Creating a Deployment

The following section outlines how to create a deployment using the Cloud Access Manager Admin console:

1. If you do not have any existing deployments (first time log-in) you will be prompted to enter your Cloud Access Software registration code. Once you enter the code it will automatically generate your first deployment and take you to the Edit Deployment page.

   

2. If you have existing deployments you can click Create deployment from the kebab options at the top of the page to take you to the Create Deployment page.

   

3. Enter the following information:

   • Enter the deployment name.
   • Enter your Cloud Access Software registration code.

4. You can optionally enter AWS, Azure, and GCP credentials if you are working in those environments and want to enable Cloud Access Manager to perform certain functions, such as power management. If you are not using AWS, Azure, and GCP then you do not need to enter this information.

   Cloud Service Account Credentials

   These credentials are used in places where the Cloud Access Manager interacts with your cloud environment to perform actions such as powering a remote workstation on or off. If credentials are not provided, remote workstations in that cloud can still be added to Cloud Access Manager and users can still be entitled to the remote workstation and start a PCoIP session, but Cloud Access Manager cannot perform functions such as power on and off.

Entering these credentials is optional and enables you to access extra functionality and control over the remote workstations within the deployment on the cloud provider of your choice.

AWS Cloud Credentials¶

Through the Cloud Access Manager Admin Console you can generate a CAM Account ID and Exernal ID that can be used when creating an AWS role through the AWS Management Console.

1. Once you have entered the CAM Account ID and External ID you will need to create a permissions policy for Cloud Access Manager that contains the following permissions:

   • Service: EC2
   • Actions:
     • List: DescribeInstances
     • Write: RebootInstances StartInstances StopInstances TerminateInstances

   There are additional permissions needed to verify that the role has all the required permissions before being added to a deployment:

   • Service: IAM
   • Actions
     • List: ListAttachedRolePolicies ListRolePolicies
     • Read: GetPolicy GetPolicyVersion GetRolePolicy

   The following is an example of how the permissions set should look in a JSON format:

   {
       "Version": "2012-10-17",
       "Statement": [
           {
               "Sid": "VisualEditor0",
               "Effect": "Allow",
               "Action": [
                   "ec2:RebootInstances",
                   "iam:GetPolicyVersion",
                   "ec2:DescribeInstances",
                   "ec2:TerminateInstances",
                   "iam:GetPolicy",
                   "ec2:StartInstances",
                   "iam:ListAttachedRolePolicies",
                   "iam:ListRolePolicies",
                   "ec2:StopInstances",
                   "iam:GetRolePolicy"
               ],
               "Resource": "*"
           }
       ]
   } 
   

   If the user tries to add an AWS role that doesn't have these permissions, Cloud Access Manager will still add the role but will not validate that it has the required permissions.

   You can now associate a permissions policy to this role.

2. Once you have created the role in AWS, copy and paste the role ARN and enter it into the Role ARN field in the Cloud Access Manager Admin Console.

3. Click Submit.

For information on the AWS Service Account roles and permission policies with Cloud Access Manager, see here.

Azure Cloud Credentials¶

For Azure you need to enter the Tenant ID, Subscription ID, Client ID and Client Secret.

For information on how to create a new Client Secret from Azure, see here.

For information on the Azure Service Account and permission requirements with Cloud Access Manager, see here.

GCP Cloud Credentials¶

You can enable GCP cloud credentials by entering the GCP client email, Project ID and Private Key and clicking Submit. You can also upload the JSON Key file with the GCP cloud credentials.

For more information on GCP Cloud Service Accounts with Cloud Access Manager, see here.

For information on the GCP Service Account and permission requirements with Cloud Access Manager, see here.

Editing an Existing Deployment¶

The creation date, computer and users DNs and the interval time in minutes that it syncs with the Active Directory for the deployment are also displayed when you go to edit a specific deployment.

You can search for specific deployments by name by using the search bar in the table toolbar.

You can edit the deployment name, update the registration code and GCP or Azure cloud service account credentials of an existing deployment through the CAM Admin Console. A menu item has been added to the table toolbar that enables you to create, edit, delete and view all existing deployments.

1. Click the dropdown from the top of the page and select the deployment.
2. Select the deployment and click the kebab option under the ACTIONS column to edit the deployment.
3. Update the deployment name, registration code, GCP or Azure credentials and then click SAVE.

The updated information and credentials will now be reflected for the deployment.