Building the Digital Workspace with ease by using Parallels Remote Application Server (RAS) from the Microsoft Azure Marketplace
I’m still very humbled and excited to be part of the Parallels RAS – VIPP program. It feels great to share my experience in end-user computing with such a great team of people. Looking forward to the first meetings, and many great things following soon!
Microsoft Azure is the largest and most reliable Public Datacenter on the Market. With more than 50 regions around the globe, you’re always located in a datacenter nearby. And another big advantage of Azure is the adoption of services. Almost all the large Workspace vendors have a Desktop-As-a-Service model available within the Azure Marketplace. Completely simplified, automated and straightforward to deploy, based on OpEx Infrastructure-As-a-Service (IaaS) costs.
One of the Virtual Desktop services within the Azure Marketplace is Parallels Remote Application Server (RAS) – which can efficiently deliver virtual applications and desktops to any user, on any device, anywhere from all the Azure region around the globe. With prebuilt Azure VM template and configuration wizards inside RAS, you are able to completely deploy and configure RAS in under 30 minutes – and as a Very Important Parallels Professional, I’m sharing my insights and experience on how easy this procedure is!
“Fast implementation and seamless product rollout”
The Remote Application Server doesn’t require additional servers for the main purpose. The web interface is all included on the same RAS Virtual Machine in Azure IaaS. So if you are looking for a Desktop-As-a-Service model in Microsoft Azure (or on-premises) with support for Server and Desktop Operating Systems for low-costs, please have a look at the Parallels RAS products!
Next to this Cloud Workspace awesomeness, Parallels just released their latest 16.5 product version, which includes tons of improvements – you’ll find them all later on in this blog.
See below how the Parallels Architecture looks inside Azure Infrastructure-As-a-Service.
Keep in mind that Azure is taking care of the hypervisor, but you still need to manage the VDI – parallels infrastructure in the Cloud.
In this article, I’ll show you how you can implement the latest version of Parallels RAS in Microsoft Azure Infrastructure-As-a-Service from the Azure Marketplace. The deployment is straightforward, as you will find out in the next part of the blog as well!
Enjoy reading!
Table of Contents
Click on the title to forward in the article:
- Parallels HTML5 Client Optimization
- Azure MFA support
- How to get started? Request a trial
- Test the Publish Application
Did you know Parallels now supports?
- Parallels RAS supports hybrid deployment between on-premises and Microsoft Azure-based resources, allowing companies to distribute computing workload between a private and Microsoft Azure cloud.
- Affordable (Cloud) Disaster Recovery – Since Azure’s virtual servers are hardware independent, the Parallels RAS sites, farms, applications and data can be stored in a secure and reliable way at the second location in real time. Companies can secure their data without the costs of a second data center or the burden of reloading each server component.
- Azure MFA and 2FA -Enhanced configuration process for Azure MFA, Duo and FortiAuthenticator Multi-Factor-Authentication (MFA) Identity-As-a-Service providers.
- Enhanced VDI with a focus on better stability. The new VDI design allows a single VDI agent to manage multiple VDI hosts.
- Parallels released a free to download Azure Reference Architecture & Design Guide, which can help you with the deployment in Azure
- New RDSH templates allow IT administrators to automatically provision RD session hosts, enabling Parallels RAS deployment to auto-scale based on the load.
- It supports new features with a variety of complex configurations and repetitive tasks-with automatic scripts for improved efficiency.
- When you are using Office 365 upon a Parallels RAS / VDI environment and want to provide a native experience for your end-users with Outlook OST Caching, OneDrive and SharePoint. FSLogix Office 365 Containers and Parallels work perfectly together.
- Parallels 16.5 offers more flexibility in configuring client devices, with policies split from four categories into more than 20. New settings include the ability to filter by the client-device operating system.
- MSPs and ISVs can now rebrand Windows Client, and the branded Windows Client can be downloaded through the HTML5 gateway for improved customer branding.
- IT admins can now create sub-licenses to SPLA licenses and set a maximum concurrent user limit on SPLAs.
- Adds the ability to show password complexity requirements when changing AD password via Parallels Client (Windows).
- ParallelsRAS now supports scripted notification handlers, allowing administrators to launch executables or scripts if a notification has been triggered for enhanced management.
- Delivers better feedback to managers by allowing them to view real-time performance metrics in the enhanced Site View dashboard.
- IT admins can eliminate or reduce downtime of a Parallels RAS deployment due to an issue with the master publishing agent or licensing site.
- Parallels RAS supports Microsoft App-V application containers.
Virtual Machine Requirements in Azure
The following resources are required in Microsoft Azure for the usage of the different Parallels Role servers. I’ll advise to go for the Standard D2s v3 (2 vcpus, 8 GB memory) for the first 1 Virtual Machines and using Standard D4s v3 (4 vcpus, 16 GB memory) Virtual Machine SKU as lowest default for the Session-Host (terminal) servers and HA Gateways.
Note: Most of the best practices on Parallels are part of this Azure Reference Architecture & Design Guide – please check it out for more Best Practices on using Parallels on Microsoft Azure.
Parallels HTML5 Client Optimization
The Parallels HTML5 Client has been re-designed and optimized to offer a dynamic, modern, and web-based workspace. Applications running in windows mode can be minimized, and the active ones will be marked in the taskbar. Apps can now even be opened in a separate browser tab. Client Policy is now applicable to Parallels HTML5 Client, reducing the risk of data leakage and malicious attacks.
A big plus to work clientless from any place from any device around the globe!
With the latest Parallels version, 16.5 – the software makes it easy to configure multifactor authentication (MFA) via RADIUS for Microsoft Azure MFA (and Duo, and FortiAuthenticator). Azure MFA is now natively supported by Parallels RAS, helping to increase data security and reducing the risk of unwanted data access.
Adding the use of Conditional Access to the Azure MFA functionality will highly increase your end-user security level. The features add the possibility to activate different kinds of Conditions to provide the access to your Parallels RAS environment as a snap. Think about IP Whitelisting to require the usage of sec. authentication or the need for a antivirus software to connect to the VDI environment!
Note: Parallels requires an Azure MFA Server or the Azure MFA NPS Extension for the usage of MFA.
How to get started? Request a trial
Parallels offer a free 30-day full-featured trial of Parallels RAS version 16.5, including 50 concurrent user licenses, at parallels.com/ras.
Fill in the requested information to receive the license
Deploy the Parallels RAS server from the Azure Marketplace
Go to the Azure Portal and open the Marketplace
Search for Parallels Remote Application Server
Click on Create to start the procedure
Enter in the required information for the Virtual Machine deployment
TIP: Select the HUB program if you own an EA and Software Assurance on Server OS
Select a sizing for the Machine – Click on Select
Enter in the required Virtual Machine information.
Note: Make sure to assign a Public IP if you have no VPN connection to Azure.
Note: If you install multiple RAS servers, please make sure to place them in the same Availability Set. With this Azure service, you ensure the continuity / availability of your connection. (Just in case there are problems in the Azure datacenters location.) For example, if one of the two servers isn’t active in the same availability set, there is a big chance that they have been activated in the same rack space of servers in the Azure Datacenter location. With fault domains, you’ll ensure that this can’t happen. Fault domain 1 means rack 1, and number 2 – rack 2. This can be useful in case of a power outage in the rack for example.
Updates to domains are somewhat similar, now related on Windows patches & updates. When Microsoft releases updates to provide vulnerability fixes and/or exploit leaks, such as ransomware hacks, this can be a high risk on the platform. There will be a chance that updates are forced by Microsoft. When you place them in different update domains, you’ll ensure that the updates don’t apply to both machines at the same time, and again ensure the continuity of your connection!
Create a Network Security Group
Most of the inbound rule are pre-configured…
When you’re done with the setup, Click on Create
Setup a Remote Connection to the RAS Server
Search for the IP Address of the RAS Server and set up a Remote Desktop Connection
Note: If you haven’t got a Site-to-Site VPN or ExpressRoute in place to your Azure Virtual Network, please assign a Public IP Address to the Network Interface of the Virtual Machine.
Join the server to the Active Directory Domain – rename the computer to whatever you want
Open the Parallels Application Server from the Start Menu
Logon with the credentials provided on the Desktop Screen
Logon with your current RAS account
Or register for an Azure Trial.
When finished, logon and select your license.
Upload your current license or use the Activate trial version option.
Click on – Add RD Session Hosts – in the Console
Add the server to the list
Go through the setup – select all the checkboxes.
Click on Next
Click on Next
Click on Next
Click on Yes
The setup is finished – Click on Done and Finished
Click on Published Applications
Select the Group or Local Server which you want to use as starting point.
Click on Next
Select the Application that you want to Publish.
Click Next
Note: You need to make sure that your application is locally installed or virtually loaded through App-V fore you go through this wizard!
Click Next
Google Chrome is now Published!
Assign Users to the Virtual Apps
Click on Invite Users
With the following option – you have the possibility to easily send invitation emails to your end-users. You only need to setup a SMTP server address and authentication method. I’ve used my Office 365 credentials for this.
Click on Next
Select your End-User Clients usage and the IP of the RAS Gateway server
Click on Next
Note: You can select different connection modes for your Parallels environment. For internal usage, through SSL you’ll need Direct SSL Mode. For external access, outside your internal Azure Virtual Network, you need to select Gateway SSL Mode.
Give in the names of the users who need to have access to the Parallels environment
Click on Next
The welcome email to your end-users will look like this
Click on Next
Click on Finished
And as a final step – change the logon domain to your own Active Directory Domain
First, check the RD Session Hosts status OK in the Console
Open the Web Access address within the invitation email
Logon with your User Credentials
When you logon it first start to detect your local client, otherwise it starts through the HTML5 web browser functionality
Google Chrome App in Azure is launched successfully within my HTML5 browser!
The cool thing is that you now can choose between the Parallels Client or the HTML5 browser integration. Every app will start in another TAB – That makes it very easy to start your session on every almost device you want!
When you open another app, it will simply add the Published App to the tab list
Interested in Publishing Windows 10 VDIs in Azure as well? Just repeat the same steps within the Parallels RAS console, although now for the VDI menu to publish a session-host desktop or Windows 10 VDI for your end-users!
I hope this helps.
If you have any questions, please ask them in the comment section below.
Cheers,
Christiaan Brinkhoff