Configure a RD Connection Broker in Parallels Secure Workspace

0 users found this article helpful


When using the Microsoft Remote Desktop Connection Broker only the broker needs to be configured in Parallels Secure Workspace. This RD Connection Broker will refer Parallels Secure Workspace to the correct application server when opening an application. This means that in the Dashboard, the broker that Parallels Secure Workspace initially connects to will be listed. However, the remote desktop session might end up running on a different RD Session Host.

In this scenario, it's also the RD Connection Broker that load balances the RDP connections between the available RD Session Hosts.

  1. Navigate to System Settings > Manage > Labels.
  2. Create a label for each RDS Collection configured on the Broker:
    • Key: rdscollection
    • Value: The name of the collection. Mind the pointers below.
  3. Navigate to System Settings > Manage > Application Servers.
    Add the RD Connection Broker as an application server. In the Server Labels field, add the rdscollection labels defined in the previous step.
  4. Navigate to System Settings > Manage > Applications.
    In the application's settings, find Server Labels. Here, use the rdscollection labels configured in the first step to assign applications to the session collections in which they are published.

Name of the session collection

Even when the name of an RDS collection has changed at some point, the original name of the collection must still be specified in Parallels Secure Workspace. This is because Microsoft Windows Server does not change its collection name internally. To retrieve the original collection name, there are 3 options:


High availability

High availability means that end users should still be able to start new remote application sessions, even when one or more servers go down.

It may however take a short period of time before the failover is fully functional.

Existing application sessions will not be resumed.

Microsoft RD Connection Broker

In this scenario, there are at least two Microsoft Windows servers acting as a RD Connection Broker; They point to the same (high-available) SQL database and there's a DNS name for this RD Connection Broker cluster. Only one of those servers is the RD Management Server (rdms). If the management server goes down, a remaining broker automatically takes over this role after a couple of minutes.

Microsoft offers two ways to connect to this high-available environment:

  1. By using a load balancer. The load balancer is responsible to check whether a server with the RD Connection Broker is reachable. It should also distribute the connections evenly.
  2. By using a round-robin DNS record: For the DNS name of the RD Connection Broker cluster (for example ), multiple IP addresses can be resolved.

Once high availability is properly configured on the Microsoft side, it's time to configure Parallels Secure Workspace.

Configuration in Parallels Secure Workspace

The configuration in  Parallels Secure Workspace is based on the first approach, Parallels Secure Workspace acts as a load balancer.
For each RD Connection Broker in the cluster, an application server should be added in Parallels Secure Workspace with the proper rdscollection label assigned to it.
The IP address or FQDN of the individual server should be used as hostname. Do NOT use the DNS name of the cluster.

Also, ensure high availability for the Parallels Secure Workspace cluster by setting up a redundant multi-node environment.

Which broker will Parallels Secure Workspace connect to?

When a user launches an application with a rdscollection label attached to it, Parallels Secure Workspace builds a list of candidate servers. In this case, this would be the list of the RD Connection Brokers (application servers in Parallels Secure Workspace) with the same rdscollection label as assigned to the application. Parallels Secure Workspace checks if the RD Connection Broker to which it has the least connections is reachable and tries to connect to this host. If it's unreachable, Parallels Secure Workspace tries connecting to the next candidate.

When session merge is enabled, Parallels Secure Workspace also tries to re-use an existing prior connection if available.

Good to know

Sometimes, some administrators opt to define specific RD Session Hosts as an application server in Parallels Secure Workspace (using the appserver label). However, if those RD Session Hosts are managed by a RD Connection Broker, it's possible the user ended up on a different RD Session Host anyway.

To prevent this, there is a Windows group policy to disable participating in this load-balancing behavior on the Microsoft RDS environment: Computer Configuration / Administrative Templates / Windows Components / Remote Desktop Services / Remote Desktop Session Host / RD Connection Broker / Use RD Connection Broker Load Balancing: set to disabled.


Was this article helpful?

Tell us how we can improve it.