User Portal
Parallels User Portal is built into RAS Secure Gateway. It allows users to connect to Parallels RAS and open published resources from a web browser.
Note: To use User Portal, SSL must be enabled on a RAS Secure Gateway. When enabling the client, please verify that SSL is enabled in the SLL/TLS category or on your network load balancer. Please also note that the User Portal category is only available if the Gateway mode is set to Normal.
For the information on how to configure the User Portal URL and how to access the client from a web browser, please see the Web section.
To use Site default settings on the User Portal tab, click the Inherit default settings option. To specify your own settings, clear the option.
To enable or disable RAS User Portal, select or clear the Enable User Portal option.
Client
The Client section allows you to specify application launch methods and other User Portal settings.
Launch sessions using: Specifies which Parallels Client will be used to open a published resource. This can be the User Portal or a platform-specific Parallels Client. Compared to Web Client, platform-specific Parallels Client includes a richer set of features and provides end users with a better overall user experience. Select one of the following:
Browser only: Users can run remote applications and desktops using Web Client only. Use this option if you don't want your users to install a platform-specific Parallels Client.
Parallels Client only: Users can run remote applications and desktops in Parallels Client only. When a user connects to Parallels RAS using Parallels Web Client, they will be asked to install the platform-specific Parallels Client before they can launch remote applications and desktops. A message will be displayed to the user containing the Parallels Client download link. After the user installs Parallels Client, they can still launch a remote application or desktop in Web Client but the resource will open in Parallels Client.
Parallels Client and fallback to browser: Both Parallels Client and a browser (HTML5) can be used to launch remote applications and desktops. Parallels Client will be the primary method; Parallels Web Client will be used as a backup if a published resource cannot be launched in Parallels Client for any reason. A user will be informed if Parallels Client cannot be used and will be given a choice to open it in the browser instead.
Allow users to select a launch method: If selected, users will be able to choose whether to open remote applications in a browser or in Parallels Client. You can enable this option only if the Launch session using option (above) is set to Parallels Client and fallback to browser (i.e. both methods are allowed).
Allow opening applications in a new tab: If selected, a user will be able to open remote applications in a new tab in his/her web browser.
(Parallels Client with fallback to Browser and the Parallels Cient only) Additionally, you can configure Parallels Client detection by clicking on the Configure button:
Detect client: Select when Parallels RAS tries to detect platform-specific Parallels Client.
Automatically on sign in: Parallels RAS tries to detect platform-specific Parallels Client immediately.
Manually on user prompt: Parallels RAS shows users a prompt where can they select whether they want to detect platform-specific Parallels Client .
Client detection timeout: Time period during which Parallels RAS tries to detect platform-specific Parallels Client.
Use a client IP detection service: If selected, allows configuring an IP detection service to report IP addresses of connected Parallels Web Client applications. To enable a client IP detection service, select this option and click the Configure button. In the dialog that opens, provide the URL to the IP detection service you want to use. You can press the Test button to ensure the API works as expected. When you click the Test button, the Connection Broker will take the role of the client and call the API. If successful, you will be presented with a window showing the IP address of the Connection Broker.
Network Load Balancer access
The Network Load Balancers access section is intended for deployment scenarios where third-party front-end load balancers such as Amazon Web Services (AWS) Elastic Load Balancers (ELBs) are used. It allows you to configure an alternate hostname and port number to be used by the Network Load Balancer (NLB). This is needed to separate hostnames and ports on which TCP and HTTPS communications are carried out because AWS load balancers don't support both specific protocols over the same port.
The following options are available:
Use alternate hostname: Select this option and specify an alternate hostname. When the alternate hostname is enabled, all platform-specific Parallels Clients will use this hostname to connect to the RAS Farm or Site.
Use alternate port: Select this option and specify an alternate port number. The port must not be used by any other component in the RAS Farm or Site. To reset the port number to the default value, click Default. When the alternate port is enabled, all platform-specific Parallels Clients will use this port to connect to the RAS Farm or Site. Note that RDP sessions in Web Client will still be connecting to the standard SSL port (443).
Note: Please note that using an alternate host or port is not suitable in a multi-tenant environment as Tenant Broker RAS Secure Gateways are shared between Tenants, which would require different configurations.
In addition, the AWS Application Load Balancer (ALB), which handles HTTP/s traffic required by the Parallels Web Client, only supports specific cookies that are usually automatically generated. When a load balancer first receives a request from a client, it routes the request to a target and generates a cookie named AWSALB
, which encodes information about the selected target. The load balancer then encrypts the cookie and includes it in the response to the client. When sticky sessions are enabled, the load balancer uses the cookie received from the client to route the traffic to the same target, assuming the target is registered successfully and is considered healthy. By default, Parallels RAS uses its own ASP.NET cookie named _SessionId
, however in this case you must customize the cookie specifying the mentioned AWS cookie for sticky sessions. This can be configured using the Web cookie field in the User Portal > Web subcategory.
Restrictions
The Restrictions section is used to allow or restrict the following User Portal functions:
Use Pre Windows 2000 login format: Enables legacy (pre-Windows 2000) login format.
Allow embedding of Parallels User Portal into other web pages: If selected, the Parallels User Portal web page can be embedded in other web pages. Please note that this may be a potential security risk due to the practice known as clickjacking.
File transfer command: Enables file transfer in a remote session. Select a desired option in the drop-down list. For more information, see Configuring remote file transfer below.
Clipboard redirection: Select a clipboard option that should be allowed in a remote session. Choose from Client to server only (copy/paste from client to server only), Server to client only (copy and paste from server to client only), Bidirectional (copy and paste in both directions).
Allow cross-origin resource sharing (CORS): Enables cross-origin resource sharing (CORS). To enable CORS, select this option and then specify one or more domains for which access to resources should be allowed. If you don't specify any domains, the option will be automatically disabled. In the Browser cache time field, specify for how long the end-user's browser will cache a resource.
Configuring remote file transfer
Parallels RAS provides end users with the ability to transfer files remotely to and from a remote server.
Note: At the time of this writing, file transfer is supported in Parallels Web Client and Parallels Client for Chrome only. Note that bidirectional file transfer is supported in Parallels Web Client only.
To make the remote file transfer functionality flexible, Parallels RAS allows you to configure it on the following three levels:
RD Session Host, Provider, or Remote PC
User Portal
Client policy
File transfer settings that you configure on each level take precedence in the order listed above. For example, if you enable file transfer in User Portal, but disable it on an RD Session Host, file transfer will be disabled for all users who connect to the given RD Session Host through the User Portal. As another example, you can enable file transfer on an RD Session Host and then disable it for a particular Client policy (or an User Portal). This way you can control which clients can use file transfer and which cannot.
To configure remote file transfer for a User Portal, select one of the following options in the File transfer command drop-down list:
Disabled: Remote file transfer is disabled.
Client to Server: Transfer files from client to server only.
Server to Client: Transfer files from server to client only.
Bidirectional: Transfer files in both directions.