Shared Gateways
All RAS Secure Gateways that exist in the Tenant Broker are shared among Tenants. For the most part, shared gateways operate similarly to standard RAS Secure Gateways but there are differences, which are described below.
Tunneling policies
Tunneling policies are allowed. Tunneled connections are sent to a Tenant Farm mapped to the public address used. The policies however are limited to "None" and "All servers in Site".
WYSE
WYSE is not supported.
Session counters
For each shared gateway, a session counter is displayed in the Tenant Broker console. To see how many sessions a gateway is running, navigate to Farm > Site and examine the Sessions column in the Gateways section.
Client connection routing
Each shared gateway is aware of a configuration of each existing Tenant and is able to route client connections to a correct RAS Connection Broker running in a Tenant Farm. The routing works as follows:
- A new client connection is established.
- A shared gateway determines which Tenant the client belongs to based on the Tenant configuration.
- The correct RAS Connection Broker in the Tenant Farm is selected for this connection.
- Two-factor authentication and application listing requests are forwarded to the selected RAS Connection Broker. All subsequent client operations are also carried out using that Connection Broker. See also User authentication.
Shared gateway maintenance
When you need to take a shared RAS Secure Gateway offline for maintenance, you can do it the same way it's done in a traditional Parallels RAS Farm. You disable the gateway and wait for active sessions to drain. To see the number of active sessions for a gateway, navigate to Farm > Site. The session count is displayed in the Sessions column.
You can safely take shared Gateways offline. Parallels Clients will reconnect to the same sessions automatically.