Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
This document is intended for customers and partners who are purchasing and deploying Parallels RAS through the Azure Marketplace.
The outcome of this deployment is a full-scale deployment of Parallels RAS in any Azure subscription.
Partners can benefit from simplified selling through personalized offerings and have Parallels RAS and the associated environment contribute towards customers or partners of Microsoft Azure Consumption Commitment (MACC). At the same time, Parallels RAS will be fully deployed in a configurable manner and automatically integrated with Azure Virtual Desktop for an accelerated time-to-value.
Since the Parallels RAS environment must be deployed in an existing Azure Subscription and active Active Directory (Entra ID) environment, a few requirements and permissions need to be in place before deploying Parallels RAS through the marketplace.
These requirements are:
The next chapters cover each requirement in greater detail.
To deploy Parallels RAS using Azure Marketplace, you need at least contributor permissions on the Azure Subscription you are deploying to.
Deploying Parallels RAS using Azure Marketplace allows you to automatically create and configure a provider inside Parallels RAS. If you add a provider, Parallels RAS can later communicate with Azure or Azure Virtual Desktop to create and maintain your environment's resources.
To configure a Parallels RAS provider as part of the deployment, you need to have the Owner role on the Azure Subscription and the Global Administrator role in Entra ID. This is necessary because the deployment creates an app registration and assigns permissions to it in Entra ID and on resource groups.
Creating a Parallels RAS provider during the deployment is entirely optional. You can also do it manually after the initial deployment.
For more information on deploying the Azure Virtual Desktop provider or Azure provider in Parallels RAS after the initial deployment, see:
At a minimum, three virtual machines must be created in your Azure Subscription containing Parallels RAS infrastructure roles. You can select VM size to use for each role during the deployment. Make sure you have enough quota in your subscription for the VM sizes you want to use. For more information and guidance on how to view and confirm sufficient VM quotas in Azure follow this guide.
A Virtual Network (VNet) must be in place in Azure and this VNet must contain a subnet. The Parallels RAS infrastructure machines will be joined to this subnet. Ensure the subnet you create or use has enough space to host the number of infrastructure servers you want to create. For more information about creating and changing a VNet see Create, change, or delete a virtual network.
The VNet must have DNS configured to point to your Domain Controllers (see Active Directory Domain Services (ADDS)). For more information about configuring DNS servers on a VNet see Change DNS servers of a virtual network using the Azure portal.
Create a User Assigned Managed Identity and assign it Contributor Permissions on the Virtual Network you want to use, or on the Resource Group where the VNet resides. For more information about creating a user-assigned managed identity, see Create a user-assigned managed identity.
A healthy running Active Directory Domain Services (ADDS) or Azure Active Directory Domain Services (AADDS) must to be in place. Preferably with synchronization to Entra ID, which is a requirement to deploy the Azure Virtual Desktop integration as part of this deployment. The domain controllers must be accessible via the Virtual Network you select to allow Domain Services communication. For more information about creating Domain Controller in Azure, see Virtualized Domain Controller Deployment and Configuration.
To configure Active Directory Domain Services:
Create an organizational unit where the Parallels RAS infrastructure servers will be joined to.
Create an account with permission to join computers to the domain. The suggested account name is domainjoin@contoso.com.
Create a Security Group and add the administrator accounts to it that will manage and maintain Parallels RAS. This group can be expanded later. The suggested group name is ras-admins@prasmpdemo.com.
After successfully completing the steps described in , follow these steps to perform the post-deployment actions and complete the Parallels RAS environment:
Log on to the Parallels RAS Management Server specified during the setup.
A post-deployment script will be launched automatically. Do not close this PowerShell Window.
Shortly after, a Microsoft Azure login dialog will appear. Log on with an Azure Account that has Global Admin permissions and Owner permissions for the two resource groups.
Note: The account you use to log on here is typically the same account you used to start the marketplace deployment.
In rare scenarios, you might have deployed multiple instances of the Parallels RAS Marketplace deployment. In that case, select the Managed App name you provided during this deployment.
Note: This screen will only appear if you have deployed the Parallels RAS Marketplace deployment multiple times inside the same subscription.
Wait for the script to finish. It will take about 1 minute to complete. Once ready, press any key to open the Parallels RAS console.
Specify the farm name to connect to. This is the FQDN of the Parallels RAS Primary Connection Broker.
Specify any friendly name.
Specify the credentials you want to use. This user needs to be a member of the Active Directory Group you specified during the deployment.
Click Connect.
Note: The FQDN you use here is the name of the Primary Connection Broker server that was created. In this example, that was ras-cb-1.contoso.com. The credentials of the domain account you specify here must be a member of the Active Directory Group you specified during the deployment. This is to ensure that the account had administrative permissions inside Parallels RAS.
Specify the credentials you use to log in to Parallels My Account or click Register to register in Parallels My Account if you don’t have done this yet.
Click Sign In to finish the registration and activation.
Note: You must be registered in Parallels My Account to perform activation of Parallels RAS and assign a license.
Click Yes to update the Agent to the latest version.
Select all Connection Broker servers.
Click OK and follow the process to complete.
Note: This step only applies if you created more than one Connection Broker and ensures that the secondary Connection Broker is properly added to the Parallels RAS Farm.
Now Parallels RAS is successfully deployed and registered.
Consult the for more information on deploying templates, host configuration, publishing resources, and more!
In case the Azure Marketplace deployment is not completed successfully, there are various ways to troubleshoot and redo the deployment. During the deployment, wizard makes varius checks to ensure that proper data is entered, but note that at this stage not all input can be checked against what is already available in Azure.
In general, make sure that names you provide for the creation of resources are unique in your Azure environment. This applies but is not limited to, for example, virtual machine names, Load Balancer names, Key Vault names, app registration names, etc.
Make sure that the objects you are referencing are accessible and properly configured. This applies but is not limited to Virtual Networks and Active Directory.
As a first step of toubleshooting, check all the values you provided and consult the section Before you start to gain insights into what values are allowed and what requirements need to be in place before you deploy.
You can view the result of the deployment at any time by clicking on the link under the Deployments label in the resource group where the Managed Application was deployed.
In this example, the deployment resulted in an error because the App Registration name that was provided already existed.
In some scenarios, the deployment history in the resource group where the managed application is published shows the error below.
In those cases, more details can be obtained by looking at the deployment history of the Managed Resource Group.
Click on the deployment to view the details. In this example, the User Assigned Managed Application did not have permissions on the specific VNet. As a result, the deployment cannot add the required network adapters to the VNet. To resolve this error, review the permissions in the introduction, provide the permissions, and try again.
In every case where the Managed Application deployment is unsuccessful, you will see the status below. At this point, you will see the Managed Application resources and a subnet of resources inside the Managed Resource Group.
There are two ways to redeploy a Managed Application:
Remove the Managed Application. This will result in an immediate removal of the entire Managed Resource Greconfigureroup as well. Once the removal is completed and you have fixed the errors, you can redeploy again.
Open the Resource Group where the Managed Application was deployed. Then, open the deployment history. Click on the Managed Application that failed and then click Redeploy.
In this case, you will see a slightly different deployment experience. All previously provided parameters are shown in a single view, except for secure values. You can fix the errors and redeploy again.
After confirming all prerequisites as outlined in are complete, click on the link of the private offer you received or visit the Azure Marketplace to deploy a public offer.
Log on with your Azure account that has access to the Azure Subscription where you want to deploy Parallels RAS.
On the Overview tab:
Select the plan. In most cases, this will be Pay as you go.
Click Create to start the deployment.
In each of the tabs, provide the required information.
On the Basics tab:
Select the subscription where you want to deploy Parallels RAS.
Select the name of the Resource Group where the Managed Application Resource will be created. This can be an existing or new Resource Group.
Select the Azure location where you want to deploy the resources.
Specify a name for the managed application, for example, ParallelsRASApp
. This name needs to be unique.
Select the name of the resource group for Parallels RAS infrastructure resources. The Azure Marketplace requires this to be a new Resource group.
Click Next to continue.
Note: The Azure Marketplace deployment will create two different Resource Groups. The Resource Group specified under Project details will only contain the Managed Application resource. This resource is used for reporting and billing purposes. The Resource Group specified under Managed Application Details will contain all Parallels RAS infrastructure components such as Virtual Machines, Load Balancers, Key vault, etc.
On the VM Credentials tab:
Provide a username for the local administrator to create on the Parallels RAS infrastructure Virtual Machines.
Provide and confirm the password for the local administrator to create on the Parallels RAS infrastructure Virtual Machines.
Click Next to continue.
Note: The Azure Marketplace deployment will create several Virtual Machines that will host the Parallels RAS infrastructure roles. The account you specify on this tab is the local administrator account that will be created. The password is securely stored in an Azure Key Vault. You can specify the Azure Key Vault details later on in the Azure Key Vault Settings tab.
On the Connection Broker settings tab:
Specify the number of Connection Broker servers to create.
Specify the naming convention for the Connection Broker servers. A -
sign followed by an index will be added for each instance. For example, ras-cb
will result in ras-cb-01
, ras-cb-02
, et cetera.
Select the VM size for the Connection Broker servers.
Select an existing VNet you want to use.
Select an existing subnet you want to use.
Specify the operating system for the Connection Broker servers.
Click Next to continue.
Note: The Azure Marketplace deployment can deploy a specific number of Connection Broker servers. On this tab, you can define how many, the naming convention, the type of VM, the network settings, and the operating system to use. These Connection Broker servers will be added to the existing VNet, subnet, and Active Directory (specified later). Note that the VNet you select needs to have DNS properly configured and pointing to your Active Directory Domain Controllers. Make sure the VM name prefix you specify here results in unique host names in your existing Active Directory.
Note: Although the wizard allows you to create a new VNet and subnet, the marketplace deployment does not currently support this.
On the Secure Gateway settings tab:
Specify the number of Secure Gateway servers to create.
Specify the naming convention for the Secure Gateway servers. A -
sign followed by an index will be added for each instance. For example, ras-gw
will result in ras-gw-1
, ras-gw-2
, et cetera.
Specify the VM size for the Secure Gateway servers.
Specify if you want to use the same virtual network settings (VNet and subnet) you specified for the Connection Broker in the previous section, or if you want to specify different virtual network settings.
If Specify virtual network settings was selected, select an existing VNet you want to use.
If Specify virtual network settings was selected, select an existing subnet you want to use.
Specify the operating system for the Secure Gateway servers.
Specify the internal name of the Azure Loadbalancer resource to create.
Click Next to continue.
Note: The Azure Marketplace deployment can deploy a defined number of Secure Gateway servers. On this tab, you can define how many, the naming convention, the type of VM, the network settings, and the operating system to use. These Secure Gateway servers will be added to the existing VNet, subnet, and Active Directory (specified later). Note that the VNet you select needs to have DNS properly configured and pointing to your Active Directory Domain Controllers. Make sure the VM name prefix you specify here results in unique host names in your Active Directory. An Azure load balancer is also deployed, on this tab you can define the internal load balancer name. Make sure this load balancer name is unique in the Azure Subscriptions region you are deploying in.
Note: Although the wizard allows you to create a new VNet and subnet, the marketplace deployment does not currently support this.
On the Provider settings tab:
Specify the type of provider you want to create.
Specify the provider name used internally in Parallels RAS.
Specify the app registration name.
Specify if you want to use the same virtual network settings (VNet and subnet) you specified for the Connection Broker in a previous section, or if you want to specify different virtual network settings. These network settings are used to deploy the session host server after the initial deployment.
If Specify virtual network settings was selected, select an existing VNet you want to use.
If Specify virtual network settings was selected, select an existing subnet you want to use.
Click Next to continue.
Note: The Azure Marketplace deployment can automatically preconfigure an Azure or Azure Virtual Desktop provider in Parallels RAS as a post-deployment action. On this tab, you can define the provider name, which is an internal name. You can also specify the name of the app registration that is needed in Entra ID to allow the Parallels RAS provider to communicate with Azure. If you choose to create a provider at this stage, the post-deployment actions will also configure other prerequisites that are required. You can also select Do not create a provider and perform these steps later from the Parallels RAS Console.
On the Management settings tab:
Specify the name of the Management Server to create.
Specify the VM size for the Management Server.
Specify if you want to use the same virtual network settings (VNet and subnet) you specified for the Connection Broker in a previous section, or if you want to specify different virtual network settings.
If Specify virtual network settings was selected, select an existing VNet you want to use.
If Specify virtual network settings was selected, select an existing subnet you want to use.
Specify the operating system for the Management Server.
Specify the name of an existing Active Directory group you want to assign administrator permissions to in Parallels RAS.
Click Next to continue.
Note: The Azure Marketplace deployment can automatically deploy a Management Server. On this server, Parallels RAS Console and PowerShell module will be installed. On this tab, you can define the hostname, the type of VM, the network settings, and the operating system to use. The Management Server will be added to the existing VNet, subnet, and Active Directory (specified later). Note that the VNet you select needs to have DNS properly configured and pointing to your Active Directory Domain Controllers. Make sure the VM name you specify here does not exist yet in your Active Directory.
On the Managed identity details tab:
Add the existing user-assigned managed identity that has contributor access assigned to all VNets you selected to use throughout this process.
Click Next to continue.
On the Active Directory Domain Services tab:
Specify the existing domain user that has permission to join servers to the existing domain.
Specify the password of the domain user that has permission to join servers to the existing domain.
Specify the existing domain to join the Parallels RAS servers to.
Specify the distinguished name of the organizational unit you want to add the Parallels RAS servers to.
Click Next to continue.
Note: To allow the Azure Marketplace deployment to add Virtual Machines to your Active Directory, you need to provide an account that has permission to perform the domain join action, the domain to join, and the organizational unit you want to add the Virtual Machines to. For more details see the requirements chapter.
On the Key Vault settings tab:
Specify the name of the Azure Key Vault where credentials will be stored.
Specify the Object ID of the Entra ID admin user you want to authorize Key Vault permissions to.
Click Next to continue.
Note: The Azure Marketplace deployment securely stores credentials and IDs that are used inside an Azure Key Vault. On this tab, you can define the name of that Azure Key Vault. Make sure the Key Vault name does not exist yet and does not exist in your list of deleted Key Vaults that are not purged yet. To make sure you have access to the Key Vault that gets created, specify the object ID of your Azure Admin Account. Typically, this is the same account you used to log on to the Azure Marketplace to start this deployment. During the post-deployment phase, make sure to use the same account again.
On the Review + create tab:
Review the details, the price, and the terms of use.
Click Create to make the purchase and start the deployment.
Note: Make sure to closely review the details. Ensure that all data is correct and that the names you provided for Virtual Machines, Load Balancers, Key Vault, etc., are unique. Review the price details and terms at this point as well.
In each of the two resource groups, confirm that deployments are visible.
In the Managed Resource group:
Notice a new deployment in the MRG with GUID as the name. It will finish within a few seconds.
Notice a new deployment in the MRG with the name of the managed app you specified. It will take 10 minutes to complete.
In the Managed Application Resource group:
Notice a new deployment in the managed App resource group. It will finish once the other deployments are successful.
Wait for these deployments to complete before you continue.
Note: The marketplace deployment typically takes about 10 minutes to complete. You can watch the process using the deployments section in each resource group.
Once complete, click on the deployment to view the resources that were created in the MRG.
The number of resources will vary depending on the options you provided.
Note: To allow the Azure Marketplace deployment to add Virtual Machines to your existing VNets (specified in previous tabs), a user-assigned managed identity needs contributor permissions on these VNets. On this tab, you can specify the .