To add a Site to the Farm:

1. In the RAS Console, select the Farm category in the left pane and then select the Farm in the middle pane.

2. In the Tasks drop-down list (the right pane, above the Site list), click Add (or click the + icon).

3. In the Add Site dialog:

   • In the Site field, specify a Site name.

   • In the Server field, specify the IP address or FQDN of the server where the Primary Connection Broker and Secure Gateway should be installed.

   • Select the Enable HTML5 Gateway option to automatically create a self-signed certificate, enable SSL, and enable HTML5 support. For more info, please see Configure User Portal.

4. Click Next.

5. The Site Properties dialog opens. First, it verifies if RAS Connection Broker is installed on the specified Site server. If it isn't, it will indicate this in the Status field.

6. Click the Install button to install the agent.

7. In the Install RAS Connection Broker dialog, highlight the server name on which the RAS Connection Broker is to be installed.

8. (Optional) Select the option Override system credentials to specify and use different credentials to connect to the server and install the agent.

9. Click Install to install the Connection Broker and Secure Gateway. Click Done once it has been successfully installed.

Once a new Site is created, you can view and manage its configuration by right-clicking the Site in the RAS Console and choosing Switch to this Site.

Parallels RAS Farm is a logical grouping of objects for the purpose of centralized management. A Farm configuration is stored in a single database which contains information about all objects comprising the Farm. A Site is the next level grouping in the Farm hierarchy which contains servers and other objects providing connection and remote application services.

To add an administrator account to the Parallels RAS Farm:

1. In the RAS Console, navigate to Administration> Accounts.

2. Click the Tasks drop-down list and choose Add (or click the [+] icon).

3. The Account Properties dialog opens.

4. Click the [...] button next to the Name field. In the Select User or Group dialog, select a user or a group.

5. Specify an email address and mobile phone number. Both fields are optional and are disabled if the account specified in the Name field is a group.

6. In the Permissions drop-down list select a role to assign to the administrator:

   • Root administrator. Grants the administrator full permissions to manage the Farm.

   • Power administrator. Grants the administrator full permissions by default but allows you to limit them if needed. To grant or deny specific permissions, click the Change Permissions button. For additional info, see Administrator Account Permissions.

   • Custom administrator. This role doesn't have any permissions by default and allows you grant very specific permissions for a particular category, area, or object in the RAS Console. See Administrator Account Permissions for details.

7. In the Receive system notifications via drop-down list, select Email to send all system notifications to the specified email address, or select None to disable email system notifications for this account.

8. Click OK to add the new administrator account to the Farm.

Modifying an administrator account

To modify an account, select it in the list and click Tasks > Properties. This opens the Account Properties dialog where you can modify the account information.

To enable or disable an account, select or clear the Enable account option at the top of the Account Properties dialog.

You can have more than one administrator in Parallels RAS. At least one administrator (called the root administrator) must be present at all times. Other administrators can be given the following roles:

• Root administrator. Has full permissions to manage a Parallels RAS Farm.

• Power administrator. Has most permissions granted by default, but can be configured to have limited permissions to manage certain sites or categories.

• Custom administrator. Has no permission by default and can be granted specific permission to view or modify very specific areas or objects in the Parallels RAS Farm.

Read on to learn how to create and manage administrator accounts.

If you have a number of administrators using the RAS Console to manage the same Farm, you can configure when an idle RAS Console session should be disconnected. By default, when an administrator opens the console and connects to a Farm but then forgets to log off and goes away, the session will stay active indefinitely possibly locking some of the categories for other administrators. You can change that by specifying the time period after which an idle session will be disconnected (thus unlocking the categories).

To configure idle sessions:

1. In the RAS Console, navigate to Administration > Settings.

2. Locate the Miscellaneous section (at the bottom) and choose a desired time period in the Reset idle RAS Console session after drop-down list.

When a session stays idle for close to the specified time period, the administrator (session owner) will be notified a few minutes in advance that the session is about to be disconnected. If the administrator chooses to stay connected, the time period is reset. If the administrator does nothing, the session will be disconnected when the time expires.

Parallels Customer Experience Program helps us to improve the quality and reliability of Parallels RAS. If you accept to join the program, we will collect information about the way you use Parallels RAS. We will not collect any personal data, like your name, address, phone number, or keyboard input.

To join the program:

1. In the RAS Console, select the Administration category.

2. In the right pane, click the Settings tab.

3. Select the Participate in the Customer Experience Program option.

After you join the program, CEP will automatically start to collect information about how you use Parallels RAS. Data collected from you and other participants is combined and thoroughly analyzed to help us improve Parallels RAS.

The Licensing Site should always be online even if you have other sites in your Farm. If your Licensing Site goes offline, your other sites can still use the maximum number of individual licenses included in your subscription but only for a period of 72 hours. During this time, you need to do one of the following:

• Restore your Licensing Site.

• Promote a different Site to be the Licensing Site in the Farm (see below for instructions).

Please note that if the Licensing Site is offline from 48 to 72 hours and back online three times per month, you will be required to re-activate it using your Parallels RAS licensing key after the third time.

To promote a secondary Site to be the Licensing Site in the Farm:

1. In the RAS Console, navigate to Farm > Farm.

2. In the right pane select a Site and then click Tasks > Set as licensing Site.

3. You will be asked to activate the new Licensing Site using your Parallels RAS license. Follow the instructions and activate the Site.

Parallels RAS administrators logged on to the same Farm can communicate with each other using a built-in instant messenger.

To use the instant messenger:

1. In the RAS Console, select the Administration category.

2. Expand the drop-down list next to your name (top-right corner of the console screen) and click Chat.

3. The Parallels Remote Application Server Chat window opens.

To send a message:

1. Type the message text in the lower input panel.

2. In the Logged on administrators list box, select a specific administrator or All to send the message to an individual or all logged on administrators.

3. Click Send.

Your message history is displayed in the Messages panel. To clear the history, click Clear All.

You can also view the chat history listing all messages between all administrators (not just your own messages). To do so, select the Administration node in the console and then select the Chat History tab.

To set permissions for a RAS administrator, do the following:

1. In the RAS Console, navigate to Administration > Accounts.

2. Select an administrator in the list and click Tasks > Properties.

3. Click the Change Permissions button in the Administrator Properties dialog. The following happens depending on what is selected in the Permissions field:

   • Root administrator. The Change Permission button is disabled because the root administrator always has full permissions.

   • Power administrator. The Account Permissions dialog opens. In the left pane, select one or more sites for which to grant permissions to the administrator. In the right pane, select specific permissions. See the Power administrator permissions subsection below for details.

   • Custom administrator. A different Account Permissions dialog opens where you can set custom permissions. Compared to the Power administrator role (see above), this option allows you to grant any permission (view, modify, add, etc.) for entire categories or specific areas or objects in the RAS Console. If a Custom administrator doesn't have permissions to even view a category or tab page, they will not even appear in the RAS Console. Using the Custom administrator role, you can limit permissions to one or more very specific tasks. For details, see Custom administrator permissions below.

Power administrator permissions

The following permissions can be set for a Power administrator:

• Allow viewing of site information. Whether the administrator can view the Site information.

• Allow site changes. Permissions to modify the following categories: Site, Load Balancing, Universal Printing, Universal Scanning. This option is disabled if the Allow viewing of Site information option is cleared.

• Allow session management. Permission to manage running sessions. This option is disabled if the Allow viewing of site information option is cleared.

• Allow publishing changes. Permission to modify the Publishing category.

• Allow connection changes. Permission to modify the Connection category.

• Allow viewing of RAS reporting. Permission to view reports generated by RAS Reporting.

• Allow client management changes. Permission to modify the Device Manager category.

In the Global permission area, set the following:

• Allow viewing of policies. Whether to allow the administrator to view the Policies category.

• Allow policies changes. Whether to allow the administrator to modify the Policies category.

Custom administrator permissions

To set custom administrator permissions, you must be either a root administrator or a power administrator with the "Allow site changes" permission granted.

When you first create an administrator of this type, they will have no permissions. To add permissions, select a Site in the left pane and then click the Change permissions button. The Account Permissions dialog opens. In the dialog, select a permission type in the left pane.

The permission types are:

• RD Session hosts groups. The Groups tab in Farm > RD Session hosts.

• Manage Sessions by AD Groups. Permission for managing user sessions for users that belong to the same AD group as the custom administrator.

• Remote PCs. The Farm > Remote PCs view.

• Secure Gateways. The Farm > Secure Gateways view.

• Connection Brokers. The Farm > Connection Brokers.

• HALB. The Farm > HALB view.

• Themes. The Farm > Themes view.

• Publishing. Permissions for individual folders in the Publishing category.

• Connection. The entire Connection category.

• Device Manager. The entire Device manager category.

• Certificates. The Farm > Certificates view.

• Application Packages. The Farm > Application Packages view.

To change global permissions, instead of a specific Site select Global in the left pane and then click the Change permissions button.

The global permission types are:

• Monitoring. The Monitoring category.

• Reporting. The Reporting category.

• License. The License category.

After you select a permission type, you can set the actual permissions in the right pane. Different permission types may have different sets of permissions. The following list describes all available permissions:

• View. View only.

• Modify. View and modify.

• Add. View, modify, and add new objects (e.g. servers).

• Delete. View, modify, and delete an object.

• Control. View and control an object. This permission enables the Tasks > Control menu (where available), which includes enable and disable logons, cancel pending reboot, install RDS role, reboot, and some other options. Also enables power operations (start, stop, etc., where available).

• Manage sessions. View and manage sessions.

The lower portion of the right pane lists individual objects (e.g. servers) if the selected permission type has them. Here, you can set individual permissions for a specific object (not the entire tab, for instance, which otherwise would include all available objects).

The Global permissions options at the top of the right pane enables all permissions for all objects for the selected permission type.

Clone permissions

As a root administrator (or a power administrator with sufficient privileges), you can apply (clone) permissions of an existing administrator account to another existing account. This way, you can configure permissions for one account and then quickly apply the same configuration to all other accounts that require them.

To clone permissions, select a source administrator account and click Tasks > Clone permissions. In the dialog that opens, select a destination account (or multiple accounts) and click OK.

Delegate permissions

There could be a situation when a power administrator needs to grant some permissions to a custom administrator. This cannot be done by modifying permissions because power administrators cannot manage administrator accounts directly. Instead, they can delegate some of their own permissions in a given Site to a custom administrator of their choice.

For example, if a power administrator wants the custom administrator to be able to manage a particular RD Session Host, he/she selects that host in the RAS Console and click Tasks > Delegate permissions. This opens a dialog where the administrator can select a custom administrator and specify which permissions (view, modify, etc.) that administrator should have. The Tasks > Delegate permissions menu option is available for many objects, such as Providers, host pools (desktops), and some others. If the menu is not available for an object, it means that this functionality is not available for objects of this type.

If you have more than one Parallels RAS Farm in your organization, you can use the same Parallels RAS Console instance to manage any of them. By default, the Parallels RAS Console is installed on the same server where you install other Parallels RAS components, but you can install the console on any computer on your network.

Connecting to a Parallels RAS Farm for the first time

When you open the Parallels RAS Console for the first time, it displays the logon dialog on which you need to specify the following:

• Farm: A Parallels RAS Farm to connect to. Enter the FQDN or IP address of the server where you have RAS Connection Broker installed.

• If you've installed the Parallels Single Sign-On component when installing the RAS Console, you will see the Authentication type field from which you can select whether to log on using your credentials or SSO. If you reboot after the installation and select SSO, select Single Sign-On and then click Connect. Your Windows credentials will be used to log in to the RAS Farm. If you select Credentials, enter your credentials as described below.

• Username: A user account with administrative privileges on the server where Parallels RAS is installed (usually a domain or local administrator). The account name must be specified using the UPN format (e.g. administrator@domain.com). The specified user will be automatically configured as the Parallels RAS administrator with full access rights.

• Password: The specified user account password.

• If you select the Remember credentials option, this dialog will not be shown the next time you launch the Parallels RAS Console.

After entering the connection properties, click Connect to connect to the Farm and open the RAS Console.

Note that the Edit Connections button will not display any information on first connect (it is used to edit Farm connections that already exist), so you can ignore it at this point. We will talk about using this button closer to the end of this section.

Connecting to a different Parallels RAS Farm

When you need to connect to a different Parallels RAS Farm, you first need to log off from the Parallels RAS Console in order to see the logon dialog again. To do so:

1. In the Parallels RAS Console, click on the arrow icon next to your user name in the upper right-hand corner and then choose Log Off in the context menu.

2. The console will close and the RAS logon dialog will open. The dialog will be populated with the current Farm connection properties.

3. To connect to a different Farm, type the FQDN or IP address of the server where the other Farm is located. Once again, this should be the server where you have the RAS Connection Broker installed.

4. Specify a username and password and click Connect. The Parallels RAS Console will connect to the Farm using the connection properties that you specified.

Switching between Parallels RAS Farms

After you connect to more than one Farm from the same Parallels RAS Console instance, you can easily switch between them as follows:

1. In the Parallels RAS Console, click the Location drop-down list in the upper left-hand corner (right below the main application menu, where the current Site name is displayed).

2. The lower portion of the drop-down list will contain names of the Farms to which you connected at least once in the past (the upper portion contains one or more Site names for the current Farm). Click a desired Farm name to connect to it.

3. When you click the Farm name, the console will close momentarily and will re-open connected to the Farm that you selected.

Note that you can also switch between Farms by logging off from the console and choosing a desired Farm from the Farm drop-down list in the RAS logon dialog. The method described above is more convenient, so this one is just another way to do it.

Editing Parallels RAS Farm connections

As was mentioned in the beginning of this section, the RAS logon dialog has the Edit Connections button. When you click it, the Manage Parallels RAS Farm Connections dialog opens.

On the left side of the dialog, the Farm Connections pane lists Parallels RAS Farms to which you connected at least once in the past. If a connection is no longer relevant, you can remove it by selecting it and clicking the "minus sign" icon at the top. Once a connection is removed, it will no longer appear in the RAS logon dialog and in the Parallels RAS Console (the Location drop-down list).

On the right side of the dialog, the Connection Brokers pane lists RAS Connection Brokers for the selected Farm connection. By default, the primary Connection Broker is included in the list, but you can add more Connection Brokers if needed. When connecting to a Farm, the Parallels RAS Console will try the primary Connection Broker first. If a connection cannot be established, it will try other Connection Brokers in the order they are listed in the Connection Brokers pane. To add a Connection Broker to the list, click the "plus sign" icon and then specify the server FQDN or IP address.

Connecting to a Parallels RAS Farm via Command Prompt

You can connect to a Farm using Windows Command Prompt. This can be useful when you want to automatically connect to specific Farms.

To connect to a Farm using Windows Command Prompt:

1. Navigate to the folder where 2xConsole.exe is located.

2. Open Command Prompt and enter the following command: 2xconsole.exe <arguments>. The possible arguments are described below.

Arguments

Examples

Create a new Farm without a friendly name and store the credentials: 2xconsole.exe -s 10.124.4.113 -u administrator@prls.dev -p password -savecreds

Connect to the previously created Farm using the IP: 2xconsole.exe -s 10.124.4.113

Create a new Farm with a friendly name and store the credentials: 2xconsole.exe -f myfarm -s 10.124.5.123 -u administrator@prls.dev -p password -savecreds

Connect to the previously created farm using the friendly name: 2xconsole.exe -f myfarm

Site-specific settings configured for a given Site can be replicated to all other sites in a Farm. Refer to the table below for the information about which settings can be replicated to other sites.

To replicate Site settings to all other sites, select Farm> <site>> Settings and then select the Replicate settings option (at the bottom of the Auditing tab). Please note that this option is disabled if you have just one Site in the Farm.

Overriding Site Replicated Settings

If an administrator who has permissions to enable or disable replication settings makes a change to a specific setting, such setting is replicated to all other sites. If an administrator has access to a particular Site only, upon modifying Site settings which have been replicated, the replicated settings are overridden and the option Replicate Settings is automatically cleared, therefore such settings will no longer be replicated to other sites.

To view existing administrator accounts, select the Administration category in the RAS Console. The Accounts tab lists existing accounts and their properties, including:

• Group or user name. Account name, which can be a user or group name.

• Type. Account type. Can be one of the following: User, Group, Group User. The User and Group are self-explanatory. The Group User is a user who receives Parallels RAS administrative permissions via a group membership. When you initially add a group to the list of Parallels RAS administrators, its members are not displayed on the Accounts tab. As soon as a member of the group logs in to Parallels RAS, the account name is added to the list of administrators as a Group User and remains there. Note that you cannot change Parallels RAS permissions for such an account individually outside the group permissions.

• Permissions. A security role assigned to an administrator.

• Email. Email address.

• Mobile. Mobile phone number.

• Group. Group name. This column has a value for Group Users only (see the Type column description above).

• Last Modification By. The name of the user who modified this account in Parallels RAS the last time.

• Changed On. The last account modification date.

• Created By. The name of the user who created this account in Parallels RAS.

• Created On. The date when this account was added to Parallels RAS.

• ID. Internal Parallels RAS ID.

Modifying an account

To modify an account:

1. Right-click an account and choose Properties in the context menu.

2. Use the Administrator Properties dialog to modify the necessary information. For more info, see .

Handling locked objects

When an administrator is working with an object (e.g. a tab in the RD Session Host properties dialog), the object is locked for all other administrators. Therefore, upon trying to access a locked object, an administrator will be alerted with an error that the object is locked and will be denied access to it.

A root administrator (but not power or custom administrator) can release a locked object as follows:

1. On the Administration > Accounts tab, click the Tasks drop-down list and choose Show Sessions.

2. In the Sessions dialog, select the administrator who is locking an object and then click the Send Message icon (at the top).

3. If the administrator doesn't reply and doesn't release the object, you have an option to click Log Off, which will log them off and will unlock the category.

To view existing sites in the Parallels RAS Console, select the Farm category in the left pane. Existing sites are listed in the right pane.

The Farm category displays the configuration of only one Site at a time. If you log in as the Farm administrator, the configuration of the RAS Licensing Site will be displayed. If you log in as an administrator who has access to a specific Site (but not the Farm), the configuration of that Site will be displayed.

Current Site

Click on the Farm item in the middle pane to view the list of available sites. The Site which configuration is currently loaded in the console is marked as "Current Site" in the Type column. The column also displays other Site attributes. For example, "Licensing Site / Local Site / Current Site".

Switching between sites

To switch to a particular Site, select Farm in the middle pane, then right-click the Site in the right pane and choose Switch to this Site. The Site configuration will be loaded into the RAS Console.

The other way of switching between sites is to click the Location drop-down list in the upper left-hand side of the RAS Console. The menu lists sites for the current Farm and may also list other Farms if you used this RAS Console to connect to them. For more info, see .

Renaming a Site

To rename a Site, right-click it and choose Rename Site.

Site configuration and health view

When you select the Site node in the middle pane, the Site Info tab in the right pane displays the list of Parallels RAS components that have been configured for the Site with interactive performance monitoring metrics for each component. Depending on the Site configuration, the list may include RD Sessions Hosts, VDI, Remote PCs, Secure Gateways, Connection Brokers, Azure Virtual Desktop, HALB Virtual Servers and devices, Tenant Broker, Host pools, and Enrollment Server.

To collapse or expand a component group, click an "arrow up" or "arrow down" icon on the right side of the list. Note that if no servers of a particular type have been added to the Site, the group name will not be displayed in the list.

The following information is displayed for each component (the information is updated at an interval of approximately 2 minutes):

• Address: Server FQDN or IP address.

• Status: Indicates whether the agent software is installed on the server and is functioning properly.

• CPU: Current CPU utilization.

• RAM: Current RAM utilization.

• Disk Read Time: Disk read time.

• Disk Write Time: Disk write time.

• Sessions: The number of currently active user sessions.

• Preferred PA: The name of the RAS Connection Broker designated as preferred for this server.

• Operating System: Operating system version installed on the server.

• Agent Version: The agent version installed on the server.

• Hypervisor: The hypervisor the server is running on.

You can customize this view by clicking Tasks > Monitoring Settings. This opens a dialog where you can specify which colors should be used to display different performance counters and their values.

Performing tasks on a component

You can perform a number of tasks on a component displayed in the Site Info tab. These tasks are described below.

To configure a component, do one of the following:

• While the Site node is selected in the middle pane, right-click a component in the right pane and choose Show in the editor.

• Select a component category in the middle pane (e.g. RD Session Hosts, Providers, etc.).

Using the Site Designer

Select the Site node in the middle and then click the Designer tab in the right pane. The tab displays a visual representation of the Site infrastructure. Use the icons at the top to add more components to the diagram as desired. Note that adding a component to the diagram will actually add it to the Site. Double-click a component to view and configure it in a corresponding editor.

A Parallels RAS Farm consists of at least one Site, but may have as many sites as necessary.

Sites are often used to separate management and/or location functions. For example, by creating a Site, you can delegate permissions to a Site administrator without granting them full Farm permissions. Or you can have separate sites for different physical locations with the ability to copy the same settings to each Site while using RD Session Hosts, Providers, or PCs that are closer to end users or (depending on your needs) to back-end servers. For instance, it would make sense for a client/server application querying a database to be published from an RD Session Host which is located closer to the database server.

Each Site is completely isolated from other sites within the same Farm. The Farm simply groups sites logically and stores configuration properties of each Site (and the objects that comprise it) in a single database. sites don't communicate with each other and don't share any objects or data. The only exception to this rule is the RAS Licensing Site which periodically communicates with other sites to obtain statistics.

Individual object settings in a given Site can be replicated to all other sites. This does not mean that settings will be shared between sites. The settings that you choose will simply be applied to other sites. For more information, see the section.

When you install Parallels RAS, a Farm with a single Site is created automatically. This first Site becomes the RAS Licensing Site and the host for the main Parallels RAS configuration database. When you add more sites to the Farm, the data in this database is automatically synchronized with every Site that you add. When changes are applied to a particular Site, the main configuration database is automatically updated to reflect the changes.

Each Site must have at least the following components installed in order to publish remote applications and desktops for end users:

• Primary RAS Connection Broker

• RAS Secure Gateway. Note that if a Site is joined as Tenant to RAS Tenant Broker, RAS Secure Gateway is not needed. For details, see .

• RD Session Host, VDI, or PC

When you install Parallels RAS using default installation options, the primary RAS Connection Broker and the RAS Secure Gateway are automatically installed on the server on which you perform the installation. You can then add one or more RD Session Hosts to the Site to host published resources. You can also add more sites to the Farm if needed and configure individual components for each Site as you desire.