That’s where disaster recovery (DR) is a crucial process, ensuring the restoration of business operations after a disaster. While traditional DR methods often prioritize servers and networks, the significance of desktops must also be understood in today’s digital landscape. Your employees’ desktops are their hub for data storage and application access. Losing them in a disaster can be a severe setback for your business.

This is where Desktop-as-a-Service (DaaS) emerges as a game-changer. Parallels DaaS, a cloud-based service providing users with virtual desktops stored in the cloud, offers several advantages for effective disaster recovery.

Understanding the climate-induced surge

Extreme weather events

Multiple scientific studies, notably by the Intergovernmental Panel on Climate Change (IPCC), reveal a significant increase in hurricanes and extreme weather events. Elevated sea surface temperatures fuel these storms, heightening the vulnerability of physical infrastructure and leading to extended downtime.

Altered precipitation patterns and flood risks

Climate-induced changes in precipitation patterns elevate the risk of flooding, and warmer temperatures increase rainfall, posing a direct threat to businesses. Accordingly, robust disaster recovery measures, especially for desktop systems, have become imperative to mitigate downtime and data loss in the event of a flood and associated water damage.

Wildfires and ecological dynamics

Prolonged droughts and rising temperatures intensify wildfires, impacting businesses in vulnerable regions. Beyond the immediate smoke and fire damage, the possibility of compromised IT infrastructure necessitates effective disaster recovery for desktop systems.

The intersection of natural and artificial disasters

Escalation of cybersecurity threats

The evolving cyber threat landscape, marked by ransomware attacks, malware, phishing attempts, and more, demands swift recovery measures. Desktop-as-a-Service (DaaS) emerges as a solution to ensure business continuity and prompt recovery from cyber-induced disasters.

Vulnerabilities in power infrastructure

Whether stemming from natural disasters or cyber-attacks, power outages present an artificial disaster. When integrated into disaster recovery plans, DaaS ensures cloud-hosted desktop accessibility or cloud-based disaster recovery during power disruptions.

Embracing resilience with DaaS

The escalating frequency of natural and artificial disasters emphasizes the need for resilient disaster recovery strategies. Scientific research and published reports underscore the urgency of adopting solutions like DaaS to navigate the unpredictable nature of current climate conditions.

Discover DaaS for disaster resilience

Efficient data backup and restoration

Storing your desktops in the cloud makes it significantly easier to back up and restore your data. This streamlined process ensures that your critical information is safeguarded against unforeseen disasters.

Remote accessibility

In the event of office damage, DaaS allows your staff to access their desktops from anywhere with an internet connection. This remote accessibility ensures business continuity, allowing your team to continue operations even when the physical workspace is compromised.

Data privacy compliance

DaaS aids in compliance with data privacy regulations, such as GDPR and HIPAA. By storing data securely in the cloud, businesses can navigate regulatory requirements more effectively, mitigating the risks of non-compliance.

Considerations when implementing DaaS for disaster recovery

Choose a reliable DaaS provider

Selecting a trustworthy DaaS provider is crucial. Seek out a provider such as Parallels with a proven track record in disaster recovery and a robust infrastructure to support your business needs.

Network readiness

Ensure that your network can handle the traffic associated with streaming virtual desktops. A robust and scalable network is essential for the seamless functioning of DaaS during disaster recovery scenarios.

Employee training

Train your employees on how to use DaaS effectively. Familiarizing your team with the platform ensures a smooth transition during disaster recovery and helps maintain productivity.

Additional tips for disaster recovery

Develop a comprehensive DR plan

Create a thorough disaster recovery plan that encompasses all aspects of your business. Ensure it includes protocols for desktop recovery using DaaS.

Regular DR plan testing

Test your disaster recovery plan regularly to verify its effectiveness. Regular testing helps identify potential gaps and ensures your plan is reliable.

Secure data backup

Keep your data backed up in a secure location. Implement robust backup strategies to protect your critical information from potential disaster loss.

Employee training

Train your employees in disaster response protocols. Ensuring your team is well-prepared for emergencies contributes to a swift and coordinated response.

How to protect your business from the unpredictable with DaaS for disaster recovery

A data-centric approach to disaster recovery is crucial for safeguarding your business from the unexpected. Preparedness is more critical than ever in today’s ever-changing world. By incorporating these tips and embracing solutions like DaaS, your business can weather challenges and storms, emerging on the other side stronger than ever.

To learn more about how DaaS is the ideal solution for a desktop disaster recovery plan, download the full whitepaper here.

What is Parallels Browser Isolation (PBI)? 

Parallels Browser Isolation (PBI) is a comprehensive, cloud-native solution that offers highly secure access to web applications and SaaS via a preferred web browser. It is a remote browser isolation solution that offers Zero Trust protection from cybersecurity threats and aligns with industry security standards for safety, protection, and compliance.

Parallels Browser Isolation is a fully hosted remote browser isolation service, with a control plane and containerized browser instances. It’s scalable, flexible, and agentless, offering a highly adaptable and secure solution for all users within an organization.

Learn more about Parallels Browser Isolation!

Why would you like to set up secure access to Microsoft Azure with Parallels Browser Isolation (PBI)?

Like many SaaS applications, users have access to Microsoft Azure from any device and any location by default.

Conditional access in Microsoft Entra Identity (Azure AD) enables you to impose restrictions on managed devices or specific network ranges. However, it’s important to understand that these restrictions are applicable only to managed devices.

What if you want to enforce restrictions without the use of VPN agents? Or suppose you aim to apply access controls to bring-your-own-device (BYOD) policies or non-windows-based devices?

Adding to these challenges, it’s crucial to note that conditional access focuses solely on securing entry points. It does not extend to controlling actions within Microsoft Azure (or any other SaaS application) once access is granted.

What if your security needs include stopping users from downloading data while permitting uploads? Or suppose you need to disable copy/paste functions, prevent screenshot capture, and block printing capabilities? These requirements align with a Zero Trust security model, yet such specific restrictions cannot be achieved through traditional conditional access or role-based access controls alone.

Parallels Browser Isolation enables you to route all Microsoft Azure access through a remote browser. This setup allows for geo-blocking, restricting access exclusively to locations associated with PBI IP addresses.

Following this configuration, only users who adhere to the PBI policies and belong to the designated access groups will be granted the ability to connect to Azure. Furthermore, the policy engine empowers you to specify permissible actions within Azure, such as copy/paste, upload, download, print, and others, offering a tailored and secure user experience.

Implement conditional access on Azure

For the first step, you must set up Microsoft Azure to exclusively permit access from PBI IP addresses. You can do this by setting up conditional access within Microsoft Entra ID (formerly known as Azure AD). It’s important to highlight that activating this conditional access feature requires a Microsoft Entra Identity P1 license. The process starts with establishing a Named Location that encompasses the IP addresses associated with Parallels Browser Isolation.

As an admin, go to “Microsoft Entra ID” —> “Security,” —> “Named Locations” Click on “+ IP ranges location” and give this location a unique name. In my case, I called this location “Parallels Browser Isolation”. Add all IP addresses used by Parallels Browser Isolation. The list can be found online in this KB article: https://kb.parallels.com/en/130095.

When adding the different IP addresses, add a /32 to the end to identify that these are single IPs and not ranges.

Once this is done, go to “Microsoft Entra ID” —> “Security” —>“Conditional Access”

Click on “+ Create new policy” and give it a unique name. In my case, I called it “PBI Only Policy”.

In configuring the policy, the initial step involves selecting the ‘Users’ to whom the policy will apply. It’s advisable to begin with a small user group for testing purposes before expanding the policy to include a broader audience.

Important: Make sure you exclude at least a few users from this policy, as you might need to get back into your Microsoft Azure if there are configuration or other issues with your conditional access configuration. If you include everyone and you have an issue, you can’t log in to Microsoft Azure anymore and, therefore can’t make any changes to the conditional access settings in the “Microsoft Entra ID”.

Next, we need to select the “Target Resources” and select “Include”.

If you want to protect your Azure portal only, then choose the “Select apps” option and “Select” only “Microsoft Admin Portals”. This application covers access to Microsoft Azure and some other management portals.

Important: If you choose the “All cloud apps” option, take into account that you might have configured your Parallels Browser Isolation (PBI) solution to be federated with “Microsoft Entra ID,” and therefore, you need to make sure you exclude the application that was created in “Microsoft Entra ID” for PBI from this policy. If not, you won’t be able to log in on PBI.

On the “Conditions” settings, we now have to enable the “Locations” filter. We want to have this policy enabled for all locations except for the “Parallels Browser Isolation” location created in the first step of this procedure.

To do this, under “Include”, select “Any Network,” and under “Exclude,” select “Select Locations” and select the “Named Location” you created earlier, in my case, “Parallels Browser Isolation” location.

The other conditions like “User risk”, “Sign-in risk”, “Device platforms”, “Client apps,” and “Filter for devices” can remain in the default configuration and don’t need to be modified.

The final steps are to set the “Access Controls” to “Block access”, set “Enable policy” to “On,” and save it.

Publish Microsoft Azure as a Secure Web Application in Parallels Browser Isolation (PBI)

Now that the conditional access is configured, your next step is to make sure the users can access Microsoft Azure via Parallels Browser Isolation (PBI).

To do this, log in and go to the PBI admin portal. Click on “Applications” —> “Add Application” —> “Secure Web Application”.

Start by setting the “Name“and the “Icon”. Set “https://portal.azure.com” as a start URL.

Under “Domains,” you have now to specify all URLs that are used by Azure.

For some SaaS applications, this is a single domain, but for Microsoft Azure, the list is pretty long (this is the full list of all domain names used by Microsoft Azure).

You can add the individual subdomains or only the main domains. In the example below we simplified the list of domains to include only the main domains, but not the individual subdomains. Also, we added all possible domains, not just the ones linked to the Microsoft Azure login but all the individual services.

The following domains have been added:

Under the “Access for secure web applications,” select the users or groups in PBI that must have access to Microsoft Azure. Optionally, select an extra policy you want to apply to this application. If the policy doesn’t exist yet, you must first save the application, create a new policy, and then edit the app and assign the newly created policy.

Before creating the policy, don’t forget to save the configuration. You do this by clicking on the bottom of the screen on “Add”.

Once that is done you will see the app in the list of published apps.

In this example, I want extra security on top of Microsoft Azure and, therefore, will create an extra policy to block “copy/paste”, “download”, and “printing” and have a watermark on the screen to make it more difficult to take screenshots.

To create a new policy in the right menu bar, click on “Policies” —>“Add”

Again, we start with setting a “Name”. My policy will be called “Microsoft Apps Policy”, and the idea is that I can apply this same policy to other published Microsoft applications I may want to publish in PBI later.

I want to apply the policy to all users, so I will set the filter for “Users and Groups” to disabled.

Same for the “Active Hours”, I keep it set to disabled.

For the “Location,” I can implement the geo-restriction. As we have restricted access to Azure to only PBIIP addresses with conditional access, we can’t set country-based geo-restrictions at that level.

In my example, I have geo-restricted Microsoft Azure access to “Belgium”, “France”, “Germany”, “Italy”, “Netherlands”, “Portugal” and “Spain”.

On the “Security controls/Policy Features,” I enabled the “Disable printing”, “Disabled downloads,” and “Disable Clipboard” features.

Under “Security controls/End-user experience,” I enabled the following features:

• “Blue border”: This will put a visual indication (blue border around the screen) that you are not accessing the website directly but via the Parallels Browser Isolation solution.
• “Watermarking”: This will add the user’s login name and date as a watermark on top of the screen so that taking screenshots becomes more difficult.

The “Restrict URLs” options don’t need to change here — they can stay on the default values.

Finish creating the policy by clicking on “Save”. Now that the policy has been created, go back to the “Azure Portal” application and add the “Microsoft Apps Policy” to the application.

Test the setup

Now that we have published the “Azure Portal” application on PBI and configured the conditional access on Microsoft Entra ID, we can test if the setup works: First, we try to open it directly from the web browser.

This should not work as the conditional access only allows connections from the Parallels Brower Isolation IP addresses.

If we do the same thing but via Parallels Browser Isolation, it works. Also, note the watermark and the blue bar around the screen.

Now you have set up secure access to Microsoft Azure via Parallels Browser Isolation!

Leading providers like Parallels offer convenient access to virtual desktops, eliminating the need for upfront investments in hardware and software.

How does DaaS work?

DaaS leverages private or public cloud services, enabling multiple users to access virtual desktops over the Internet. The cloud provider takes care of everything, from infrastructure management to security, ensuring seamless and reliable access to virtual desktops. With an internet connection, users can access their desktops from any device, anywhere, using an endpoint application or web browser.

The benefits of DaaS

DaaS offers numerous benefits for organizations, including:

1. Increased productivity: Employees can work from anywhere, anytime, if they have an internet connection and a suitable device.
2. Lower costs: DaaS eliminates the need for upfront hardware and infrastructure investments, offering a more predictable cost structure.
3. Enhanced security: Cloud providers manage security and compliance, ensuring excellent protection against cyber threats.
4. Improved scalability: DaaS allows organizations to quickly scale their desktop infrastructure up or down as needed, adapting to changing business requirements.
5. Reduced IT burden: DaaS frees IT staff from managing desktop infrastructure, allowing them to focus on strategic initiatives.

DaaS vs VDI

While DaaS offers several advantages, it is essential to compare it with traditional VDI to understand its suitability for your organization:

• Cost: DaaS has a lower upfront cost with a pay-as-you-go model, while VDI requires CapEx upfront to set up the IT infrastructure.

• Management needs: With DaaS, third-party management takes care of everything. With VDI, the organization is responsible for storage, computing, and network requirements.

• Capabilities: DaaS has some limitations compared to VDI, which offers advanced capabilities like USB redirection and multiple monitors.

• Regulatory requirements: DaaS may not align with certain industry regulations or compliance requirements, whereas VDI may meet more industry-specific security needs.

• Control: DaaS requires less in-house IT management due to third-party management of the solution, while VDI requires more time and effort since IT has greater control over the virtualized desktops and infrastructure.

• Usability: DaaS suits smaller organizations with proportionally lower needs, while VDI is suitable for larger organizations with higher security needs.

In summary, the choice between DaaS and VDI depends on your organization’s specific needs and resources. DaaS is ideal for organizations that:

• Need a flexible and scalable desktop solution.
• Have limited IT resources.
• Want to reduce costs.
• Prioritize security.

VDI, on the other hand, is better suited for organizations that:

• Require a high level of control over their desktop environments.
• Have the resources to manage their own infrastructure.
• Need to comply with industry-specific regulations and compliance standards.

Which companies benefit most from DaaS?

Many companies are increasingly transitioning to the DaaS model due to its benefits. Some of the organizations that can benefit from a shift to DaaS offerings include:

• Small and medium-sized businesses (SMBs) that want to reduce IT costs and improve flexibility. Such businesses can use DaaS to minimize the need for buying servers, software and other services.
• Enterprises that need to quickly deploy virtual applications and desktops to support new business initiatives or otherwise scale up or down readily. Depending on the business demands, these companies can leverage DaaS to provision or de-provision virtual desktops for their employees quickly.
• Organizations that want to centralize IT management capabilities and minimize IT costs. Utilizing DaaS allows IT administrators to easily deploy, configure, and maintain corporate resources from a single pane of glass.

How do you pick the right DaaS provider?

Before choosing an appropriate DaaS provider, you must first determine if DaaS or Desktop as a Service is the right approach for your organizational needs.

For example, you could have a scenario where employees are used to accessing resources through local PCs in an on-premises IT infrastructure. In this type of environment, it makes business sense to determine if a transition to cloud-based VDI can save costs and free up more resources.

Start by weighing the merits and demerits of VDI versus DaaS. For instance, do you have the necessary virtualization expertise, time, and other tools to manage on-premises IT infrastructure in-house, or would transitioning to DaaS make more business sense?

The future of work with DaaS

DaaS represents a significant advancement in desktop solutions, enabling organizations to embrace a more agile and efficient work environment. Its inherent benefits, like increased productivity, cost savings, and enhanced security, make DaaS a compelling choice for businesses of all sizes.

As DaaS offerings continue to evolve, these solutions are poised to become an essential tool for the modern workforce. As businesses seek to embrace modern work practices, understanding the benefits and challenges of DaaS is crucial.

By making informed decisions about their desktop infrastructure, organizations can unlock new levels of efficiency, cost-effectiveness, and security to thrive in the competitive landscape.

Discover Parallels DaaS

Parallels DaaS stands as a testament to the power of desktop as a service, offering organizations a comprehensive and secure solution tailored to their unique needs.

Our platform empowers businesses to enhance employee productivity, optimize costs, and achieve greater flexibility in a rapidly changing world.

Check out Parallels DaaS today.