Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » virtualization » ras
Trace:
virtualization:ras:ras

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
virtualization:ras:ras [2017/05/06 13:35]
gcooper 		virtualization:ras:ras [2023/09/06 09:38] (current)
gcooper
Line 1: Line 1:
 ====== Parallels RAS – Remote Application Server ====== ====== Parallels RAS – Remote Application Server ======
  
-See also **[[virtualization:ras:ras_thin_client_server|RAS ThinClient Server]]**+**Client Downloads**: https://www.parallels.com/products/ras/download/client/
  
-See also **[[virtualization:ras:ras_web_portal|2X Remote Application Server Web Portal]]** +**Server Downloads**: https://my.parallels.com
- +
-**Client Downloads**: http://www.2x.com/rdp-client/downloadlinks/ +
- +
-**Server Downloads**: http://2x.com/downloads/ras/2xappserver.msi +
- +
-**2XOS Downloads**: http://www.2x.com/os/downloadlinks+
  
 **Parallels RAS Upgrade Procedure**: http://kb.parallels.com/en/123005 **Parallels RAS Upgrade Procedure**: http://kb.parallels.com/en/123005
Line 46: Line 40:
 **Quick Configuration Guide**: http://www.2x.com/support/ras/setup/ **Quick Configuration Guide**: http://www.2x.com/support/ras/setup/
  
-  - If the 2X RAS will also be a terminal server, install these first:+  - If the Parallels RAS will also be a terminal server, install these first:
     * **Role-based Installation**     * **Role-based Installation**
       * **Remote Desktop Services** (role)       * **Remote Desktop Services** (role)
-        * **Session Host service** +        * **Remote Desktop Licensing** (role service) 
-        * **Remote Desktop Licensing** service+        * **Session Host service** (role service)
           * Perhaps on domain controller           * Perhaps on domain controller
       * **Desktop Experience** (feature)       * **Desktop Experience** (feature)
         * Under User Interfaces and Infrastructure         * Under User Interfaces and Infrastructure
 +        * Already included in Server 2016 full install
   - Configure specified License Server and License Type in Group Policy   - Configure specified License Server and License Type in Group Policy
-     * Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Licensing+     * **Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Licensing**
   - Configure Domain Users to login to DC via RDS in Group Policy   - Configure Domain Users to login to DC via RDS in Group Policy
-     * Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment -> Allow log on through Remote Desktop Services +     * **Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment -> Allow log on through Remote Desktop Services 
- +** 
-  - Install Parallels RAS+  - Install Parallels RAS - login with domain_admin@your_domain_name
   - Add a terminal server   - Add a terminal server
     * Use IP addresses unless the hostname is fully resolvable     * Use IP addresses unless the hostname is fully resolvable
Line 67: Line 62:
 ===== Firewall ===== ===== Firewall =====
  
-http://www.2x.com/firewall-requirements-2x-remote-application-server/+https://my.parallels.com/support/ras/technical
  
-http://www.2x.com/configuring-the-windows-server-2008-r2-firewall-to-open-ports-for-2x-solutions/+Newer installers will open necessary ports in the Windows firewall.
  
-:!: These are bare minimum ports that must be opened for a single-server installation supporting PXE clients.+These are the **external** ports that must be forwarded in to the RAS Secure Client Gateway:
  
-|TCP |80, 443, 3389                    +|TCP |80, 443, 20009                   
-|UDP |67, 69, 3389, 401120000, 20009 |+|UDP |80443, 20009                   |
  
 ===== Remote Desktop Services ===== ===== Remote Desktop Services =====
  
-:!: You need a minimal but functional RDS server before it will work with 2X as a terminal server.+Newer RAS installers will install the RDS Session Host role for you.
  
-Add ''Domain Users'' to the allowed RDS users list: +You need a minimal but functional RDS server to function as a RAS server.
- +
-**Right-click Computer -> Properties -> Remote Desktop -> Select Users**+
  
 ===== Secure Client Gateway and HTML5 Gateway ===== ===== Secure Client Gateway and HTML5 Gateway =====
Line 88: Line 81:
 {{ :virtualization:ras:ras_connection_properties.png?350|RAS Connection Properties}} {{ :virtualization:ras:ras_connection_properties.png?350|RAS Connection Properties}}
  
-http://www.2x.com/support/ras-documentation/manual/add-2x-secure-client-gateway/ +Newer installers will install the Secure Client Gateway and RAS HTML5 Gateway and set upt a self-signed SSL certificate for you.
- +
-http://www.2x.com/support/ras/html5-gateway/+
  
-**2X RAS Console -> Farm -> Gateways -> Properties -> SSL/TLS**+**Parallels RAS Console -> Farm -> Gateways -> <gateway> -> Properties -> SSL/TLS**
  
   * Enable   * Enable
   * Create a Self-Signed Certificate   * Create a Self-Signed Certificate
  
-**2X RAS Console -> Farm -> Gateways -> Properties -> HTML 5**+**Parallels RAS Console -> Farm -> Gateways -> <gateway> -> Properties -> HTML 5**
  
   * Enable   * Enable
Line 103: Line 94:
  
 ===== Connection Modes ===== ===== Connection Modes =====
- 
-http://2x.helpserve.com/knowledgebase/article/View/41/0/which-connection-mode-should-i-use-with-2x-applicationserver-xg 
  
 ==== Direct ==== ==== Direct ====
  
-2X Client connects to a 2X Gateway over port 80 or port 443 (SSL) then negotiates a direct RDP connection to the Terminal Server.+RAS Client connects to a Secure Client Gateway over port 80 or port 443 (SSL) then negotiates a direct RDP connection to the Terminal Server.
  
   * Best performance for multimedia   * Best performance for multimedia
Line 114: Line 103:
 ==== Gateway ==== ==== Gateway ====
  
-The 2X Client connects to a 2X Gateway over port 80 or port 443 (SSL) which negotiates an RDP connection to the Terminal Server.  The RDP traffic is tunneled over the HTTP/HTTPS connection.+The RAS Client connects to a Secure Client Gateway over port 80 or port 443 (SSL) which negotiates an RDP connection to the Terminal Server.  The RDP traffic is tunneled over the HTTP/HTTPS connection.
  
   * Easier to get through firewalls   * Easier to get through firewalls
   * Potentially more secure   * Potentially more secure
   * Not as good for multimedia   * Not as good for multimedia
- +  Use this for all remote connections
-===== 2XOS PXE Boot ===== +
- +
-See also **[[virtualization:ras:ras_thin_client_server|2X ThinClient Server]]** +
- +
-**2X RAS Console -> Client Manager -> Thin Client Groups -> Properties** +
- +
-  * Boot Method -> Network Boot +
-  * Regional -> Set Time Zone and Language +
-  * Input Devices -> Keyboard and Layout +
-  * Shadowing -> Enable VNC Service +
-  * Shadowing -> Enable Interact with Desktop +
-  * RDP Defaults -> 2X Connection Mode -> Direct +
-  * RDP Defaults -> Bandwidth -> High Speed Broadband+
  
 ===== RemoteFX ===== ===== RemoteFX =====
Line 180: Line 156:
 {{ :virtualization:ras:ras_mail_settings.png?750 |Parallels RAS Mail Settings}} {{ :virtualization:ras:ras_mail_settings.png?750 |Parallels RAS Mail Settings}}
  
 +
 +===== Policies =====
 +
 +After the Parallels RAS client has been configured and used to log in once, the policies set here will take effect.
 +
 +  * RAS Console -> Policies -> Plus sign for New
 +  * Change policy name if desired -> Plus sign to add users (domain users, etc.)
 +  * Connection Properties -> Display (32 bit) -> Printing (typically None or RAS) -> Scanning (none) -> Experience (check all except Menu and Window, Desktop Comp and Show contents)
 +  * Control Settings -> Password (check Do NOT save password)
 +
 +===== Brute Force Attacks =====
 +
 +https://download.parallels.com/ras/v17/docs/en_US/Parallels-RAS-v17-Administrators-Guide/39294.htm
 +
 +Older Parallels RAS installations included a default Gateway Tunneling Policy that would tunnel regular RDP (mstsc.exe) client connections into servers on TCP port 80.
 +
 +Frequently, botnets or other brute force attackers will abuse port 80 for RDP connections leading to annoying warning pop-ups and RAS ''controller.log'' entries.  {{ :virtualization:ras:ras_brute_force_pop-up.jpg?direct&250|RAS Brute Force Pop-Up}}
 +
 +==== Steps to Disable ====
 +
 +Performing these actions will restrict native MSTSC from accessing the Gateway on the RAS Gateway port (default 80).  So if an end-user tries using MSTSC (ipaddress:80) it won't be permitted.  Same goes for RDP connections using the RAS Client pointing to port 80.
 +
 +  - Open to Remote Application Server console.
 +  - Open the list of Gateways within your farm.
 +  - Highlight the Gateway.
 +  - Head to Tunneling Policies tab.
 +  - Double click the policy (Usually Default policy is used. If you happen to use another policy make sure to double click the used one).
 +  - Click "None" checkpoint.
 +  - Apply new setting in RAS Console.
 +
 +Note: Performing these actions will restrict native MSTSC from accessing the Gateway on the RAS Gateway port (default 80) So if the end-user will try using MSTSC ipaddress:80 it won't let them in. Same with RDP connection on the Client pointing to port 80.
virtualization/ras/ras.1494099333.txt.gz · Last modified: 2017/05/06 13:35 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki