By Christian Aquilina

October 25, 2018
Last updated on January 17, 2022

Use AWS Elastic Load Balancer with Parallels RAS

This guide shows the step-by-step configuration for deploying Amazon Web Services (AWS) Elastic Load Balancer (ELB) to the front end and load balance a Parallels® Remote Application Server (RAS) environment.

Prerequisites and Assumptions

The reader should have a basic understanding of both AWS ELB solutions (Application Load Balancer (ALB)/Network Load Balancer (NLB)) and Parallels RAS. This guide will focus on the configuration of AWS ELB and Parallels Secure Client Gateways load balancing. It is assumed that the Parallels RAS environment has already been deployed and configured on EC2 instances with the 443 Inbound rule on the Parallels Secure Client Gateways security groups.

Note: Steps 1-5 focusing on AWS NLB configuration that will allow connectivity from native Parallels Clients. Should you need to configure load balancing for HTML5 clients only or in addition to the native Parallels Clients, please also review the configuration at Step 6.

Learn more about AWS Elastic Load Balancing.

Document process flow

The process that will be discussed in more detail is as illustrated below:

Configure your Target Group.
Configure Target Group attributes.
Choose the Load Balancer type.
Configure Load Balancer and Listener.
Test and Evaluate Load Balancing.
Using Network Load Balancer Access feature

Step 1: Configure Your Target Group

Create a target group, which is used in request routing. The rule for your listener routes requests to the registered targets in this target group. The load balancer checks the health of targets in this target group using the health check settings defined for the target group.

To configure your target group

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
In the navigation pane, under Load Balancing, choose Target Groups.
Choose Create target group.
Keep Target type as instance.
For Target group name, enter a name for the new target group.
Set Protocol as TCP, and Port as 443.
Select the VPC containing your instances.
For Health checks, keep the default settings.
Choose Next.
On the Register targets page, complete the following steps. This is an optional step to create a target group. However, you must register your targets if you want to test your load balancer and ensure that it is routing traffic to your targets.
1. For Available instances, select one or more instances.
2. Keep the default port 443, and choose Include as pending below.
Click on Create target group.

Step 2: Configure Target Group Attributes

Once the target group is created successfully, open the AWS navigation pane and go to Target groups. Choose the Target group created in Step 1 above > Actions > Edit attributes.

Edit the Deregistration delay from default 300 to 0 and click Save Changes.

Please see here for more information regarding the deregistration delay.

Step 3: Choosing the Load Balancer Type

A load balancer serves as the single point of contact for clients. The load balancer distributes incoming traffic across multiple targets, such as Amazon EC2 instances acting as Parallels RAS Secure Client Gateways.

Elastic Load Balancing supports the following types of load balancers: Application Load Balancers, Network Load Balancers, Gateway Load Balancers and Classic Load Balancers (will be retired on August 15th, 2022).

For native Parallels Clients connectivity, the Network Load Balancer can be used.

For more information on AWS Network Load Balancer please check this article

Step 4: Configure Load Balancer and Listener

1	Basic Configuration
	Name	Provide a significant name for your load balancer
	Scheme	Internet-facing
2	Network Mappings
	Select the appropriate VPC and choose the availability zones where your instances reside in
3	Listeners and routing
	Protocol	TCP
	Port	443 (or an alternate port in case AWS ALB used for HTML5 clients. See Step 6 below)
	Default action	Select the target group created and registered in Step 1

For Load balancer name, enter a name for your load balancer. For example, MY-AWS-NLB
For Scheme and IP address type, keep the default values.
For Network mappings, select the VPC that you used for your EC2 instances. For each Availability Zone that you used to launch your EC2 instances, select the Availability Zone and then select one public subnet for that Availability Zone.

By default, AWS assigns an IPv4 address to each load balancer node from the subnet for its Availability Zone. Alternatively, when you create an internet-facing load balancer, you can select an Elastic IP address for each Availability Zone. This provides your load balancer with static IP addresses.

For Listeners and routing, keep the default, which is a listener that accepts TCP traffic on port 443.
For Default action, select the target group that you created and registered in step 1.
(Optional) Add a tag to categorize your load balancer. Tag keys must be unique for each load balancer.
Review your configuration, and choose Create load balancer. A few default attributes are applied to your load balancer during creation. You can view and edit them after creating the load balancer. For more information, see Load balancer attributes.

Step 5: Test and Evaluate Load Balancing

You can test Load balancer configuration by taking note and copying the DNS name given to the Load balancer as shown from Load balancers – Description – Basic configuration

Log on from Parallels Client and confirm application launching:

Step 6: Using the “Network Load Balancer Access” Feature

The aforementioned configuration enables support for native Parallels Clients, but connections over the HTML5 Client using a web browser will fail as TCP does not support stickiness. The Network Load Balancers access feature is intended for deployment scenarios where third-party front-end load balancers such as Amazon Web Services (AWS) Elastic Load Balancers (ELBs) are used. It allows you to configure an alternate hostname and port number to be used by the Network Load Balancer (NLB). This is needed to separate hostnames and ports on which TCP and HTTPS communications are carried out because AWS load balancers don’t support both specific protocols over the same port.

When one needs to utilize both, native Parallels and HTML5 connections, in addition to AWS NLB, AWS ALB needs to be deployed.

In this case, below please find the recommended configuration:

Parallels RAS Console

In RAS Console > Gateways > right-click on the required Gateway Agent > Properties > HTML5 tab (one can also apply this configuration to all RAS gateways within the site by modifying the Site defaults):
In the Network load balancer section do the following:

Check Use alternate port and specify an alternate port number (in our example, port 8443). The port must not be used by any other component in the RAS Farm or Site. When the alternate port is enabled, all native Parallels Clients will use this port to connect to the RAS Farm or Site.
Check Use alternate hostname and specify the hostname of your AWS NLB (When the alternate hostname is enabled, all platform-specific Parallels Clients will use this hostname to connect to the RAS Farm or Site)

Note: using an alternate host or port is not suitable in a multi-tenant environment as Tenant Broker RAS Secure Client Gateways are shared between Tenants, which would require different configurations.

3. Switch to the Web tab and set the web cookie as AWSALB

Note: When a load balancer first receives a request from a client, it routes the request to a target and generates a cookie named AWSALB, which encodes information about the selected target. The load balancer then encrypts the cookie and includes it in the response to the client. When sticky sessions are enabled, the load balancer uses the cookie received from the client to route the traffic to the same target, assuming the target is registered successfully and is considered healthy. By default, Parallels RAS uses its own ASP.NET cookie named _SessionId, however in this case you must customize the cookie specifying the mentioned AWS cookie for sticky sessions. This can be configured using the Web cookie field on the Web Requests tab. Please note that this functionality is available in Parallels RAS 17.1 or newer.

AWS Application Load Balancer

Configure the AWS Application Load Balancer (ALB).

For AWS ALB Listener we suggest the following configuration:

Protocol: HTTPS
Port: 443

Add the required target group(s), specify the security settings and click Save Changes

Target Group settings for AWS Application Load Balancer:

Target type: Instance
Protocol HTTPS
Port 443

Ensure you have enabled session stickiness for the target group associated with your AWS ALB:

AWS Network Load Balancer

AWS NLB Listener port needs to be changed to an alternate one that we configured in Parallels RAS Console above (in our example, 8443)

Testing Load Balancing using the Parallels HTML5 Client

Copy the DNS hostname of AWS ALB in AWS Console (e.g. SB-AWS-ALB-########.us-east-1.elb.amazonaws.com) and try accessing this using the web browser.

To test the work of AWS ALB (connection is being done over HTTPS):

Right-click on an app > Open in Parallels HTML5 Client

To check the load balancing over TCP, in the same Parallels HTML5 portal, right-click on an app > Open in Parallels Client

You will notice that the native Parallels Client is establishing connection using the alternate hostname:

Testing Load Balancing using Parallels Client

Since the recent modification, at Parallels Client we need to specify the alternate port that was set in Parallels RAS Console and AWS NLB Listener.

Connect and launch a published app

Links for Reference

For more information regarding Parallels RAS: https://www.parallels.com/products/ras/remote-application-server/

For more information regarding AWS ELB: https://docs.aws.amazon.com/elasticloadbalancing/index.html