1 of 5

Configure User Portal

User Portal is a functionality built into RAS Secure Gateway that allows users to connect to Parallels RAS and open published resources from a web browser using the Parallels Web Client. The client works similarly to a platform-specific Parallels Client, but does not require any additional software to be installed on users' computers or devices. All that users need is an HTML5-enabled web browser.

This section describes how to configure User Portal in the Parallels RAS Console. For the information about how to use it, please refer to the Parallels Web Client and User Portal chapter.

Note: To use Web Client and User Portal, SSL must be enabled on a RAS Secure Gateway. When enabling the client, please verify that SSL is enabled on the SLL/TLS tab or on your network load balancer. Please also note that the User Portal tab is only available if the gateway mode is set to "Normal". For more information, see Gateway mode and forwarding settings.

To configure User Portal, click the User Portal tab in the RAS Secure Gateway properties dialog and then set the options described in the subsequent sections.

For the information on how to configure the Web Client URL and how to access the client from a web browser, please Web request load balancing.

Using Site defaults

To use Site default settings on the User Portal tab, click the Inherit default settings option. To specify your own settings, clear the option. For more info, see Site defaults (Gateways).

Enable or disable User Portal

To enable or disable User Portal, select or clear the Enable User Portal option. This disables User Portal, so users will no be able to connect to User Portal using the Web Client.

Client settings

The Client section allows you to specify application launch methods and other Web Client settings.

Launch sessions using: When a user tries to open a resource from the User Portal web page, the resource can open right in the web browser or it can be launched in a platform-specific Parallels Client installed on the user's computer (e.g., Parallels Client for Windows). This option specifies which client will be used. Compared to Web Client, platform-specific Parallels Client includes a richer set of features and provides end users with a better overall user experience. Select one of the following:
1. Browser Only: Users can run remote applications and desktops using Parallels Web Client only. Use this option if you don't want your users to install a platform-specific Parallels Client.
2. Parallels Client Only: Users can run remote applications and desktops in Parallels Client only. When a user connects to Parallels RAS using Parallels Web Client, they will be asked to install the platform-specific Parallels Client before they can launch remote applications and desktops. A message will be displayed to the user with a link for downloading the Parallels Client installer. After the user installs Parallels Client, they can still select a remote application or desktop in Parallels Web Client but it will open in Parallels Client instead.
3. Parallels Client with fallback to Browser: Both Parallels Client and a browser (HTML5) can be used to launch remote applications and desktops. Parallels Client will be the primary method; Parallels Web Client will be used as a backup method if a published resource cannot be launched in Parallels Client for any reason. A user will be informed if a resource couldn't be opened in Parallels Client and will be given a choice to open it in the browser instead.
(Parallels Client with fallback to Browser and the Parallels Cient only) Additionally, you can configure Parallels Client detection by clicking on the Configure button:
- Detect client: Select when Parallels RAS tries to detect platform-specific Parallels Client.
  - Automatically on sign in: Parallels RAS tries to detect platform-specific Parallels Client immediately.
  - Manually on user prompt: Parallels RAS shows users a prompt where can they select whether they want to detect platform-specific Parallels Client .
- Client detection timeout: Time period during which Parallels RAS tries to detect platform-specific Parallels Client.
Allow users to select a launch method: If selected, users will be able to choose whether to open remote applications in a browser or in Parallels Client. You can enable this option only if the Launch session using option (above) is set to Parallels Client with fallback to Browser (i.e. both methods are allowed).
Allow opening applications in a new tab: If selected, users will be able to open remote applications in a new tab in a web browser.
Use Pre Windows 2000 login format: Enables legacy (pre-Windows 2000) login format.
Allow embedding of User Portal into other web pages: If selected, the User Portcal web page can be embedded in other web pages. Please note that this may be a potential security risk due to a practice known as clickjacking.
Allow file transfer command: Enables file transfer in a remote session. To enable file transfer, select this option and click the Configure button. In the dialog that opens, select Client to server only (transfer files from client to server only), Server to client only (transfer files from server to client only), Bidirectional (transfer files in both directions). For more information, see Configuring Remote File Transfer.
Allow clipboard command: Enables clipboard operations (copy/paste) in a remote session. To enable the clipboard, select this option and click the Configure button. In the dialog that opens, select Client to server only (copy/paste from client to server only), Server to client only (copy and paste from server to client only), Bidirectional (copy and paste in both directions). For more information about using the clipboard, see Using the Remote Clipboard.
Allow cross-origin resource sharing: Enables cross-origin resource sharing (CORS). To enable CORS, select this option and click the Configure button. In the dialog that opens, specify one or more domains for which access to resources should be allowed. If you don't specify any domains, the option will be automatically disabled. In the Browser cache time field, specify for how long the end-user's browser will cache a resource.
Use a client IP detection service: If selected, allows configuring an IP detection service to report IP addresses of connected Parallels Web Client applications. To enable a client IP detection service, select this option and click the Configure button. In the dialog that opens, provide the URL to the IP detection service you want to use. You can press the Test button to ensure the API works as expected. When you click the Test button, the Connection Broker will take the role of the client and call the API. If successful, you will be presented with a window showing the IP address of the Connection Broker.

Network load balancers access

The Network Load Balancers access section is intended for deployment scenarios where third-party front-end load balancers such as Amazon Web Services (AWS) Elastic Load Balancers (ELBs) are used. It allows you to configure an alternate hostname and port number to be used by the Network Load Balancer (NLB). This is needed to separate hostnames and ports on which TCP and HTTPS communications are carried out because AWS load balancers don't support both specific protocols over the same port.

The following options are available:

Use alternate hostname: Select this option and specify an alternate hostname. When the alternate hostname is enabled, all platform-specific Parallels Clients will use this hostname to connect to the RAS Farm or Site.
Use alternate port: Select this option and specify an alternate port number. The port must not be used by any other component in the RAS Farm or Site. To reset the port number to the default value, click Default. When the alternate port is enabled, all platform-specific Parallels Clients will use this port to connect to the RAS Farm or Site. Note that RDP sessions in Web Client will still be connecting to the standard SSL port (443).

Note: Please note that using an alternate host or port is not suitable in a multi-tenant environment as Tenant Broker RAS Secure Gateways are shared between Tenants, which would require different configurations.

In addition, the AWS Application Load Balancer (ALB), which handles HTTP/s traffic required by the Parallels Web Client, only supports specific cookies that are usually automatically generated. When a load balancer first receives a request from a client, it routes the request to a target and generates a cookie named AWSALB, which encodes information about the selected target. The load balancer then encrypts the cookie and includes it in the response to the client. When sticky sessions are enabled, the load balancer uses the cookie received from the client to route the traffic to the same target, assuming the target is registered successfully and is considered healthy. By default, Parallels RAS uses its own ASP.NET cookie named _SessionId, however in this case you must customize the cookie specifying the mentioned AWS cookie for sticky sessions. This can be configured using the Web cookie field on the Web Requests tab. Please note that this functionality is available in Parallels RAS 17.1 or newer.

Network load balancers access

The following options are available:

Use alternate hostname: Select this option and specify an alternate hostname. When the alternate hostname is enabled, all platform-specific Parallels Clients will use this hostname to connect to the RAS Farm or Site.
Use alternate port: Select this option and specify an alternate port number. The port must not be used by any other component in the RAS Farm or Site. To reset the port number to the default value, click Default. When the alternate port is enabled, all platform-specific Parallels Clients will use this port to connect to the RAS Farm or Site. Note that RDP sessions in Web Client will still be connecting to the standard SSL port (443).

Client settings

The Client section allows you to specify application launch methods and other Web Client settings.

Launch sessions using: When a user tries to open a resource from the User Portal web page, the resource can open right in the web browser or it can be launched in a platform-specific Parallels Client installed on the user's computer (e.g., Parallels Client for Windows). This option specifies which client will be used. Compared to Web Client, platform-specific Parallels Client includes a richer set of features and provides end users with a better overall user experience. Select one of the following:
1. Browser Only: Users can run remote applications and desktops using Parallels Web Client only. Use this option if you don't want your users to install a platform-specific Parallels Client.
2. Parallels Client Only: Users can run remote applications and desktops in Parallels Client only. When a user connects to Parallels RAS using Parallels Web Client, they will be asked to install the platform-specific Parallels Client before they can launch remote applications and desktops. A message will be displayed to the user with a link for downloading the Parallels Client installer. After the user installs Parallels Client, they can still select a remote application or desktop in Parallels Web Client but it will open in Parallels Client instead.
3. Parallels Client with fallback to Browser: Both Parallels Client and a browser (HTML5) can be used to launch remote applications and desktops. Parallels Client will be the primary method; Parallels Web Client will be used as a backup method if a published resource cannot be launched in Parallels Client for any reason. A user will be informed if a resource couldn't be opened in Parallels Client and will be given a choice to open it in the browser instead.
(Parallels Client with fallback to Browser and the Parallels Cient only) Additionally, you can configure Parallels Client detection by clicking on the Configure button:
- Detect client: Select when Parallels RAS tries to detect platform-specific Parallels Client.
  - Automatically on sign in: Parallels RAS tries to detect platform-specific Parallels Client immediately.
  - Manually on user prompt: Parallels RAS shows users a prompt where can they select whether they want to detect platform-specific Parallels Client .
- Client detection timeout: Time period during which Parallels RAS tries to detect platform-specific Parallels Client.
Allow users to select a launch method: If selected, users will be able to choose whether to open remote applications in a browser or in Parallels Client. You can enable this option only if the Launch session using option (above) is set to Parallels Client with fallback to Browser (i.e. both methods are allowed).
Allow opening applications in a new tab: If selected, users will be able to open remote applications in a new tab in a web browser.
Use Pre Windows 2000 login format: Enables legacy (pre-Windows 2000) login format.
Allow embedding of User Portal into other web pages: If selected, the User Portcal web page can be embedded in other web pages. Please note that this may be a potential security risk due to a practice known as clickjacking.
Allow file transfer command: Enables file transfer in a remote session. To enable file transfer, select this option and click the Configure button. In the dialog that opens, select Client to server only (transfer files from client to server only), Server to client only (transfer files from server to client only), Bidirectional (transfer files in both directions). For more information, see Configuring Remote File Transfer.
Allow clipboard command: Enables clipboard operations (copy/paste) in a remote session. To enable the clipboard, select this option and click the Configure button. In the dialog that opens, select Client to server only (copy/paste from client to server only), Server to client only (copy and paste from server to client only), Bidirectional (copy and paste in both directions). For more information about using the clipboard, see Using the Remote Clipboard.
Allow cross-origin resource sharing: Enables cross-origin resource sharing (CORS). To enable CORS, select this option and click the Configure button. In the dialog that opens, specify one or more domains for which access to resources should be allowed. If you don't specify any domains, the option will be automatically disabled. In the Browser cache time field, specify for how long the end-user's browser will cache a resource.
Use a client IP detection service: If selected, allows configuring an IP detection service to report IP addresses of connected Parallels Web Client applications. To enable a client IP detection service, select this option and click the Configure button. In the dialog that opens, provide the URL to the IP detection service you want to use. You can press the Test button to ensure the API works as expected. When you click the Test button, the Connection Broker will take the role of the client and call the API. If successful, you will be presented with a window showing the IP address of the Connection Broker.