Parallels Remote Application Server - 15.5 Best Practices

Parallels Remote
Application Server

Best Practices

Includes v15.5 Update 2

Parallels International GmbH
Vordergasse 59
8200 Schaffhausen
Switzerland
Tel: + 41 52 672 20 30
www.parallels.com

Copyright © 1999-2017 Parallels International GmbH. All rights reserved.

This product is protected by United States and international copyright laws. The product’s underlying technology,
patents, and trademarks are listed at http://www.parallels.com/about/legal/.

Microsoft, Windows, Windows Server, Windows Vista are registered trademarks of Microsoft Corporation.
Apple, Mac, the Mac logo, OS X, macOS, iPad, iPhone, iPod touch are trademarks of Apple Inc., registered in the US
and other countries.
Linux is a registered trademark of Linus Torvalds.
All other marks and names mentioned herein may be trademarks of their respective owners.

Contents

Introduction ............................................................................................................... 5

Audience ........................................................................................................................ 5

Active Directory and Infrastructure Services Considerations .................................. 6

Active Directory ............................................................................................................... 6

DNS.............................................................................................................................. 10

DHCP ........................................................................................................................... 11

File Services .................................................................................................................. 11

Installation Procedures ........................................................................................... 14

Windows Server Requirements ...................................................................................... 14

Windows Server Roles & Features ................................................................................. 15

Remote Access Configuration ................................................................................ 18

Remote Desktop/Terminal Server Performance Settings ................................................ 18

General Performance Related Settings ........................................................................... 20

Configure RemoteFX ..................................................................................................... 21

General Purpose RemoteFX Settings .................................................................................... 22

RDP Optimizations ........................................................................................................ 35

For Windows 2008/R2 .......................................................................................................... 36

For Windows 2012/R2 .......................................................................................................... 36

Contents

RDP Security ................................................................................................................ 38

Locking Down TS/RDS Host ......................................................................................... 38

Disable Administrative Components ............................................................................... 40

Antivirus Exclusions ....................................................................................................... 42

Printer and Drive Mapping ...................................................................................... 44

Printer and Drive Mapping ............................................................................................. 44

Printing/Scanning Compression ..................................................................................... 45

Miscellaneous .......................................................................................................... 48

Load Balancing ............................................................................................................. 48

Groups ......................................................................................................................... 49

Filtering ......................................................................................................................... 50

Disable Application Monitoring ....................................................................................... 51

Server Reboots ............................................................................................................. 52

Backups ....................................................................................................................... 53

Large File Upload / Download via Drive Redirection ........................................................ 54

Remove Gateway Browsing from Your LAN ................................................................... 56

Remove Self-Signed Certificate Error ............................................................................. 57

Remote PCs ................................................................................................................. 60

VDI ............................................................................................................................... 61

Parallels RAS Web Portal ........................................................................................ 66

Windows Prerequisites for Parallels RAS Web Portal ...................................................... 66

Configure User Friendly URL .......................................................................................... 67

Parallels RAS HTML5 Gateway ............................................................................... 69

Index ........................................................................................................................ 70

C HAPTER 1

Introduction

Parallels Remote Application Server (RAS) is an application delivery and virtual desktop solution. It
extends Microsoft Windows Remote Desktop Services by providing centralized and simplified
management, universal printing and a highly available load balanced remote access solution to
Windows Terminal Services based applications and desktops from any device, anywhere. The
solution also includes a built-in Virtual Desktop Infrastructure (VDI) solution.

Traditionally, application delivery and VDI solutions were challenging to set up and manage. Design
and implementation could take weeks or even months to complete. In contrast, Parallels RAS can
be installed in days or even hours, providing a quicker return on your investment and an easier path
to realizing the benefits of remote desktop computing.

This document describes the best practice guidelines for deploying and configuring Parallels
Remote Application Server v15.x.

In This Chapter

Audience ................................................................................................................ 5

Audience

This guide is intended for system administrators responsible for installing and configuring Parallels
Remote Application Server. This guide assumes that the reader is already familiar with relevant
Microsoft services such as Active Directory, DNS, DHCP, Terminal Servers/Remote Desktop
Session Hosts and has an intermediate networking knowledge.

C HAPTER 2

Active Directory and Infrastructure Services Considerations

Parallels Remote Application Server can be installed in both Workgroup and Active Directory (AD)
environments where end users, RAS servers, and RDS servers belong to the same AD forest
(domains with single root domain) or multiple forests with trust relationships. Domains and
workgroups represent different methods for organizing computers in networks. The main difference
among them is how the computers and other resources on the networks are managed. For better
manageability and scalability, following Microsoft recommendations, Parallels recommends the use
of domains where:

• One or more computers are servers. Network administrators use servers to control security and

permissions for all computers in the domain. This makes it easy to make changes because they
are automatically made to all computers. Domain users must provide a password or other
credentials each time they access the domain.

• If you have a user account on the domain, you can log in to any computer in the domain

without needing an account on that computer.

• There can be thousands of computers in a domain.

• The computers can be on different local networks.

• File, folder, and user and group permissions can be assigned.

In This Chapter

Active Directory ....................................................................................................... 6

DNS ....................................................................................................................... 10

DHCP ..................................................................................................................... 11

File Services ............................................................................................................ 11

Active Directory

Parallels recommends for consideration the usage of the following Active Directory abilities.

Note: More information on Active Directory Domain Services can be found at
https://technet.microsoft.com/en-us/library/bb742424.aspx

Active Directory and Infrastructure Services Considerations

Organization Units

A particularly useful type of directory object contained within domains is an organizational unit (OU).
OUs are Active Directory containers into which you can place users, groups, computers, and other
organizational units. An organizational unit cannot contain objects from other domains.

An OU can be used to assign Group policy settings for centralized management and configuration
of operating systems, applications, and user settings in an AD environment.

Parallels recommends the use of OUs for the following:

• Terminal Servers/Remote Desktop Session Hosts (RDSH) hosting applications and desktops

should be set in their own OUs. Usually TS/RDSH require various group policies applied to
them. For example, in a multi-user environment, policies may be required to optimize user
experience and/or add security.

Different OUs for different TS/RDSH groups identified from the Remote Application Server
Console can also be used to organize different application groups.

• Servers in the same Remote Application Server site should reside in the same domain or in

different domains with a full trust relationship between domains.

More information on Domain trusts can be found at https://technet.microsoft.com/en­us/library/cc773178(v=ws.10).aspx

7

Active Directory and Infrastructure Services Considerations

• All servers that load-balance applications/desktops must be in the same domain if a domain

security group is authorized to use the application.

Note: For the information on how to design an OU structure which works for your organization, visit
https://technet.microsoft.com/en-us/library/2008.05.oudesign.aspx

Security Groups

Security groups are used to assign permissions to shared resources. Different resources (virtual
applications, desktops, VDI machines) can be assigned to different users/groups. Parallels
recommends the use of Active Directory Security groups for better manageability if filtering is done
via user/groups.

Once security groups are created in Active Directory and members are added to them, group­based filtering can be carried out from the Remote Application Server Console. This will ensure that
all members of that particular security group will have access to same published resources. For
example, if a new user joins the company, they only need to be added to the Active Directory
security group to have access to given published resources.

8

Active Directory and Infrastructure Services Considerations

Examples of logical security group segregation can be based on the department user resides in or
based on application/desktop that is to be delivered.

More details about Active Directory Security Groups can be found at
https://technet.microsoft.com/en-us/library/dn579255(v=ws.11).aspx

Note: By default, in RAS published resources are available to all users in the domain if not restricted by
filtering (User/group, Client, IP Address, MAC or Gateway access).

Group Policies

Group Policy is an infrastructure that allows you to implement specific configurations for users and
computers. Group Policy settings are contained in Group Policy objects (GPOs), which are linked to
the following Active Directory service containers: sites, domains, organizational units (OUs). The
settings within GPOs are then evaluated by the affected targets using the hierarchical nature of
Active Directory. Consequently, Group Policy is one of the top reasons to deploy Active Directory
because it allows you to manage user and computer objects.

Apart from the Remote Application Server policies, which allow IT administrators to manage
Parallels Client policies for all users on the network who connect to a server in the farm, Parallels
recommends the additional use of group policies to manage different users and computer objects
accessing the infrastructure. Group policies relating to user experience and/or security are to be
linked with their respective OUs mentioned in the previous sections.

Some recommended group policies include but not limited to listed below.

Users Permissions

Logging in remotely requires users to have remote access rights to the remote server.

This can be carried out from Group Policy Management Console (GPMC), which is an
administrative feature that can be installed via Server Manager or through PowerShell as described
at https://technet.microsoft.com/en-us/library/cc725932(v=ws.11).aspx

Once GPMC is opened, navigate to Computer Configuration / Policies / Windows Settings /
Security Settings / Restricted Groups. Right-click on Restricted Groups and click on Add User
Group that should have access to log in on to the remote machine (TS/RDSH/VDI).

More information on how to add Domain Users/Group to the Remote Desktop Users group via
Group policy can be found at https://technet.microsoft.com/en-us/library/cc725932(v=ws.11).aspx

9

Active Directory and Infrastructure Services Considerations

Group Policy Loopback Processing

You can use the Group Policy Loopback feature to apply Group Policy objects that depend only on
which computer the user logs in to. This is ideal when users already reside in their respective OUs
and new OUs have been created to handle Terminal Server/RDSH from where the applications and
desktops are published. Essentially, we are applying user settings when they log in to those
computer objects, in this case to the Terminal Servers/RDSH.

This can be carried out from Group Policy Management Console (GPMC). Navigate to Computer
Configuration\Administrative Templates\System\Group Policy and then enable the Loopback
Policy option (Merge or Replace).

More information on loopback processing can be found at https://support.microsoft.com/en­us/kb/231287

DNS

The Domain Name System (DNS) is a hierarchical distributed database that contains mappings of
DNS domain names to various types of data, such as IP addresses. DNS allows you to use friendly
names to easily locate computers and other resources on a TCP/IP network.

DNS is a key infrastructure component frequently used by various Remote Application Server
components. While standard file-based storage, such as the hosts file, will provide proper DNS
resolution in Proof of Concept (POC) environments, Parallels recommends implementing Active
Directory integrated DNS in enterprise deployments.

Parallels recommends the use of the DNS zone integrated with Active Directory so that
organizations can have the benefit of using secure dynamic updates, as well as the ability to use
Access Control List (ACL) editing features to control which machines can update the DNS system.

Dynamic updates are a key feature of DNS, which allows domain computers to register their name
and IP addresses with the DNS server automatically when they come online or change IP
addresses through the DHCP server. The DNS Server service allows dynamic update to be enabled
or disabled on a per-zone basis on each server that is configured to load either a standard primary
or directory-integrated zone. By default, the DNS Client service dynamically updates host (A)
resource records in DNS when the service is configured for TCP/IP. This form of update eliminates
the need for manual entries of names and IP addresses into the DNS database.

There is a security concern when automatic update from a client to the DNS database could take
place and thus create the possibly for a malicious entry. Therefore, secure dynamic updates will
verify that the computer that is requesting the update to the DNS server also has an entry in the
Active Directory database. This means that only computers that have joined the Active Directory
domain can dynamically update the DNS database.

More information on how DNS works can be found at
https://technet.microsoft.com/library/cc772774.aspx

10

Active Directory and Infrastructure Services Considerations

Reverse Lookup

In most Domain Name System (DNS) lookups, clients typically perform a forward lookup, which is a
search based on the DNS name of another computer as it is stored in a host (A) resource record.
This type of query expects an IP address as the resource data for the answered response.

DNS also provides a reverse lookup process in which clients use a known IP address and look up a
computer name based on its address.

DHCP

Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that automatically provides
an Internet Protocol (IP) host with its IP address and other related configuration information such as
the subnet mask and default gateway.

Parallels recommends the use of static or DHCP reserved IP addressing for Remote Application
Server infrastructure servers.

With regards to VDI, to create a RAS template from an existing virtual guest, the guest operating
system (Windows) must be configured to obtain an IP address via the DHCP server. With regards
to a VDI agent on hypervisors it is recommended to take note of the MAC address assigned to the
appliance and add a DHCP reservation. If DHCP isn't available, a static IP address needs to be
configured manually.

For Wyse clients, RAS Secure Client Gateway can act as a Wyse broker. Please ensure that DHCP
option 188 on your DHCP server is set to the IP Address of this Gateway for thin clients that are
going to boot via this gateway.

Note: Parallels Remote Application Server should not to be installed on a domain controller or any other
server where a DHCP server is running.

File Services

For a consistent visual display of personal data associated with a specific user and/or a customized
desktop environment irrespective to which TS/RDSH or VDI machine user is connecting, Parallels
recommends the use of Microsoft roaming profiles and folder redirection or User Profile Disks for a
complete profile management solution with Remote Application Server.

The following requirements are important to be noted prior the profile solution implementation:

• When deploying Roaming User Profiles with Folder Redirection in an environment with existing

local user profiles, deploy Folder Redirection before Roaming User Profiles to minimize the size
of roaming profiles. After the existing user folders have been successfully redirected, you can
deploy Roaming User Profiles.

11

Active Directory and Infrastructure Services Considerations

• To administer Roaming User Profiles or User Profile Disks, you must be signed in as a member

of the Domain Administrators security group, the Enterprise Administrators security group, or
the Group Policy Creator Owners security group.

• Client computers must run Windows 8.1, Windows 8, Windows 7, Windows Vista,

Windows XP, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012,
Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003. Note that
Windows XP and Windows Server 2003 support Roaming User Profiles only when set up on
user accounts and not on a per-computer basis by using Group Policy.

• Client computers must be joined to the Active Directory Domain Services (AD DS) that you are

managing.

• A file server must be available to host roaming user profiles or User Profile Disks.

• If the file share uses DFS Namespaces, the DFS folders (links) must have a single target to

prevent users from making conflicting edits on different servers.

• If the file share uses DFS Replication to replicate the contents with another server, users must

be able to access only the source server to prevent users from making conflicting edits on
different servers.

• If the file share is clustered, disable continuous availability on the file share to avoid performance

issues

12

Active Directory and Infrastructure Services Considerations

More information on deploying users profiles can be found at https://technet.microsoft.com/en­us/library/jj649079.aspx. And about User Profile Disks
https://blogs.technet.microsoft.com/enterprisemobility/2012/11/13/easier-user-data-management­with-user-profile-disks-in-windows-server-2012.

For a high availability profile management solution and for scalability requirements, Parallels
recommends the use of Microsoft DFS and DFSR to host the namespace and handle the
replication between target file servers respectively. More information on DFS and DFSR can be
found at https://technet.microsoft.com/en-us/library/jj127250.aspx

13

C HAPTER 3

Installation Procedures

In This Chapter

Windows Server Requirements ............................................................................... 14

Windows Server Roles & Features .......................................................................... 15

Windows Server Requirements

All Parallels RAS farm server components are Windows Server based, with the exception of the
HALB and VDI virtual appliances.

Supported Windows platforms:

• Windows Server 2003 SP1 (Terminal Server Agent only)

• Windows Server 2008

• Windows Server 2008 R2

• Windows Server 2012

• Window 2012 R2

• Windows Server 2016

Active Directory

Parallels RAS can be installed using Active Directory or Local Windows Security.

• VDI for RAS requires Active Directory.

• Installation of any RAS component on an Active Directory Domain Controller is not supported.

If using Active Directory, Windows Servers must be joined to a Domain and the right hostname
configured before installing RAS.

• Do not change the server hostname after installing Parallels RAS or reconfiguration of Parallels

RAS would be required.

Networking Requirements

Use a static or permanently reserved DHCP address.

Installation Procedures

SSL on the Gateway servers requires name resolution. For Gateways to function properly, one of
the two following conditions must be met:

• DNS resolution must be available.

• HOSTS files can be configured for DNS resolution.

See the Active Directory and Infrastructure Services Considerations chapter (p. 6).

Windows Firewall Requirements

RAS v15 and higher can automatically configure Windows Firewall settings during installation or
deployment of additional RAS farm components to allow communication between different RAS
Servers in a farm.

• For manual configuration of the Windows Firewall, do not check the "Add Firewall Rules" when

deploying RAS components.

• A comprehensive list of required Firewall ports can be found in the Port Reference section of

the Parallels Remote Application Server Administrator’s Guide, which can be download from
http://www.parallels.com/products/ras/resources/.

When pushing RAS components to another server from the RAS console, one of the following
conditions must be met on the remote server:

• Open Windows Firewall ports TCP 135, 445, 49179, then push the RAS components and have

the Windows Firewall ports automatically configured.

• Temporarily disable Windows Firewall, push the RAS components and have RAS automatically

configure the firewall settings, and then re-enable the Windows Firewall.

• Manually configure Windows Firewall settings as described in the Port Reference section of the

Parallels Remote Application Server Administrator's Guide, and then install the RAS
component(s).

Windows Server Roles & Features

In order to install Parallels RAS on Windows servers, there are some required prerequisite to be
installed from the Server Roles and Features.

• The Publishing Agent Server can be installed on any supported version of Windows. The

Publishing Agent does not require any specific Windows roles or features.

• The Secure Client Gateway can be installed on any supported version of Windows. The Secure

Client Gateway does not require any specific Windows roles or features.

• The Terminal Server agent requires the following roles installed:

• Terminal Server Role for Windows Server versions 2003 SP1 up till 2008.

15

Installation Procedures

• Remote Desktop Session Host for Windows Server versions 2008 R2 up to 2016.

• For v15 and later, the Remote Desktop Session Host role can be automatically installed

using the "Add Terminal Server" capability from the RAS Console.

Parallels RAS does not replace the need for Microsoft Client Access Licenses (CALs). A Windows
Remote Desktop/Terminal Server License server is required.

Except for very small, single-server environments, the License Server should not be installed on the
production Terminal Servers or Remote Desktop Session Hosts.

More information on TS/RDS CALs can be found at https://technet.microsoft.com/en­us/library/cc753650(v=ws.11).aspx

Ensure that Desktop Experience is installed on all Terminal Servers

When a user connects a Parallels RAS server, the desktop that exists on the RD Session Host
server is reproduced in the remote session by default. To make the remote session look and feel
more like the user's local Windows desktop, install the Desktop Experience feature on an RD
Session Host server that is running Windows Server 2008 R2, Windows 2012 , Windows 2012 R2.
Note that Windows 2016 has the Desktop Experience feature enabled by default on RDS host. This
also makes the graphics look better using the Windows Aero theme.

Desktop Experience is a feature that you can install from Server Manager.

16

Installation Procedures

Once Desktop Experience is enabled, you will notice that applications display richer graphics and a
remote desktop looks more like the client's local desktop with themes and other Windows client
components.

17

C HAPTER 4

Remote Access Configuration

In This Chapter

Remote Desktop/Terminal Server Performance Settings .......................................... 18

General Performance Related Settings .................................................................... 20

Configure RemoteFX .............................................................................................. 21

RDP Optimizations ................................................................................................. 35

RDP Security .......................................................................................................... 38

Locking Down TS/RDS Host .................................................................................. 38

Disable Administrative Components ........................................................................ 40

Antivirus Exclusions ................................................................................................ 42

Remote Desktop/Terminal Server Performance Settings

The default Windows performance settings are intended for general purpose servers. In order to
maximize application or desktop hosting server performance, the default Windows performance
settings should be adjusted on Windows Remote Desktop/Terminal Servers.

From the Control Panel go to System and click on Advanced System Settings. Under the
Advanced tab in the System Properties dialog box, click on Settings under the Performance
section.

Performance Options settings

Under the Visual Effects tab from the Performance Options dialog box, change the setting to
Adjust for best performance.

Remote Access Configuration

If a specific application has a custom setting recommendation, you should use it, but in general, the
Adjust for best performance option will provide the best overall performance in a Parallels RAS
environment.

Windows paging file settings

Set the Windows paging file to twice the amount of RAM. For heavier workloads, a paging file of
three times the amount of physical memory might be required. For more information on how to
determine the exact page file size, please visit https://support.microsoft.com/en­us/help/2860880/how-to-determine-the-appropriate-page-file-size-for-64-bit-versions-of-windows

By default, Microsoft Windows page file size is automatically managed for all drives and grows
dynamically as necessary. However, as the system ramps up to intended capacity, dynamic page
file growth can result in a fragmented page file, so it is best to set a fixed page file size upfront.

Typically, page file settings are configured when the server is first installed. However, if the server
remained in production for a while, Parallels recommends optimizing and defragmenting the drive
prior to setting paging options described below.

Note: If the size of the page file is too small, system will generate a mini dump and will log an event in the
System event log during boot to inform you about this condition.

19

Remote Access Configuration

In the example below. the server has 8 GB of RAM:

Note that Microsoft sets it to 1280 but recommends 4607. Parallels recommends to double it and
use a new page file on the disk. Therefore the number is 16384 (8 GB in block of 8192 x2 =

16384). Make sure you have enough free disk space to use this setting.

General Performance Related Settings

Whether you are using graphics intensive applications or streaming media across RDP, some
configurations can be applied to provide performance benefits in your environment:

• Display driver optimization – this is probably the most important component, particularly on the

Windows CE platforms that tend to have a lot less CPU power than their desktop
counterparts. The display "device driver interface" we provide in Windows CE uses only the
basic graphics engine functions; where software acceleration is provided through emulation
libraries, and hardware acceleration is limited to two-dimensional graphics operations. If at all
possible, hardware acceleration should be used.

20

Remote Access Configuration

• Ensure that your video and network card drivers are up to date based on the manufacturer’s

recommendations.

• Enable bitmap caching in your RDP session. This can result in some significant bandwidth

savings and can also improve the refresh speed. However, this does not mean that graphics
intensive applications will run at the same performance level as they would in a non-RDP
session.

• Understanding how font exchange works can also lead to some opportunities for performance

improvements. Font exchanges occur between the client and server to determine which
common system fonts are installed. The client notifies the Terminal Server of all installed
system fonts to enable faster text rendering during an RDP session. When the Terminal Server
knows what fonts the client has available, passing compressed fonts and Unicode character
strings rather than larger bitmaps to the client can save network bandwidth

• If network bandwidth is not as much of a concern, you can increase the frame rate on the client

side via a registry modification.

https://blogs.technet.microsoft.com/askperf/2009/04/17/terminal-services-and-graphically­intensive-applications/

To learn how to increase the frame rate on the server side, see https://support.microsoft.com/en­us/help/2885213/frame-rate-is-limited-to-30-fps-in-windows-8-and-windows-server-2012-remote­sessions.

Configure RemoteFX

RemoteFX is a set of Microsoft Windows technologies that greatly enhances the end-user visual
and performance experience over the RDP protocol. It is available in Windows Server 2008 R2
SP1 and later. Windows 7 was the first client side operating system to support RemoteFX. Both
the client and the server versions must be able to support RemoteFX in order for these
enhancements to work.

Although RAS supports earlier versions of Windows Server, certain performance capabilities will not
be available when those versions are used. RemoteFX has been improved with subsequent
releases of Windows. The best performance will always occur when running the latest version of
Microsoft Windows Server being accessed from the latest workstation version. Older versions of
Windows can connect with newer versions (e.g.: Windows XP to Windows 2012 R2 or Windows 10
to Windows 2003) and while this might be acceptable for certain workloads, RemoteFX capabilities
will not be available.

Parallels RAS supports RemoteFX on the following clients:

• Parallels Windows Client for Windows installed on Windows 7 SP1 and higher.

• Parallels Client for Mac

• Parallels Client for Linux

• Parallels Client for iOS

21

Remote Access Configuration

• Parallels Client for Android

• Parallels Client for ChromeApp running on ChromeBooks

General Purpose RemoteFX Settings

RemoteFX is enabled on Windows systems using Group Policy. Parallels recommends to apply
Group policies at OU (organizational unit) level in Active Directory environments. Although local
Group Policies can be used, it requires to configure necessary settings on every Terminal
Server/Remote PC/VDI Guest in the RAS farm.

Hint: To edit domain Group Policies, from the Windows Run command, type GPMC.MSC. Once the
Group Policy settings are completed, run GPUPDATE /FORCE from the Run command to apply them.

Remote FX Settings for Server 2008 R2

Enable the following options on all Terminal Servers in your farm. Under Computer
Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote
Desktop Session Host\Remote Session Environment enable the following:

• Configure RemoteFX

• Optimize visual experience when using RemoteFX. Set to Medium Default.

• Set Compression algorithm for RDP data. Set to Optimize to use less network bandwidth.

• Optimize Visual experience for Remote Desktop Services sessions. Set to Rich Multimedia.

• Configure image quality for RemoteFX Adaptive Graphics (Image Quality set to Medium).

• Configure RemoteFX Adaptive Graphics. Set to Let the system choose experience for network

conditions.

22