RAS Secure Client Gateway Overview
By default, a RAS Secure Client Gateway is installed on the same server where Parallels Remote Application Server is installed. You can add additional RAS Secure Client Gateways to a site to support more users, load balance connections, and provide redundancy.
To manage RAS Secure Client Gateways, in the RAS Console, navigate to
Farm
/
Site
/
Gateways
. Use the tab pages in the left pane to manage
Gateways
and
Tunneling Policies
.
How a RAS Secure Client Gateway Works
The following describes how a RAS Secure Client Gateway handles user connection requests:
-
The RAS Secure Client Gateway receives a user connection request.
-
It then forwards the request to all of the available RAS Publishing Agents in the farm.
-
A RAS Publishing Agent performs Load Balancing checks and an Active Directory security lookup to obtain security permissions.
-
If the user requesting a published resource is granted access, the RAS Publishing Agent returns the response to the gateway service including details about which terminal server the user can connect to.
-
Depending on the connection mode, the client either connects through the gateway or disconnects from it and then connects directly to the RDS Server.
RAS Secure Client Gateway Operation Modes
A RAS Secure Client Gateway can operate in one of the following modes:
-
Normal Mode.
A RAS Secure Client Gateway in normal mode receives a user connection requests and checks with the RAS Publishing Agent if the user making the request is allowed access. Normal gateways can be used to support a larger number of requests and to improve redundancy.
-
Forward Mode
. A RAS Secure Client Gateway in forwarding mode forwards all the user connection requests to a preconfigured gateway. Gateways in forward mode are useful if cascading firewalls are in use, to separate WAN connections from LAN connections and make it possible to disconnect WAN segments in the event of issues without disrupting the LAN.
Note:
Multiple RAS Secure Client Gateways are needed to configure a gateway to use the forward mode.
|