# Adding a HALB virtual server To add a HALB virtual server: 1. In the RAS console, navigate to **Farm** > \ > **HALB**. 2. On the **Virtual Servers** tab in the right pane, click **Tasks** > **Add**. The **HALB Configuration** wizard opens. 3. Make sure the **Enable HALB** option is selected. 4. Type a name for this virtual server and an optional description. 5. In the **Public address** field, type a public FQDN or IP addresses of this server. This is used by the Preferred routing functionality for redirecting client connections. Please see [**Configuring preferred routing**](https://docs.parallels.com/landing/ras-admin-guide/v20-en-us/parallels-ras-20-administrators-guide/publishing/configuring-preferred-routing). 6. In the **Virtual IP** section, specify the virtual IP address properties which will be used for incoming client connections by a HALB device that you will assign to this Virtual Server later. 7. In the **Settings** section, select one or more of the following options. Note that at least one "LB" option must be selected. If you skip an option at this time, you can add it later in the virtual server properties dialog: * **LB Gateway Payload**: Enables load balancing of normal (unsecured) gateway connections. * **LB SSL Payload**: Enables load balancing of SSL connections. * **Client Management**: Enables management of Windows client devices connected through HALB. 8. Click **Next**. From this point forward, depending on the payloads that you selected in the previous step, a wizard page will open where you can configure the payload properties. These pages are described below. ### **LB Gateway payload** Configure load balancing for normal connections: 1. Set the port number used by HALB devices to forward traffic to RAS Secure Gateways. The port is configured on a gateway. The default port is 80. 2. In the **Gateways** list, select a RAS Secure Gateway to be load balanced. Please note that only one IP address per gateway can be used. If you have more than one entry for the same gateway with different IP addresses, you can select just one. ### **LB SSL payload** Configure load balancing for SSL connections: 1. Set the port number used by HALB devices to forward SSL traffic to RAS Secure Gateways. The port is configured on a gateway. The default port is 443. 2. Select the SSL mode from **Passthrough** or **SSL Offloading**. By default, SSL connections are tunneled directly to gateways (referred to as Passthrough) where the SSL decryption process is performed. The **SSL Offloading** mode requires an SSL certificate to be assigned to HALB. When you select it, click **Configure** and specify the following: * **Accepted SSL Version:** Select an SSL version. * **Cipher Strength:** Select the cipher strength of your choice. To specify a custom cipher, select **Custom** and then specify the cipher in the **Cipher** field. * The **Use ciphers according to server preference** option is ON by default. You can use client preferences by disabling this option. * **Certificates:** Select a desired certificate. For the information on how to create a new certificate and make it appear in this list, see the [**SSL Certificate Management** ](https://docs.parallels.com/landing/ras-admin-guide/v20-en-us/parallels-ras-20-administrators-guide/ssl-certificate-management)chapter. The **\** option will use any certificate configured to be used by HALB. When you create a certificate, you specify the "Usage" property where you can select "Gateway", "HALB", or both. If this property has the "HALB" option selected, it can be used with HALB. Please note that if you select this option, but not a single certificate matching it exists, you will see a warning and will have to create a certificate first. 3. Select a gateway to be load balanced. Note that only one IP address per gateway can be used. ### **Device Manager** Configure Windows client device management, select a gateway that will manage Windows client devices. Note that only one IP address per gateway can be used. ### **Devices** To assign HALB devices to the Virtual Server: 1. Click **Tasks** > **Add** and select or specify a HALB device. If you haven't deployed any HALB devices (appliances) yet, you can still save the Virtual Server configuration and assign HALB devices to it later. At least two HALB devices are recommended per Virtual Server. For more info, see [**High Availability Load Balancing (HALB)**](https://docs.parallels.com/landing/ras-admin-guide/v20-en-us/parallels-ras-20-administrators-guide/load-balancing-and-halb/high-availability-load-balancing-halb). HALB device priority is set by positioning a device in the list. The device at the top is the primary HALB device. Devices under it are secondary HALB devices. To promote a device to primary, simply move it to the top of the list. 2. Finally, click **Finish** to save the Virtual Server settings and close the wizard. The new virtual server will appear in the list in the RAS Console. ### **Modifying Virtual Server and configuring advanced options** To modify the Virtual Server settings, right-click it and choose **Properties**. The tabs in the **Properties** dialog have the same options as the wizard pages described above. The only exception is the **Advanced** tab, which is described below. To view and configure advanced Virtual Server options, select the **Advanced** tab. The options that you see on this tab are applied to all HALB devices assigned to a Virtual Server. This list gives you a simple access to the HALB device options without logging in to the virtual machine directly. Please note that changing any of these values may potentially lead to undesired results. You should only change them according to specific network requirements. The following advanced settings are available: | Option | Default value | Description | | ------------------------------------- | ------------- | --------------------------------------------------------------------------------------------------------------------------------- | | Enable RDP UDP tunneling | Enable | Enables RDP clients to transfer RDP over UDP traffic through HALB devices. | | Maximum TCP connections | 2000 | Sets the maximum number of concurrent TCP connections. | | Client inactivity timeout (s) | 150 | Maximum inactivity time on the client side in seconds. | | Gateway connection timeout (s) | 30 | Maximum time to wait for a connection attempt to a gateway to succeed in seconds. | | Client connection queue timeout (s) | 30 | When a device's Max TCP connections is reached, connections are left pending in a queue for the period of this timeout (seconds). | | Gateway inactivity timeout (s) | 150 | Set the maximum inactivity time for gateways in seconds. | | Amount of TCP connections per second | 1000 | Set a limit on the number of new connections accepted per second on an HALB device. | | Gateway health check intervals (s) | 5 | Set the interval between two consecutive health checks in seconds. | | VRRP virtual router ID | 15 | Used to differentiate multiple instances of VRRP running on the same network. | | VRRP authentication password | - | Enable password authentication for VRRP communication between HALB devices used by for failover synchronization. | | VRRP broadcast interval (m) | 1 | Minimum time interval in minutes for refreshing gratuitous ARPs while device is in active state. | | VRRP health script check interval (s) | 2 | Set the interval between invocations of the script that ensures local HALB services are up and running (seconds). | | VRRP health script check timeout (s) | 10 | Execution timeout for the script that ensures local HALB services are up and running (seconds). | | VRRP advertisement interval (s) | 1 | The time interval between the advertisement packets that are being sent between HALB devices in the same VRRP group (seconds). | | Enable OS updates | Disable | Allow HALB devices to automatically update OS packages. | | Keep existing load balancing settings | Disable | Keep load balancing configuration currently present on the device and do not overwrite with new settings. | | Keep existing VRRP/keepalived | Disable | Keep VRRP/keepalived configuration currently present on the device and do not overwrite with new settings. | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.parallels.com/landing/ras-admin-guide/v20-en-us/parallels-ras-20-administrators-guide/load-balancing-and-halb/high-availability-load-balancing-halb/adding-a-halb-virtual-server.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.