How Parallels RAS can eliminate single points of failure

Ensure business continuity, achieve optimal system performance, and minimize downtime with the inherent redundancy capabilities available with Parallels RAS.

Any system vulnerability can translate to security and productivity issues within an enterprise, and no IT organization can risk the failure of a single component.  However, building redundancy into your virtual apps and desktops infrastructure requires planning and testing to ensure that your goals are achieved.

Of course, compromises aren’t an option when it comes to security or functionality.  Systems must be secured to keep the bad actors out, and zero trust policies must be implemented.  While SSL/TLS encryption is a standard mechanism for providing security, contextual access to address user scenarios is important as well.  Unlike more complex solutions, Parallels RAS approaches secure remote access and redundancy simplistically, yet effectively.

In addition, ensuring redundancy for infrastructure components should be straightforward so that administrators don’t mistakenly allow single points of failure.

Parallels RAS infrastructure ensures that cost and complexity don’t stand in the way of ensuring maximum uptime.

Ensuring business continuity: How Parallels RAS provides redundant secure remote access

Parallels RAS provides a built-in component appropriately named Secure Gateway to provide “front door” access to Parallels RAS for authenticated users and authorized contextual scenarios.  Secure Gateway is included free of charge as a Parallels RAS component and represents an easy-to use remote access solution with only a few configuration options.

Rather than offering a plethora of options such as a full web app firewall and other tangential functionality that may result in unwanted if/then scenarios that may result in misconfigurations, Parallels RAS Secure Gateway only provides secure remote access for apps and desktops.  Thus, the downstream effect of Parallels RAS Secure Gateway simplicity means that administration is easier for IT professionals.

Parallels recommends deploying two or more Secure Gateways to avoid a single point of failure, and this is most commonly addressed as primary/secondary nodes. By default, RDP DOS Attack Filter is enabled to provide protection against denial of service attacks by denying repeated uncompleted sessions from the same IP address.

But what happens when a double-hop DMZ exists?  Is it necessary to pay for additional licensing for redundant Secure Gateway components deployed into the additional DMZ?  Not only is this architecture fully supported, but there is also no additional cost or limit to the number of Secure Gateways that can be deployed within a licensed enterprise.

For larger environments, the included High Availability Load Balancer (HALB) can precede the Secure Gateway components and likewise should be deployed in a redundant fashion to ensure that multiple Secure Gateways are optimally load balanced to service user connections.  HALB is included with Parallels RAS subscriptions and not subject to additional licensing costs; however, third-party load balancers can also be deployed.  Either way, Secure Gateways can be load balanced and made available to redundantly address heavy loads based on included components at no additional cost.

With the included Secure Gateway and HALB technologies, administrators are provided with the components needed to eliminate single points of failure for secure remote access.  Because all settings can be configured through the single admin console, administrators don’t need to log into numerous systems to administer various aspects of the Parallels RAS environment.

But wait … there’s more!

How can single points of failure be eliminated for user sessions?

Parallels RAS infrastructure is simple and straightforward.  There is no need for a license server, configuration server, or similar components.  Parallels RAS only requires the installation of a Connection Broker component that is employed to act as a traffic signal to direct user sessions that have successfully authenticated via Secure Gateway.  Like all the components discussed herein, the Connection Broker is easily deployed redundantly.

Connection Brokers are deployed in a primary and secondary fashion, with both Connection Brokers taking an active part in communication, but with the primary Connection Broker responsible for specific tasks such as license usage and reporting. A pair of Connection Brokers delivers resilience, but three Connection Brokers enables automated high availability and avoids a “split-brain” scenario should a primary broker become unavailable.

How to deploy Parallels RAS with site-wide redundancy

In addition, Parallels RAS can be deployed with site-wide failover to ensure that users are always available to connect to resources in the event of a disaster. For example, if a primary data center in Miami were to fail, users could instead be directed to a pre-configured disaster recovery site in New York. As such, the primary data center would no longer be a single point of failure.

Deploying Parallels RAS is straightforward, and all components are included to easily enable redundancy.  Eliminating single points of failure with Parallels RAS is not only easy but incorporated without additional licensing cost.

Learn more about how to deploy Parallels RAS with redundancy in the Reference Architectures On-demand Webinar.

Interested in learning more about how Parallels RAS can make IT administration easier and more secure for your organization?  Get your free 30-day trial now!