Parallels RAS 19 Expression based filtering and Multiple Multi-factor Authentication (MFA) providers!
This is article number three in a series I’m publishing on Parallels Remote Application Server version 19. In the previous two articles I discussed support for Let’s Encrypt and integration with MSIX app attach.
In this article I will focus on two smaller, but definetly not less powerful features. I will show you how to use Expression based filtering & policies, and Multiple Multi-factor Authentication (MFA) providers.
Expression based filtering & policies
Expression-based filtering rules and criteria, allow you to more granularly control to who has access to what published items, to what objects the RAS Client Connection policy is applied, restrict user logon hours for accessing Farm resources, and manage MFA requirements.
In this example I’ll show you how easy it is to apply an expression-based filter on a published application or desktop. First, select a published resource and open the filter tab.
Next, notice there already is a default filter there, which basicially applies in case no other previous filter apply. Click the + sign to create a new filter, and provide a name. In this example I want to prevent users from launching PowerBI from the web client, so I name it No Web Clients. Now click Tasks, and in this example I want to filter on Client device operating system.
I select ‘User Portal (Web Client)’ because that is the client type I want to prevent access from.
As a last step, click ‘Allow if’ to easily flip it to ‘Deny if’. Notice that a super readable sentance is now generated saying: Deny if users or goup is everyone and the operating system is User Portal (Web CLient). Also notice that many of the words are links you can easily click on to change the rule properties.
Now log on on to both the Web client as well as the Windows client with the same username to see the expected end result, PowerBI is not available as a published app in the Web Client where it is available in the Windows client.
Another great thing about Expression Based Filters is that these can also be applied to the extensive list of policies that are included in RAS. The example below shows the creation of a new policy with the ability to add an expression to control when (under which conditions) the policy gets applied. Super powerful!
And finally, a new criteria has been added called ‘Theme’. This allows you to filter based on a Theme created in Parallels RAS. For example, below is a sample of a newly created theme containing some branding and user experience settings.
I can now create an expression based filter on this new created theme. In this case I am denying access if the specific theme was being used.
Multiple Multi-factor Authentication (MFA) providers.
The same method of creating conditions also applies to for example the MFA settings in Parallels RAS. In RAS19, increased flexibility is added for using multiple MFA providers without the requirement to deploy different Parallels RAS environments. Plus, combining the MFA settings with restrictions is really powerful! In the example below I have configured DUO MFA as an MFA provider and on the restrictions tab I configured to disable Duo MFA for the users avdtest1 and avdtest2 and also for the devics avd-demo-1 and avd-demo-2.
And in Parallels RAS 19, I can now create another MFA provider, in this case Google Authenticator, and enable that for the previously excluded users and devices.
Being able to configure multiple MFA providers in such an easy way is definetly a great feature. The capabilities of the super essy to use restrictions and filters add even more power and simplicity to the admin!
Give it a try! Log in to your existing Parallels My Account, download and install the Parallels RAS 19 Technical Preview to get started. If you do not already have an account, please visit my.parallels.com/register