Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
The below highlights the prerequisites required to use HALB:
Firewall or router in front of a HALB configured to preserve the source IPs of client devices
This chapter describes load balancing options that you can use in Parallels RAS.
High availability load balancing (HALB) in Parallels RAS is a functionality that load balances RAS Secure Gateways. The load balancer is built into a Parallels HALB appliance, which is a preconfigured virtual machine with the operating system installed and all relevant settings configured.
Parallels HALB appliance is available for the following hypervisors:
Microsoft Hyper-V
VMware
Please note that other hypervisors may also be used, but support is provided as best effort. The Parallels RAS HALB appliance uses the Open Virtualization Platform (OVA) format, which is natively supported by various hypervisor.
HALB is deployed in Parallels RAS on a Site level. You can have multiple HALB configurations per Site, which are called Virtual Servers. Each Virtual Server has its own IP address (called Virtual IP or VIP) and is assigned one or more HALB appliances (also called HALB devices in the Virtual Server context) that perform the actual load balancing. An HALB Virtual Server is a virtual representation of HALB devices. It provides traffic distribution to HALB devices when they are properly configured. Since the IP address of a specific Virtual Server is the single point of contact for the client software, it is recommended to have at least two HALB devices per Virtual Server for redundancy.
Multiple HALB devices assigned to a Virtual Server can run simultaneously, one acting as the primary and others as secondary. The more HALB devices a Virtual Server has, the lower the probability that end users will experience downtime. The Virtual Server is assigned the IP address of the primary HALB device, which is shared with secondary HALB devices. Should the primary HALB device fail, a secondary is promoted to primary and takes its place using the same IP address for client connections.
Note: Please note that when a secondary HALB device is promoted to primary, a user may experience up to two disconnects. The first disconnect will occur when an HALB device goes down. The second disconnect may happen when a device goes back online. The disconnects cannot be avoided because the virtual IP address has to be transferred from one HALB device to the other, which means that the first device has to stop communications over this address, while the other device will have start it. Note that disconnects don't affect user sessions. Users are able to reconnect to their sessions and no user data is lost.
Setting up High Availability Load Balancing consists of the following steps:
Deploying one or more Parallels HALB appliances (devices).
Configuring one or more Virtual Servers in the RAS Console.
Read on to learn how to download and deploy a Parallels HALB appliance.
To download a Parallels HALB appliance, visit https://www.parallels.com/products/ras/download/links/.
On the Download Parallels Remote Application Server web page, scroll down to the Download Optional Server Components table and find the Parallels Remote Application Server HALB Appliances row. The row contains the following download links:
HALB Appliance OVA
HALB Appliance VHD
HALB Appliance VMDK
The appliance type that you need to download depends on the hypervisor that you are using. Please follow the instructions below for your hypervisor type.
For VMware, the appliance can be imported with either the OVA or zipped VMDK appliance file. If deployed via the OVA file, the VM is created already configured.
Alternatively, deployment via the VMDK file deploys the VM without preconfigured specifications. The minimum specifications for this VM are outlined below:
One CPU
256 MB RAM
One network card
For Microsoft Hyper-V, the appliance is imported with the VHD file.
After you download a Parallels HALB appliance, you need to import it to a hypervisor running on a separate machine connected to the same local network as Parallels RAS. For the information on how to import a virtual appliance, please consult your hypervisor documentation.
The CPU optimization functionality allows you to optimize CPU load balancing according to your requirements. When configured, the CPU load balancer will lower the priority of a process when its CPU usage exceeds a specified value for a specified number of seconds. The load balancer will revert the priority to its original level when the process has been running below a certain percentage for a certain number of seconds.
To configure CPU optimization, select the Enable CPU Optimization option and then specify the values as described below.
Specifies when the CPU optimization should be activated. The Total CPU usage exceeds field specifies the system wide CPU usage in percent.
Specifies thresholds per process when a specific process exceeds or falls below the specified CPU percentage. Here you can specify Critical and Idle values. The CPU load balancer will adjust other priorities with respect to these values.
Please note that CPU usage values are attenuated and calculated based on the agent refresh time configured on the Load Balancing tab.
Use the Exclusions list to specify processes that should be excluded from CPU optimization. Click Tasks > Add to select a process. To remove a process from the list, select it and click Tasks > Delete.
Irregular values for critical/idle may cause issues (processes set to idle due to incorrect configuration). If there are issues with getting the CPU usage counter, optimizations cannot be applied.
Log files can be found in %ProgramData%\Parallels\RASLogs\cpuloadbalancer.log. Use the log to confirm thresholds. You can check the CPU usage performance counter on Windows.
Note: Since the critical/idle thresholds are calculated based on the highest process CPU usage (not the absolute CPU usage), this value is not reflected in the logs when changing priorities. Absolute CPU usage equals to total CPU usage. For example, if there are 2 processes taking 30% each, the total CPU usage is 60%. The usage threshold when CPU load balancer kicks in is 25% (default). The highest process CPU usage is the CPU usage of the process taking the most CPU. For example, if you have three processes, two taking 10% and the third taking 40%, the highest CPU usage is 40%.
Load Balancer in Parallels RAS is designed to balance RD Session Host connections from Parallels Clients.
The following types of load balancing are available:
Resource based. Distributes sessions to servers depending on how busy the servers are. A new incoming session is always redirected to the least busy server.
Round robin. Redirects sessions in sequential order. For example, let's say there are two RD Session Hosts in the Farm. The first session is redirected to server 1, the second session is redirected to server 2, and the third session is redirected to server 1 again.
Both methods are explained in this and the following subsections. Load Balancing options can be configured from the Load Balancing category in the RAS Console.
Load balancing is enabled by default when more than one server is available in a Site. The resource based load balancing is the default method. Load balancing method can be selected from the Method drop-down list.
Resource-based load balancing uses the following counters to determine if a given server is busier than other servers and vice versa:
User sessions: Redirect users to a server with the least number of sessions.
Memory: Redirect users to the server with the best free/used RAM ratio.
CPU: Redirect users to the server with the best free/used CPU time ratio.
When all of the counters are enabled, the Load Balancer adds the counter ratios together and redirects the session to the server with the most favorable combined ratio.
To remove a counter from the equation, clear the checkbox next to the counter name in the Counters section.
Reconnect to disconnected sessions: Enable this option to redirect incoming user sessions to a previously disconnected session owned by the same user.
Reconnect sessions using client’s IP address only: When reconnecting to a disconnected session, the Parallels RAS will match the username requesting reconnection with the username of the disconnected session to match the sessions. With this option enabled, Parallels RAS will determine to which disconnected session to reconnect the session by matching the source IP address.
Limit each user to one session per desktop: Enable this option to ensure that the same user does not open multiple sessions. Please note that for this option to work, your session host must also be configured to restrict each user to a single session. In Windows Server 2012(R2), it's the "Restrict Remote Desktop Services users to a single Remote Desktop Services session" option in Local Group Policy \ Remote Desktop Services \ Remote Desktop Session Host \ Connections.
Disable Microsoft RD Connection Broker: If this option is enabled, the Microsoft RD Connection Broker will not interfere with the RAS brokering done by the RAS Connection Broker if it is installed. Please note that this option will only work with Windows Server 2012 and above.
You can also change the default timeout and refresh time for RAS agents running on the servers. If you believe that it takes too long to wait for an agent to respond or if the timeout is not long enough, you can specify your own values.
To change default timeouts:
Click the Configure button.
In the dialog that opens, specify the time period in seconds in the Declare agent dead if not responding for field. If the agent is not responding within this time period, the server is excluded from the load balancer.
In the Agent Refresh Time field, specify the number of seconds needed to check if the agent is reachable.
To add a HALB virtual server:
In the RAS console, navigate to Farm > <Site> > HALB.
On the Virtual Servers tab in the right pane, click Tasks > Add. The HALB Configuration wizard opens.
Make sure the Enable HALB option is selected.
Type a name for this virtual server and an optional description.
In the Public address field, type a public FQDN or IP addresses of this server. This is used by the Preferred routing functionality for redirecting client connections. Please see Configuring preferred routing.
In the Virtual IP section, specify the virtual IP address properties which will be used for incoming client connections by a HALB device that you will assign to this Virtual Server later.
In the Settings section, select one or more of the following options. Note that at least one "LB" option must be selected. If you skip an option at this time, you can add it later in the virtual server properties dialog:
LB Gateway Payload: Enables load balancing of normal (unsecured) gateway connections.
LB SSL Payload: Enables load balancing of SSL connections.
Client Management: Enables management of Windows client devices connected through HALB.
Click Next.
From this point forward, depending on the payloads that you selected in the previous step, a wizard page will open where you can configure the payload properties. These pages are described below.
Configure load balancing for normal connections:
Set the port number used by HALB devices to forward traffic to RAS Secure Gateways. The port is configured on a gateway. The default port is 80.
In the Gateways list, select a RAS Secure Gateway to be load balanced. Please note that only one IP address per gateway can be used. If you have more than one entry for the same gateway with different IP addresses, you can select just one.
Configure load balancing for SSL connections:
Set the port number used by HALB devices to forward SSL traffic to RAS Secure Gateways. The port is configured on a gateway. The default port is 443.
Select the SSL mode from Passthrough or SSL Offloading. By default, SSL connections are tunneled directly to gateways (referred to as Passthrough) where the SSL decryption process is performed.
The SSL Offloading mode requires an SSL certificate to be assigned to HALB. When you select it, click Configure and specify the following:
Accepted SSL Version: Select an SSL version.
Cipher Strength: Select the cipher strength of your choice. To specify a custom cipher, select Custom and then specify the cipher in the Cipher field.
The Use ciphers according to server preference option is ON by default. You can use client preferences by disabling this option.
Certificates: Select a desired certificate. For the information on how to create a new certificate and make it appear in this list, see the SSL Certificate Management chapter.
The <All matching usage> option will use any certificate configured to be used by HALB. When you create a certificate, you specify the "Usage" property where you can select "Gateway", "HALB", or both. If this property has the "HALB" option selected, it can be used with HALB. Please note that if you select this option, but not a single certificate matching it exists, you will see a warning and will have to create a certificate first.
Select a gateway to be load balanced. Note that only one IP address per gateway can be used.
Configure Windows client device management, select a gateway that will manage Windows client devices. Note that only one IP address per gateway can be used.
To assign HALB devices to the Virtual Server:
Click Tasks > Add and select or specify a HALB device. If you haven't deployed any HALB devices (appliances) yet, you can still save the Virtual Server configuration and assign HALB devices to it later. At least two HALB devices are recommended per Virtual Server. For more info, see High Availability Load Balancing (HALB). HALB device priority is set by positioning a device in the list. The device at the top is the primary HALB device. Devices under it are secondary HALB devices. To promote a device to primary, simply move it to the top of the list.
Finally, click Finish to save the Virtual Server settings and close the wizard.
The new virtual server will appear in the list in the RAS Console.
To modify the Virtual Server settings, right-click it and choose Properties. The tabs in the Properties dialog have the same options as the wizard pages described above. The only exception is the Advanced tab, which is described below.
To view and configure advanced Virtual Server options, select the Advanced tab. The options that you see on this tab are applied to all HALB devices assigned to a Virtual Server. This list gives you a simple access to the HALB device options without logging in to the virtual machine directly. Please note that changing any of these values may potentially lead to undesired results. You should only change them according to specific network requirements.
The following advanced settings are available:
Option | Default value | Description |
---|---|---|
Enable RDP UDP tunneling
Enable
Enables RDP clients to transfer RDP over UDP traffic through HALB devices.
Minimum TCP connections
2000
Sets the maximum number of concurrent TCP connections.
Client inactivity timeout (s)
150
Maximum inactivity time on the client side in seconds.
Gateway connection timeout (s)
30
Maximum time to wait for a connection attempt to a gateway to succeed in seconds.
Client connection queue timeout (s)
30
When a device's Max TCP connections is reached, connections are left pending in a queue for the period of this timeout (seconds).
Gateway inactivity timeout (s)
150
Set the maximum inactivity time for gateways in seconds.
Amount of TCP connections per second
1000
Set a limit on the number of new connections accepted per second on an HALB device.
Gateway health check intervals (s)
5
Set the interval between two consecutive health checks in seconds.
VRRP virtual router ID
15
Used to differentiate multiple instances of VRRP running on the same network.
VRRP authentication password
-
Enable password authentication for VRRP communication between HALB devices used by for failover synchronization.
VRRP broadcast interval (m)
1
Minimum time interval in minutes for refreshing gratuitous ARPs while device is in active state.
VRRP health script check interval (s)
2
Set the interval between invocations of the script that ensures local HALB services are up and running (seconds).
VRRP health script check timeout (s)
10
Execution timeout for the script that ensures local HALB services are up and running (seconds).
VRRP advertisement interval (s)
1
The time interval between the advertisement packets that are being sent between HALB devices in the same VRRP group (seconds).
Enable OS updates
Disable
Allow HALB devices to automatically update OS packages.
Keep existing load balancing settings
Disable
Keep load balancing configuration currently present on the device and do not overwrite with new settings.
Keep existing VRRP/keepalived
Disable
Keep VRRP/keepalived configuration currently present on the device and do not overwrite with new settings.
When you need to replace or repair a HALB device (virtual machine), you can simply remove it from the Virtual Server configuration and then add the repaired or new device later. If you need to temporarily remove all HALB devices from a Virtual Server configuration, you can do that too.
You can also disable the Virtual Server during maintenance by clearing the Enable HALB option on the General tab in the Virtual Server properties dialog.
HALB device status and version information can be verified in two places in the RAS Console, which are described below.
You can view HALB devices and related information on the Site tab in the RAS Console. To see it, navigate to Farm > Site. Note the Agent and Agent Version columns. The two columns are described below.
The Agent column can have the following values:
Not verified (red) - The agent is not verified and cannot communicate. If you see this, verify the agent.
Needs update (yellow) - The agent is functioning normally but is an older version. If you see this, you should update the agent to the latest version.
Agent OK (green) - The agent is OK. No actions are necessary.
The Agent Version column displays the actual agent version, including the Parallels RAS version and build numbers.
You can also ping a HALB device by right-clicking it and choosing Tools > Ping host. For additional information about using the Tools menu and the Ping tool specifically, please see Computer management tools.
The HALB devices agent status and version can also be viewed in the main HALB subcategory. To see it, navigate to Farm > Site > HALB and select the Devices tab. The agent information displayed here is the same as on the Site tab described above.
To see the number of TCP connections per HALB device, navigate to HALB > Devices and examine the TCP Connections column in the device list. To refresh the list, click Tasks > Refresh.
To see the session information per Virtual Server, navigate to Farm > Site. The session count is displayed for each Virtual Server in the Session column.
To change the HALB appliance password:
Boot the appliance (virtual machine).
Press the <ALT> – <F1> key combination. A login prompt should be displayed.
Type in the following credentials:
login: root
password: Pa$$w0rd
(note that "0" is zero, not the letter "O").
Once logged in, execute the password changing command and type a new password.
Upon completion, you may log in to the HALB device with the new password.