Ivanti and Parallels Remote Application Server: Better Together

Ivanti: Customize User Experience, Improve Application Control, and Performance

Virtual Desktop and Application Delivery 

ivantiVirtual desktops and applications can help many businesses and organizations of any size improve data security, simplify application management, and enable secure remote connectivity from any device, anywhere, increasing user’s productivity.

Some of the common concerns regarding application delivery and virtual desktop infrastructure (VDI) deployments deal with the complexity of implementation, increasing the upfront costs. The installation of traditional comprehensive virtual desktop and application publishing solutions can require several days of work by a certified technician, and often special training of internal staff to be able to configure and maintain the solution.

Parallels® Remote Application Server (RAS) is the first application- and desktop delivery solution engineered to be as flexible and simple to both configure and maintain for both IT administrators and end-users alike.  Ivanti® is a software company providing IT & asset management solutions—everything from IT service delivery and security, to regular maintenance and patching. With Ivanti deployed alongside Parallels, organizations can enjoy additional capabilities, driving an increase in user-experience customizations, application control, and application performance management. 

Parallels Remote Application Server (RAS) 

Parallels RAS is an all-in-one solution, allowing access to all features IT administrators need out of the box. Needed features such as application, desktop, and VDI publishing, load balancing to Remote Desktop Session Hosts (RDSH) nodes and front-end gateways, automation, and configuration wizards, universal printing and scanning, Windows device management, and much more are available and ready to use from the get-go—and all available under the same Parallels RAS license.  

Flexibility and Choice 

Parallels RAS lets you choose the right delivery method for you, whether it’s application publishing from RD Session Hosts, desktops from RD Session Hosts providing session-based desktops, or VDI from the major hypervisors (including Microsoft Hyper-V, VMware ESXi, Citrix XenServer, and KVM). Parallels RAS supports the widest range of Windows servers and desktop operating systems, hosting virtual resources starting from Windows Server 2003 Service Pack1 up to Windows Server 2016, and from Windows XP Service Pack3 up to Windows 10 respectively. This makes Parallels RAS ideal for the delivery of legacy and newer applications from one centralized infrastructure. Moreover, Parallels RAS can be deployed in a variety of ways: on-premises, where organizations create their own private cloud; through public clouds such as Microsoft Azure and Amazon Web Services™ (AWS); or a mix of both in hybrid deployments.

Parallels also enables end-users to use any device running any platform, ranging from Windows, Mac® (OS X), Android, iOS, Linux, Google Chromebook™, and even client-less via any HTML5-capable browser. (Parallels HTML5 capabilities are provided out of the box.) 

Feature-Rich  

Alongside the ability to publish applications, desktops, and VDI, Parallels RAS includes various capabilities, such as load balancing. Load-balancing includes both front-end—from the user devices to the Parallels Gateways via Parallels HALB virtual appliance (high availability load balancer)—and back-end load balancing, choosing the right RD Session host to provide the right application at the right time based on user sessions, memory, and CPU.

As Parallels core components work in Active/Active manner, the Parallels RAS environment can be set up for high availability and business continuity without relying on third-party high availability databases. Parallels RAS universal printing drivers also allow users to print on any printer when using the published resources from any device (even when using the HTML5 client) without requiring printer-specific drivers to be installed on the RDSH or VDI. Also included out of the box is the ability for administrators to manage Windows devices through the Parallels RAS client management module; administrators can remotely power on or off, reboot, log off, and lock Windows devices.

Parallels RAS also provides administrators with reporting, auditing, and monitoring capabilities, enabling full control.

Moreover, various automation tools—including the use of Parallels RAS PowerShell API and built-in wizards for IT administrators—are also provided, making deployment and configuration of mentioned features simple to use. 

Security 

Alongside Active Directory or workgroup authentication, Parallels RAS supports other robust authentication mechanisms, such as two-factor authentication support with Deepnet, Safenet, and via any generic Radius server. In addition, users can also authenticate via smart card from Windows, Mac, and Linux devices. With granular filtering capabilities, the right resources can also be shared to the right user or security group dependent on client name, MAC address, IP address range, and location through the use of Parallels gateways. Administrators can manage, control, and restrict users’ activities in a variety of ways using Parallels RAS policies to lock down Windows devices and restrict clipboard redirection (copy and paste), USB redirection, and even ports.

Today, IT departments are continuously seeking less complex and more cost-effective ways to deliver virtual applications and data to users. They are looking to deliver these to any user on any device from any location, complete with device-specific features and security configurations. This is how Parallels RAS is helping many businesses today. In scenarios with environment management with persistent profiles, increased application security, and application performance control, Ivanti Environment Manager, Application Manager, and Performance Manager can be the right tools to enhance your Parallels RAS environment. 

Ivanti Environment Manager 

Ivanti Environment Manager decouples user settings and manages them separately from the desktop, allowing portability across devices. The result? Faster log-in and personalized workspaces that users love, with less work for IT admins.

Ivanti Environment Manager is a unique solution that enables standardized workspace environments to be fully personalized and centrally controlled without the need for cumbersome Group policies, profiles, or scripts. Full desktops can be configured and business rules applied on-demand, enabling compliant, personalized virtual workspaces to be delivered quickly to thousands of users.

Environment Manager automatically self-heals files, registry items, services, and processes in real-time to prevent user-introduced actions from compromising system integrity.

Lockdown, secure, and control specific applications. When migrating to the latest Microsoft Office release, policy control functionality can be applied, preventing users from connecting outside the corporate network when unnecessary (such as printing and distributing documents outside the network).

Eliminate lengthy log-on, corrupted profiles, and poor application performance on your Parallels RAS environment with Ivanti Environment Manager.

Ivanti Environment Manager Policy simplifies IT management, makes users more productive, and improves user experience by enabling IT to control every aspect of the desktop at a highly granular, contextual level. For organizations using virtual desktops and sessions with Office 365, Environment Manager Policy eliminates user acceptance and performance issues related to Outlook and OneDrive. 

Ivanti

Ivanti Application Manager 

Ivanti Application Control offers IT unprecedented control over endpoints, reducing security risk while providing a great user experience in the latest Windows environments. This results in a secure, controlled user workspace and better compliance.

In addition to contextual application control from Parallels RAS, the solution delivers secure Windows privilege management that lets you remove users’ full admin rights and prevents unauthorized executables such as malware, ransomware, unlicensed software, and other unknown applications from being installed or executed. Application Control also enables your IT team to manage application access and user privileges efficiently across your desktop and server estate.

Application Control uses Trusted Ownership, checking for out-of-the-box endpoint security. It relies on examining the NTFS owner of an application. If an application is introduced, and hence owned, by a non-trusted owner (for example, a standard user), the application is prevented instantly from running.

You can assign SHA-1, SHA-256, or ADLER32 digital signatures to applications and files to ensure application integrity and to prevent modified or spoofed applications from executing.

IT can use whitelist and blacklist configurations in conjunction with Trusted Ownership to control known applications that pass the NTFS owner check. Applications that users should not have access to, such as administrator-owned tools like cmd.exe or ftp.exe, are denied automatically. Alternatively, whitelists can be created to guarantee that only known and trusted applications can execute on a system.

Providing users with full admin rights can leave endpoints vulnerable, significantly increasing security and manageability costs, decreasing productivity, creating legal and liability issues, and making compliance difficult. By removing users’ full admin rights and providing them with elevated privileges for just the applications or tasks they need, you can simplify endpoint security, reduce support calls, and lower total cost of ownership (TCO).

It also offers URL redirection. If a user leaves a web browser open on a specific webpage or application and then reconnects from a new device or location, the browser can be redirected to a predefined, safe address.

Application Control is recognized by Microsoft for enforcing device-based software license control. By controlling which users or devices have permission to run named applications, limits can be placed on the number of application instances, which devices or users can run the application, when users can run a program, and for how long. 

Ivanti

Ivanti Performance Manager 

Ivanti Performance Manager ensures every user is allocated enough CPU, memory, and disk resources dynamically to experience unsurpassed workspace performance. The result? Vast increases in users per server and savings that average up to 40% of the cost on server hardware.

CPU Throttling: CPU thread-throttling policies trigger automatically when the system is heavily loaded. Throttling is applied gradually to any runaway threads within each process. This prevents rogue processes from consuming excessive CPU resources and reducing the quality of service for all other users on the hardware.

Smart Scheduling: CPU Smart Scheduler™ allocates CPU resources according to a business policy by allocating a relative share to the user or application. For instance, if an application is assigned a shared factor that’s twice that of a second application, the former will receive higher priority access to the CPU when there’s contention.

Memory Trimming: Trim working sets automatically based on application events and states, such as application startup, idle, minimized, and in the background. This effectively releases fast-access memory back to the operating system, enabling a significant increase in user density or application instances. 

Ivanti

Ivanti and Parallels Together: Increase User Productivity and Empowerment 

With Parallels RAS, organizations can deliver applications and desktops to any user using any device, anywhere. With Ivanti, this digital workspace experience is extended, providing persistent and additional personalization with the aim of enhancing users’ productivity. This can be achieved by removal of lengthy log-on, allowing fully personalized environments which are centrally controlled without the need of Group policies, profiles, and scripts, while also mitigating corrupted profiles and poor application performance. User settings are roamed and applied on every Parallels RAS server with the ability to control application shortcuts inside the Parallels RAS virtual desktop.

Watch a short video of Parallels RAS and Ivanti Environment Manager for personalization. 

Outlook Caching  

One of the most common use cases for roaming application caches between sessions in a non-persistent environment is roaming Outlook OST Cache files. Many organizations are publishing Microsoft Outlook hosted on RDSH through Parallels RAS. Ivanti is helping customers by allowing roaming of users’ Outlook cache between user sessions in a non-persistent VDI/RDSH setup. This allows the cache to be configured as “Cached Exchange Mode,” providing a better user experience and making users instantly productive following migration to Windows 10 or Office 365. This approach can be further extended to similar applications including Java Cache, OneDrive, and Skype.  

Increased Security 

In addition to the Parallels RAS granular filtering, Ivanti can also add application security. This can be carried out through contextual application control by providing the right privileges to the right users, even after an application is published to the end-user. Protection against malware infections and unwanted application installations can be configured, which enhances compliance and the stabilization of your Parallels RAS environment with greater security and agility.

Watch a short video of Parallels RAS and Ivanti Application Manager used for increased security. 

Increase Application Performance Control 

With Ivanti, your Parallels RAS environment becomes more predictable and saves you money on hardware or cloud Internet as a Service (IaaS) providers. By ensuring enough CPU, memory, and disk resources are allocated per application on the RDSH, user experience is more predictable. At the same time, it mitigates wider negative effects on other users on the same RDSH which might be subjected to CPU or memory leaks due to issues within the applications being published.

Parallels RAS with Ivanti Environment, Application Manager, and Performance Manager can provide the complete solution for your business to securely deliver any application—with consistent granular security and personalization—to any user running any device, anywhere. Additionally, it is also worth mentioning Ivanti Self-Service capabilities, which can be used by organizations looking to lower IT support overhead and empower their end-users.

Please watch two short videos showing Parallels RAS and Ivanti Self-Service capabilities for application and permission access: Video 1 | Video 2  

Try Out Parallels RAS  

Try out Parallels RAS for free for 30 days for 50 concurrent users. Choose your trial experience: trial in the cloud (on Microsoft Azure or AWS); trial in a box with a single all-in-one virtual machine readily configured; or a traditional trial that can be installed on your servers in your own datacenter.