Skip to content

Managing Deployments

The following section outlines how to create a deployment using the Admin console:

  1. If you do not have any existing deployments (first time log-in) you will be prompted to enter your CAS Software registration code. Once you enter the code it will automatically generate your first deployment and take you to the Edit Deployment page. Alt Text

  2. If you have existing deployments you can click Create deployment from the kebab options at the top of the page to take you to the Create Deployment page. Alt Text

  3. Enter the following information:

    • Enter the deployment name.
    • Enter your PCoIP registration code. Please store this code in a secure location as it cannot be retrieved later.
    • Click CREATE.

The deployment has now been created and you can edit the deployment by configuring deployment service accounts, cloud service accounts and Connector settings.

Cloud Service Accounts

You can now enter cloud service account credentials for AWS, Azure and GCP if you are working in those environments and want to enable CAS Manager to perform certain functions, such as power management. If you are not using AWS, Azure, and GCP then you do not need to enter this information.

Cloud Service Account Credentials

These credentials are used in places where the CAS Manager as a Service interacts with your cloud environment to perform actions such as powering a remote workstation on or off. If credentials are not provided, remote workstations in that cloud can still be added to CAS Manager as a Service and users can still be entitled to the remote workstation and start a PCoIP session, but CAS Manager as a Service cannot perform functions such as power on and off.

Entering these credentials is optional and enables you to access extra functionality and control over the remote workstations within the deployment on the cloud provider of your choice.

Domain Controllers in a Single Deployment

You cannot deploy multiple Connectors against different Domain Controllers within the same deployment. This will cause the Connectors to crash.

AWS Cloud Credentials

The following sections outline how to managed and configure AWS cloud information for CAS Manager and CAS Manager as a Service. Please note the permissions required for CAS Manager as a Service are different to the permissions for CAS Manager.

AWS Cloud Credentials for CAS Manager

To configure AWS Cloud Credentials for CAS Manager, see the AWS Configuration section.

AWS Cloud Credentials for CAS Manager as a Service

Through the Admin Console you can generate a CAS Manager Account ID and External ID that can be used when creating an AWS role through the AWS Management Console. The following steps outline how to generate a CAS Manager Account ID and External ID:

  1. In the Admin Console select the deployment you wish to use.
  2. Click Edit Deployment.
  3. Click Cloud Service Accounts.
  4. Select AWS and click Generate. Ensure you copy the CAS Manager Account ID and External ID and save them to your clipboard.

AWS Role Creation and Permission Policy

You must create a role in your AWS account which CAS Manager as a Service is able to assume. You must use the Account ID and External IDs when creating the AWS role. For more information on creating roles in AWS, see here.

Once you have entered the CAS Manager Account ID and External ID and created the AWS role, you will need to create a permissions policy for CAS Manager as a Service that contains the following permissions:

  • Service: EC2
  • Actions:
    • List: DescribeInstances
    • Write: RebootInstances StartInstances StopInstances TerminateInstances

There are additional permissions needed to verify that the role has all the required permissions before being added to a deployment:

  • Service: IAM
  • Actions:
    • Read: GetUser SimulatePrincipalPolicy

The following is an example of how the permissions set should look in a JSON format:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ec2:RebootInstances",
                "ec2:DescribeInstances",
                "ec2:TerminateInstances",
                "ec2:StartInstances",
                "ec2:StopInstances",
                "iam:GetUser",
                "iam:SimulatePrincipalPolicy"
            ],
            "Resource": "*"
        }
    ]
}

If the user tries to add an AWS role that doesn't have these permissions, CAS Manager as a Service will still add the role but will not validate that it has the required permissions. You can now associate a permissions policy to this role.

  1. Once you have created the role in AWS, copy and paste the role ARN and enter it into the Role ARN field in the Admin Console.
  2. Click Submit.

For information on the AWS Service Account roles and permission policies with CAS Manager as a Service, see here.

Azure Cloud Credentials

For Azure you need to enter the Tenant ID, Subscription ID, Client ID and Client Secret.

For information on how to create a new Client Secret from Azure, see here.

Azure Client Secret

Once you generate the client secret you need to copy it straight away as it will not be available again from Microsoft. If you have an expired client secret you need to delete it and then create a new secret and assign it to that deployment.

For information on the Azure Service Account and permission requirements with CAS Manager, see here.

GCP Cloud Credentials

You can enable GCP cloud credentials by entering the GCP client email, Project ID and Private Key and clicking Submit. You can also upload the JSON Key file with the GCP cloud credentials.

For more information on GCP Cloud Service Accounts with CAS Manager, see here.

Editing an Existing Deployment

The creation date, computer and users DNs and the interval time in minutes that it syncs with the Active Directory for the deployment are also displayed when you go to edit a specific deployment.

You can search for specific deployments by name by using the search bar in the table toolbar.

You can edit the deployment name, update the registration code and GCP or Azure cloud service account credentials of an existing deployment through the Admin Console. A menu item has been added to the table toolbar that enables you to create, edit, delete and view all existing deployments:

  1. Click the dropdown menu from the top of the page and select the deployment.
  2. Select the deployment and click the kebab option under the ACTIONS column to edit the deployment.
  3. Update the deployment name, registration code, GCP or Azure credentials and then click SAVE.

The updated information and credentials will now be associated with this deployment.