By Chris Marks, Principal Outbound Product Manager

June 12, 2023

  0

Parallels RAS increases integration with fast user switching such as Imprivata OneSign

Enable secure, fast login as well as session termination.

Parallels® RAS is a virtual application and desktop delivery solution that enables organizations to deliver virtual desktops, applications, and data securely to their end users.

Solutions which enable a user to log on and off via smartcards and deliver “tap-in” and “tap-out” functionality such as Imprivata OneSign® enabled devices can be integrated with Parallels RAS, providing a seamless and secure login experience for end users like healthcare professionals accessing virtual applications and desktops from shared workstations.

By combining the capabilities of software including Imprivata OneSign with the automatic sign-out feature in Parallels RAS, enterprises such as healthcare organizations can enhance security, streamline workflows, and ensure that virtual sessions are properly terminated when healthcare professionals are finished using shared workstations. This integration provides a secure and user-friendly experience for healthcare professionals accessing virtual applications and desktops.

Parallels RAS has been able to interact with fast user switching such as that delivered with Imprivata OneSign using scripted actions for some time. Starting with version 19.2.2, additional functionality has been added within Parallels RAS. The actions taken when a user “taps out” can be specified to suit the scenario. The two elements of this functionality are shown below.

Automatically close remote sessions

Firstly, new arguments have been added to allow an administrator to choose to automatically disconnect or logoff all active remote sessions of the user in question.

These arguments are as follows:

• appserverclient.exe -disconnectallsessions
• appserverclient.exe -logoffallsessions

A script containing these arguments would be triggered by an event such as the Imprivata agent carrying out a “tap-out” action.

For further information on the use of appserverclient.exe, see this guide: https://download.parallels.com/ras/v19/docs/en_US/Integrating-with-Parallels-RAS-Clients.pdf

Scripts to accompany both logon and disconnect from Imprivata can be found in the Parallels Github repository: https://github.com/Parallels/RAS-PowerShell/tree/master/Tools/Imprivata

Automatically lock or logout of local Windows workstation

Secondly, in the case of Imprivata OneSign, the desired behavior is typically to lock or sign out of the local workstation when a user closes their remote sessions; making it ready for the next user to connect. This feature enhances security and compliance by ensuring that the appropriate steps are taken seamlessly while different healthcare professionals make use of a shared workstation.

This feature can be set directly within the Parallels Client for Windows settings or centrally controlled and customized through policies within Parallels RAS management console. System administrators can define the desired behavior, such as specifying whether the workstation should be automatically locked or signed out.

To configure the Parallels Client for Windows, you would navigate to the following option:

Tools>Options> Connection> When all sessions are closed

To configure Client Policy centrally, you would navigate to the following option:

Client options>Connection> When all sessions are closed

Both options present a dropdown list containing the following options:

Do nothing, Lock workstation, Sign out from workstation

There is also a corresponding update to allow administrators to automate this behavior via PowerShell or REST APIs.

WhenAllSessionClosedAction has been added to the Set-RASClientPolicy cmdlet with the following values: Nothing, LockWorkstation, and Logoff.

Please see the PowerShell Guide and the REST API Guide for more details.

This feature is summarized in the following Knowledge Base article: https://kb.parallels.com/en/129738

Summary

With these new updates, when a user such as a healthcare professional taps their proximity card on the designated card reader, Parallels RAS recognizes the authentication and grants access to the virtual applications and desktops. Third-party scripts can be used to pass the users’ credentials and launch specific published resources in Parallels RAS. Once a healthcare professional is done using the virtual environment, the new features in Parallels RAS can automatically sign out from all active remote sessions and then either sign out or lock the local Windows workstation.

Learn more and access your free fully featured trial of Parallels RAS!