Home » Computers » Parallels RAS 20 Administration Reference: Core Concepts and Troubleshooting

Parallels RAS 20 Administration Reference: Core Concepts and Troubleshooting

Posted on Dec 14, 2025 in Computers

🧠 Parallels RAS 20 – Administrator’s Guide Cheat Sheet

🏗️ 1. Core Architecture

Term	Description
Farm	The main logical container of all RAS components. One central configuration and licensing database per farm.
Site	A subset of a farm, typically representing a physical location (e.G., Toronto site, Montreal site). Each site must have at least one Connection Broker and Secure Gateway.
RAS Console	The admin tool (desktop app) used to configure and manage all RAS components.
RAS Management Portal	A web-based admin portal for managing RAS from any browser.

🔌 2. Key Components

Component	Purpose
RAS Connection Broker (CB)	The “brain” of RAS — authenticates users, distributes connections, manages sessions, and load balances apps/desktops.
RAS Redundancy Service	Keeps a secondary CB in sync for failover. If the primary CB fails, the secondary takes over automatically.
RAS Secure Gateway (SGW)	Acts as a proxy for client connections. Encrypts traffic (SSL/TLS). Can operate in Normal or Forwarding mode.
HALB (High Availability Load Balancer)	Balances traffic between multiple Secure Gateways. Provides a single entry point (VIP).
RD Session Host Agent	Installed on RDSH servers — allows publishing of apps and desktops from those servers.
RAS Remote PC Agent	Enables publishing of physical desktops or VMs for direct user access.
RAS Guest Agent	Used on VDI virtual machines to manage and publish desktops/applications.
RAS Provider Agent	Communicates with hypervisors (VMware, Hyper-V, etc.) to create and manage VMs. Can be built-in or dedicated.
Device Manager	Manages Windows endpoints (turn them into thin clients).
Enrollment Server	Handles SAML-based Single Sign-On (SSO) And digital certificates.

🔒 3. Security & Access

Feature	Description
Authentication Types	AD credentials, Smart card, SAML, RADIUS, Azure AD, etc.
Tunneling Policies	Control how Secure Gateways forward or block user connections. Useful for directing traffic or blocking raw RDP.
SSL Modes (HALB)	Passthrough (traffic stays encrypted to SGW) or Offloading (HALB decrypts it).
Two-Factor Authentication (2FA)	Integrates with Google Authenticator, RADIUS, Azure MFA.
Firewall Integration	Ensure TCP 443 (SSL), 80 (HTTP), and 30008 (HALB) are open.

🧱 4. Publishing

Term	Description
Published Application	An app (like Word, Calculator, SAP) hosted on an RDSH or VM and delivered virtually to users.
Published Desktop	A full Windows desktop session (like RDP but through RAS).
User Assignment	Controls who sees what. If “Everyone” is assigned, all users can see it. Always replace “Everyone” with specific users, groups, or OUs.
File Type Association (FTA)	Allows double-clicking a file type on the client to launch the app from RAS (e.G., `.Docx` opens Word from RAS).
App Folders	Organize published apps in groups for easier access.

🌐 5. Networking & Connectivity

Concept	Description
Network Discovery	Automatically finds hosts and servers in your network to add to the farm.
WAN/LAN Optimization	Forwarding mode gateways separate WAN users from LAN users for stability and security.
SSL Certificates	Used by Secure Gateways and HALB for encryption. Let’s Encrypt can be integrated for automation.
Ports	Common: 443 (HTTPS), 80 (HTTP), 30008 (HALB), 30009 (HALB secondary).

⚖️ 6. Load Balancing & HA

Feature	Description
HALB (VIP)	Single virtual IP users connect to; HALB forwards to available gateways.
HALB Primary/Secondary	Multiple HALB appliances — one active, others standby. Shared Virtual IP.
RAS Connection Broker HA	Two brokers replicate configuration & session info using the Redundancy Service.
Secure Gateway HA	Multiple gateways in the same site share load and provide redundancy.

🖥️ 7. VDI Integration

Feature	Description
VDI Provider	Interface between RAS and hypervisors like Hyper-V, VMware, AHV.
VDI Templates	Master VM images used to clone new desktops.
VDI Pooling	Dynamic or persistent desktop assignment to users.
VDI Automation	Automatically creates, powers on/off, and destroys VMs as users log in/out.

🔍 8. Monitoring & Reporting

Feature	Description
RAS Reporting	Centralized logging of sessions, usage, and performance. Connects to SQL Server DB.
RAS Reports Portal	Web UI for viewing usage reports, license stats, and active users.
RAS Monitor	Real-time view of connections, servers, and resources.
Logging Levels	Standard / Extended / Verbose — controlled by registry key:
`HKLM\SOFTWARE\Parallels\RASLog → LogLevel (DWORD)`
Values: 0=Standard, 1=Extended, 2=Verbose.

⚙️ 9. Management & Maintenance

Term	Description
Backup/Restore	RAS Console ➜ Tools ➜ Backup Configuration. Saves farm settings to file.
Licensing	Managed centrally at the farm level. Requires valid license key or subscription.
Upgrade	Run the new RAS installer on Connection Broker first, then Gateways, then Agents.
Logs Location

C:\Program Files (x86)\Parallels\RASLog\

| Common Logs:
| controller.Log, acme.Log, rasgroupmanager.Log, devscheduler.Log, notifdispatch.Log |

🧩 10. Advanced Features

Feature	Description
PowerShell & CLI Tools	Automate app publishing, user assignment, reporting setup, etc.
SAML Integration	Single sign-on with Azure AD, Okta, ADFS, etc.
HTML5 Gateway	Access RAS desktops/apps through any browser without installing the client.
Device Manager Policies	Convert endpoints into kiosk/thin client mode.
Printing Redirection	Universal Printing feature lets users print locally from published sessions.
Clipboard Redirection	Enable/disable clipboard and file transfer between local and remote.

🧰 11. Troubleshooting Tips

Issue	Typical Cause	Fix
“Failed to initialize Reporting Agent”	SQL DB not reachable or wrong credentials	Test `DB1` port 1433, verify SQL permissions, restart RAS Reporting service
App visible to everyone	“Everyone” is still listed in User Assignment	Remove “Everyone” and assign only the user/OU
SSL errors	Mismatched or expired certificate	Replace in RAS Console → Secure Gateway properties
Client cannot connect	HALB or Gateway ports blocked	Open TCP 443, 30008 on firewalls
User session not launching	Agent missing or offline	Check RDSH Agent service on the host

🔍 12. Common Directories & Files

Path	Description
`C:\Program Files (x86)\Parallels\ApplicationServer`	Core RAS binaries
`C:\Program Files (x86)\Parallels\RASLog\`	Log files
`C:\Program Files (x86)\Parallels\RASReports\`	Reporting service files
`%ProgramData%\Parallels\ApplicationServer`	Config data

🗝️ 13. Useful Registry Keys

Path	Description
`HKLM\SOFTWARE\Parallels\RASLog\LogLevel`	Controls logging verbosity (0–2)
`HKLM\SOFTWARE\Parallels\RAS\Agent`	Agent configuration
`HKLM\SOFTWARE\Parallels\RASConnectionBroker`	Broker settings
`HKLM\SOFTWARE\Parallels\RASGateway`	Secure Gateway configuration

🧩 14. Ports Reference (Quick Table)

Component	Port	Description
Secure Gateway	443	HTTPS client connection
HALB	30008	Primary listener
HALB	30009	Secondary
Connection Broker	20002	Inter-component communication
RD Session Host	3389	RDP sessions
Reporting (SQL)	1433	SQL Server port

🧾 15. Key CLI & PowerShell Commands

Purpose	Command
List all farm servers	`Get-RASServer`
Publish an application	`New-RASApp -Name "Calculator" -Path "C:\Windows\System32\calc.Exe"`
Assign app to user	`Set-RASAppAssignment -AppName "Calculator" -User "RASLAB\designer"`
Export farm config	`Export-RASConfig -Path "C:\Backup\RASFarm.Bak"`
Get session info	`Get-RASSessions`

🧭 16. Real-Life Admin Scenarios

Scenario	What to Do
User should see only one app	Edit app ➜ remove “Everyone” ➜ assign user/OU
Deploy redundant Gateway	Add second Secure Gateway ➜ enable HALB
Configure SSL Offload	Import certificate into HALB and switch mode to “SSL Offloading”
Integrate Azure AD login	Enable SAML SSO in Connection Broker settings
Collect all logs	`C:\Program Files (x86)\Parallels\RASLog\` (compress folder for support)