Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Deployment scenario diagrams include terms and abbreviations, which are explained in the following table.
The following table describes the icons used in deployment scenario diagrams.
To understand the diagram layout, consider the following sample diagram:
The left side of the diagram displays client devices that can connect to Parallels RAS. In the example above, the clients are (from top to bottom):
HTML5 enabled web browser
A converted Windows PC running in Kiosk mode
A mobile device (iOS, Android)
The Location rectangle denotes a physical location, such as an office.
Firewall, represented by a brick wall, is responsible for network protection. Please note that if the scenario description doesn't include any specifics about DMZ or firewall(s), it is up to the administrator or network security officer to decide how network protection should be implemented.
The Farm rectangle represents a Parallels RAS farm, which is comprised of one or more sites.
The Site 1 rectangle represents a site with individual servers and components. In the example above, the site has a single server with RAS Connection Broker (CB), RAS Secure Gateway (SG), and RAS RD Session Host Agent installed.
The LAN bar represents a local area network with the following computers and servers connected to it:
Desktop computer
Converted Windows PC running in Kiosk mode.
File server
Active Directory, DNS, and DHCP server(s)
RADIUS server
The lines between icons denote the communication channels between individual components.
The Installation Notes section describes how a component (or components) must be installed on a corresponding server. The following installation methods are used to install Parallels RAS server components:
Parallels RAS Installer (standard installation). This is a standard MSI installer package that you run in Windows to install an application.
Windows Installer (custom installation). This is the same type of installer as described above, but you must choose the Custom installation type, which allows you to select which component(s) you want to install.
Push Installation. A component is installed remotely from the RAS console by pushing the MSI installer packages to a remote server and then performing an unattended installation on it.
Virtual appliance. A preconfigured virtual appliance for VMware or XenServer. You can download a virtual appliance for the hypervisor you are using from the Parallels website by visiting the following URL: http://www.parallels.com/products/ras/download/server/links/
This guide is intended for system administrators deploying and managing Parallels® Remote Application Server (RAS) in their organizations. It begins with the introduction to Parallels RAS and its key components and then outlines the basic principles of how these components operate. The main topics of this guide describe various Parallels RAS deployment scenarios, complete with diagrams and other information. The guide concludes with the information about communication ports used by Parallels RAS and the information about using SSL certificates.
Less administration, higher availability, reduced TCO.
Central management of users, server-based OS patch management, application updates and backups.
All data is kept on a server side with centralized security and backup management. Only mouse clicks, keyboard keystrokes, and desktop/application screenshots are transmitted to and from the client device, thus preventing data leakages, viruses, Trojans, and other vulnerabilities on clients.
Support for virtually all platforms on client devices, including Windows, Linux, macOS, iOS, Android, Chrome, and HTML5, all with minimum hardware requirements.
Parallels RAS Multi-Tenant architecture with Parallels RAS Tenant Broker allow for sharing of the access layer such as Parallels Secure Gateways and front-end High Availability Load Balancers (HALBs) among Tenants, which may be represented as isolated Parallels RAS Farms and/or sites. Tenant Broker is a separate RAS installation that hosts shared RAS Secure Gateways and HALB. Tenant farms are deployed just like traditional RAS environments and are joined to the Tenant Broker. Each Tenant farm has its own RAS Connection Brokers and servers hosting published resources (RD Session hosts, VDI, Azure Virtual Desktop, Remote PCs). No local RAS Secure Gateways or Load Balancers are needed.
Parallels RAS offers flexible cloud deployment model support, whether using on-premises, cloud or multi-cloud environments, allowing businesses to leverage different technologies while reducing total cost of ownership.
Employees, customers, and partners telecommute/roam more easily with follow-me apps and desktops on any device from anywhere.
Achieve cost savings in hardware replacement by converting Windows PCs into pseudo thin clients. Continue using Windows legacy operating systems to securely run virtual applications while also restricting access to native OS features. What’s more, the administrator can choose which applications a user runs locally and remotely on a PC.
Parallels RAS Reporting helps IT administrators to proactively tackle any potential issue before it occurs, providing reports and statistics on resources and services shown under one roof in the Parallels RAS console.
Windows Client Management enables client device shadowing (user session control) and power management for help desks, making routine end user assistance easier.
Farm is a collection of Parallels RAS components maintained as a logical entity with a unique database and licensing.
Site is a managing entity usually based on a physical location. Each site consists of at least a RAS Connection Broker, RAS Secure Gateway, and agents installed on RD Session Hosts, virtualization servers, and Windows PCs. There can be multiple sites in a given farm.
Parallels RAS Console is a desktop application for administrators who manage Parallels RAS.
Parallels RAS Management Portal is a modern web-based configuration and administration portal. The Management Portal is designed for administrators using a desktop or laptop computer or a mobile device to carry out configurations and day-to-day activities.
RAS Connection Broker provides access to published applications and desktops and load balances application traffic. High availability can be achieved by adding a secondary RAS Connection Broker to a site.
RAS RD Session Host Agent is installed on an RD Session Host and enables publishing of server resources (applications and desktop). RAS RD Session Host Agent also collects the necessary information from the server on which it's running and sends it to the RAS Connection Broker, which uses it for load balancing and some other purposes.
RAS Remote PC Agent is installed on a physical Windows computer or a Windows virtual machine. It enables publishing of the computer resources (applications and desktop). RAS Remote PC Agent also collects the necessary information from the computer on which it's running and sends it to the RAS Connection Broker, which uses it for load balancing and some other purposes.
RAS Guest Agent is installed in the guest operating system of a virtual machine. RAS Guest Agent enables resource publishing from VDI hosts and VDI RD Session Hosts and collects information required by RAS Connection Broker.
RAS Provider Agent collects information from the Parallels RAS Infrastructure and is responsible for controlling a Provider through its native API. RAS Provider Agent comes in two varieties. One is built into the RAS Connection Broker and is available by default. It can be used to control multiple Providers in a Parallels RAS Farm. The other is a separate component that can be installed manually on a Provider host, in which case it will work with that host only. The built-in RAS Provider Agent can be used with any Provider supported by Parallels RAS except QEmu KVM with libvirt and Nutanix Acropolis. With these two hypervisors, a dedicated RAS Connection Broker must be manually installed on a Provider host. See RAS Provider Agent dedicated below for more info.
RAS Provider Agent dedicated is a separate component that can be installed from the Parallels RAS installer. It serves the same purpose as the built-in RAS Provider Agent described above. The difference is, you can only use a dedicated RAS Provider Agent to control the Provider on which it is installed.
RAS Secure Gateway is a service that acts as a proxy between the Parallels Client software running on client devices and Parallels RAS. A Secure Gateway encrypts the communications using SSL. Multiple RAS Secure Gateways can work in high availability mode with Parallels HALB.
High Availability Load Balancing (HALB) is an appliance that provides load balancing for RAS Secure Gateways. Parallels HALB virtual appliance is available for Hyper-V and VMware. Multiple HALB Virtual Servers can be configured, each assigned with different virtual (and floating) IPs to load balance traffic to Secure Gateways in the same RAS Site. This enables administrators to configure Virtual Servers for segregated access, for example when using different Secure Gateways for internal and external access or different office branches. Multiple HALB deployments can run simultaneously, one acting as the primary and others as secondary. The more HALB deployments a site has, the lower the probability that end users will experience downtime. Primary and secondary HALB deployments share a common or virtual IP address (VIP). Should the primary HALB deployment fail, a secondary is promoted to primary and takes its place. Because HALB virtual appliances use source IP for load balancing, a firewall or router in front of them should be configured to preserve the source IPs of the client devices.
Parallels Device Manager is a Parallels RAS feature that allows the administrator to manage Windows computers. Windows 7 and new are supported.
Parallels Desktop Replacement is a sub-feature of Parallels Device Manager (see above). It allows the administrator to convert a standard desktop into a limited device similar to a thin client without replacing the operating system on it.
RAS Enrollment Server is an essential component of the SAML SSO Authentication functionality. It communicates with Microsoft Certificate Authority (CA) to request, enroll, and manage digital certificates on behalf of the user for SSO authentication in the Parallels RAS environment.
Azure Virtual Desktop is a desktop and app virtualization service running on Microsoft Azure, providing access to RD Session Hosts and VDI, including the new offering of Windows 10 and Windows 11 Enterprise multi-session hosts. Parallels RAS 18 provides the ability to integrate, configure, maintain, support and access Azure Virtual Desktop workloads on top of the existing technical capabilities of Parallels RAS.
Microsoft FSLogix Profile Container is the preferred Profile Management solution as the successor of Roaming Profiles and User Profile Disks (UPDs). It is set to maintain user context in non-persistent environments, minimize sign-in times and provide native profile experience eliminating compatibility issues.
Parallels RAS is a market leader for Windows application publishing on any device, anywhere. It works with major hypervisors and Microsoft Remote Desktop Services, providing PC, Mac, and mobile users with a seamless experience while increasing security and reducing IT costs. In addition, Parallels RAS supports Azure Virtual Desktop. It’s simple and empowers users with the freedom and flexibility to work how they want.
With Parallels RAS, remote desktops and applications can be accessed from any device running virtually any operating system, including Windows, Linux, macOS, iOS, Android, Chrome. Access via browser-based Web Client is also available.
For an in-depth information about the rich Parallels RAS features, please read the Parallels RAS Administrator's Guide, which can be downloaded from the Parallels website.
CB
RAS Connection Broker
SG
RAS Secure Gateway (including User Portal)
Private SG
Private RAS Secure Gateway (used for direct client connections)
RDSH, RDS host
RDSH Agent
RD Session Host (formerly Terminal Server)
RAS RD Session Host Agent installed on an RD Session Host.
Remote PC
A remote Windows computer with RAS Remote PC Agent installed
VDI
Virtual Desktop Infrastructure (a VDI host with a hypervisor running virtual machines). Each virtual machine must have RAS Guest Agent installed.
HALB
High Availability Load Balancing. An appliance that provides load balancing for RAS Secure Gateways.
Converted PC
A PC with Windows converted to a thin-client-like OS.
Enrollment Server
RAS Enrollment Server (an essential part of SAML SSO Authentication functionality).
Parallels RAS Server Components
A server hosting RAS Connection Broker. May also host other Parallels RAS components depending on a deployment.
RAS Secure Gateway (including User Portal) used for secure (SSL) client connections.
Private RAS Secure Gateway, used for direct client connections.
RD Session Host with RAS RD Session Host Agent installed.
A remote Windows computer with RAS Remote PC Agent installed. Not to be confused with Converted PC described below (a similar icon in red color).
Virtual Desktop Infrastructure (a VDI host with a hypervisor running virtual machines). Each virtual machine must have RAS Guest Agent installed.
High Availability Load Balancing. An appliance that provides load balancing for RAS Secure Gateways.
Parallels RAS Client Devices
A desktop computer (Windows, Linux, Mac) with Parallels Client installed.
A PC with Windows converted to a thin-client-like OS. Not to be confused with a remote PC described above (a similar icon in orange color).
A converted PC (same as above) with Kiosk mode enabled.
HTML5 enabled web browser.
Mobile device (iOS, Android).
Other Components
Active Directory, DNS, and DHCP server(s).
Microsoft SQL Server database.
RAS Reporting and SQL Server Reporting Services (installed on the same server).
RADIUS server (used for second-level authentication).
File server for storing user profiles and redirected folders.
Firewall (ports 80 and 443 are open).
On-premises VPN gateway.
RAS Enrollment Server.
Azure Load Balancer and/or Azure VPN Gateway.
The following table lists the Parallels RAS release history. Parallels RAS documentation is updated for every release. This guide refers to the latest Parallels RAS 19 release from the table below. If you are using a newer Parallels RAS release or version, please download the current version of the guide from https://www.parallels.com/products/ras/resources/.
Parallels RAS Version | Release | Date |
---|---|---|
19.0
Initial release
07/27/2022
19.0
Update 1
08/31/2022
19.0
Hotfix 1
09/16/2022
19.0
Hotfix 2
09/30/2022
19.0
Hotfix 3
10/14/2022
19.1
Update 2
11/15/2022
19.2
Update 3
07/06/2023
19.3
Update 1
11/06/2023
19.4
Update 2
06/08/2024
20
Initial release
10/30/2024
When a user connects to Parallels RAS from Parallels Client, they are presented with published resources (applications, desktops, documents, etc). The user selects a resource and launches it. The system load-balances user requests automatically and launches the resource from a least-loaded host. The user is then presented with the resource seamlessly via RDP protocol
The Parallels RAS building blocks are (see the previous section for a detailed explanation):
Farm
Site
Agents
The first server added to a farm creates a new site and becomes the primary RAS Connection Broker in that site. The server also becomes the farm’s Licensing Server handling device connection licenses. Every Connection Broker in the farm (when more than one exists) keeps a synchronized copy of the Parallels RAS configuration database. When the administrator makes any changes to the Parallels RAS configuration in the Parallels RAS console, the changes are replicated to all other Connection Brokers.
The following diagram illustrates a Parallels RAS installation with two sites (Site 1 and Site 2), each consisting of a primary Connection Broker (Primary CB), RAS Secure Gateway (SG), RD Session Host (RDS host 1), a second RD Session Host (RDS host 2), VDI (Virtual Desktop Infrastructure) server, and a Windows PC.
Adding more RAS Connection Brokers and RAS Secure Gateways adds redundancy to the system. HALB Virtual Server (VS) is a virtual representation of the HALB appliances (optional component), which can be added to load balance application traffic.
Note: Resources (RD Session Host, Remote PCs, VDI hosts) that are members of one site cannot be shared with other sites. For example, the RDS host 1 server is a member of Site 1, which means that it cannot be accessed by users who are connecting through a Secure Gateway and a Connection Broker located in Site 2.