In order to function in a RAS Farm, a Provider (hypervisor or cloud-based) needs RAS Provider Agent to be installed in the Farm. RAS Provider Agent acts as an interface between other RAS components and a Provider. RAS Provider Agent conducts all communications with a Provider through the provider's native API.

Parallels RAS has two types of RAS Provider Agents that can be installed in a Farm:

• Built-in: This RAS Provider Agent is built into the RAS Connection Broker and is installed automatically when you install Parallels RAS. The agent can handle multiple Providers and can also be configured for high availability.

• Dedicated: This RAS Provider Agent is installed manually. It can handle only a single Provider. If you want to use this agent type with more than one provider, you need to install a separate instance for each provider.

Both built-in and dedicated RAS Provider Agents are compatible with all types of Providers supported by Parallels RAS. Which agent you choose to install depends only on your requirements. When possible, it is always recommended to use the built-in Provider Agent for high availability and business continuity.

What to read next:

• If you are adding a Provider that will use the built-in RAS Provider Agent, you may skip to Add a Provider.

• If you want to install a dedicated RAS Provider Agent on a host of your choice, read the RAS Provider Agent installation options section, which follows this one.

This section describes how to add a hypervisor-based Provider. For the information on how to add a cloud-based Provider, see Add a cloud Provider.

To add a Provider:

1. In the RAS Console, navigate to Farm > Site > Providers.

2. On the Providers tab, click Tasks > Add and select the provider you want to add.

3. The Add Virtualization Provider wizard opens.

4. In the Name field, specify the name for the provider.

5. In the Description field, type an optional description.

6. In the Address field, specify the host's FQDN or IP address. For SC//HyperCore, you can specify IP addresses for several nodes.

7. Specify a user name and password to log in to the host.

8. Click the Manage Credentials button to specify the accounts that will be used to deploy RAS agents.

9. Click the Advanced Settings link to open the Advanced Provider Settings dialog. The dialog allows you choose the following options:

   • Use dedicated Provider Agent: Select this option if you will install (or have installed) the RAS Provider Agent yourself. Clear the option if you will use the built-in RAS Provider Agent.

   • Agent address: This option becomes enabled if you select the option above it. Specify the FQDN or IP address of the host where the RAS Provider Agent is (or will be) installed. This can be either a physical box or virtual machine.

   • Preferred Connection Broker: Select a RAS Connection Broker to be the preferred agent for this Provider. For more info, see Enabling high availability for VDI.

10. Click Next.

11. The wizard will now try to connect to the RAS Provider Agent. If you specified Use dedicated Provider Agent option in the previous (optional) step, but haven't installed the agent yet, click Install and follow the instructions to push install the agent on the specified host.

    Please note that for the remote installation to work, the following requirements must be met:

    • The firewall must be configured on the host to allow push installation. Standard SMB ports (139 and 445) need to be open. See also Port reference for the list of ports used by Parallels RAS.

    • SMB access. The administrative share (\\server\c$) must be accessible. Simple file sharing must be enabled.

    • Your Parallels RAS administrator account must have permissions to perform a remote installation on the host. If it doesn't, you'll be asked to enter credentials of an account that does.

    • The target host should be joined to an AD domain.

    If push installation cannot be performed for any reason, you can install the agent manually using the installer. See Installing RAS Provider Agent using the installer.

12. If you've selected Microsoft Hyper-V Failover Cluster as the Provider type, the page opens where you can disable MAC address management for hosts. Note that you should only do it if you are using Microsoft System Center Virtual Machine Manager (SCVMM) or other solution to manage MAC addresses. See the explanation below.

    MAC address management is required when using Microsoft Hyper-V Failover Cluster as a Provider. This is to avoid duplicate MAC addresses, which may occur when a host is migrated to a different node in the cluster and the MAC address is released and reused on the original node. If that happens, such a host can no longer be managed in a Farm. Parallels RAS uses a pool of static MAC addresses at the Provider level to automatically generate and assign MAC addresses to hosts. This way, when a host is migrated to a different node in the cluster, its MAC address will not be reused for a different VM and no duplicate MAC addresses will occur. The pool has 10,000 reserved MAC addresses in the range displayed in the Starting MAC address and Ending MAC address fields on the wizard page.

    As was said above, if you are already managing MAC addresses using SCVMM or other solution, clear the Enable MAC address management option.

13. Click Next.

14. If you've selected VMware vCenter as the Provider, another page opens (the page will not open for any other host type). On this page, you can specify a vCenter resource pool. This allows you to enumerate VMs by selecting a cluster (root resource pool) or an individual resource pool within a cluster. To choose a resource pool, select the Use specific resource pool option and then click the [...] button next to the Resource Pool field. In the dialog that opens, select a desired resource pool. Note that if you leave the Use specific resource pool option cleared, all VMs from the entire vCenter cluster will be retrieved (max number is 35,000). Click OK when done.

15. Click Finish to close the wizard.

When creating a template for cloning VMs in Microsoft Azure, you need to select an Azure resource group where VM clones will be created. Note that this must be a group to which you granted permissions to the Microsoft Entra ID application. You also need to select a VM size and disk type to be used for cloned VMs. These settings are specified on the Advanced page of the Create Template Wizard.

Both Virtual Desktop and RD Session Host templates can be created with Microsoft Azure as a Provider. When VMs are cloned, you will see them appear in the RAS Console. At the same time, you can also see them in the Microsoft Azure portal.

For complete information about creating and using templates, including Microsoft Azure specifics, please see the Templates section.

This section describes how to add a cloud-based Provider. For the information on how to add a hypervisor provider, see Add a hypervisor Provider.

To create the IAM user account, you can use the AWS Management Console, the AWS CLI,?Tools for Windows PowerShell, or AWS API operation. In this example, we will be using the AWS Management Console:

1. Sign in to the AWS Management Console and open the IAM page at console.aws.amazon.com/iam.

2. In the navigation pane, choose Users and then click the Add users button.

3. Under Set user details section, provide a user name such as "ParallelsConnector".

4. Under AWS access type, select Access key - Programmatic access, as the Parallels RAS Console will be using APIs to communicate with your AWS account. This will create an access key for the IAM user. You can view or download the access keys when you get to the Final page. Click Next to proceed to the permissions page.

5. On the permissions page, you can create a user group for the new IAM user to be a part of. This is recommended as its beneficial for management purposes, although not mandatory.

6. If you are not using groups, choose Attach existing policies directly. A list of the AWS managed and customer managed policies in your account will appear.

7. Filter policies and choose AmazonEC2FullAccess, which is an AWS managed preconfigured policy, and click Next to proceed to the next page.

8. Optionally, on this page, you can use the tags to organize, track, or control access for this user.

9. Once the tags are ready, click Next to see all of the choices you made up to this point. When you are ready to proceed, click Create user.

10. To view the user's access key ID and secret access keys, click Show next to each password and access key that you want to see. To save the access keys, choose Download CSV and then save the file to a safe location.

    Please note that this is your only opportunity to view or download the secret access keys.

11. Save the user's new access key ID and secret access key in a safe and secure place to be used next in Parallels RAS Console.

Proceed to Step 2. Adding AWS as a Provider.

Introduction

Organizations using or interested in using Microsoft Azure can provision, scale, and manage VDI and RD Session Host workloads directly from the Parallels RAS console and deploy on to Microsoft Azure using Azure Resource Manager (ARM). Parallels RAS uses a service principal with required permissions on relevant Azure resources (subscription and resource groups) to authenticate, provision and manage the resources.

Prerequisites

To use Microsoft Azure as a Provider, you need the following:

• An existing Microsoft Azure account and subscription.

• The necessary Microsoft Azure providers must be enabled, including Microsoft.ResourceGraph, Microsoft.Resources, Microsoft.Compute, Microsoft.Network.

• An ARM virtual network and subnet in your preferred region with connectivity to AD services. Microsoft Entra ID with Active Directory Domain Services (AADDS), Domain Controller in Azure IAAS or hybrid with connectivity to on-premises domain can be used.

• Site-to-site VPN or ExpressRoute is required if hybrid RAS deployment is used.

• A configured VM to be used for VDI or RD Session Host as a template.

Adding Microsoft Azure as a Provider is a two-step process:

1. First, you need to create an application in Microsoft Azure to access the resources in your subscription. This step is described in the Create a Microsoft Entra ID application section.

2. Once the application is created and registered, you can add Microsoft Azure as a Provider in the Parallels RAS Console. This step is described in Add Microsoft Azure as a Provider.

Read on to learn how to perform the steps above.

To configure Amazon Web Services as a Cloud Computing provider:

1. In the RAS Console, navigate to Farm > Providers.

2. Click the Tasks drop-down menu and choose Add (or click the [+] icon).

3. In the menu, select Amazon EC2. The Add Cloud Computing Provider wizard opens.

4. In the Wizard, specify the following:

   • Name: Name of the provider.

   • Description: Description of the provider.

   • Manage credentials: the administrative accounts that will be used to deploy Parallels Agents on the session hosts (Amazon EC2 instances). The current RAS administrator is already present in this list, but you can other accounts.

   • Access Key ID: Your access key ID.

   • Secret Access Key: Your secret key.

5. Click Next.

6. Wait until Parallels RAS validates the settings and click Next.

7. Select the Region that you will use. In most cases, the best Region would be the one closest to you. You can also choose one of opt-in AWS Regions by selecting the Opted-in Region option or specify a custom EC2 endpoint URL by selecting the EC2 Endpoint URL option.

8. Click Finish.

9. Proceed to creating a Template as described in Creating a VDI template. During template creation you can configure the instance type for the clones and the storage including Type, Size, and IOPS. Note that you can also do this from Farm > RD Session Hosts > right-click the template > Properties.

If you are installing a dedicated RAS Provider Agent, you first need to determine where it will be installed. Depending on the Provider type, the following options are available:

• The host on which the hypervisor is running. This option is available for Microsoft Hyper-V only.

• A supported version of Windows Server running on a physical box or in a virtual machine. For supported Windows Server versions, see Software requirements > RAS Provider Agent.

The following table lists RAS Provider Agent installation options for each supported Provider:

* High Availability is not available with these Provider Agent installation options. For details, see Enabling high availability for VDI.

In the table above, find the Provider type that you are using and see where the RAS Provider Agent can be installed. Depending on the available choices, do one of the following:

• Built-in Agent: The agent is a part of RAS Connection Broker, so it is already installed. When possible, it is always recommended to use the built-in Provider Agent for high availability and business continuity.

• Agent on a the provider: This option is only available if you are using Microsoft Hyper-V. You can simply install the agent on the host, as described in Add a Provider.

• Agent on a Windows Server (VM or HW): To use this option, make sure you have a physical box or a virtual machine running a supported version of Windows Server. You will need to specify its FQDN or IP address when adding a Provider to the Farm.

This section contains design advice that you might want to keep in mind when using AWS in Parallels RAS.

DHCP options set

You might need to use an AWS DHCP options set to specify a custom DNS pointing to the domain controller so that the VMs created from templates are able to join the Active Directory domain. If the custom DNS is not set, the default AWS public DNS will be used, and the VMs won't be able to communicate with the domain controller.

For information on how to configure DHCP options sets, see https://docs.aws.amazon.com/vpc/latest/userguide/DHCPOptionSet.html.

The Provider Agent and Guest Agents need to be on the same subnet for the Guest Agent to discover the Provider Agent using broadcasts. If this is not possible, then a registry setting with the IP of the Provider Agent needs to be added on the VM as described here: https://kb.parallels.com/en/124157?language=en.

Service quotas

Sometimes solutions scale in usage, invocations, number of instances, and so on. Due to this, the standard AWS service quotas can be reached. For more information about AWS service quotas, see https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html.

Parallels RAS integrations are subject to the EC2 and EBS endpoint limits as specified here:

• https://docs.aws.amazon.com/general/latest/gr/ec2-service.html

• https://docs.aws.amazon.com/general/latest/gr/ebs-service.html

Encrypting storage

The storage of clones created from RAS templates will be encrypted if the AWS administrator enables encryption of the RAS template VM storage in AWS Management Console.

Encryption can be enabled by default or explicitly when launching a new EC2 VM:

For more information about encryption, see https://aws.amazon.com/blogs/compute/must-know-best-practices-for-amazon-ebs-encryption/.

To add Microsoft Azure as a Provider:

1. In the RAS Console, navigate to Farm > Site > Providers.

2. On the Providers tab, click Tasks > Add > Microsoft Azure.

3. The Add Cloud Computing wizard opens.

4. In the wizard, specify the following:

   • Name: Name of the provider.

   • Description: Description of the provider.

   • Manage credentials: the administrative accounts that will be used to deploy Parallels Agents.

   • Authentication URL: Prepopulated with the Microsoft authentication site URL. Unless otherwise required or indicated, keep the default value provided.

   • Management URL: Prepopulated with the Microsoft Azure management site URL. Unless otherwise required or indicated, keep the default value provided.

   • Resource URI: Prepopulated with the Microsoft Azure resource URI. Unless otherwise required or indicated, keep the default value provided.

   • Tenant ID: The "Directory (tenant) ID" value of the Microsoft Entra ID app that you created earlier.

   • Subscription ID: Your Microsoft subscription ID.

   • Application ID: The "App (client) ID" value of the Microsoft Entra ID app that you .

   • Application key: The "Client secret" value of the Microsoft Entra ID app that you c.

5. Click the Advanced Settings link to open a dialog where you can configure the following optional settings:

   • Use dedicated Provider Agent: When this option is cleared (default), the built-in RAS Provider Agent will be used. If you want to use a dedicated RAS Provider Agent, select this option and specify the host FQDN or IP address.

   • Agent address: This option becomes enabled if you select the option above it. Specify the FQDN or IP address of the host where the RAS Provider Agent is (or will be) installed. This can be either a physical box or virtual machine.

   • Preferred Connection Broker: Select a RAS Connection Broker to be the preferred agent for this Provider. For more info, see .

6. Click Next. The wizard will display the new Provider information and will indicate the RAS Provider Agent status. If everything is OK, click Finish to exit the wizard. If something is not as expected, click Back and correct any mistakes if necessary.

The new Provider will now appear on the Providers tab in the RAS Console. Complete the Provider addition as follows:

1. Click Apply to apply the changes.

2. Verify the value of the Status column. If it's anything other than OK, right-click the Provider and choose Troubleshooting > Check agent. Verify the agent status and install it if necessary, then click OK. The Status column on the Providers tab should now say OK.

Modifying the Provider configuration

To view and modify the Provider configuration, right-click it and choose Properties. In the dialog that opens, view and modify the Provider properties.

Introduction

Amazon Web Services (AWS) is a leading cloud platform provider offering over 200 fully featured services from data centers globally. Parallels RAS 19 provides the ability to integrate, configure, maintain, support, and access Amazon EC2 workloads on top of the existing capabilities of Parallels RAS.

Support is targeted at multi-session (RDSH), single session (server-based VDI) server operating systems, and other Microsoft operating systems, if your organization holds licenses for them. For more information about using Microsoft operating systems with AWS, see .

Parallels RAS Console allows you to do the following:

• Manage Amazon EC2 instances

• Create and manage templates

• Create and manage instance pools

• Configure autoscaling

• Enable, reboot, start up and shut down instances via schedules

• Configure image optimization

• Use FSLogix Profile Container and MSIX app attach

• Change instance types and storage types

Prerequisites

• An AWS account. If you do not already have an account, you can create it for free at aws.amazon.com/ec2/.

• A working Microsoft Active Directory environment to join the Amazon EC2 cloned instances to your domain.

• A preconfigured Virtual Private Cloud (VPC) as your virtual network and security groups that act as a virtual firewall for your EC2 instances.

• A preconfigured Amazon EC2 instance, which will be used later as a Parallels RAS template, running on Windows Server 2012 up to Windows Server 2022.