Gateways

RAS Secure Gateway tunnels all Parallels RAS data on a single port. It also provides secure connections and is the user connection point to Parallels RAS.

In a single tenant environment, you need to install at least one RAS Secure Gateway for Parallels RAS to work. You can add additional Gateways to a RAS Site to support more users, load-balance connections, and provide redundancy.

The following describes how RAS Secure Gateway handles user connection requests:

  1. RAS Secure Gateway receives a user connection request.
  2. It then forwards the request to the RAS Connection Broker with which it's registered (the Preferred Connection Broker setting by default).
  3. The RAS Connection Broker performs load balancing checks and the Active Directory security lookup to obtain security permissions.
  4. If the user requesting a published resource has sufficient rights, the RAS Connection Broker sends a response to the gateway which includes details about the RD Session Host the user can connect to.
  5. Depending on the connection mode, the client either connects through the gateway or disconnects from it and then connects directly to the RD Session Host host.

RAS Secure Gateway operation modes

RAS Secure Gateway can operate in one of the following modes:

  • Normal Mode: RAS Secure Gateway receives user connection requests and checks with RAS Connection Broker if the user making the request is allowed access. Gateways operating in this mode can support a larger number of requests and can be used to improve redundancy.
  • Forwarding Mode: RAS Secure Gateway forwards user connection requests to a preconfigured Gateway. Gateways in forwarding mode are useful if cascading firewalls are in use, to separate WAN connections from LAN connections and make it possible to disconnect WAN segments in the event of issues without disrupting the LAN.

Planning for high availability

When adding RAS Secure Gateways to a Site, the N+1 redundancy should be configured to ensure uninterrupted service to your users. This is a general rule that also applies to other Parallels RAS components, such as Connection Brokers or RD Sessions Hosts.

Was this topic helpful?