Multi-Tenant Architecture

PreviousSAML SSO authentication NextManagement Portal

Last updated 9 months ago

Was this helpful?

Multi-Tenant Architecture

This scenario is suited for environments where it is necessary to keep published resources of distinct clients (departments, groups, teams, etc.) isolated. Parallels RAS Multi-Tenant architecture enables organizations to share the RAS infrastructure components among different tenants while keeping client data segregated and reducing costs.

The RAS Multi-Tenant architecture offers the following advantages to Service Providers and organizations:

Cost savings due to reduction of number of RAS Secure Gateways and High Availability Load Balancers (HALBs) while maximizing resource usage and consolidation.
Faster onboarding of new tenants/customers.
Simplified centralized management of multi-tenant environments.
Extended market reach through reduction of operational costs for organizations of any size by allowing cost scaling through shared infrastructure.

Tenants are deployed as separate individual RAS Farms or Sites.
A Tenant Farm doesn't need its own RAS Secure Gateways and HALB. However, deployments with Secure Gateways and HALB are possible if a Tenant needs them for internal connections.
All external users connect to a Tenant Farm through the Tenant Broker infrastructure.
The network configuration of a Tenant requires the Tenant Connection Broker to Tenant Broker Connection Broker connectivity. Additionally, shared RAS Secure Gateways need to communicate with servers hosting published resources and the Tenant Connection Broker. These communications require only a limited number of open ports, which are listed below:
- Tenant Connection Broker > Tenant Broker Connection Broker: port 20003
- Tenant Broker Gateway > Tenant Broker Connection Broker: port 20002
- Tenant Broker Gateway > Tenant Connection Broker: port 20002
- Tenant Broker Gateway > Servers hosting published resources: port 3389
Communications with a Tenant domain are always performed from a local Tenant Connection Broker and never from the Tenant Broker infrastructure.
Every Tenant must have a unique public domain address. Multiple unique domain addresses, however, can resolve to the same IP address.

Installation Notes

RAS Connection Broker on the Tenant Broker is installed from the Parallels RAS installer using the Tenant Broker installation option.

RAS Connection Broker on a Tenant is installed from the Parallels RAS installer using standard installation.

HALB is installed as a ready-to-use virtual appliance and configured in HALB VS properties.

All other components are installed remotely from the RAS console:

Tenant Broker components are installed from the Tenant Broker console.
Tenant components are installed from the Tenant console.

PreviousSAML SSO authentication NextManagement Portal

Last updated 9 months ago

Was this helpful?

The RAS Multi-Tenant architecture offers the following advantages to Service Providers and organizations:

Cost savings due to reduction of number of RAS Secure Gateways and High Availability Load Balancers (HALBs) while maximizing resource usage and consolidation.
Faster onboarding of new tenants/customers.
Simplified centralized management of multi-tenant environments.
Extended market reach through reduction of operational costs for organizations of any size by allowing cost scaling through shared infrastructure.

Tenants are deployed as separate individual RAS Farms or Sites.
A Tenant Farm doesn't need its own RAS Secure Gateways and HALB. However, deployments with Secure Gateways and HALB are possible if a Tenant needs them for internal connections.
All external users connect to a Tenant Farm through the Tenant Broker infrastructure.
The network configuration of a Tenant requires the Tenant Connection Broker to Tenant Broker Connection Broker connectivity. Additionally, shared RAS Secure Gateways need to communicate with servers hosting published resources and the Tenant Connection Broker. These communications require only a limited number of open ports, which are listed below:
- Tenant Connection Broker > Tenant Broker Connection Broker: port 20003
- Tenant Broker Gateway > Tenant Broker Connection Broker: port 20002
- Tenant Broker Gateway > Tenant Connection Broker: port 20002
- Tenant Broker Gateway > Servers hosting published resources: port 3389
Communications with a Tenant domain are always performed from a local Tenant Connection Broker and never from the Tenant Broker infrastructure.
Every Tenant must have a unique public domain address. Multiple unique domain addresses, however, can resolve to the same IP address.

Installation Notes

RAS Connection Broker on the Tenant Broker is installed from the Parallels RAS installer using the Tenant Broker installation option.

RAS Connection Broker on a Tenant is installed from the Parallels RAS installer using standard installation.

HALB is installed as a ready-to-use virtual appliance and configured in HALB VS properties.

All other components are installed remotely from the RAS console:

Tenant Broker components are installed from the Tenant Broker console.
Tenant components are installed from the Tenant console.