1.5. Infrastructure Overview

The infrastructure presented in this guide is tailored for the multi-tenant architecture of Parallels RAS. If you prefer other deployment scenarios, consult the Parallels documentation.

To create a Virtuozzo Hybrid Workspace environment, each component of Parallels RAS is installed into a dedicated VM in a Virtuozzo Hybrid Infrastructure cluster. The complete setup looks like this:


The infrastructure is deployed in two Virtuozzo Hybrid Infrastructure projects (tenants) as follows:

Table 1.5.1 Managed Service Provider (MSP) Broker Project
Component Quantity Flavor Network Role
Private network (VXLAN) 1 n\a msp-net n\a
Router 1 n\a Public\msp-net n\a
Load balancer 1 n\a Public\msp-net TCP:443,80
PA VM 2 large msp-net RAS PA, AD, DNS
SCG VM 2 medium msp-net RAS GW
Table 1.5.2 Client project (e.g., “abc”)
Component Quantity Flavor Network Role
Private network (VXLAN) 1 n\a abc-net n\a
Router 1 n\a Public\abc-net n\a
VDI provider* 1 small abc-net Remote PC VDI provider
RDSH VM 2 if needed large+ Public\abc-net RDSH

* For a small setup, you can use the PA VM as a VDI provider as it contains this role by default.

The following roles are used:

Parallels RAS Publishing Agent (Microsoft Windows Server). The main Parallels RAS component that manages other Parallels RAS components and handles user authorization.
Parallels Secure Client Gateway (Microsoft Windows Server). A gateway server that receives user connections and redirects them to application hosts.
Remote Desktop Session Host (Microsoft Windows Server with the RDS role). Hosts remote desktop applications and serves remote desktop sessions.
Microsoft Windows Active Directory domain. Provides user authentication data.
Microsoft Windows Names Server. Provides the domain name resolution service.
Remote PC VDI Provider
Enables RAS PA to manage Virtuozzo Hybrid Infrastructure virtual machines using Remote PC Pool capabilities.
Virtuozzo Load Balancer for RAS GW machines. Provides the endpoint for external clients to connect.


The RDSH, AD, and DNS roles can be reused from an existing Windows Domain if such an environment exists and msp-net can be routed to it.