Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
The following new features were added in Parallels RAS 19.4.2:
Ability to select whether unenrolled users can see the The user name or password is incorrect error when they enter incorrect credentials for Google Authenticator.
The following new features were added in Parallels RAS 19.4.1:
The following new features were added in Parallels RAS 19.4:
The following new features were added in Parallels RAS 19.3:
The following new features were added in Parallels RAS 19.2:
The Site category gives you an overview of the current Site and displays notification about important events, such as licensing issues, RAS Agents requiring update, etc.
The main view of the Site category consists of the sections described below.
Displays core RAS components, such as RAS Connection Broker and RAS Secure Gateway. If you have more than one component of a particular type, the number of installed component is displayed on the right side.
You can click a component to go to the management view. You can also open a management view from Infrastructure category (more about it later in this guide).
This section displays session and license usage information. To jump to the session or license management views, click the corresponding link.
The Hosts section displays information about available session hosts, including RD Session Hosts and VDI (if available). You can click the available links to go to the management view for a given host type or Provider. The host information includes the number of active sessions on host, whether there's an issues with the host requiring attention, and whether the host is currently disabled.
All navigations in the RAS Management Portal start from the sidebar on the left, which lists management categories. The Site category is selected by default.
The following table lists all available categories that can be managed in the RAS Management Portal. The Root Administrator can see and manage all categories. Administrators of other types (Power, Custom) may need permissions to see a particular category.
Each category is described in detail later in this guide.
Some categories and actions in the RAS Management Portal may not be viewed or allowed depending on the Admin permissions configured in the desktop RAS Console. For the information about how to configure administrator permissions, please refer to the Parallels RAS Administrator's Guide. In the guide, look for the Administrator Account Permissions topic. The guide is available on the Parallels website at https://www.parallels.com/products/ras/resources/.
Some categories have subcategories (namely Infrastructure and Site Settings). When you selected a category, the right side of the RAS Management Portal may include one or more additional panes where you can select a subcategory.
Some components have their settings and information grouped by functionality (e.g. General, Properties, Sessions, etc.). When you view component properties, a navigation bar is displayed in the middle allowing you to browse these settings. When you select an item in the navigation bar, the settings are displayed in the right pane.
As you select categories, subcategories, individual items, a breadcrumb trail is displayed at the top of the page to show where you are. To take one or more steps back, click a link in the trail.
The page header includes the following items:
The Farm and the current Site names. If you have more than one Site, you can select one from the drop-down list. The RAS Management Portal will switch to that site allowing you to manage the Site components.
The "User" icon is a drop-down list with the following items: Current user name (e.g. Administrator); About (opens the About dialog); Give feedback (takes you to a web page where you can give feedback to Parallels); Configure Management Portal, Logout (logs you out).
Apply All Changes: This button applies changes that you've made in the RAS Management Portal to Farm components. When you create or modify components and objects, the changes are not applied to Farm components automatically and don't have any effect on the Site or Farm. When you click the Apply All Changes button, the changes are applied across the Farm or Site. Note that you shouldn't always click this button every time you make a change. If you are working on a task that requires multiple changes in different areas, complete all of them and then click the Apply All Changes button, so all changes are applied together.
When you open a view where you can modify some settings, the view is normally read-only. To enable editing, click the Edit button in the upper right-hand corner. The button name changes to Save. When done editing, click Save. To discard the changes, click Cancel.
Please note that an object that is opened for editing by an admin cannot be edited by another admin at the same time. If you try to enable editing for such an object, you will get an error with the name of the admin who has the object locked.
Some views (specifically lists) have a toolbar in the upper right-hand corner from which you can execute actions. To see a toolbar item name, hover over it with the mouse. The standard items (icons) on the toolbar are the following:
Show filter: Specify a filter to show only the entries that match it.
Select columns: Select table columns to display or hide.
Add: Add a new entry. For example, add a new Gateway or RD Session Host, etc.
Refresh: Refresh the view.
Ellipsis: The ellipsis menu may have different items in different types of views. Some items have a corresponding toolbar items (e.g. Add, Refresh).
Other items may be present depending on the view you are in. For example, Show running processes and Show sessions.
When you add a component to a Farm, a wizard usually opens which takes you through a series of pages where you specify component settings and options. A wizard has the usual Next and Back navigation buttons, and the Cancel button that closes the wizard and cancels the operation.
Clicking some menu and navigation bar items brings up a modal dialog. These are usually items that require you to confirm an action or enter additional information.
All objects (components) in the RAS Management Portal have properties. To view these properties, you select a category and a subcategory and click the object name in the list. This opens a view where object properties are displayed with its own navigation bar from which you can configure the object, perform actions. and view additional information.
To open RAS Management Portal on the machine where you've installed the RAS Web Administration Service, navigate to Apps > Parallels and click Parallels RAS Management Portal.
To log in to RAS Management Portal from a remote computer, enter the following URL in a web browser:
https://<server-address>:20443
The <server-address> is the FQDN or IP address of the server where the RAS Web Administration Service is installed. By default, port 20443 is used for HTTPS connections. You can change the port number if needed as described in .
On the Welcome page, enter your RAS administrator username and password and click Sign in.
Category | Description |
---|---|
Site
Displays the current Site overview.
Infrastructure
RAS infrastructure management, including RD Sessions Hosts, VDI, Gateways, Connection Broker, etc.
Sessions
Session management.
Publishing
Publishing and published resources management.
Monitoring
RAS Performance Monitor.
Site Settings
Connection, authentication, FSLogix, Universal printing and scanning.
Help and Support
Help and support.
Farm Settings
Displayed at the bottom of the sidebar on the left, this category manages global Farm settings, such as Administrators, Mailbox, Licensing.
To add an administrator account to a Parallels RAS Farm:
Navigate to Farm Settings > Administrators > Accounts.
Right-click anywhere in the list and choose Add.
Specify the new account properties.
Note that at the time of this writing, only a Root administrator can be added in the Management Portal.
In the System notifications drop-down list, select Email to send all system notifications to the specified email address, or select None to disable email system notifications for this account.
Click Create to create the account.
To modify an account, click the account name and then click Edit.
To delete an account, right-click it and choose Delete.
To see current administrative RAS sessions, navigate to Farm Settings > Administrators > Sessions.
To log off a session, right-click it and choose Log off session.
This section explains how to configure Google Authenticator.
To configure Google Authenticator:
Navigate to Site Settings > Connection > Multi-factor authentication.
Double-click the name of the Google Authenticator provider that you want to configure.
Click the Edit button.
Specify the following:
Name: Name of the provider.
Description: Description of the provider.
In the Themes table select the Themes that will use this MFA provider.
Display name: The default name here is "Google Authenticator. The name will appear on the registration dialog in Parallels Client in the following sentence, "Install Google Authenticator app on your iOS or Android device". If you change the name, the sentence will contain the name you specify, such as "Install <new-name> app on your iOS or Android device". Technically, you can use any authenticator app (hence the ability to change the name), but at the time of this writing only the Google Authenticator app is officially supported.
User Prompt: Specify the text that the user will see when prompted with an OTP dialog.
Modify the default TOTP tolerance if required.
The Enrollment section allows you to limit user enrollment via Google Authenticator if needed. You can allow all users to enroll without limitations (the Allow option), allow enrollment until the specified date and time (Allow until), or completely disable enrollment (the Do not allow option). If enrollment is disabled due to expired time frame or because the Do not allow option is selected, a user trying to log in will see an error message saying that enrollment is disabled and advising the user to contact the system administrator. When you restrict or disable enrollment, Google authenticator or other TOTP provider can still be used, but with added security which would not allow further user enrollment. This is a security measure to mitigate users with compromised credentials to enroll in MFA.
Show information to unenrolled users: Select whether unenrolled users can see the The user name or password is incorrect error when they enter incorrect credentials:
Never (most secure): Unenrolled users see a TOTP prompt instead of the error.
If enrollment is allowed: Unenrolled users see the error if user enrollment is allowed. Otherwise, they see a TOTP prompt.
Always: Unenrolled users always see the error.
The Reset User(s) field in the User management section is used to reset the token that a user receives when they log in to Parallels RAS for the first time using Google Authenticator. If you reset a user, they'll have to go through the registration procedure again (see Using Google Authenticator in Parallels Client below). You can search for specific users, reset all users, or import the list of users from a CSV file.
Restrictions: See Configure MFA rules.
Click Save when done.
Important: To use Google Authenticator or other TOTP provider, the time on a user device must be in sync with the time set on the RAS Connection Broker server. Otherwise, Google authentication will fail.
Google Authenticator is supported in Parallels Client running on all supported platforms, including mobile, desktop, and Web Client.
To use Google Authenticator, a user needs to install the Authenticator app on their iOS or Android device. Simply visit Google Play or App Store and install the app. Once the Authenticator app is installed, the user is ready to connect to Parallels RAS using two-factor authentication.
To connect to Parallels RAS:
The user opens Parallels Client or User Portal and logs in using his/her credentials.
The multi-factor authentication dialog opens displaying a barcode (also known as QR code) and a secret key.
The user opens the Google Authenticator app on their mobile device:
If this is the first time they use it, they tap Begin and then tap Scan a barcode.
If a user already has another account in Google Authenticator, they tap the plus-sign icon and choose Scan a barcode.
The user then scans the barcode displayed in the Parallels Client login dialog.
If scanning doesn't work for any reason, the user goes back in the app, chooses Enter a provided key and then enters the account name and the key displayed in the Parallels Client login dialog.
The user then taps Add account in the app, which will create an account and display a one-time password.
The user goes back to Parallels Client, clicks Next and enters the one-time password in the OTP field.
On every subsequent logon, the user will only have to type their credentials (or nothing at all if the Save password options was selected) and enter a one-time password obtained from the Google Authenticator app (the app will continually generate a new password). If the RAS administrator resets a user (see the Reset Users(s) field description at the beginning of this section), the user will have to repeat the registration procedure described above.
Before you begin, you may need to configure the RAS Web Administration Service as described below:
In RAS Management Portal, click the "User" icon in the upper right-hand corner and choose Configure Management Portal.
You will be asked to sign in again. Note that the RAS Web Administration Service must be running on the local server for this sign in to work. This is necessary to prevent users from remote servers to enter the RAS Web Administration Service configuration pages.
Enter the username and password of a member of local administrators or domain administrators and click Sign in.
The RAS Management Portal Configuration page opens.
In the RAS Farm Address field, specify the RAS Farm address that this RAS Management Portal will manage. This is the RAS Connection Broker address installed in the Farm.
In the Advanced Settings section, specify the following:
Certificate: A certificate to use for this connection. Click Upload to select a certificate.
Certificate Password: The certificate password.
Port: The port number on which RAS Management Portal listens for connections. The default port is 20443. This port number is chosen not to conflict with RAS Secure Gateway ports. You can change it to 443 (if possible), in which case the port number doesn't need to be included in the connection URL. You can also change it to any custom port. For example, the default "URL": "https://*:20443" can be changed to "URL": "http://*:20080".
Admin Session Timeout: The timeout after which the admin session will be disconnected.
Polling Interval: The interval at which RAS Management Portal will update the information displayed in it. You can increase this number up to 30 seconds if you have a large number of admins working at the same time and/or if you have a large number of hosts, sessions, etc.
Click Save when done.
To manage connection and authentication settings, navigate to Site Settings > Connection.
When users connect to a Site, they are authenticated before they are logged in. To configure authentication type, in the Connection pane, select Authentication and then select one of the following:
Credentials. The user credentials are validated by the Windows system on which RAS is running. The credentials used for Windows authentication are also used to log in to an RDP session.
Smart Card. Smart card authentication. Similar to Windows authentication, smart card credentials can be shared between both RAS and RDP. Hence, smart card credentials only need to be entered once. Unlike Windows authentication, the user only needs to know the smart card’s PIN. The username is obtained automatically from the smart card, so the user doesn't need to provide it.
Web (SAML). SAML SSO authentication.
Web + Credentials. The same as Web (SAML), but users are prompted to enter credentials when they launch a published application.
Note that if smart card authentication is disabled, RAS Connection Broker will not hook the Local Security Authority Subsystem Service (LSASS). Smart card authentication can be used in Parallels Client for Windows, Mac, and Linux. Please also note that smart cards cannot be used for authentication if Parallels Client is running inside an RDP session.
A valid certificate must be installed on a user device in order to use smart cards. To do so, you need to import the certificate authority root certificate into the device’s keystore.
A certificate must meet the following criteria:
The "Key Usage" field must contain digital signature.
The "Subject Alternative Name" (SAN) field must contain a user principal name (UPN).
The "Enhanced Key Usage" field must contain smart card logon and client authentication.
To specify a domain (or multiple domains) against which the authentication should be performed, select one of the following:
Specific: Select this option and type a specific domain name.
All trusted Domains. If the information about users connecting to Parallels RAS is stored in different domains within a forest, select the All Trusted Domains option to authenticate against multiple domains.
Use client domain if specified. Select this option to use the domain specified in the Parallels Client connection properties. If no domain name is specified on the client side, the authentication is performed according to the settings above.
Force clients to use NetBIOS credentials. If this option is selected, the Parallels Client will replace the username with the NetBIOS username.
Note: If a certificate on your smart card does not contain a user principal name (UPN) in the "Subject Alternative Name" (SAN) field (or if it doesn't have the "Subject Alternative Name" field at all) you have to disable the Force clients to use NETBIOS credentials option.
Recommendation: After changing domain names or some other authentication related changes, you should clear cached session IDs. At this time, this can only be done from the RAS Console, where you need to click the Clear cached session IDs button on the Settings tab.
In order to authenticate users sessions against users specified on a standalone machine, you must enter the [workgroup_name] / [machine_name] instead of the domain name. For example if you would like to authenticate users against a list of local users on a machine called SERVER1 that is a member of the workgroup WORKGROUP, enter the following in the domain field: WORKGROUP/SERVER1.
You can configure Parallels Client to use a custom URL for changing domain passwords.
To make Parallels Client use a custom URL for changing domain passwords:
Select Use a custom link fro the "Change domain password" option.
Add the link to the text field below.
In the Allowed devices pane, specify whether clients must have the latest security patches in order to connect to the Farm. This option must normally be selected to protect your environment from vulnerabilities. You should only clear it if you must use an older version of Parallels Client with no security patches installed. For more information, please see the following KB article: https://kb.parallels.com/en/125112.
Scanner redirection enables users who are connected to a remote desktop or accessing a published application to make a scan using the scanner that is connected to the client machine. This chapter describes how to configure and use RAS Universal Scanning services.
To configure Universal Scanning, navigate to Site Settings > Universal Scanning.
Universal Scanning uses WIA and TWAIN redirection to let any application using either technology hardware connected to the client device for scanning. With Universal Scanning there is no need to install a specific scanner driver on the server.
Note: The server feature Desktop Experience is required in order to enable both WIA and TWAIN scanning on RD Session Hosts.
By default, the Universal Scanning driver is automatically installed when a host server is added to a RAS Farm and the Agent software is installed on it.
By default, Parallels RAS renames scanners using the following pattern: %SCANNERNAME% for %USERNAME% by RAS
. For example, if a user named Lois, who has SCANNER1 installed locally, connects to a remote desktop or published application, her scanner is renamed to "SCANNER1 for Lois by RAS".
To change the pattern used to rename scanners, specify a new pattern in the Scanner rename pattern input field. The variables that you can use for renaming are:
%SCANNERNAME%
— client side scanner name.
%USERNAME%
— username of the user connected to the server.
%SESSIONID%
— ID of the active session.
You can configure a different renaming pattern specifically for each server in the list.
Note: Redirected scanners are only accessible by administrator and the user who redirected the scanner.
TWAIN applications that will use the Universal Scanning feature have to be added to the TWAIN configuration. This way they will use the TWAIN driver, hence making it easier for the administrator to set them up.
To add an application to the list of scanning applications:
Select the TWAIN category.
In the right pane, click the plus-sign icon and type the application executable name.
Note: Some applications might use different or multiple executables. Make sure that all required executables are added to the list of scanning applications.
To delete a scanning application from the list, select it in the list and click minus-sign icon.
Note: If you delete an application from the list, the installation of the application will not be affected.
Multi-factor authentication (MFA) can be enabled or disabled for all user connections, but you can configure more complex rules for specific connections. This functionality allows you to create enable or disable MFA for the same user or computer, which will be applied depending on where the user is connecting from and from which device. Each MFA provider has one rule that consists of one or several criteria for matching against user connections. In turn, each criteria consists of one or several specific objects that can be matched.
You can match the following objects:
User, a group the user belongs to, or the computer the user connects from.
Secure Gateway the user connects to.
Client device name.
Client device operating system.
IP address.
Hardware ID. The format of a hardware ID depends on the operating system of the client.
Notice the following about the rules:
Criteria are connected by the AND operator. For example, if a rule has a criteria that matches certain IP addresses and a criteria that matches client device operating systems, the rule will be applied when a user connection matches one of the IP addresses AND one of the client operating systems.
Objects are connected by the OR operator. For example, if you only create a criteria for matching client device operating systems, the rule will be applied if one of the operating systems matches the client connection.
To configure a rule:
Navigate to Site Settings > Connection > Multi-factor authentication.
Double-click the name of the Google Authenticator provider that you want to configure.
Click the Restrictions link.
Click the Edit button.
Clear the Inherit Defaults option.
Specify criteria for the rule. You will find the following controls:
Allow: specifies that the MFA provider must be enabled when a user connection matches the criteria. Click Allow to change it to Deny.
Deny: specifies that the policy the MFA provider must not be enabled when a user connection matches the criteria. Click Deny to change it to Allow.
(+): adds a new criteria. If you want to match a Secure Gateway, a client device name, a client device operating system, an IP address, or a hardware ID, click (+).
is: specifies that the MFA provider must be enabled (or not not enabled, per Allow and Deny) when a user connection matches the criteria. Click is to change it to is not. This control appears when at least one object is added.
is not: specifies that the MFA provider must be enabled (or not not enabled, per Allow and Deny) when a user connection does not match the criteria. Click is not to change it to is. This control appears when at least one object is added.
You can also disable and enable criteria by clicking on the switch to the left of it.
Click Save when done.
RD Session Hosts are used to host published resources (applications, desktops, documents, etc.) in a RAS Farm.
To manage RD Session Hosts, navigate to Infrastructure > RD Session Hosts. The main list displays existing RD Session Hosts. To perform management functions (add, delete, show processes and sessions, etc), use the ellipsis menu, context menu (right-click) and in some cases action icons.
To configure FSLogix:
Do one of the following:
To configure Site defaults, navigate to Infrastructure > Host pools > RD Session Hosts > Properties > Site defaults > User Profile.
To configure host pools, navigate to Infrastructure > Host pools > <Host pool name> > Properties > User Profile.
To configure individual hosts, navigate to Infrastructure > RD Session Hosts > <Host name> > Properties > User Profile.
If you want to use Profile Containers, go to User Profile > FSLogix - Profile Containers:
Users and Groups: Specify include and exclude user and group lists. By default, Everyone is added to the FSLogix profile include list. If you want some user profiles remain local, you can add those users to the exclude list. Users and group can exist in both lists but exclude takes priority.
Folders: Specify include and exclude lists for folders. You can select from common folders or you can specify your own. Please note that folders must reside in user profile path.
Disks: Specify the settings of the profile disk. Location type: Select a location type for profile disks (SMB Location or Cloud Cache) and then specify one or more locations. Location of profile disks: Location(s) of profile disks. These are the locations of VHD(X) files (the VHDLocations setting in the registry as specified in the FSLogix documentation). Profile disk format: Select from VHD or VHDX according to your requirements. VHDX is a newer format and has more features. Allocation type: Select Dynamic or Full. This setting is used in conjunction with the Default size setting (see below) to manage the size of a profile. Dynamic causes the profile container to use the minimum space on disk, regardless of the allocated Default size. As a user profile is filled with more data, the amount of data on disk will grow up to the size specified in Default size, but will never exceed it. Default size: Specifies the size of newly created VHD(X) in megabytes.
Advanced: This tab allows you to modify advanced FSLogix registry settings. By default, the settings are disabled. To enable a setting, select the checkbox in front of its name. A description for each setting is provided in the RAS console. For further information regarding FSLogix Profile Containers configurations, visit .
If you want to use Office Containers, go to User Profile > FSLogix - Office Containers:
Users and Groups: Same as above.
Disks: Same as above.
Advanced: Same as above.
If you want to configure Cloud Cache, go to User Profile > FSLogix - Cloud Cache. For more information about these settings, see .
If you want to configure logging, go to User Profile > FSLogix - Logging. For more information about these settings, see .
To configure an RD Session Host:
Navigate to Infrastructure > RD Session Host.
Click a host in the list to open the view displaying the host information.
In the navigation bar, click Properties (at the bottom). Configure the RD Session Host as described below.
In the navigation bar, select General and specify the following:
Enable Host in site: Enable or disable the host. A disabled host cannot serve published resources to users. When you disable a host, its name becomes grayed out in the main list.
Host: Specifies the host name.
Description: Specifies the host description.
Change direct address: Select this option if you need to change the direct address that Parallels Client uses to establish a direct connection with the RD Session Host.
If you would like to configure user profiles for the host based on the FSLogix technology, select FSLogix in the Technology drop-drown list and specify the settings according to your needs. For the information about how to configure FSLogix Profile Container in Parallels RAS, see FSLogix Profile Container.
The Printing category allows you to configure the renaming format of redirected printers. The format may vary depending on which version and language of the host you are using.
To use default settings, select the Inherit default settings option. See the Using default settings subsection above.
The RDP printer name format drop-down list allows you to select a printer name format specifically for the configured host.
Select the Remove session number from printer option to exclude the corresponding information from the printer name.
In the Scanning view, configure which imaging interfaces should be enabled on the host(s). Select from WIA, TWAIN, or both.
To perform RD Session Host management tasks:
Navigate to Infrastructure > RD Session Hosts.
Click a host to open the host properties view.
Use the navigation bar to switch between different views where you can view additional information and perform actions. These views are described below.
The Overview screen displays the following information:
The Information section displays the RD Session Host information similar to what is shown on the main RD Session Host list but in one convenient view.
The Actions section lists actions that you can perform on a host (see below). Please note that you can also perform actions from the main RD Session Host list view by selecting a host and choosing an option from the ellipsis menu.
You can perform the following actions on an RD Session Host:
Message all: Send a message to users connected to the host.
Disconnect all: Disconnect all current users.
Logoff all sessions: Log off all current sessions.
Update agent: Update the RD Session Host Agent, if required.
Disable agent: Temporarily disable the agent.
The Control sub-menu contains the following items:
Enable logons: Enables logons from client sessions, but not from the console. This option performs the same action as the change logon /enable
command.
Disable logons: Disables subsequent logons from client sessions, but not from the console. Does not affect currently logged on users. This option performs the same action as change logon /disable
command.
Drain: Disables logons from new client sessions, but allows reconnections to existing sessions. Drain is kept even after reboot until the admin enables logons.
Note that while a host is in drain mode, administrators may still log on to the physical console or remotely log on using the /admin or /console command-line option for MSTSC. This allows administrators to remotely maintain the RDS host via Tools > Remote Desktop.
Drain until reboot: Disables logons from new client sessions until the computer is restarted, but allows reconnections to existing sessions. Drain is kept until the host is restarted. Same action as the change logon /drainuntilrestart
command.
Cancel pending reboot (scheduler): Cancel pending reboot.
Cancel disabled state (scheduler): Cancel disabled state.
Install RDS role: Allows to install the RDS role on the host.
Reboot: Reboot the host.
Shutdown: Shut down the host.
The Logs sub-menu contains the following items:
Configure: Allows you to configure logging. For the explanation of log levels, please see below.
Retrieve: Retrieves a ZIP archive containing the log files to the specified location.
Clear: Clears all existing logs.
The available log levels are:
Standard: This is the standard log level that records only the most important events. Unless you are asked by Parallels RAS support to use one of the log levels described below, you should always use this one.
Extended: This logging involves more information than the standard logging, but it slows down the system because of the additional information that it needs to collect.
Verbose: Verbose logging involves even more information than the extended logging and can slow down your system significantly.
Please note that to avoid degraded performance, extended and verbose logging should only be enabled for a limited time period (enough to collect the necessary information for analysis). You can set this time period using Reset to the standard level after option. The default value is 12 hours. In specific cases, a Parallels support engineer will advise you whether this time period should be set to a different value. Once this time period is over, the log level will be reset back to standard.
The remaining items include:
Assign to host pool: Assigns the host to a host pool.
Remove from host pool: Removes a host from a host pool.
Refresh: Refreshes the host information displayed on the screen.
Site Defaults: Opens the RDSH site defaults screen where you can view and configure site defaults.
Delete: Deletes the host from the RAS Farm.
To enable RAS Management Portal in a RAS Farm, you need to install the RAS Web Administration Service component. The component is installed automatically when you do a clean Parallels RAS install using the "Typical" installation option. You can also install the component using the "Custom" installation option and choosing the "RAS Web Administration Service" as the component to install. For example, if you want to install RAS Management Portal on a dedicated machine, you should use the "Custom" installation option and select "RAS Web Administration Service" as a component to install.
After the RAS Web Administration Service is installed, you need to configure it. Specifically, you need to specify a RAS Farm that the RAS Management Portal will be used to manage, and you also need to configure a number of other parameters. For complete instructions, please see Configure RAS Web Administration Service.
Parallels® RAS Management Portal is a modern web-based configuration and administration console designed for Parallels RAS administrators using a desktop/laptop computer or a mobile device to carry out configurations and day-to-day activities.
Parallels RAS Management Portal provides administrators with ability to:
Centrally deploy, manage, and configure essential Parallels RAS components such as RD Session Hosts, Connection Brokers and Secure Gateways.
Publish various resources from RD Session Hosts.
Configure FSLogix Profile Container settings.
Configure printing and scanning settings.
Manage SSL certificates.
Configure connection settings and MFA (Google Authenticator or other Time-based One-time Password (TOTP) apps such as Microsoft Authenticator).
Monitor and manage user sessions.
Manage administrative accounts and sessions
Configure mailbox.
Manage your license.
Contact support and provide necessary system reports.
Note: More features and capabilities that are currently available in the desktop-based Parallels RAS Console will be included in Parallels RAS Management Portal in future releases until it becomes the main management tool for Parallels RAS. Management of Azure Virtual Desktop capabilities included in Parallels RAS Management Portal are experimental and expected to be released in upcoming versions.
A mailbox configuration in a RAS Farm is used to send invitation emails to users to join a Parallels RAS Farm and to send event notifications to other email addresses. A Farm can have just one mailbox configured.
To configure a mailbox:
Navigate to Farm Settings > Mailbox.
Click Edit and specify the following:
Mail server: Enter the mailbox server name. For example, mail.company.com:500
TLS / SSL: Choose whether to use the TLS/SSL protocol.
SMTP server requires authentication: Select this option if your SMTP server requires authentication. If it does, also type the username and password in the fields provided.
Sender information: Enter the email address.
Click Save.
RAS Management Portal can run in any modern web browser supporting HTML5 except for Internet Explorer.
Make sure your Windows Server has the following updates installed (RAS Management Portal depends on them):
Windows Server 2012 R2: KB2999226
Newer versions of Windows Server do not require any specific updates.
The web service listens to web requests on the following ports by default:
HTTPS: 20443
HTTP: 20080
The following table lists the Parallels RAS 19 release history. Parallels RAS documentation is updated for every release. This guide refers to the latest Parallels RAS 19 release from the table below. If you are using a newer Parallels RAS release or version, please download the current version of the guide from https://www.parallels.com/products/ras/resources/.
Parallels RAS Version | Release | Date |
---|---|---|
To view the Parallel RAS licensing information, navigate to Farm Settings > Licensing. The following information is displayed:
License Type: The type of Parallels RAS license currently used (e.g. subscription, trial, etc.).
Expiration date: License expiration date (or the number of days remaining, depending on the license type).
Maximum allowed concurrent users: The maximum number of concurrent users that the current license allows.
Peak users: The number of peak concurrent users to date in case of subscription, or monthly peak users and daily usage in case of SPLA license.
Current users: The number of users currently connected to the Farm.
Please note that you can also see this information (and more) in your Parallels Account. For more information, please refer to the Parallels RAS Licensing Guide, which is available on the Parallels website.
Click the Manage License link at the top of the Licensing page to open the Manage Licensing page.
If you have a Parallels Business account, sign in using the account credentials. If you don't have an account, click Register, enter the required information and click Register. A business account will be created for your organization. For more information about Parallels accounts and the Parallels My Account portal, please refer to the Parallels RAS Licensing Guide, which is available on the Parallels website at the following location: .
Once signed in, you can do the following on the Manage Licensing page:
Activate the Farm using a license key included in your subscription. When you sign in using your Parallels business account, you license information is retrieved and is displayed on the screen. To activate the Farm, select a license key in the list and click Next.
Activate a trial — select the Activate a trial license option and click Next.
Deactivate the currently used license — select the Deactivate license option and click Next. The license key is released and can be used to activate a different Farm. You can re-activate the Farm at any time using the same or a different license key.
When you click Next in any of the scenarios above, the Progress page is shown displaying the progress of the operation. Once completed, the page is refreshed with results of the operation.
If you activated the Farm, you can begin managing it. If you deactivated the Farm, all controls in the Management Portal become disabled, except Licensing.
19.0
Initial release
07/27/2022
19.0
Update 1
08/31/2022
19.0
Hotfix 1
09/16/2022
19.0
Hotfix 2
09/30/2022
19.0
Hotfix 3
10/14/2022
19.1
Update 2
11/15/2022
19.2
Update 3
07/06/2023
19.3
Initial release
10/17/2023
19.4
Update 2
06/08/2024
To view running processes for an RD Session Host, click the Running Processes item in the navigation bar. This opens a view displaying all running processes.
To kill one or multiple processes, select them in the list and chose Kill processes from the ellipsis menu. To refresh the list, choose Refresh.