If you are installing a dedicated RAS Provider Agent, you first need to determine where it will be installed. Depending on the Provider type, the following options are available:

• The host on which the hypervisor is running. This option is available for Microsoft Hyper-V only.

• A supported version of Windows Server running on a physical box or in a virtual machine. For supported Windows Server versions, see Software requirements > RAS Provider Agent.

The following table lists RAS Provider Agent installation options for each supported Provider:

* High Availability is not available with these Provider Agent installation options. For details, see Enabling high availability for VDI.

In the table above, find the Provider type that you are using and see where the RAS Provider Agent can be installed. Depending on the available choices, do one of the following:

• Built-in Agent: The agent is a part of RAS Connection Broker, so it is already installed. When possible, it is always recommended to use the built-in Provider Agent for high availability and business continuity.

• Agent on a the provider: This option is only available if you are using Microsoft Hyper-V. You can simply install the agent on the host, as described in Add a Provider.

• Agent on a Windows Server (VM or HW): To use this option, make sure you have a physical box or a virtual machine running a supported version of Windows Server. You will need to specify its FQDN or IP address when adding a Provider to the Farm.

This section describes how to add a hypervisor-based Provider. For the information on how to add a cloud-based Provider, see Add a cloud Provider.

To add a Provider:

1. In the RAS Console, navigate to Farm > Site > Providers.

2. On the Providers tab, click Tasks > Add and select the provider you want to add.

3. The Add Virtualization Provider wizard opens.

4. In the Name field, specify the name for the provider.

5. In the Description field, type an optional description.

6. In the Address field, specify the host's FQDN or IP address. For SC//HyperCore, you can specify IP addresses for several nodes.

7. Specify a user name and password to log in to the host.

8. Click the Manage Credentials button to specify the accounts that will be used to deploy RAS agents.

9. Click the Advanced Settings link to open the Advanced Provider Settings dialog. The dialog allows you choose the following options:

   • Use dedicated Provider Agent: Select this option if you will install (or have installed) the RAS Provider Agent yourself. Clear the option if you will use the built-in RAS Provider Agent.

   • Agent address: This option becomes enabled if you select the option above it. Specify the FQDN or IP address of the host where the RAS Provider Agent is (or will be) installed. This can be either a physical box or virtual machine.

   • Preferred Connection Broker: Select a RAS Connection Broker to be the preferred agent for this Provider. For more info, see Enabling high availability for VDI.

10. Click Next.

11. The wizard will now try to connect to the RAS Provider Agent. If you specified Use dedicated Provider Agent option in the previous (optional) step, but haven't installed the agent yet, click Install and follow the instructions to push install the agent on the specified host.

    Please note that for the remote installation to work, the following requirements must be met:

    • The firewall must be configured on the host to allow push installation. Standard SMB ports (139 and 445) need to be open. See also Port reference for the list of ports used by Parallels RAS.

    • SMB access. The administrative share (\\server\c$) must be accessible. Simple file sharing must be enabled.

    • Your Parallels RAS administrator account must have permissions to perform a remote installation on the host. If it doesn't, you'll be asked to enter credentials of an account that does.

    • The target host should be joined to an AD domain.

    If push installation cannot be performed for any reason, you can install the agent manually using the installer. See Installing RAS Provider Agent using the installer.

12. If you've selected Microsoft Hyper-V Failover Cluster as the Provider type, the page opens where you can disable MAC address management for hosts. Note that you should only do it if you are using Microsoft System Center Virtual Machine Manager (SCVMM) or other solution to manage MAC addresses. See the explanation below.

    MAC address management is required when using Microsoft Hyper-V Failover Cluster as a Provider. This is to avoid duplicate MAC addresses, which may occur when a host is migrated to a different node in the cluster and the MAC address is released and reused on the original node. If that happens, such a host can no longer be managed in a Farm. Parallels RAS uses a pool of static MAC addresses at the Provider level to automatically generate and assign MAC addresses to hosts. This way, when a host is migrated to a different node in the cluster, its MAC address will not be reused for a different VM and no duplicate MAC addresses will occur. The pool has 10,000 reserved MAC addresses in the range displayed in the Starting MAC address and Ending MAC address fields on the wizard page.

    As was said above, if you are already managing MAC addresses using SCVMM or other solution, clear the Enable MAC address management option.

13. Click Next.

14. If you've selected VMware vCenter as the Provider, another page opens (the page will not open for any other host type). On this page, you can specify a vCenter resource pool. This allows you to enumerate VMs by selecting a cluster (root resource pool) or an individual resource pool within a cluster. To choose a resource pool, select the Use specific resource pool option and then click the [...] button next to the Resource Pool field. In the dialog that opens, select a desired resource pool. Note that if you leave the Use specific resource pool option cleared, all VMs from the entire vCenter cluster will be retrieved (max number is 35,000). Click OK when done.

15. Click Finish to close the wizard.

In order to function in a RAS Farm, a Provider (hypervisor or cloud-based) needs RAS Provider Agent to be installed in the Farm. RAS Provider Agent acts as an interface between other RAS components and a Provider. RAS Provider Agent conducts all communications with a Provider through the provider's native API.

Parallels RAS has two types of RAS Provider Agents that can be installed in a Farm:

• Built-in: This RAS Provider Agent is built into the RAS Connection Broker and is installed automatically when you install Parallels RAS. The agent can handle multiple Providers and can also be configured for high availability.

• Dedicated: This RAS Provider Agent is installed manually. It can handle only a single Provider. If you want to use this agent type with more than one provider, you need to install a separate instance for each provider.

Both built-in and dedicated RAS Provider Agents are compatible with all types of Providers supported by Parallels RAS. Which agent you choose to install depends only on your requirements. When possible, it is always recommended to use the built-in Provider Agent for high availability and business continuity.

What to read next:

• If you are adding a Provider that will use the built-in RAS Provider Agent, you may skip to Add a Provider.

• If you want to install a dedicated RAS Provider Agent on a host of your choice, read the RAS Provider Agent installation options section, which follows this one.

Introduction

Organizations using or interested in using Microsoft Azure can provision, scale, and manage VDI and RD Session Host workloads directly from the Parallels RAS console and deploy on to Microsoft Azure using Azure Resource Manager (ARM). Parallels RAS uses a service principal with required permissions on relevant Azure resources (subscription and resource groups) to authenticate, provision and manage the resources.

Prerequisites

To use Microsoft Azure as a Provider, you need the following:

• An existing Microsoft Azure account and subscription.

• The necessary Microsoft Azure providers must be enabled, including Microsoft.ResourceGraph, Microsoft.Resources, Microsoft.Compute, Microsoft.Network.

• An ARM virtual network and subnet in your preferred region with connectivity to AD services. Microsoft Entra ID with Active Directory Domain Services (AADDS), Domain Controller in Azure IAAS or hybrid with connectivity to on-premises domain can be used.

• Site-to-site VPN or ExpressRoute is required if hybrid RAS deployment is used.

• A configured VM to be used for VDI or RD Session Host as a template.

Adding Microsoft Azure as a Provider is a two-step process:

1. First, you need to create an application in Microsoft Azure to access the resources in your subscription. This step is described in the Create a Microsoft Entra ID application section.

2. Once the application is created and registered, you can add Microsoft Azure as a Provider in the Parallels RAS Console. This step is described in Add Microsoft Azure as a Provider.

Read on to learn how to perform the steps above.

When creating a template for cloning VMs in Microsoft Azure, you need to select an Azure resource group where VM clones will be created. Note that this must be a group to which you granted permissions to the Microsoft Entra ID application. You also need to select a VM size and disk type to be used for cloned VMs. These settings are specified on the Advanced page of the Create Template Wizard.

Both Virtual Desktop and RD Session Host templates can be created with Microsoft Azure as a Provider. When VMs are cloned, you will see them appear in the RAS Console. At the same time, you can also see them in the Microsoft Azure portal.

For complete information about creating and using templates, including Microsoft Azure specifics, please see the section.

To create the IAM user account, you can use the AWS Management Console, the AWS CLI,?Tools for Windows PowerShell, or AWS API operation. In this example, we will be using the AWS Management Console:

1. Sign in to the AWS Management Console and open the IAM page at console.aws.amazon.com/iam.

2. In the navigation pane, choose Users and then click the Add users button.

3. Under Set user details section, provide a user name such as "ParallelsConnector".

4. Under AWS access type, select Access key - Programmatic access, as the Parallels RAS Console will be using APIs to communicate with your AWS account. This will create an access key for the IAM user. You can view or download the access keys when you get to the Final page. Click Next to proceed to the permissions page.

5. On the permissions page, you can create a user group for the new IAM user to be a part of. This is recommended as its beneficial for management purposes, although not mandatory.

6. If you are not using groups, choose Attach existing policies directly. A list of the AWS managed and customer managed policies in your account will appear.

7. Filter policies and choose AmazonEC2FullAccess, which is an AWS managed preconfigured policy, and click Next to proceed to the next page.

8. Optionally, on this page, you can use the tags to organize, track, or control access for this user.

9. Once the tags are ready, click Next to see all of the choices you made up to this point. When you are ready to proceed, click Create user.

10. To view the user's access key ID and secret access keys, click Show next to each password and access key that you want to see. To save the access keys, choose Download CSV and then save the file to a safe location.

    Please note that this is your only opportunity to view or download the secret access keys.

11. Save the user's new access key ID and secret access key in a safe and secure place to be used next in Parallels RAS Console.

Proceed to Step 2. Adding AWS as a Provider.

To add Microsoft Azure as a Provider:

1. In the RAS Console, navigate to Farm > Site > Providers.

2. On the Providers tab, click Tasks > Add > Microsoft Azure.

3. The Add Cloud Computing wizard opens.

4. In the wizard, specify the following:

   • Name: Name of the provider.

   • Description: Description of the provider.

   • Manage credentials: the administrative accounts that will be used to deploy Parallels Agents.

   • Authentication URL: Prepopulated with the Microsoft authentication site URL. Unless otherwise required or indicated, keep the default value provided.

   • Management URL: Prepopulated with the Microsoft Azure management site URL. Unless otherwise required or indicated, keep the default value provided.

   • Resource URI: Prepopulated with the Microsoft Azure resource URI. Unless otherwise required or indicated, keep the default value provided.

   • Tenant ID: The "Directory (tenant) ID" value of the Microsoft Entra ID app that you created earlier.

   • Subscription ID: Your Microsoft subscription ID.

   • Application ID: The "App (client) ID" value of the Microsoft Entra ID app that you created earlier.

   • Application key: The "Client secret" value of the Microsoft Entra ID app that you created earlier.

5. Click the Advanced Settings link to open a dialog where you can configure the following optional settings:

   • Use dedicated Provider Agent: When this option is cleared (default), the built-in RAS Provider Agent will be used. If you want to use a dedicated RAS Provider Agent, select this option and specify the host FQDN or IP address.

   • Agent address: This option becomes enabled if you select the option above it. Specify the FQDN or IP address of the host where the RAS Provider Agent is (or will be) installed. This can be either a physical box or virtual machine.

   • Preferred Connection Broker: Select a RAS Connection Broker to be the preferred agent for this Provider. For more info, see Enabling high availability for VDI.

6. Click Next. The wizard will display the new Provider information and will indicate the RAS Provider Agent status. If everything is OK, click Finish to exit the wizard. If something is not as expected, click Back and correct any mistakes if necessary.

The new Provider will now appear on the Providers tab in the RAS Console. Complete the Provider addition as follows:

1. Click Apply to apply the changes.

2. Verify the value of the Status column. If it's anything other than OK, right-click the Provider and choose Troubleshooting > Check agent. Verify the agent status and install it if necessary, then click OK. The Status column on the Providers tab should now say OK.

Modifying the Provider configuration

To view and modify the Provider configuration, right-click it and choose Properties. In the dialog that opens, view and modify the Provider properties.

This section contains design advice that you might want to keep in mind when using AWS in Parallels RAS.

DHCP options set

You might need to use an AWS DHCP options set to specify a custom DNS pointing to the domain controller so that the VMs created from templates are able to join the Active Directory domain. If the custom DNS is not set, the default AWS public DNS will be used, and the VMs won't be able to communicate with the domain controller.

For information on how to configure DHCP options sets, see .

The Provider Agent and Guest Agents need to be on the same subnet for the Guest Agent to discover the Provider Agent using broadcasts. If this is not possible, then a registry setting with the IP of the Provider Agent needs to be added on the VM as described here: .

Service quotas

Sometimes solutions scale in usage, invocations, number of instances, and so on. Due to this, the standard AWS service quotas can be reached. For more information about AWS service quotas, see .

Parallels RAS integrations are subject to the EC2 and EBS endpoint limits as specified here:

Encrypting storage

The storage of clones created from RAS templates will be encrypted if the AWS administrator enables encryption of the RAS template VM storage in AWS Management Console.

Encryption can be enabled by default or explicitly when launching a new EC2 VM:

Introduction

Amazon Web Services (AWS) is a leading cloud platform provider offering over 200 fully featured services from data centers globally. Parallels RAS 19 provides the ability to integrate, configure, maintain, support, and access Amazon EC2 workloads on top of the existing capabilities of Parallels RAS.

Support is targeted at multi-session (RDSH), single session (server-based VDI) server operating systems, and other Microsoft operating systems, if your organization holds licenses for them. For more information about using Microsoft operating systems with AWS, see https://aws.amazon.com/windows/faq/.

Parallels RAS Console allows you to do the following:

• Manage Amazon EC2 instances

• Create and manage templates

• Create and manage instance pools

• Configure autoscaling

• Enable, reboot, start up and shut down instances via schedules

• Configure image optimization

• Use FSLogix Profile Container and MSIX app attach

• Change instance types and storage types

Prerequisites

• An AWS account. If you do not already have an account, you can create it for free at aws.amazon.com/ec2/.

• A working Microsoft Active Directory environment to join the Amazon EC2 cloned instances to your domain.

• A preconfigured Virtual Private Cloud (VPC) as your virtual network and security groups that act as a virtual firewall for your EC2 instances.

• A preconfigured Amazon EC2 instance, which will be used later as a Parallels RAS template, running on Windows Server 2012 up to Windows Server 2022.

This section describes how to add a cloud-based Provider. For the information on how to add a hypervisor provider, see Add a hypervisor Provider.

To complete the steps below, you must have a Microsoft Azure subscription and account. If you don't have a subscription, you need to purchase one first.

Create an Microsoft Entra ID application

An Microsoft Entra ID application is used with the role-based access control. You need to create an Microsoft Entra ID application to access resources in your subscription from Parallels RAS.

To create an Microsoft Entra ID application:

1. Log in to the Microsoft Azure portal.

2. Open the portal menu and select Microsoft Entra ID.

3. In the left pane, select App registrations.

4. Click New registration (at the top of the right pane).

5. The Register an application blade opens.

6. In the Name field, type a name you want to use for the application.

7. In the Redirect URI (optional) section, make sure that Web is selected in the drop-down list. Leave the URI field empty.

8. Click Register (at the bottom left).

9. The new Microsoft Entra ID app is created and its blade is displayed in the portal.

Note the following app properties, which are displayed at the top of the right pane:

• Display name

• Application (client) ID*

• Directory (tenant) ID*

• Object ID*

* Copy and save these properties. You will need to specify them later when adding Azure as a Provider in the RAS Console.

Create a client secret

A client secret is a string that the application uses to prove its identity when requesting a token. It essentially acts as an application password. You will need to specify this string in the RAS Console when adding Azure as a Provider.

To create a client secret:

1. If you are not on the application page anymore, navigate to it from the Home page by selecting Microsoft Entra ID > App registration and then clicking the app in the right pane.

2. In the left pane, click Certificates & secrets.

3. In the right pane, click New client secret.

4. Type a client name and select a desired expiration option.

5. Click Add. The new client secret appears in the Client secrets list.

6. IMPORTANT: Copy and save the client secret (the Value column). If you leave this page without copying the secret, it will be hidden and you will not be able to retrieve it later.

Give the application read and write access to resources

The Microsoft Entra ID app that you created must have read and write access to Azure resources. The following instructions demonstrate how to give the application read and write access to a resource group. You can also give access to a specific resource or to your entire Azure subscription. For more information, please see the Microsoft Azure documentation.

To give the app write access to the resource group where new VMs will reside:

1. In the Azure portal menu, select Resource groups.

2. Click a resource group where the new VMs will reside.

3. In the left pane, select Access control (IAM).

4. In the right pane, locate the Grant access to this resource box and click Add role assignment.

5. On the Role tab of the Add role assignment page, select Privileged administrator roles, then the Contributor role.

6. Click Next.

7. On the Members tab, select the User, group, or service principal option.

8. Click on the Select members link and enter the name of the previously created application in the Select field. Select the application in the drop-down list and click Select.

9. Click Next.

10. On the Review + assign tab, confirm that the configuration is correct and click Review + assign.

To give the app read access to the resource group:

1. Repeat steps 1-4 from the list above.

2. On the Role tab of the Add role assignment page, select Job function roles, then the Reader role.

3. Repeat steps 6-10 from the list above.

Note: If you would like to give the application read access to your entire subscription (not just a specific resource groups), select All services in the Azure portal menu, then navigate to Categories > All > Subscriptions and select your subscription. Select Access control (IAM) in the middle pane and click Add in the Add a role assignment box. Repeat steps 2-4 from the list above.

Finding your Microsoft Azure subscription ID

When you'll be adding Microsoft Azure as a Provider in the RAS Console, you will need to specify your Azure subscription ID. If you don't remember it, here's how to find it in the Microsoft Azure portal:

1. In the portal menu, choose All services.

2. In the Categories list, click All.

3. In the right pane, click Subscriptions.

4. Click a subscription and then copy and save the value from the Subscription ID field.

Summary

When you complete all of the above steps, you should have the following values saved and ready to be used to add Microsoft Azure as a Provider in the RAS Console:

• App (client) ID: Application ID.

• Directory (tenant) ID: Tenant ID.

• Client secret: Client secret (application key).

• Subscription ID: Your Microsoft Azure subscription ID.

Read on to learn how to add Microsoft Azure as a Provider in the RAS Console.

To configure Amazon Web Services as a Cloud Computing provider:

1. In the RAS Console, navigate to Farm > Providers.

2. Click the Tasks drop-down menu and choose Add (or click the [+] icon).

3. In the menu, select Amazon EC2. The Add Cloud Computing Provider wizard opens.

4. In the Wizard, specify the following:

   • Name: Name of the provider.

   • Description: Description of the provider.

   • Manage credentials: the administrative accounts that will be used to deploy Parallels Agents on the session hosts (Amazon EC2 instances). The current RAS administrator is already present in this list, but you can other accounts.

   • Access Key ID: Your access key ID.

   • Secret Access Key: Your secret key.

5. Click Next.

6. Wait until Parallels RAS validates the settings and click Next.

7. Select the Region that you will use. In most cases, the best Region would be the one closest to you. You can also choose one of opt-in AWS Regions by selecting the Opted-in Region option or specify a custom EC2 endpoint URL by selecting the EC2 Endpoint URL option.

8. Click Finish.

9. Proceed to creating a Template as described in Creating a VDI template. During template creation you can configure the instance type for the clones and the storage including Type, Size, and IOPS. Note that you can also do this from Farm > RD Session Hosts > right-click the template > Properties.