User Tools
virtualization:ras:ras
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
virtualization:ras:ras [2019/02/05 11:52] gcooper |
virtualization:ras:ras [2023/09/06 09:38] (current) gcooper |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Parallels RAS – Remote Application Server ====== | ====== Parallels RAS – Remote Application Server ====== | ||
| - | |||
| - | See also **[[virtualization: | ||
| **Client Downloads**: | **Client Downloads**: | ||
| Line 42: | Line 40: | ||
| **Quick Configuration Guide**: http:// | **Quick Configuration Guide**: http:// | ||
| - | - If the 2X RAS will also be a terminal server, install these first: | + | - If the Parallels |
| * **Role-based Installation** | * **Role-based Installation** | ||
| * **Remote Desktop Services** (role) | * **Remote Desktop Services** (role) | ||
| Line 56: | Line 54: | ||
| * **Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment -> Allow log on through Remote Desktop Services | * **Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment -> Allow log on through Remote Desktop Services | ||
| ** | ** | ||
| - | - Install Parallels RAS | + | - Install Parallels RAS - login with domain_admin@your_domain_name |
| - Add a terminal server | - Add a terminal server | ||
| * Use IP addresses unless the hostname is fully resolvable | * Use IP addresses unless the hostname is fully resolvable | ||
| Line 110: | Line 108: | ||
| * Potentially more secure | * Potentially more secure | ||
| * Not as good for multimedia | * Not as good for multimedia | ||
| + | * Use this for all remote connections | ||
| ===== RemoteFX ===== | ===== RemoteFX ===== | ||
| Line 160: | Line 159: | ||
| ===== Policies ===== | ===== Policies ===== | ||
| - | After the Parallels RAS client has been configured and used to log in once the policies set here will take effect. | + | After the Parallels RAS client has been configured and used to log in once, the policies set here will take effect. |
| * RAS Console -> Policies -> Plus sign for New | * RAS Console -> Policies -> Plus sign for New | ||
| Line 167: | Line 166: | ||
| * Control Settings -> Password (check Do NOT save password) | * Control Settings -> Password (check Do NOT save password) | ||
| + | ===== Brute Force Attacks ===== | ||
| + | |||
| + | https:// | ||
| + | |||
| + | Older Parallels RAS installations included a default Gateway Tunneling Policy that would tunnel regular RDP (mstsc.exe) client connections into servers on TCP port 80. | ||
| + | |||
| + | Frequently, botnets or other brute force attackers will abuse port 80 for RDP connections leading to annoying warning pop-ups and RAS '' | ||
| + | |||
| + | ==== Steps to Disable ==== | ||
| + | |||
| + | Performing these actions will restrict native MSTSC from accessing the Gateway on the RAS Gateway port (default 80). So if an end-user tries using MSTSC (ipaddress: | ||
| + | |||
| + | - Open to Remote Application Server console. | ||
| + | - Open the list of Gateways within your farm. | ||
| + | - Highlight the Gateway. | ||
| + | - Head to Tunneling Policies tab. | ||
| + | - Double click the policy (Usually Default policy is used. If you happen to use another policy make sure to double click the used one). | ||
| + | - Click " | ||
| + | - Apply new setting in RAS Console. | ||
| + | Note: Performing these actions will restrict native MSTSC from accessing the Gateway on the RAS Gateway port (default 80) So if the end-user will try using MSTSC ipaddress: | ||
virtualization/ras/ras.1549392779.txt.gz · Last modified: 2019/02/05 11:52 by gcooper
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
