Client Downloads: https://www.parallels.com/products/ras/download/client/

Server Downloads: https://my.parallels.com

Parallels RAS Upgrade Procedure: http://kb.parallels.com/en/123005

1. Web Portal
2. Desktop by Thinclient
   • URL Redirect
   • Media Player Redirect
   • MIME Type
3. Universal Printing
   • Multi Function Printers
   • Zebra Printer
4. Universal Scanning
5. Thin Clients
   • Old Thin Clients (PXE boot)
   • New Thin Clients (Local OS)
   • Old PC retask
6. VLAN (VPLS?)
7. Traffic Shaping, IP Priority (VoIP)
8. Configuration Locking Software
   • 2X Thinshell
   • 3rd Party solution?
9. How is User Profile Data dealt with in 2X
10. Does 2X have Remote Management

http://www.parallels.com

http://www.parallels.com/support/ras-documentation/

Quick Configuration Guide: http://www.2x.com/support/ras/setup/

1. If the Parallels RAS will also be a terminal server, install these first:
   • Role-based Installation
     • Remote Desktop Services (role)
       • Remote Desktop Licensing (role service)
       • Session Host service (role service)
         • Perhaps on domain controller
     • Desktop Experience (feature)
       • Under User Interfaces and Infrastructure
       • Already included in Server 2016 full install
2. Configure specified License Server and License Type in Group Policy
   • Computer Configuration → Administrative Templates → Windows Components → Remote Desktop Services → Remote Desktop Session Host → Licensing
3. Configure Domain Users to login to DC via RDS in Group Policy
   • Computer Configuration → Windows Settings → Security Settings → Local Policies → User Rights Assignment → Allow log on through Remote Desktop Services
4. Install Parallels RAS - login with domain_admin@your_domain_name
5. Add a terminal server
   • Use IP addresses unless the hostname is fully resolvable
6. Publish a Desktop
7. Publish an application

https://my.parallels.com/support/ras/technical

Newer installers will open necessary ports in the Windows firewall.

These are the external ports that must be forwarded in to the RAS Secure Client Gateway:

Newer RAS installers will install the RDS Session Host role for you.

You need a minimal but functional RDS server to function as a RAS server.

Newer installers will install the Secure Client Gateway and RAS HTML5 Gateway and set upt a self-signed SSL certificate for you.

Parallels RAS Console → Farm → Gateways → <gateway> → Properties → SSL/TLS

• Enable
• Create a Self-Signed Certificate

Parallels RAS Console → Farm → Gateways → <gateway> → Properties → HTML 5

• Enable
• https://servername/2XHTML5Gateway

RAS Client connects to a Secure Client Gateway over port 80 or port 443 (SSL) then negotiates a direct RDP connection to the Terminal Server.

• Best performance for multimedia

The RAS Client connects to a Secure Client Gateway over port 80 or port 443 (SSL) which negotiates an RDP connection to the Terminal Server. The RDP traffic is tunneled over the HTTP/HTTPS connection.

• Easier to get through firewalls
• Potentially more secure
• Not as good for multimedia
• Use this for all remote connections

You must have RDP 8.0 or higher protocol on the Windows Workstation to get the benefits of remote FX.

Windows 7 and Higher supports RDP 8 Protocols.

Enable and disable the following options with gpedit.msc on all terminal servers in your farm:

Local Computer Policy → Computer Configurations → Administrative Templates → Windows Components → Remote Desktop Services → Remote Desktop Session Host → Remote Session Environment → RemoteFX for windows Server 2008 R2

• Enable all three settings

Local Computer Policy → Computer Configurations → Administrative Templates → Windows Components → Remote Desktop Services → Remote Desktop Session Host → Remote Session Environment

Under Remote Session Environment, enable and disable the following adjusting as necessary:

2X Universal printing is automatically installed when the Agents for Terminal Server, VDI Guest and Remote PC are installed. With 2X Universal Printing specific printer drivers are not necessary on the server.

You must login to the session from the terminal with the local printer installed for the local printer to show up in the session. If you take over a disconnected session the local printers will not show.

Choose 2X Universal Printing Technology in Connection Properties of 2X Client or Policy on 2X RAS if printing is locked down. If selecting Specific Only for Redirect printers: Add printer name of local printer on client.

If you want to open a file on a local computer with a published application via file association it must be configured first.

http://www.2x.com/support/ras-documentation/manual/manage-publish-app/

Then set the file association of the appropriate extension to 2X Kickoff on the PC.

Also, all drives that the files to be opened reside on need to be included in drive redirection in the RDS session.

Parallels RAS Console → Administration → Mailbox Setup

After the Parallels RAS client has been configured and used to log in once, the policies set here will take effect.

• RAS Console → Policies → Plus sign for New
• Change policy name if desired → Plus sign to add users (domain users, etc.)
• Connection Properties → Display (32 bit) → Printing (typically None or RAS) → Scanning (none) → Experience (check all except Menu and Window, Desktop Comp and Show contents)
• Control Settings → Password (check Do NOT save password)

https://download.parallels.com/ras/v17/docs/en_US/Parallels-RAS-v17-Administrators-Guide/39294.htm

Older Parallels RAS installations included a default Gateway Tunneling Policy that would tunnel regular RDP (mstsc.exe) client connections into servers on TCP port 80.

Frequently, botnets or other brute force attackers will abuse port 80 for RDP connections leading to annoying warning pop-ups and RAS controller.log entries.

Performing these actions will restrict native MSTSC from accessing the Gateway on the RAS Gateway port (default 80). So if an end-user tries using MSTSC (ipaddress:80) it won't be permitted. Same goes for RDP connections using the RAS Client pointing to port 80.

1. Open to Remote Application Server console.
2. Open the list of Gateways within your farm.
3. Highlight the Gateway.
4. Head to Tunneling Policies tab.
5. Double click the policy (Usually Default policy is used. If you happen to use another policy make sure to double click the used one).
6. Click “None” checkpoint.
7. Apply new setting in RAS Console.

Note: Performing these actions will restrict native MSTSC from accessing the Gateway on the RAS Gateway port (default 80) So if the end-user will try using MSTSC ipaddress:80 it won't let them in. Same with RDP connection on the Client pointing to port 80.