On June 1st 2022 Parallels released Remote Application Server 19 Public Preview! This version comes with a lot of new exciting features! In a previous article I focused on theMSIX app attach support. In this article I want to address the support for Let’s Encrypt!
Let’s Encrypt is a free, automated, and open certificate authority by the nonprofit Internet Security Research Group (ISRG). Their mission is creating a more secure and privacy-respecting web for eveyone by promoting adoption of HTTPS. They do not charge any fees for their certificates that are valid for 90 days. The certificate management automation provided by Parallels RAS allows to issue, automatic renew, manual renew and revoke certificates.
There are two basic requirements that are needed to get started.
You need a publicly accessible domain that resolves to the Secure Gateway directly or through third-party load balancers.
On the the Secure Gateway, port 80 must be opened for incoming Let’s Encrypt requests
First, to make sure that only Let’s Encrypt is able to access port 80 on your Secure Gateway, configure the network properties of the Secure Gateway as shown below.
Next, go to farm, certificates, and select ‘Let’s Encrypt settings’.
Select the ‘I have read and accept Let’s Encrypt EULA’ option, provide an expiration email address, and optionally change how many days before expiration you want to automaticially renew.
Now select the + sign and choose ‘Issue Let’s Encrypt certificate’.
Now provide the required information to issue the certificate. Once you have done that the certificate will appear in the list and will show a status of ‘Issuing’ first.
Once this is completed, this only takes a few minutes, you are ready to go!
To confirm, connect to the web portal and as you can see below, the certificate is in use, valid and publicially trusted!
And the session information of the Parallels RAS 19 client also shows the certificate.
Both manually renewing and revoking is also possible from within the Parallels RAS console. To renew or revoke, simple right click the certificate, select control, and perform the desired action.
Parallels did a great job in making the issuing, renewing, and revoking of certificates via Let’s Encrypt super easy! Overall, Parallels really excels in continuously bringing improvements to RAS based on community as well as customer feedback. I’ve been part of the Parallels VIPP group since 2017 and can tell you the Let’s Encrypt support is only one of many, many examples where Parallels truly listens to feedback, updates their backlog accordingly and makes it happen!
Give it a try! Log in to your existing Parallels My Account, download and install the Parallels RAS 19 Technical Preview to get started. If you do not already have an account, please visit my.parallels.com/register
Parallels just released Remote Application Server 19 Public Preview! This version comes with a lot of new exciting features!
Here is a quick list of the top 4 features that are announced
Amazon Web Services (AWS) as a cloud provider — Parallels RAS 19 extends the list of supported cloud computing providers by integrating with Amazon EC2. This integration will allow customers to utilize RAS Templates based on Amazon EC2 instances and build hybrid and cloud environments with a unified administrative and end-user experience.
MSIX app attach Integration — Parallels RAS 19 provides a new and modern application delivery method — Application Packages, based on MSIX app attach. This App Layering technology enables customers to separate applications from the core operating system and deliver applications to users dynamically. This makes it easier to create a RAS template and get more control by providing the right application for the right user.
Let’s Encrypt Certificate Management — Let’s Encrypt (LE) is a global Certificate Authority (CA). This organization behind LE is non-profit and provide free SSL/TLS certificates with each certificate valid for 90 days, thus requiring to be renewed during the period. Parallels RAS 19 includes automated certificate management which provides the ability to issue, renew and revoke certificates directly from the RAS Console.
Parallels Client for Windows on ARM64 — Parallels Client for Windows has been rebuilt and optimized to natively run on machines that are powered by ARM64 processors which were created to be more lightweight and power-efficient.
Besides these, Parallels RAS 19 now also covers Expression based filtering & policies, Power Management, Email-based account discovery, Logon hours restrictions, Multiple Multi-factor Authentication (MFA) providers, and Specific URL redirection.
---
I’ve had the opportunity to test drive Parallels RAS 19 during a private technical preview and in this article I want to focus on the MSIX app attach support. You can expect additional articles to follow covering the other new features of this release!
Below is the list of MSIX app attach related features that Parallels RAS 19 contains.
• Discover and import packages from existing MSIX images (CIM, VHD(X))
• Support for packages created with 3rd parties’ tools (MS MSIX Packaging Tool, appCURE, etc…).
• Package version management and versions tags support.
• Package certificates management.
• Application Packages management on Remote Desktop Session Hosts.
• New wizard for publishing applications from packages or desktop publishing.
As a requirement, you need Windows Server 2022 as the RD Session host, a network share where MSIX app attach packages are stored and the RD Session host need read permissions to the share.
The first thing you do is enable the Application Packages feature as shown below.
Next, you can start adding new MSIX application packages to Parallels RAS. Browse to the UNC path where your MSIX app attach packages are stored. In my case this is Azure Files and, in this example, I use Power BI as the package.
In the Display Name field specify the name that will be used for this package in Parallels RAS and click finish.
You can also use MSIX app attach packages that contain multiple applications. In my example below I have an MSIX app attach package containing three applications. The wizard shows me nice drop-down list of all applications that were discovered in the package.
After adding a couple of MSIX app attach packages, the result looks like below.
Next, add the packages to a RD Session Host. Once added, packaged applications behave the exact same way as regular applications in Parallels RAS 19.
To add the applications, go to Farm, RD Session Host open the properties and go to the Application packages tab and add the application packages using the + icon.
Once completed, Parallels RAS takes care of the MSIX app attach staging step and as a result the MSIX packages are now mounted on the RD Session Host server(s) as shown below. Note that in my case some application packages came from a combined MSIX app attach container called demo-msix-apps.
As mentioned before, MSIX app attach application are treated the same way as any other application in Parallels RAS. As shown below, you can publish them the same way as well. In this case I have published all the MSIX app attach applications and a Full Desktop.
After applying the configuration, log on to the Parallels client. You can now see the published apps and desktop.
After logging on to the published desktop, the MSIX app attach registering step takes place and as a result the user sees the MSIX app attached applications.
And, if you take a look at the folder C:\Program Files\WindowsApps you can see the various junction points indicating that the MSIX applications are not locally installed but junction points to the Azure Files share.
Parallels did a great job integrating MSIX app attach into Remote Application Server 19! More reviews on other Parallels RAS 19 features will follow soon!
Give it a try! Log in to your existing Parallels My Account, download and install the Parallels RAS 19 Technical Preview to get started. If you do not already have an account, please visit my.parallels.com/register
