Parallels RAS 19 Administrator's Guide - Configuring preferred routing

Introduction
- Parallels RAS 19 release history
- About Parallels RAS
- About this guide
- What's new
- Terms and abbreviations used in this guide
Installing Parallels RAS
- System requirements
- Install Parallels RAS
- Log in and activate Parallels RAS
Getting Started with Parallels RAS
- The Parallels RAS Console
- Set up a basic Parallels RAS Farm
Farm and Sites
- Connecting to a Parallels RAS Farm
- About Sites
- Sites in the RAS Console
- Adding a Site to the Farm
- Replicating Site settings
- Managing Licensing Site
- Managing administrator accounts
RAS Connection Broker
- Configuring RAS Connection Brokers
- Secondary Connection Brokers
- Managing Secondary Connection Brokers
- Using computer management tools
RAS Secure Gateway
- Overview
- Adding a RAS Secure Gateway
- Manually adding a RAS Secure Gateway
- Checking the RAS Secure Gateway status
- Configuring a RAS Secure Gateway
- Secure Gateway tunneling policies
- Configure logging
- Viewing Secure Gateway summary and metrics
- Using computer management tools
RD Session Hosts
- RD Session Host types
- Add an RD Session Host
  - Installing the agent manually
- Add a template-based RD Session Host
- Manage RD Session Hosts
- Planning for high availability
- Managing logons
- Using computer management tools
- Publishing from an RD Session Host
- Viewing published resources
Virtual Desktop Infrastructure (VDI)
- Supported providers
- Add a provider
- Manage VDI
- Configure logging
- Enabling high availability for VDI
- Site defaults (VDI)
- Using computer management tools
- Viewing Provider summary
- Remote PC pools
Azure Virtual Desktop
- Introduction
- Prerequisites
- Deploy Azure Virtual Desktop
- Manage Azure Virtual Desktop
- Site defaults (Azure Virtual Desktop)
  - Site defaults for single-session hosts
  - Site defaults for multi-session hosts
- Using Parallels Client with Azure Virtual Desktop
- Verify the deployment
Remote PCs
- Overview
- Adding a Remote PC to a Farm
  - Admin-initiated Remote PC enrollment
  - Self-service Remote PC enrollment
- Configuring a Remote PC
- Viewing Remote PC summary
- Using computer management tools
Publishing
- Overview
- Publishing a desktop
- Publishing an application
- Publishing an application with MSIX app attach
- Publishing a web application
- Publishing a network folder
- Publishing a document
- General management tasks
- Manage published applications
- Manage published desktops
- Manage published documents
- Manage folders
- Site defaults (Publishing)
- Using filtering rules
- Configuring preferred routing
- Understanding session prelaunch
- Checking effective access
- Specifying client settings
- Quick keypad
Session Management
- Overview
- Session information
- Monitoring settings
- Managing sessions
- The Resources tab
SSL Certificate Management
- Generating a self-signed certificate
- Generating a certificate signing request (CSR)
- Let's Encrypt certificates
  - Requesting a Let's Encrypt Certificate
  - How Parallels RAS requests certificates from Let's Encrypt
- Importing a certificate
- Exporting a certificate
- Assigning a certificate to Secure Gateways and HALBs
- Auditing certificates
- Permissions to manage certificates
- Upgrading from an older RAS version
Connection and Authentication Settings
- RAS Connection Broker connection settings
- Remote session settings
- Logon hours settings
- Restricting access by Parallels Client type and build number
- Multi-factor authentication
- Allowing users to change domain password
- Allowing users to discover RAS connections via email address
Load Balancing and HALB
- Resource based & round robin load balancing
  - Configure CPU optimization
- High availability load balancing (HALB)
RAS Multi-Tenant Architecture
- Overview
- Architecture description
  - Implementation overview
  - User connection flow
- Deploying Tenant Broker and Tenants
- Managing Tenants
- Shared Gateways
- Third-party network load balancers
- Web Client and Themes
- Monitoring Tenants
- Tenant Broker compatibility and updates
- Upgrading from an older RAS version
- Configuring notifications
- Communication ports
SAML SSO Authentication
- Introduction
- System requirements
- SAML basics
- SAML configuration
- Parallels Client configuration
- Parallels client policy configuration
- Test the SAML SSO deployment
- Error messages
Parallels Web Client and User Portal
- Configure Web Client
- Configure Themes
- Open Parallels Web Client
- Main menu options
- Running remote applications and desktops
- Auto login
- Direct App access
- Using the toolbar
Universal Printing
- Managing Universal Printing settings
- Universal Printing drivers
- Font management
Universal Scanning
- Managing Universal Scanning
- Adding scanning applications
User Device Management and Client Policies
- Inviting users to connect to Parallels RAS
- Mass configuring user devices
- Enabling Help Desk support
- Monitoring devices
  - Getting additional device information
- Windows device groups
- Managing Windows devices
  - Windows desktop replacement
- Scheduling Windows devices & groups power cycles
- Client Policies
- Configuring remote file transfer
Reporting
- System requirements
- Install Microsoft SQL Server
  - Install Microsoft SQL Server 2016 or earlier
  - Install Microsoft SQL Server 2017 or 2019
- Install Parallels RAS Reporting
- Running Parallels RAS reports
- GDPR compliance
Performance Monitor
- Overview
- Install RAS Performance Monitor
- Using Parallels RAS Performance Monitor
- Configure RAS Performance Monitor Security
- Updating RAS Performance Monitor
Common Management Tasks
- Recovery - add a root administrator
- Host name resolution
- Computer management tools
- Site information
- Site settings
- Using MSIX application packages
- Using template versions
- Settings audit
- Upgrading RAS agents
- Licensing
- Configure HTTP proxy settings
- System event notifications
- RAS session variables
- Maintenance and backup
  - Exporting and importing Farm settings from the command line
- Problem reporting and troubleshooting
- Logging
- Suggest a feature
Parallels RAS Management Portal
- Overview
- Prerequisites
- Installation
- Log in to RAS Management Portal
- Configure RAS Web Administration Service
- RAS Management Portal user interface
Parallels RAS APIs
- RAS PowerShell API
- RAS REST API
- RAS Web Client API and Parallels Client URL scheme
Appendix
- Microsoft license requirements in Parallels RAS
- Port reference
- RAS performance counters

Configuring preferred routing

Overview

Preferred routing is a useful feature when Parallels RAS users with different geo located deployments are connecting to the same Parallels RAS Farm/Site. A common access layer usage (RAS Secure Gateway, HALB, or a third-party load balancer) is not optimal if a resource is located in a different data center in the same RAS Farm/Site. The solution is to configure a preferred access layer server for a specific published resource, in which case any user would connect to a default Secure Gateway, but would be redirected using proximity rules set by the administrator. Typically, using the Secure Gateway closest to the session host provides improved user experience, reduced internal network traffic and associated costs along with providing better use of resources.

Note: Preferred routing doesn't apply to Azure Virtual Desktop published objects.

Here's how preferred routing works:

Parallels Client establishes a connection with a Secure Gateway using a standard authentication.
Through the RAS Connection Broker, the resource's preferred route (if configured) is identified.
Parallels Client receives the preferred public address to launch the resource.
Parallels Client then tries to launch the resource through the redirected address and falls back to the original Gateway if it fails.

Configure preferred routing

To configure preferred routing for a published resource:

In the RAS Console, select the Publishing category.
Select an existing published resource and then select the Routing tab.
Select the Enable preferred routing option.
Click Tasks > Add. The Add preferred route dialog opens. Read on.

In the Add preferred route dialog:

Type a name for this route and an optional description.
From the Type drop-down list, select one of the following:
- HALB Virtual Server: Select a RAS HALB virtual server from the list below the Type field. Note that for a RAS HALB virtual server to appear in the list, the HALB server must have a public address specified, as far as you cannot add HALB server here.
- Secure Gateway: Same as for HALB virtual server (described above), the Public address field must have a value for the Gateway to appear in the list. See the Public address field when you create or configure a RAS Secure Gateway.
- Custom: A third-party load balancer will be used. Select this option, then click Tasks > Add and specify the server properties in the list below the field. The properties include Name, Description, Public address, Port, and SSL port. You can add as many servers as required and then select one of them to be used for a given published resource.

When configuring preferred routing, please also consider the following:

If routing fails, an automatic fallback to the originating address is carried out.
If routing is enabled in the RAS Console, but not configured, the administrator will see an error message and will have to either configure or disable it.
It is recommended to use Folders (configured for administrative purpose) in case routing needs to be configured on many resources. Routes are not inherited from parent folder if the routing is enabled on the child object, i.e. only one set of routes is used.
Same user credentials will be used when redirecting the RDP traffic to the same RAS Site. Users will not be asked to re-enter credentials.
If you had existing session tunneled in a particular Secure Gateway and using session sharing, the same session workflow path will be used (if a published resource is also available on the same session host) irrespective of configured routing.
Routing is supported in SAML environments.
Supported clients are Windows, macOS, Linux, Android, iOS, Web.

Specifying public address when inviting users

When you use the Invite Users wizard, you can specify a public address on the second page where you specify target platforms and connection options. This way, you can set a preferred routing for a group of users in a specific geo location. For more information, see Invite users.

Deleting or disabling Gateway or HALBs

If an administrator tries to delete a Gateway or HALB when they are being used as preferred routing, the information about objects using it will be shown on the screen, so no accidental deletion takes place.

Was this topic helpful?

Yes No

Using filtering rules

Understanding session prelaunch