Overview

The CAS Deployment Wizard helps you configure the settings required for a new Cloud Desktop deployment within a matter of minutes. The wizard walks you through the steps to create a new deployment using the standard CAS deployment types (Basic, Standard, and Enterprise). For details on configuring an Advanced deployment, please refer to this article Creating an Advanced Deployment.

Before Using the Deployment Wizard

When preparing to create your CAS deployment, it is important to understand the different types of deployments and the options you can configure for each. Please carefully review CAS Deployment Types and Sizing and other articles in the Planning Your Deployment section.

The table below provides a summary of the additional configuration available in Advanced deployments.

Parameter	Basic, Standard, and Enterprise Deployments	Advanced Deployments
Operating System	Windows Server 2019 using Google public images All VMs configured as Shielded VMs for greater security	Windows Server 2019, 2016, or 2012 R2, using Google public images or your custom GCP images Option to use Shielded or non-Shielded VMs Select different OS images for your RDS infrastructure and your domain controllers (if applicable)
Providing Google Cloud Credentials	OAuth authentication for the current user	OAuth authentication for the current user Upload a JSON key for preconfigured credentials
Networking options	Create a new VPC network	Create a new VPC network Use an existing VPC network in the same project Use an existing shared VPC network
GCP Regions and Zones	CAS automatically selects two zones in each GCP region that is added to the deployment	User can manually specify the zones to use in each GCP region
Infrastructure Redundancy	Infrastructure roles are deployed based on the redundancy defined for each deployment size	User can specify whether to enable redundancy for each infrastructure role: RD Broker, RD Gateway, and domain controllers (if applicable)

Launching the CAS Deployment Wizard

Log in to the itopia CAS Admin Portal with an account that has Organization Owner permissions.
If you have not yet created any CAS deployments, you will be prompted to create a new deployment on the Portal homepage. Click the Create Deployment button to launch the wizard.
If you have existing deployments, selecting All Deployments from the left-hand menu. In the All Deployments window that appears, click the Create button to launch the wizard.

Completing the Wizard

The wizard will walk you through several screens to configure the basic parameters for your CAS deployment. You can leave the wizard and return to it at any time, CAS will save your progress as you go along, and no billable resources are created in your GCP project until you complete the wizard. If you are creating the first deployment in the organization, the wizard will reappear as soon as you log into the CAS Admin Portal. If you have other deployments, the unfinished deployment will appear in your list of Deployments with an empty status icon; click on the deployment to resume the Deployment Wizard.

NOTE: Clicking Cancel in the Deployment Wizard will delete your unfinished deployment! If you delete the deployment at any time before completing the wizard, you will not incur any charges in Google Cloud, but you will lose your progress and will need to restart the Deployment Wizard from the beginning.

Deployment Name and ID

The wizard will first prompt you to provide a Deployment Name and, optionally, a Deployment ID.

Provide a Deployment Name. The Deployment Name is used in your CAS Admin Portal to let you quickly pick the right deployment.
Provide a Deployment ID, or select Auto-generate ID. The Deployment ID is prepended to every resource that CAS creates for your deployment such as VMs (and Windows server names), VPC networks, and firewall rules. The Deployment ID is also part of the default external address for your deployment, which is the URL your users can use to access the RD Web Portal and RD Web Client; you can update the external address after you create the deployment, but you cannot change the Deployment ID or rename the resources. You can allow CAS to auto-generate a unique ID for you, or you can provide your own ID consisting of 3-8 alphanumeric characters.
Click Next.

Deployment Size

The Deployment Size screen lets you select the type of deployment to create. In this article, we will discuss the options available for Basic, Standard, and Enterprise deployments; for details on creating an Advanced deployment, please refer to the article Creating an Advanced Deployment.

For information on the Deployment types available in CAS, please review CAS Deployment Types and Sizing.

Specify the Number of Users for your deployment. This number is used by CAS to determine resource sizing (CPU and RAM) of the VMs for your infrastructure servers and Session Hosts. You can change the VM sizes at any time after the deployment is created, although you might incur a brief downtime as servers are reconfigured with their updated sizing.
Choose a Deployment Size: Basic, Standard, or Enterprise.
Click Next.

Connect to Google Cloud

In order to build the deployment resources in GCP, CAS must be granted permissions to a Google Cloud project. The deployment wizard will prompt you to sign into your Google account (using OAuth) and will then present a list of the GCP projects to which your account has access. CAS will then create a service account for itself and enable the necessary APIs and permissions to proceed.

Click the Sign in with Google button.
In the pop-up window that appears, sign in to Google as you normally would, completing any multi-factor authentication challenges that may be enabled for your account.
Once you've signed in, the wizard will display a dropdown menu of the Google Cloud projects to which you have access. Select the GCP Project in which you wish to create your CAS deployment. NOTE: If you have access to many projects (100 or more), CAS may not initially display them all; use the Search field to filter the projects and select the one you wish to use.
CAS will provision a service account for its ongoing administration of the GCP project, verify that the GCP project has the required APIs enabled and, if not, attempt to enable the API automatically. In some cases, CAS may not be able to enable the API and will require you to do it manually; if this occurs enable the API and click the Retry button to let CAS validate that the API is now enabled.
When all APIs are validated, click Next.

Google Cloud Regions

The wizard will ask you to select the GCP regions in which your CAS deployment will be created. CAS supports single-region and multi-region deployments, using any GCP regions globally. Note that when deploying into multiple regions, CAS will provision infrastructure resources such as RDS VMs, Active Directory domain controllers (or the managed AD instance), and public IPs into each region; this will incur higher GCP compute costs. For help deciding how to use GCP regions for your deployment, refer to the article Key Decision Points.

Click the Add Region button.
In the Select a GCP Region dropdown, choose the GCP region you wish to add to the deployment.
The first region you add will automatically be set as the Primary region; when adding multiple regions, you can use this checkbox to change which region is configured as the Primary. In a multi-region deployment, the primary region acts as a hub for Active Directory replication; otherwise, this setting has little effect.
Repeat steps 1-2 to add additional regions to your deployment.
Click Next.

Directory Services

CAS Cloud Desktop deployments require a Microsoft Active Directory domain. The CAS wizard lets you either create a new domain using traditional Windows Active Directory domain controllers or the Google Managed Service for Microsoft Active Directory, or to use an existing Active Directory domain. For more information, review the article Requirements for a Deployment.

Choose the option for configuring Active Directory for your CAS deployment:
- New Domain - Microsoft Active Directory: CAS will provision Windows Server VMs in each region, install the Active Directory Domain Services role, and create a new Active Directory forest and trust. You will specify the domain details on the following page.
- New Domain - Google Managed Service for Microsoft Active Directory: CAS will create a new instance of the Google Managed AD service in Google Cloud. You will specify the domain details on the following page.
- Existing Domain - Microsoft Active Directory: CAS will provision Windows Server VMs in each region, install the Active Directory Domain Services role, and promote the servers as additional domain controllers in your existing Active Directory domain. You will specify the domain details on the following page.
Click Next.

Depending on the option you selected, follow the instructions in the appropriate sub-section below.

New Domain - Microsoft Active Directory

CAS will ask you to provide some basic details for your new Active Directory domain. These details will be used to create a new Active Directory forest and domain.

NOTE: If you plan to configure a Trusted AD model, be sure to use unique values for the new domain that do not conflict with your existing domain, or with any domains with which your domain has an existing trust relationship.

Provide a Domain DNS name. The Domain DNS name (also called the fully qualified domain name or FQDN) is the long-form name of your domain. If you have an existing public DNS name for your organization (such as contoso.com), you may use the same domain for this internal name; however, be aware that you may need some additional DNS configuration to allow your users to access your public website. To avoid this potential conflict, use a non-public top-level domain such as contoso.ad or contoso.local.
Provide a Domain NETBIOS name. The Domain NETBIOS name is the short-form name of your domain. In most organizations, the NETBIOS name is the first part of the Domain DNS name; for example, if your Domain DNS name is contoso.ad, your Domain NETBIOS name would typically be contoso.
Provide a Default UPN suffix for users. The user principal name (UPN) suffix for user accounts is part of the username that your users will have. In most organizations, the UPN suffix will match the email domain of the organization, so that users can have a unified username and email address; for example, if your email domain is contoso.com, you can set your UPN suffix to contoso.com so that your usernames will resemble username@contoso.com.
Click Next.

New Domain - Google Managed Service for Microsoft Active Directory

CAS will ask you to provide some basic details for your new Active Directory domain. These details will be used to create a new instance of Google Managed Service for Microsoft Active Directory (Google Managed AD).

Provide a Domain DNS name. The Domain DNS name (also called the fully qualified domain name or FQDN) is the long-form name of your domain. If you have an existing public DNS name for your organization (such as contoso.com), you may use the same domain for this internal name; however, be aware that you may need some additional DNS configuration to allow your users to access your public website. To avoid this potential conflict, use a non-public top-level domain such as contoso.ad or contoso.local.
Provide a Domain NETBIOS name. The Domain NETBIOS name is the short-form name of your domain. In most organizations, the NETBIOS name is the first part of the Domain DNS name; for example, if your Domain DNS name is contoso.ad, your Domain NETBIOS name would typically be contoso.
Provide a Default UPN suffix for users. The user principal name (UPN) suffix for user accounts is part of the username that your users will have. In most organizations, the UPN suffix will match the email domain of the organization, so that users can have a unified username and email address; for example, if your email domain is contoso.com, you can set your UPN suffix to contoso.com so that your usernames will resemble username@contoso.com.
CAS will check whether your GCP project has the API enabled for using Google Managed AD. If it does not, enable the API and click the Retry button to let CAS validate that the API is now enabled.
Click Next.

Existing Domain - Microsoft Active Directory

CAS will ask you to provide some details of your existing Active Directory domain. Please consult your organization's Active Directory team for the correct settings for these values.

NOTE: Using an Extended Active Directory requires additional configuration before the deployment can be provisioned. The domain extension process will also make several changes to your existing AD domain, including: creating additional Active Directory sites, promoting additional domain controllers, and possibly upgrading your AD schema (if you are deploying domain controllers with a newer version of Windows Server than your existing domain controllers). Please make sure you fully understand the impact of an Extended Active Directory before proceeding. For more information, please review Active Directory in CAS Deployments.

Provide the Default UPN suffix for users. The user principal name (UPN) suffix for user accounts is part of the username that your users have in your current domain. The UPN is the portion of the username after the "@" symbol.
Provide your Domain DNS name. This is the fully qualified domain name (FQDN) of your existing Active Directory domain.
Provide a DNS server IP address. Provide the IP address of a DNS server that hosts the Active Directory DNS zone for your existing domain. This IP address must be reachable from the VPC network that will be created for your CAS deployment.
Provide an Enterprise Admin username and password. The Enterprise Admin credentials are only used during the initial configuration of your extended domain to promote the domain controllers in your CAS deployment. The credentials are not stored and are not used after the initial creation of the domain. You can create a temporary account with Enterprise Admin credentials and then delete it after the CAS deployment has been provisioned.
Click Next.

File Share Configuration

In order to store persistent user profiles and create network shares and mapped drives, CAS requires an SMB file share. The deployment wizard will ask you to select whether to create a dedicated Windows File Server VM in each region, use a NetApp Cloud Volume managed file share, or create the file shares on a Session Host in each region.

Choose the type of file share you would like to use in your deployment:
- Microsoft Windows File Server: A dedicated file server will be provisioned in each GCP region included in your deployment.
- NetApp Cloud Volume Service (CVS): CAS will create a NetApp Cloud Volume instance in each region. Cloud Volume is a managed service that provides SMB file shares without the need to manage a Windows File server. CAS will check whether your GCP project has the API enabled for using NetApp Cloud Volumes; if it does not, enable the API and click the Retry button to let CAS validate that the API is now enabled. NOTE: Due to limitations in Google Cloud, if you use NetApp Cloud Volumes and Google Managed Service for Microsoft Active Directory within the same deployment, CAS must provision two small "router" VMs to facilitate network connectivity between the two services.
- Create a file share on the first Session Host in each region: CAS will not create a dedicated file server. Instead a secondary "data disk" will be attached to the first Session Host of the first Collection Pool in each region, and the file shares will be created on this disk. NOTE: this will prevent you from deleting the first Session Host or Collection Pool from your deployment.

First Collection Pool

As a final configuration task, the deployment wizard will collection some information about the first Collection Pool to create in the environment.

Provide a Collection Pool name. The Collection Pool name is used in the CAS Admin Console to identify the Collection Pool. Your users may also see this name when accessing the RD Web Portal or the RD Web Client.
Select a Collection Type:
- Shared Collection: Users can connect to any Session Host in the Collection Pool each time they log in, and multiple users can have simultaneous session on each Session Host (in accordance with the CAS Deployment Types and Sizing). After the deployment is created, you can configure the Collection Pool to use only single-session Session Hosts.
- Dedicated Collection: Users are assigned a dedicated Session Host server and can only access that server each time they log in. Session Hosts are single-session; that is, there is one Session Host VM created for each user.
Choose the Regions in which to create the Collection Pool. You can select one or more regions that you enabled earlier in the wizard. You must select at least one region.
Click Next.
Select the configuration for Profile Persistence:
- Users have persistent profiles: CAS will install and configure FSLogix Profile Containers on Session Hosts. User profile containers will be stored on the file share configured earlier in the wizard, and their profile will be loaded on any Session Host to which they connect.
- Users have non-persistent profiles: CAS will not install or configure FSLogix Profile Containers, and Session Hosts will be configured to delete the local user profile each time a user logs out.
- Do not configure user profiles: CAS will not install or configure FSLogix Profile Containers and will not enable profile deletion. Users will have a separate, local profile on each Session Host they connect to. This option is only recommended if you are configuring an third-party roaming profile solution.
Select the Workload Size: NOTE: Session Host VM sizes (CPU and RAM) will differ based on the workload selected. Please review CAS Deployment Types and Sizing to understand our sizing guidelines.
- Light Workload: CAS will configure each Session Host server to support 25 simultaneous user sessions
- Medium Workload: CAS will configure each Session Host server to support 15 simultaneous user sessions
- Heavy Workload: CAS will configure each Session Host server to support 4 simultaneous user sessions
Click Next.

Review and Complete

CAS will display a summary of the options you've selected for your deployment, as well as an estimated cost for the GCP compute resources for your deployment.

Carefully review the configuration parameters for each part of the wizard.
To see how the pricing for your deployment will be affected as you add (or remove) users, change the Number of Users value and click Recalculate.
If everything looks correct, check the confirmation box.
Click Finish.

CAS will begin provisioning the resources in your GCP project and performing its automated configuration. The process can take between 1-3 hours or possibly longer if you're deploying to many regions. You can review the status of your deployment from the CAS Admin Console dashboard.

NOTE: If you are using an Extended Active Directory configuration, CAS will pause the provisioning after the VPC network is created; you must configure network connectivity to your existing Active Directory environment and then resume the provisioning process from the CAS Admin Console dashboard.

Next Steps

Once your deployment is created, continue on to the post-deployment tasks, configure a custom OS image for your Collection Pools, and add or import users into CAS.