RAS Enrollment Server Configuration

RAS Enrollment Server communicates with Microsoft Certificate Authority (CA) to request, enroll, and manage digital certificates on behalf of a user for SSO authentication in the Parallels RAS environment.

Note: For security reasons, RAS Enrollment Server should be installed on a secure, dedicated server similar to an Active Directory Domain Controller or Certificate Authority with no other Parallels RAS components installed.

Setup and configure RAS Enrollment Server

You can remotely install the RAS Enrollment Server Agent on a specified server from the RAS Console. You can also install the Agent by running the standard RAS installer on the desired server.

To remotely install the RAS Enrollment Server:

1. In the RAS Console, navigate to Farm / Site / Enrollment servers .
2. Click Tasks > Add .
3. Specify the FQDN or IP address of the server where you want the RAS Enrollment Server Agent to be installed.
4. Click Next .
5. In the Enrollment Server Agent Information dialog, click Install and follow the onscreen instructions.

To install the RAS Enrollment Server using the Parallels RAS installer:

1. Run the Parallels RAS installer on the server where you want the RAS Enrollment Server Agent installed.
2. On the Select Installation Type page, select Custom and click Next.
3. Clear all other components and select the Parallels RAS Enrollment Server component.
4. Click Next and follow the onscreen instructions.
5. Once the RAS Enrollment Server is installed, open the RAS Console and navigate to Farm / Site / Enrollment servers .
6. Click Tasks > Add .
7. Enter the Enrollment Server FQDN or IP address and click Next .
8. Follow the onscreen instructions to add the server to the Farm.

Obtain and copy the registration key

If you perform a manual installation using the RAS installer, it is necessary to place a registration key file on the Enrollment Server host. This step is not required if the RAS Enrollment Server Agent was remotely deployed from the RAS Console.

First, you need to obtain the registration key file as follows:

1. Open the RAS Console and navigate to Farm / Site / Enrollment servers .
2. Click Tasks > Export registration key .
3. Save the key to a file named registration.crt .

Once you have the registration.crt file, copy it to the following folder on the server where you have the RAS Enrollment Server installed, by default in the following path:

C:\Program Files (x86)\Parallels\ApplicationServer\x64

Note: It is mandatory for the registration key file to be named “registration.crt”.

Configure AD Integration

After you added the RAS Enrollment Server in the RAS Console, you need to configure AD integration for it as follows:

1. In the RAS Console, navigate to Farm / Site / Enrollment Servers .
2. Select the AD Integration tab.
3. In the Certificate authority (CA) section, specify the configuration string of your Enterprise CA where the new certificate templates, (Prls Enrollment Agent and Prls Smartcard Logon) were created. This should be done in the following format:

   CAhostname.domain\issuing CA name

   Alternatively, you can click the [...] button to select a CA. For configuration details, see Configure Certificate Authority Templates .

4. In the Enrollment Agent section, specify the Enrollment Agent username and password. For configuration details, see Active Directory User Account Configuration .
5. In the NLA user section, specify the NLA username and password. For configuration details, see Active Directory User Account Configuration .
6. Click the Validate AD integration settings button to make sure that the information you've entered is valid.