Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
High availability load balancing (HALB) in Parallels RAS is a functionality that load balances RAS Secure Gateways. The load balancer is built into a Parallels HALB appliance, which is a preconfigured virtual machine with the operating system installed and all relevant settings configured.
Parallels HALB appliance is available for the following hypervisors:
Microsoft Hyper-V
VMware
Please note that other hypervisors may also be used, but support is provided as best effort. The Parallels RAS HALB appliance uses the Open Virtualization Platform (OVA) format, which is natively supported by various hypervisor.
HALB is deployed in Parallels RAS on a Site level. You can have multiple HALB configurations per Site, which are called Virtual Servers. Each Virtual Server has its own IP address (called Virtual IP or VIP) and is assigned one or more HALB appliances (also called HALB devices in the Virtual Server context) that perform the actual load balancing. An HALB Virtual Server is a virtual representation of HALB devices. It provides traffic distribution to HALB devices when they are properly configured. Since the IP address of a specific Virtual Server is the single point of contact for the client software, it is recommended to have at least two HALB devices per Virtual Server for redundancy.
Multiple HALB devices assigned to a Virtual Server can run simultaneously, one acting as the primary and others as secondary. The more HALB devices a Virtual Server has, the lower the probability that end users will experience downtime. The Virtual Server is assigned the IP address of the primary HALB device, which is shared with secondary HALB devices. Should the primary HALB device fail, a secondary is promoted to primary and takes its place using the same IP address for client connections.
Note: Please note that when a secondary HALB device is promoted to primary, a user may experience up to two disconnects. The first disconnect will occur when an HALB device goes down. The second disconnect may happen when a device goes back online. The disconnects cannot be avoided because the virtual IP address has to be transferred from one HALB device to the other, which means that the first device has to stop communications over this address, while the other device will have start it. Note that disconnects don't affect user sessions. Users are able to reconnect to their sessions and no user data is lost.
Setting up High Availability Load Balancing consists of the following steps:
Deploying one or more Parallels HALB appliances (devices).
Configuring one or more Virtual Servers in the RAS Console.
Read on to learn how to download and deploy a Parallels HALB appliance.
To download a Parallels HALB appliance, visit https://www.parallels.com/products/ras/download/links/.
On the Download Parallels Remote Application Server web page, scroll down to the Download Optional Server Components table and find the Parallels Remote Application Server HALB Appliances row. The row contains the following download links:
HALB Appliance OVA
HALB Appliance VHD
HALB Appliance VMDK
The appliance type that you need to download depends on the hypervisor that you are using. Please follow the instructions below for your hypervisor type.
For VMware, the appliance can be imported with either the OVA or zipped VMDK appliance file. If deployed via the OVA file, the VM is created already configured.
Alternatively, deployment via the VMDK file deploys the VM without preconfigured specifications. The minimum specifications for this VM are outlined below:
One CPU
256 MB RAM
One network card
For Microsoft Hyper-V, the appliance is imported with the VHD file.
After you download a Parallels HALB appliance, you need to import it to a hypervisor running on a separate machine connected to the same local network as Parallels RAS. For the information on how to import a virtual appliance, please consult your hypervisor documentation.
When you need to replace or repair a HALB device (virtual machine), you can simply remove it from the Virtual Server configuration and then add the repaired or new device later. If you need to temporarily remove all HALB devices from a Virtual Server configuration, you can do that too.
You can also disable the Virtual Server during maintenance by clearing the Enable HALB option on the General tab in the Virtual Server properties dialog.
The below highlights the prerequisites required to use HALB:
Firewall or router in front of a HALB configured to preserve the source IPs of client devices
HALB device status and version information can be verified in two places in the RAS Console, which are described below.
You can view HALB devices and related information on the Site tab in the RAS Console. To see it, navigate to Farm > Site. Note the Agent and Agent Version columns. The two columns are described below.
The Agent column can have the following values:
Not verified (red) - The agent is not verified and cannot communicate. If you see this, verify the agent.
Needs update (yellow) - The agent is functioning normally but is an older version. If you see this, you should update the agent to the latest version.
Agent OK (green) - The agent is OK. No actions are necessary.
The Agent Version column displays the actual agent version, including the Parallels RAS version and build numbers.
You can also ping a HALB device by right-clicking it and choosing Tools > Ping host. For additional information about using the Tools menu and the Ping tool specifically, please see Computer management tools.
The HALB devices agent status and version can also be viewed in the main HALB subcategory. To see it, navigate to Farm > Site > HALB and select the Devices tab. The agent information displayed here is the same as on the Site tab described above.
To add a HALB virtual server:
In the RAS console, navigate to Farm > <Site> > HALB.
On the Virtual Servers tab in the right pane, click Tasks > Add. The HALB Configuration wizard opens.
Make sure the Enable HALB option is selected.
Type a name for this virtual server and an optional description.
In the Public address field, type a public FQDN or IP addresses of this server. This is used by the Preferred routing functionality for redirecting client connections. Please see Configuring preferred routing.
In the Virtual IP section, specify the virtual IP address properties which will be used for incoming client connections by a HALB device that you will assign to this Virtual Server later.
In the Settings section, select one or more of the following options. Note that at least one "LB" option must be selected. If you skip an option at this time, you can add it later in the virtual server properties dialog:
LB Gateway Payload: Enables load balancing of normal (unsecured) gateway connections.
LB SSL Payload: Enables load balancing of SSL connections.
Client Management: Enables management of Windows client devices connected through HALB.
Click Next.
From this point forward, depending on the payloads that you selected in the previous step, a wizard page will open where you can configure the payload properties. These pages are described below.
Configure load balancing for normal connections:
Set the port number used by HALB devices to forward traffic to RAS Secure Gateways. The port is configured on a gateway. The default port is 80.
In the Gateways list, select a RAS Secure Gateway to be load balanced. Please note that only one IP address per gateway can be used. If you have more than one entry for the same gateway with different IP addresses, you can select just one.
Configure load balancing for SSL connections:
Set the port number used by HALB devices to forward SSL traffic to RAS Secure Gateways. The port is configured on a gateway. The default port is 443.
Select the SSL mode from Passthrough or SSL Offloading. By default, SSL connections are tunneled directly to gateways (referred to as Passthrough) where the SSL decryption process is performed.
The SSL Offloading mode requires an SSL certificate to be assigned to HALB. When you select it, click Configure and specify the following:
Accepted SSL Version: Select an SSL version.
Cipher Strength: Select the cipher strength of your choice. To specify a custom cipher, select Custom and then specify the cipher in the Cipher field.
The Use ciphers according to server preference option is ON by default. You can use client preferences by disabling this option.
Certificates: Select a desired certificate. For the information on how to create a new certificate and make it appear in this list, see the SSL Certificate Management chapter.
The <All matching usage> option will use any certificate configured to be used by HALB. When you create a certificate, you specify the "Usage" property where you can select "Gateway", "HALB", or both. If this property has the "HALB" option selected, it can be used with HALB. Please note that if you select this option, but not a single certificate matching it exists, you will see a warning and will have to create a certificate first.
Select a gateway to be load balanced. Note that only one IP address per gateway can be used.
Configure Windows client device management, select a gateway that will manage Windows client devices. Note that only one IP address per gateway can be used.
To assign HALB devices to the Virtual Server:
Click Tasks > Add and select or specify a HALB device. If you haven't deployed any HALB devices (appliances) yet, you can still save the Virtual Server configuration and assign HALB devices to it later. At least two HALB devices are recommended per Virtual Server. For more info, see High Availability Load Balancing (HALB). HALB device priority is set by positioning a device in the list. The device at the top is the primary HALB device. Devices under it are secondary HALB devices. To promote a device to primary, simply move it to the top of the list.
Finally, click Finish to save the Virtual Server settings and close the wizard.
The new virtual server will appear in the list in the RAS Console.
To modify the Virtual Server settings, right-click it and choose Properties. The tabs in the Properties dialog have the same options as the wizard pages described above. The only exception is the Advanced tab, which is described below.
To view and configure advanced Virtual Server options, select the Advanced tab. The options that you see on this tab are applied to all HALB devices assigned to a Virtual Server. This list gives you a simple access to the HALB device options without logging in to the virtual machine directly. Please note that changing any of these values may potentially lead to undesired results. You should only change them according to specific network requirements.
The following advanced settings are available:
Option | Default value | Description |
---|---|---|
Enable RDP UDP tunneling
Enable
Enables RDP clients to transfer RDP over UDP traffic through HALB devices.
Minimum TCP connections
2000
Sets the maximum number of concurrent TCP connections.
Client inactivity timeout (s)
150
Maximum inactivity time on the client side in seconds.
Gateway connection timeout (s)
30
Maximum time to wait for a connection attempt to a gateway to succeed in seconds.
Client connection queue timeout (s)
30
When a device's Max TCP connections is reached, connections are left pending in a queue for the period of this timeout (seconds).
Gateway inactivity timeout (s)
150
Set the maximum inactivity time for gateways in seconds.
Amount of TCP connections per second
1000
Set a limit on the number of new connections accepted per second on an HALB device.
Gateway health check intervals (s)
5
Set the interval between two consecutive health checks in seconds.
VRRP virtual router ID
15
Used to differentiate multiple instances of VRRP running on the same network.
VRRP authentication password
-
Enable password authentication for VRRP communication between HALB devices used by for failover synchronization.
VRRP broadcast interval (m)
1
Minimum time interval in minutes for refreshing gratuitous ARPs while device is in active state.
VRRP health script check interval (s)
2
Set the interval between invocations of the script that ensures local HALB services are up and running (seconds).
VRRP health script check timeout (s)
10
Execution timeout for the script that ensures local HALB services are up and running (seconds).
VRRP advertisement interval (s)
1
The time interval between the advertisement packets that are being sent between HALB devices in the same VRRP group (seconds).
Enable OS updates
Disable
Allow HALB devices to automatically update OS packages.
Keep existing load balancing settings
Disable
Keep load balancing configuration currently present on the device and do not overwrite with new settings.
Keep existing VRRP/keepalived
Disable
Keep VRRP/keepalived configuration currently present on the device and do not overwrite with new settings.
To see the number of TCP connections per HALB device, navigate to HALB > Devices and examine the TCP Connections column in the device list. To refresh the list, click Tasks > Refresh.
To see the session information per Virtual Server, navigate to Farm > Site. The session count is displayed for each Virtual Server in the Session column.
To change the HALB appliance password:
Boot the appliance (virtual machine).
Press the <ALT> – <F1> key combination. A login prompt should be displayed.
Type in the following credentials:
login: root
password: Pa$$w0rd
(note that "0" is zero, not the letter "O").
Once logged in, execute the password changing command and type a new password.
Upon completion, you may log in to the HALB device with the new password.