Gateways

RAS Secure Client Gateway tunnels all Parallels RAS data on a single port. It also provides secure connections and is the user connection point to Parallels RAS.

In a single tenant environment, you need to install at least one RAS Secure Client Gateway for Parallels RAS to work. You can add additional Gateways to a RAS Site to support more users, load-balance connections, and provide redundancy.

The following describes how RAS Secure Client Gateway handles user connection requests:

1. RAS Secure Client Gateway receives a user connection request.
2. It then forwards the request to the RAS Publishing Agent with which it's registered (the Preferred Publishing Agent setting by default).
3. The RAS Publishing Agent performs load balancing checks and the Active Directory security lookup to obtain security permissions.
4. If the user requesting a published resource has sufficient rights, the RAS Publishing Agent sends a response to the gateway which includes details about the RD Session Host the user can connect to.
5. Depending on the connection mode, the client either connects through the gateway or disconnects from it and then connects directly to the RD Session Host server.

RAS Secure Client Gateway operation modes

RAS Secure Client Gateway can operate in one of the following modes:

• Normal Mode: RAS Secure Client Gateway receives user connection requests and checks with RAS Publishing Agent if the user making the request is allowed access. Gateways operating in this mode can support a larger number of requests and can be used to improve redundancy.
• Forwarding Mode: RAS Secure Client Gateway forwards user connection requests to a preconfigured Gateway. Gateways in forwarding mode are useful if cascading firewalls are in use, to separate WAN connections from LAN connections and make it possible to disconnect WAN segments in the event of issues without disrupting the LAN.

Note: To configure the forwarding mode, the RAS Site must have more than one RAS Secure Client Gateway installed.

Planning for high availability

When adding RAS Secure Client Gateways to a Site, the N+1 redundancy should be configured to ensure uninterrupted service to your users. This is a general rule that also applies to other Parallels RAS components, such as Publishing Agents or RD Sessions Hosts.