Previous page

Next page

Locate page in Contents

RAS Secure Client Gateway Overview

RAS Secure Client Gateway tunnels all Parallels Remote Application Server data on a single port. It also provides secure connections and is the user connection point to Parallels Remote Application Server.

By default, a RAS Secure Client Gateway is installed on the same server where the Parallels Remote Application Server is installed. You can add additional RAS Secure Client Gateways to a site to support more users, load balance connections, and provide redundancy.

To manage RAS Secure Client Gateways, in the RAS Console, navigate to Farm / <site-name> / Gateways . Use the tab pages in the left pane to manage Gateways and Tunneling Policies .

0.4.0.Farm.Gateways.bmp

How a RAS Secure Client Gateway Works

The following describes how a  RAS Secure Client Gateway handles user connection requests:

  1. The RAS Secure Client Gateway receives a user connection request.
  2. It then forwards the request to all of the available RAS Publishing Agents in the farm.
  3. A RAS Publishing Agent performs Load Balancing checks and an Active Directory security lookup to obtain security permissions.
  4. If the user requesting a published resource is granted access, the RAS Publishing Agent returns the response to the gateway service including details about which terminal server the user can connect to.
  5. Depending on the connection mode, the client either connects through the gateway or disconnects from it and then connects directly to the RDS Server.

RAS Secure Client Gateway Operation Modes

A RAS Secure Client Gateway can operate in one of the following modes:

  • Normal Mode. A RAS Secure Client Gateway in normal mode receives a user connection requests and checks with the RAS Publishing Agent if the user making the request is allowed access. Normal gateways can be used to support a larger number of requests and to improve redundancy.
  • Forward Mode . A RAS Secure Client Gateway in forwarding mode forwards all the user connection requests to a preconfigured gateway. Gateways in forward mode are useful if cascading firewalls are in use, to separate WAN connections from LAN connections and make it possible to disconnect WAN segments in the event of issues without disrupting the LAN.

Note: Multiple RAS Secure Client Gateways are needed to configure a gateway to use the forward mode.