RAS Enrollment Server communicates with Microsoft Certificate Authority (CA) to request, enroll, and manage digital certificates on behalf of a user for SSO authentication in the Parallels RAS environment.
Note: For security reasons, RAS Enrollment Server should be installed on a secure, dedicated server similar to an Active Directory Domain Controller or Certificate Authority with no other Parallels RAS components installed.
You can remotely install the RAS Enrollment Server Agent on a specified server from the RAS Console. You can also install the Agent by running the standard RAS installer on the desired server.
To remotely install the RAS Enrollment Server:
In the RAS Console, navigate to Farm > Site > Enrollment servers.
Click Tasks > Add.
Specify the FQDN or IP address of the server where you want the RAS Enrollment Server Agent to be installed.
Click Next.
In the Enrollment Server Agent Information dialog, click Install and follow the onscreen instructions.
To install the RAS Enrollment Server using the Parallels RAS installer:
Run the Parallels RAS installer on the server where you want the RAS Enrollment Server Agent installed.
On the Select Installation Type page, select Custom and click Next.
Clear all other components and select the Parallels RAS Enrollment Server component.
Click Next and follow the onscreen instructions.
Once the RAS Enrollment Server is installed, open the RAS Console and navigate to Farm > Site > Enrollment servers.
Click Tasks > Add.
Enter the Enrollment Server FQDN or IP address and click Next.
Follow the onscreen instructions to add the server to the Farm.
If you perform a manual installation using the RAS installer, it is necessary to place a registration key file on the Enrollment Server host. This step is not required if the RAS Enrollment Server Agent was remotely deployed from the RAS Console.
First, you need to obtain the registration key file as follows:
Open the RAS Console and navigate to Farm > Site > Enrollment servers.
Click Tasks > Export registration key.
Save the key to a file named registration.crt.
Once you have the registration.crt file, copy it to the following folder on the server where you have the RAS Enrollment Server installed, by default in the following path:
C:\Program Files (x86)\Parallels\ApplicationServer\x64
Note: It is mandatory for the registration key file to be named "registration.crt".
After you added the RAS Enrollment Server in the RAS Console, you need to configure AD integration for it as follows:
In the RAS Console, navigate to Farm > Site > Enrollment Servers.
Select the AD Integration tab.
In the Certificate authority (CA) section, specify the configuration string of your Enterprise CA where the new certificate templates, (Prls Enrollment Agent and Prls Smartcard Logon) were created. This should be done in the following format:
CAhostname.domain\issuing CA name
Alternatively, you can click the [...] button to select a CA. For configuration details, see Configure certificate authority templates.
In the Enrollment Agent section, specify the Enrollment Agent username and password. For configuration details, see Active Directory user account configuration.
In the NLA user section, specify the NLA username and password. For configuration details, see Active Directory user account configuration.
Click the Validate AD integration settings button to make sure that the information you've entered is valid.
You can perform standard computer management tasks on a RAS Enrollment Server host right from the RAS Console. These include Remote Desktop Connection, PowerShell, Computer Management, Service Management, Event Viewer, IPconfig, Reboot, and others. To access the Tools menu, click Tasks > Tools and choose a desired tool. For requirements and usage information, see Computer management tools.