolean) Whether to enable criteria for exclude connections.enable_criteria_for_include_connections
(Boolean) Whether to enable criteria for include connections.name
(String) The name of the access policy.
-> Note For default_access_policies, use Citrix Gateway connections
as the name for the policy that is Via Access Gateway and Non-Citrix Gateway connections
as the name for the policy that is Not Via Access Gateway.
Optional:
enabled
(Boolean) Whether the access policy is enabled. Default istrue
.exclude_criteria_filters
(Attributes List) The list of filters that meet the criteria for exclude connections. (see below for nested schema)include_connections_criteria_type
(String) The type of criteria for include connections. Choose betweenMatchAny
andMatchAll
.include_criteria_filters
(Attributes List) The list of filters that meet the criteria for include connections. (see below for nested schema)
Read-Only:
id
(String) ID of the resource location.
Required:
filter_name
(String) The name of the filter.filter_value
(String) The value of the filter.
Required:
filter_name
(String) The name of the filter.filter_value
(String) The value of the filter.
Required:
published_name
(String) A display name for the desktop.
Optional:
description
(String) A description for the published desktop. The name and description are shown in Citrix Workspace app.enable_session_roaming
(Boolean) When enabled, if the user launches this desktop and then moves to another device, the same session is used, and applications are available on both devices. When disabled, the session no longer roams between devices.
~> Please Note Session roaming should be set to false
for Remote PC Delivery Group.
enabled
(Boolean) Specify whether to enable the delivery of this desktop. Default istrue
.restrict_to_tag
(String) Restrict session launch to machines with tag specified in GUID.restricted_access_users
(Attributes) Restrict access to this Desktop by specifying users and groups in the allow and block list. If no value is specified, all users that have access to this Delivery Group will have access to the Desktop.
~> Please Note For Remote PC Delivery Groups desktops, restricted_access_users
has to be set. (see below for nested schema)
Optional:
allow_list
(Set of String) Users who can use this Desktop.
-> Note Users must be in DOMAIN\UserOrGroupName
or user@domain.com
format
block_list
(Set of String) Users who cannot use this Desktop. A block list is meaningful only when used to block users in the allow list.
-> Note Users must be in DOMAIN\UserOrGroupName
or user@domain.com
format
Required:
name
(String) Metadata name.value
(String) Metadata value.
Required:
frequency
(String) The frequency of the reboot schedule. Can only be set toDaily
,Weekly
,Monthly
, orOnce
.frequency_factor
(Number) Repeats every X days/weeks/months. Minimum value is1
.ignore_maintenance_mode
(Boolean) Whether the reboot schedule ignores machines in the maintenance mode.name
(String) The name of the reboot schedule.natural_reboot_schedule
(Boolean) Indicates whether the reboot will be a natural reboot, where the machines will be rebooted when they have no sessions. This should set to false for reboot_duration_minutes to work. Once UseNaturalReboot is set to true, RebootDurationMinutes won't have any effect.reboot_schedule_enabled
(Boolean) Whether the reboot schedule is enabled.start_date
(String) The date on which the reboot schedule starts.
-> Note The date format is YYYY-MM-DD
.
start_time
(String) The time at which the reboot schedule starts.
-> Note The time format is HH:MM
.
Optional:
day_in_month
(String) The day in the month on which the reboot schedule runs monthly. Can only be set toSunday
,Monday
,Tuesday
,Wednesday
,Thursday
,Friday
, orSaturday
.days_in_week
(Set of String) The days of the week on which the reboot schedule runs weekly. Can only be set toSunday
,Monday
,Tuesday
,Wednesday
,Thursday
,Friday
, orSaturday
.description
(String) The description of the reboot schedule.reboot_duration_minutes
(Number) Restart all machines within x minutes. 0 means restarting all machines at the same time. To restart machines after draining sessions, set natural_reboot_schedule to true instead.reboot_notification_to_users
(Attributes) The reboot notification for the reboot schedule.
~> Please Note Not available for natural reboot. (see below for nested schema)
restrict_to_tag
(String) Restrict reboot schedule to machines with tag specified in Guid.week_in_month
(String) The week in the month on which the reboot schedule runs monthly. Can only be set toFirst
,Second
,Third
,Fourth
, orLast
.
Required:
notification_duration_minutes
(Number) Send notification to users X minutes before user is logged off. Can only be0
,1
,5
or15
.0
means no notification.notification_message
(String) The message to be displayed to users before they are logged off.notification_title
(String) The title to be displayed to users before they are logged off.
Optional:
notification_repeat_every_5_minutes
(Boolean) Repeat notification every 5 minutes.
~> Please Note notification repeat is available only when notification_duration_minutes
is set to 15
.
Optional:
allow_list
(Set of String) Users who can use this Delivery Group.
-> Note Users must be in DOMAIN\UserOrGroupName
or user@domain.com
format
block_list
(Set of String) Users who cannot use this Delivery Group. A block list is meaningful only when used to block users in the allow list.
-> Note Users must be in DOMAIN\UserOrGroupName
or user@domain.com
format
Import is supported using the following syntax:
# Delivery Group can be imported by specifying the GUID
terraform import citrix_delivery_group.example-delivery-group a92ac0d6-9a0f-477a-a504-07cae8fccb81