Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
To connect your Azure subscription to Parallels DaaS, you need to complete several preliminary steps.
You can do this in two ways:
(Recommended) By using a script provided by Parallels
Before configuring prerequisites, make sure that you have the right to create a Standard B1ms instance in your Azure region and subscription.
To configure prerequisites using a script:
Download the PowerShell script from https://github.com/Parallels/Parallels-DaaS.
Log in to Microsoft Azure with an account with the Owner role in your subscription and the Global Administrator role in Microsoft Entra ID. Make sure that MFA for this account is enabled.
Launch the PowerShell script in PowerShell version 7.3 or later.
The script checks which Azure tenants you have access to. Select the Azure Tenant you want to use.
The script checks which Azure subscriptions you have access to. select the Azure Subscription you want to use.
The script checks which regions you are able to deploy the resources in. Select the location you want to use.
Provide the name of the application you want to create.
Provide the name of the resource group that will be used for all infrastructure-related resources.
Provide the name of the resource group that will be used for all virtual machines.
(Optional) Provide the name of the Azure Key Vault to create. The App Registration secret will be safely stored in this Azure Key Vault. This name needs to be unique in Azure globally.
Log in to the Microsoft Azure portal.
Open the portal menu and select Microsoft Entra ID.
On the left pane, select App registrations.
Select your application and on the left pane, select API permissions.
Click the Grant admin consent button and then Yes.
Upon completion, all prerequisites will be installed, and the script will output the parameters that you can easily copy to the Azure Subscription wizard.
Next, you need to connect your Microsoft Azure subscription.
To configure prerequisites manually, you need to go through several steps.
Log in to the Microsoft Azure portal.
Open the portal menu and select Microsoft Entra ID.
On the left pane, select App registrations.
Click New registration (at the top of the right pane). The Register an application blade opens.
In the Name field, type the name you want to use for the application.
In the Redirect URI section, make sure that Web is selected in the drop-down list and add the following URI.
Click Register (at the bottom left).
The new Microsoft Entra ID app is created, and its blade is displayed in the portal. Make a note of the application (client) ID once the registration is completed.
On the left pane, select Authentication
In the Web Redirect URIs section add the following URI:
Scroll down and enable "ID tokens (used for implicit and hybrid flows)"
In the Azure portal menu, select Subscriptions.
In the left pane, select Access control (IAM).
Click Add and select Add custom role.
Enter Daas Role Assignment as the name of the custom role and Allows to add and delete role assignments as the description.
Select Clone a role and choose the Virtual Machine Contributor role.
In the Permissions tab, clear all permissions and select only the following two permissions:
Microsoft.Authorization/roleAssignments/write
Microsoft.Authorization/roleAssignments/delete
In the Assignable scopes tab, clear all scopes and select only your subscription as the assignable scope.
On the Review + create tab, confirm that the configuration is correct and click Review + create.
Go back to Access control (IAM).
Click Add and select Add role assignment.
In the Privileged administrator roles tab, select the Daas Role Assignment role.
In the Members tab, select the Microsoft Entra ID application created in Step 1.
In the Conditions tab, select Allow user to assign all roles (highly privileged).
On the Review + assign tab, confirm that the configuration is correct and click Review + assign.
Select your application and on the left pane, select API permissions.
Click Add a permission.
Click the Microsoft Graph card.
Click the Application permissions card.
Select the following permissions:
Domain.Read.All
GroupMember.Read.All
User.Read.All
Click Add a permission.
Click the Microsoft Graph card.
Click the Delegated permissions card.
Select the following permissions:
openid
profile
Click Add permissions.
Click Grant admin consent for...
Confirm you want to grant admin consent by clicking Yes.
Select your application and on the left pane, select Token configuration.
Click Add optional claim.
In the Token type section, select ID.
Select email and upn.
Click Add.
Click Add groups claim.
Select Security groups.
Click Add.
If you are not on the application page anymore, navigate to it from the Home page by selecting Microsoft Entra ID > App registration and then clicking the app in the right pane.
In the left pane, click Certificates & secrets.
In the right pane, click New client secret.
Type a client name and select a desired expiration option.
Click Add. The new client secret appears in the Client secrets list.
Warning: Copy and save the client secret (the Value column). If you leave this page without copying the secret, it will be hidden and you will not be able to retrieve it later.
In the Azure portal menu, select Subscriptions.
In the left pane, select Access control (IAM).
Click Add and select Add role assignment.
Choose Contributor as the role and search for your application by name.
Select the application you created as a member.
Save the assignment.
In the Azure portal menu, select Resource groups.
Create a resource group for the Parallels DaaS Infrastructure (e.g. Parallels_DaaS_Infra) in the region of your choice.
Create a resource group for the Parallels DaaS virtual machines (e.g. Parallels_DaaS_VMs) in the region of your choice.
Make a note of the names of these resource groups.
In the Azure portal menu, select Resource groups.
Click a resource group where the infrastructure resources will reside.
In the left pane, select Access control (IAM).
In the right pane, locate the Grant access to this resource box and click Add role assignment.
On the Role tab of the Add role assignment page, select Privileged administrator roles, then the Contributor role.
Click Next.
On the Members tab, select the User, group, or service principal option.
Click on the Select members link and enter the name of the previously created application in the Select field. Select the application in the drop-down list and click Select.
Click Next.
On the Review + assign tab, confirm that the configuration is correct and click Review + assign.
Perform the same steps for the virtual machines resource group.
Save the following information for use in the Parallels DaaS Management Portal setup:
Azure Tenant ID
Azure Subscription ID
Application (client) ID
Infrastructure resource group name
Virtual machines resource group name
Make sure to securely store the client secret and other sensitive information.
Next, you need to connect your Microsoft Azure subscription.
Parallels DaaS Management Portal and Parallels Web Client can run in modern browsers such as Chrome, Edge, Safari, and Firefox. Note that this version supports desktop browsers only.
Note: Make sure network traffic to *.ondaas.net and *.ondaasp.net is allowed. These domains are used to request certificates for securing traffic between components.
This section explains everything you need to know to start using Parallels DaaS as quickly as possible.
To start using Parallels DaaS:
(Optional) Configure the pool size and user profiles.
Note: You can connect one Microsoft Azure subscription to one Parallels DaaS environment.
To connect a Microsoft Azure subscription:
Read through the Introduction page and click Continue.
Follow the instructions on the App registration page and click Continue.
On the Connection Details page, specify the connection details of your subscription.
Click Continue.
Wait until the subscription information is validated on the Connection Validation page and click Continue.
On the Select Resource Group page, configure the following:
Select a resource group for the infrastructure: specify the resource group that will be used for virtual machine infrastructure.
Select a resource group for the virtual machine: specify the resource group that will be used for virtual machines.
Click Continue.
On the Gateway size page, select the size for the virtual machines that will be used as the Secure Gateway.
Click Continue.
On the Session Host Size page, select the size for the virtual machines that will be created for the user.
Click Continue.
On the Operating system page, select the operating system for virtual machines that will be created for your users.
Click Continue.
Wait until the final validation is completed and click Deploy.
Deploying a Microsoft Azure environment takes approximately 30 minutes.
Next, you need to edit your Golden Image.
When you are invited to Parallels DaaS, you will receive an invitation email that contains a license key, a link to Parallels DaaS Management Portal sign-in page, and instructions on how to activate the license key in Parallels My Account.
To sign in:
Sign in to Parallels My Account (https://my.parallels.com/login).
On the Home page, click the Register a License Key button. You might be prompted to enter business information if you do not yet have a business account.
In the License Key field, specify the license key you received in the invitation email. Provide an optional description of the key in the Display name field.
Click Register.
Click Dashboard on the top of the page.
On the Parallels Cloud card, click Switch to Management Portal. You will be redirected to Parallels DaaS Management Portal.
Click Sign in as an owner.
Next, you need to configure prerequisites in Microsoft Azure.
In Parallels DaaS, the Golden Image has two important uses:
It is the system image that is used on all virtual machines. To change the configuration of the virtual machines, you need to edit the Golden Image accordingly.
It is the repository of all applications that are available to users. For a user to access an application, it must be installed on the Golden Image.
To edit the Golden Image:
Go to the Golden Image category, and click the Edit button. Parallels DaaS will start a remote connection to the Golden Image. When you open the Golden Image for the first time, the connection will take about ten minutes. You can cancel the connection by clicking the Discard Changes button in the top right corner.
Modify the Golden Image. For example, you can install new applications or edit desktop settings. While you are connected to the Golden Image, you have access to Session Toolbar.
Click the Save & Exit button in the top right corner to apply changes. Saving changes may take several minutes. You can safely close the tab during this operation. Once the operation is completed, the new applications will be visible when you try to add a new application from the Applications category.
Next, you need to publish resources that will be available to your users.
Desktops based on the Golden Image and all applications installed on it can be made available to users in the Applications category. This is called publishing resources.
Note: By default, Parallels DaaS deploys D2 v5 instances (2 vCPU, 8 GB memory). Please contact us if you require a different configuration.
To publish an application:
If you want to publish an application, make sure that it is installed on the Golden image. Desktops are always available for publishing.
Navigate to the Applications category. You will see the lists of available resources.
Toggle on the switch next to the resource you want to publish.
Note: If you cannot find your application in the list of available applications, make sure the shortcut to your application exists in the C:\Documents and Settings\All Users\Start Menu\Programs folder on the Golden Image, and if it's not there, create it and save the changes.
Next, you need to add users.
To add a user:
Go to the Users Management category.
Select the Users subcategory.
Click the New button. A dialog will open.
Select the users or groups you want to add on the left pane of the dialog.
Click Add.
Now your users can access all published resources using Parallels Web Client.