To create the IAM user account, you can use the AWS Management Console, the AWS CLI,?Tools for Windows PowerShell, or AWS API operation. In this example, we will be using the AWS Management Console:
Sign in to the AWS Management Console and open the IAM page at console.aws.amazon.com/iam.
In the navigation pane, choose Users and then click the Add users button.
Under Set user details section, provide a user name such as "ParallelsConnector".
Under AWS access type, select Access key - Programmatic access, as the Parallels RAS Console will be using APIs to communicate with your AWS account. This will create an access key for the IAM user. You can view or download the access keys when you get to the Final page. Click Next to proceed to the permissions page.
On the permissions page, you can create a user group for the new IAM user to be a part of. This is recommended as its beneficial for management purposes, although not mandatory.
If you are not using groups, choose Attach existing policies directly. A list of the AWS managed and customer managed policies in your account will appear.
Filter policies and choose AmazonEC2FullAccess, which is an AWS managed preconfigured policy, and click Next to proceed to the next page.
Optionally, on this page, you can use the tags to organize, track, or control access for this user.
Once the tags are ready, click Next to see all of the choices you made up to this point. When you are ready to proceed, click Create user.
To view the user's access key ID and secret access keys, click Show next to each password and access key that you want to see. To save the access keys, choose Download CSV and then save the file to a safe location.
Please note that this is your only opportunity to view or download the secret access keys.
Save the user's new access key ID and secret access key in a safe and secure place to be used next in Parallels RAS Console.
Note: For security reasons, it is recommended to regularly change keys of the IAM user as described in https://aws.amazon.com/blogs/security/how-to-rotate-access-keys-for-iam-users/.
Proceed to Step 2. Adding AWS as a Provider.
To configure Amazon Web Services as a Cloud Computing provider:
In the RAS Console, navigate to Farm > Providers.
Click the Tasks drop-down menu and choose Add (or click the [+] icon).
In the menu, select Amazon EC2. The Add Cloud Computing Provider wizard opens.
In the Wizard, specify the following:
Name: Name of the provider.
Description: Description of the provider.
Manage credentials: the administrative accounts that will be used to deploy Parallels Agents on the session hosts (Amazon EC2 instances). The current RAS administrator is already present in this list, but you can other accounts.
Access Key ID: Your access key ID.
Secret Access Key: Your secret key.
Click Next.
Wait until Parallels RAS validates the settings and click Next.
Select the Region that you will use. In most cases, the best Region would be the one closest to you. You can also choose one of opt-in AWS Regions by selecting the Opted-in Region option or specify a custom EC2 endpoint URL by selecting the EC2 Endpoint URL option.
Click Finish.
Proceed to creating a Template as described in Creating a VDI template. During template creation you can configure the instance type for the clones and the storage including Type, Size, and IOPS. Note that you can also do this from Farm > RD Session Hosts > right-click the template > Properties.
This section contains design advice that you might want to keep in mind when using AWS in Parallels RAS.
You might need to use an AWS DHCP options set to specify a custom DNS pointing to the domain controller so that the VMs created from templates are able to join the Active Directory domain. If the custom DNS is not set, the default AWS public DNS will be used, and the VMs won't be able to communicate with the domain controller.
For information on how to configure DHCP options sets, see https://docs.aws.amazon.com/vpc/latest/userguide/DHCPOptionSet.html.
The Provider Agent and Guest Agents need to be on the same subnet for the Guest Agent to discover the Provider Agent using broadcasts. If this is not possible, then a registry setting with the IP of the Provider Agent needs to be added on the VM as described here: https://kb.parallels.com/en/124157?language=en.
Sometimes solutions scale in usage, invocations, number of instances, and so on. Due to this, the standard AWS service quotas can be reached. For more information about AWS service quotas, see https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html.
Parallels RAS integrations are subject to the EC2 and EBS endpoint limits as specified here:
The storage of clones created from RAS templates will be encrypted if the AWS administrator enables encryption of the RAS template VM storage in AWS Management Console.
Encryption can be enabled by default or explicitly when launching a new EC2 VM:
For more information about encryption, see https://aws.amazon.com/blogs/compute/must-know-best-practices-for-amazon-ebs-encryption/.
Amazon Web Services (AWS) is a leading cloud platform provider offering over 200 fully featured services from data centers globally. Parallels RAS 19 provides the ability to integrate, configure, maintain, support, and access Amazon EC2 workloads on top of the existing capabilities of Parallels RAS.
Support is targeted at multi-session (RDSH), single session (server-based VDI) server operating systems, and other Microsoft operating systems, if your organization holds licenses for them. For more information about using Microsoft operating systems with AWS, see https://aws.amazon.com/windows/faq/.
Parallels RAS Console allows you to do the following:
Manage Amazon EC2 instances
Create and manage templates
Create and manage instance pools
Configure autoscaling
Enable, reboot, start up and shut down instances via schedules
Configure image optimization
Use FSLogix Profile Container and MSIX app attach
Change instance types and storage types
An AWS account. If you do not already have an account, you can create it for free at aws.amazon.com/ec2/.
A working Microsoft Active Directory environment to join the Amazon EC2 cloned instances to your domain.
A preconfigured Virtual Private Cloud (VPC) as your virtual network and security groups that act as a virtual firewall for your EC2 instances.
A preconfigured Amazon EC2 instance, which will be used later as a Parallels RAS template, running on Windows Server 2012 up to Windows Server 2022.