In-Depth

Progress at the Speed of Thin

Terminal Services offers a way to move your clients to Windows 2000--and other new applications--without messing with hardware or OS upgrades.

Microsoft’s vision statement up until a few months ago was something like this: “A computer on every desk and in every home running Microsoft software.” During the past year, Microsoft reinvented itself and came up with a new, broader mission: “To empower people through great software any time, any place, on any device.” It seems as though we have a new digital device every month; getting data on our traditional desktop only seems so old-fashioned. We would never imagine running Windows 2000 on our Palm, but it’s reasonable to want electronic information everywhere. Since Microsoft has always excelled at providing an integrated offering, it’s logical that the company has integrated thin-client computing into the base server offering of its newest, greatest OS.

When Microsoft released Win2K, it included Terminal Services as stock equipment on the Server, Advanced Server, and Data Center versions. This is wonderful news to all of the people who want to provide thin-client solutions without having to purchase an OS outside the mainstream.

For a briefing on thin client products, see "Getting Lean and Mean: Windows 2000-Ready Thin Clients," in this issue.

A Definition

The core of thin-client computing is a multi-user operating system. That’s because, contrary to traditional PC solutions, in a multi-user environment multiple users run on one system sharing the same CPU and memory. The next component is a client device. Typically, this is a PC; however, it can be as small as a tablet device. The third piece is a protocol that transports keystrokes and mouse movements from the client to the server and then sends the screen updates from the server to the client.

In the Win2K combination, the multi-user OS is Win2K Server, Advanced Server, or Data Center. The client can be any Windows networking OS including Windows CE. With third-party software, the client can also include Unix, DOS, and Windows 3.1 for heterogeneous environments.

The protocol Microsoft provides is Remote Desktop Protocol (RDP). RDP uses TCP/IP for the Transport and Networking layers. How does this change the current work environment? In a traditional solution at work, Microsoft Word would be running on 100 different desktops, consuming memory and a CPU on 100 computers. In the thin-client solution, Microsoft Word runs on one computer; 100 clients function as terminals. The clients require a minimal amount of CPU and memory, thus the name “thin-client computing.”

A Taste of the Experience

The release of Win2K doesn’t mean we can all immediately run the new OS on each of our desktops. Maybe you lack the hardware; maybe you need more time or resources. But how about using Terminal Services to accelerate deployment of Win2K desktops and applications? The creative among us could have a Win2K server with Terminal Services enabled and allow down-level clients to experience Win2K technology today. Another option: Provide Microsoft Office 2000 on the Terminal Server, thus allowing users to access this new software with just 16M of memory on their PCs.

The terminal server client can connect to a complete desktop—or complement its own desktop—by simply launching a server-hosted application. It’s possible for a terminal server client to have multiple terminal server sessions at the same time, all accessing a different server for a different application.

How It Works

A key component of the multi-user OS is the session object. It’s critical to segregate one session’s processes, memory allocation, and security clearance from another session. When a user logs off, all resources allocated by the session must be released. One that’s different from the others is called the console session; it actually uses the drivers on the server for keyboard, mouse, sound, and video. All other sessions direct their I/O requests over the network where the clients’ drivers will be used. An idle session is one looking for a job—it hasn’t been associated with a specific user, and its purpose is to speed up the log-in process.

Figure 1. The fundamentals of Terminal Services operations.

In the traditional PC world, multiple copies of applications don’t run at the same time on one system. (OK, we may have serious Solitaire players who have multiple games all going on at once.) Is there any significant benefit to having a hundred copies of Microsoft Word (or the application of your choice) all running concurrently on your terminal server? Interestingly enough, the answer is yes. Your mother always said that sharing was a good thing. Running a hundred copies of a program doesn’t require 100 times the amount of memory of a single instance of that program. And this isn’t unique to Terminal Services. Windows NT uses the memory management scheme Copy on Write, which allows two processes to share the same page of memory. If one process needs to make a change to the page of memory, it wouldn’t be appropriate that both processes see the change. In this event, the memory manager creates (copies) an extra memory allocation for the process making the change. This is convenient when you run a second copy of Word, because you don’t have to load two copies of the DLLs and executables.

Most Improved

Microsoft has spent much effort in making Terminal Services for Win2K an excellent offering. Let’s look at the features.

Total Integration
Remember how we’d see a new service pack for Windows NT, then have to wait for the Terminal Server Edition version? This problem is a thing of the past. Great news—Terminal Services is part of the base Win2K Server offering. This means it won’t be treated as “an exception.” When a service pack or hotfix is released for Win2K, no more waiting for the Terminal Services version; we’ll already have it.

Application installation is more integrated with Add/Remove Programs. In previous versions of Terminal Server, the installer of an application had to remember to put the system in Application Install Mode. If the mode wasn’t changed, the application might not work for other users. (More on this shortly.) This shift is now automatic in the Win2K version. If a user tries to run a setup program, he or she will be forced to use the Add/Remove Programs routine from Control Panel.

Windows-based Terminals
Client devices running under a terminal server can have as little horsepower as a 386 processor and 8M of memory. Several vendors have embraced this vision and built a complete line of Windows-based terminals with no moving parts. When a new version of Windows ships, these machines don’t have to be replaced.

Wyse Technology, Inc. offers a wide selection of Windows-based terminals for the desktop and office environment. Learn more at www.wyse.com.

Hitachi America Ltd. (www.hitachi.com) has a new line of tablet computers named “ePlate,” which run Windows CE as the client OS and make great Terminal Services clients. The Windows CE client also has handwriting recognition, which means that you don’t use the keyboard to enter information. It’s nice to have a tablet computer with a PCMCIA wireless network card communicating (with no keyboard!) with your terminal server. It’s like defying the law of gravity. People look at the tablet screen and wonder how you’re running Win2K on a device without a hard drive or keyboard. The current model is designed for indoor use and retails for about $1,200. A new version will be released this summer for outdoor use. A current market for this technology is the medical field. Doctors use the ePlate today for accessing medical information.

Keep your eyes on these Windows-based Terminals. Next thing you know, you’ll see them mounted on golf carts with antennas throughout the golf course for those users who want to perform day-trading while enjoying an afternoon of sun.

—Bruce Rougeau

On a third integration front, Terminal Services offers a tighter union with the client. When a client connects to a terminal server session, the client’s printers and Clipboard get mapped to it. This is convenient, because it gives the user immediate access to locally defined printers. Clipboard synchronization enables a user to copy an object within the terminal server session and paste it in the client OS. Users expect these sorts of integration options, which Microsoft provides through virtual channel support. This means that the client’s defined printer doesn’t have to be shared in order to have access on the terminal server. You could even say Virtual Channel Support is magical—the terminal server accesses resources on the client even though those resources aren’t shared.

Better Server Performance
On the same hardware, Win2K Server Terminal Services can serve more users than Terminal Server Edition. NEC recently published a white paper, “Windows 2000 Terminal Services Capacity and Scaling,” which you can find at www.microsoft.com/WINDOWS2000/guide/server/features/
terminalsvcs.asp
. This article is based on Release Candidates 2 and 3. One test result worth noting is that on a four-way system, NT 4.0 Terminal Server Edition accommodated 95 knowledge workers doing their jobs, whereas Win2K satisfied 120 users. That’s right: 25 more users on the same hardware by changing to Win2K.

Two Modes of Operation
Terminal Services offers two modes of operation: Remote Administration and Application Server.

The former has got to be one of the coolest features of Terminal Services. Remote Administration lets you perform tasks from anywhere as though you’re sitting at the console. As the admin, you can access the console from anywhere in the enterprise, or even at home, via dial-up (or through the Internet on non-Win2K operating systems). Every one of your servers should be set up for remote administration. While in this mode, only administrators can access Terminal Services. Terminal Server Client Access Licensing (TSCAL) isn’t enforced; only two sessions are supported, and there are no idle sessions, which minimizes overhead for this service. Since you’re not providing sessions to the user community, there’s no install mode while the server is configured for Remote Admin. This means you can’t use Remote Administration mode to deploy applications out to the masses from your server.

Application Server mode is designed for the typical thin-client environment in which you want to let users access the applications on the server. Client Access Licensing is enforced and idle sessions are created to speed up the log-in time for a user. If you wanted to make Microsoft Office available to your company, you’d need to put the server in Application Server mode (Figure 2).

Figure 2. The two modes of Terminal Services installation: Remote Administration and Application Server.

RDP 5.0
Remote Deployment Protocol (RDP) has improved performance for quicker screen updates. RDP conserves bandwidth by providing compression and persistent client-side bitmap caching. Screen data is compressible, requiring little overhead. The screen updates include bitmaps and can be cached on the client to avoid sending the entire bitmap each time.

Remote Control
When you think about Terminal Services accepting and sending all screen, keyboard, and mouse I/O over the network, you proably wonder whether that means you have all the building blocks to take remote control of another user’s session. This functionality is new in the Win2K offering—and truly handy for help desk people. Having trouble understanding users’ complaints by phone? Take remote control of their sessions to see what they see and take control of their keyboards. In order to accomplish this, both users must have terminal server sessions. The controlling session (the one taking control of the other) must launch Terminal Services Manager and take control of a session. (See Figure 3.)

Figure 3. Connections configuration for Remote Control.

You’ll need to remember several rules, however:

  • The console session can’t be remote-controlled, nor can it take remote control of another session.
  • No one can control the console session.
  • Both sessions must be run under RDP.
  • The controlling session must have a screen resolution greater or equal to the controlled session.
  • The controlling session must have a color depth greater or equal to the controlled session.
  • Only administrators can take remote control of a user session by default.

Installation Matters

If you’re doing planning for Win2K, the decision to install Terminal Services should be made up front. (Yes, you can add it later; it just takes more work.) To install Terminal Services, choose Control Panel | Add/Remove Programs | Add/Remove Windows Components | Terminal Services. After pressing Next, you’ll have the option to specify whether this server will be in Remote Application Mode or Application Server mode. If you choose Application Server mode, you’ll need to uninstall all applications before installing Terminal Services, then reinstall them after Terminal Services is functional.

After you select the mode, the Windows Components wizard asks how to set the registry permissions (Figure 4). The first option, “Permissions compatible with Windows 2000 Users,” makes the system more secure. The second option, “Permissions compatible with Terminal Server 4.0 Users,” is for backward compatibility. Some legacy applications may need to change a registry value in Win2K that requires a power user or administrator to modify. In order to let Win2K make your systems more secure, I advise you to select the first option. The more secure registry prevents anyone other than administrators from installing applications. [For more on Terminal Services security, see Roberta Bragg’s “Security Advisor” in this issue.—Ed.]

Figure 4. Defining application permissions during the Terminal Services installation.

If you have applications installed on the server when selecting Application Server mode, the system will complain. You’ll get a friendly dialog listing the applications and a message warning that they may not work properly. Heed the warning!

When the Terminal Services are installed, you’ll have to reboot your system. Yes, this is one of the few times that you need to shut down and start up Win2K after installing a new service. Why? We’re now switching to multi-user mode—we’re changing the core of the OS from single user to multi-user; serious enough for the system to take a new picture of itself.

Of course, at some point you may decide to uninstall Terminal Services. Before doing so, you should remove all applications, remove the service, reboot, and then reinstall the applications. Because several changes are performed in the registry, this is the recommended route.

Application Matters

Today, applications work better with terminal servers than ever before; however, you’re bound to come across some hiccups. Programmers in the past rarely took into account a multi-user operating system (or multiple people using the same PC) in their application design. This led to problems like improper use of HKEYLocalMachine, over-use of the CPU, and identifying the user by IP address or machine or NETBIOS name.

Take the problem with HKEYLocal Machine. This is where global values get stored. If an application stores user-dependent values in HKLM, another user can come in and overlay those values; the last one in wins.

Another common problem occurs when the install program writes values to the HKEYCurrentUser (HKCU). When the program runs, it looks for values in HKCU (placed there by the install program); if they’re not there, the program doesn’t work properly. In this scenario, the installed application works for the person who installed it, but not for anybody else. The new Win2K logo guidelines require programmers to become more aware of the issues of a multi-user environment. However, they don’t make compliance mandatory. Also, it’ll be awhile before the applications we’re running today have Win2K logo compliance. That said, a year ago third-party programmers treated Terminal Server as another OS; they’d get their Windows 95, 98, and NT versions out the door, and other releases would wait for another day. Now we’re bound to see improvements on this front if programmers want that logo.

Terminal Services Licensing
You might think that because Terminal Services is part of the core Windows 2000 Server operating system, the only thing you need to buy is a Win2K Server license. Not true. On a typical Windows NT Server installation, was it enough to pay for the server license and client OS license? Before Windows NT 3.5 it was enough; however, since then Microsoft has implemented its Client Access Licenses (CALs). The concept of a CAL is that the users benefitting from the server should pay their way—and, by the way, this isn’t unique to Microsoft. In other words, the price of the server is based on the value brought to your company, based on the number of users who benefit.

In order to implement Terminal Services you must have the following licenses:

  • Win2K Server (you can substitute Advanced or Data Center).
  • Win2K Server Access license (this is because the client uses files on the server).
  • Win2K Professional on the client or a Win2K Terminal Services CAL.

You can find the various price tags at www.microsoft.com/windows2000/
guide/server/pricing/pricingwindows.asp
.

Once you have a slightly better understanding about what licenses are required, you can look at the steps and components you need to configure Terminal Server Licensing.

The first thing to do is activate the Terminal Services License Server (TSLS). Microsoft calls this phase one. You perform this on a domain controller on which Terminal Services Licensing service is installed. The process of activating the TSLS registers it with the Microsoft Certificate Authority and License Clearinghouse (MCALC). There are various ways to register your TSLS with the MCALC: over the Internet, via the Web, by fax or phone call. As a result of your TSLS being registered, you’ll get a License Server ID, a 35-character string issued by the MCALC. Phase two is to enter in the client license pack ID, which authorizes this TSLS to administer the licenses purchased. Phase two can be repeated as many times as needed.

When a client initiates a Terminal Services session, the terminal server goes out and finds a TSLS. If it fails to do so, it will have a 90-day license server grace period. If the terminal server doesn’t find a TSLS within 90 days, it stops issuing temporary licenses and those clients won’t be able to run Terminal Services sessions. If the TSLC doesn’t have an available Terminal Services CAL, a temporary license will be issued and is good for 90 days. If the client is a Win2K OS, then it doesn’t need a Terminal Services CAL. Terminal Server Licensing services doesn’t talk to any other licensing manager including Windows NT 4.0 Terminal Server Edition.

Also, if you use third-party software (such as Citrix MetaFrame) installed on top of Terminal Services, it doesn’t remove the Microsoft licensing requirements even though it has additional licenses. The third-party licenses are in addition to Microsoft’s. Ouch!

—Bruce Rougeau

Customizations

Sometimes applications have behavior that works well on a fat client but doesn’t work as well on a thin-client solution due to resource consumption like bandwidth. Microsoft Office is a perfect example. Its Office assistants are cute, but all the moving, bouncing, and eye contact isn’t really necessary and requires processor cycles. To eliminate extraneous activity in Office, Microsoft has made a transform file, termsrvr.mst, available in its Office 2000 Resource Kit. As a matter of fact, you can’t install Office without it on a terminal server. The command to install Office 2000 on Terminal Server Edition or Terminal Services after installing the Office 2000 Resource Kit would be:

setup.exe TRANSFORMS=”D:\Program Files\ORKTools\ToolBox\Tools\Terminal Server Tools\Termsrvr.mst” /qn+

The location d:\Program Files is where we’ve installed the Resource Kit in this example. Look for other applications to provide the same type of solution.

Integration

To install Office on your Terminal Server and make it available to several users, the Terminal Server must be in Application Server mode and Install mode. This is done automatically when using the Add/Remove Program routine. Remote Administration mode doesn’t support Application Install mode. The latter can best be described as a video camera watching everything we do while installing an application, in case we need to know this for another user later. During Application Install mode, new registry entries are shadowed in HKEY_Local_Machine\
Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install. If the setup program queries for the Windows directory, it returns %systemroot%, where all .ini files will be installed.

After installing an application, the system will be put back into Application Execute mode. During the Execute mode, if our application asks for a registry value that doesn’t exist, the “camera” will look in the area used during Install mode. If the value is found, it will be added to the registry and returned to our program. Each user has a Windows folder in his or her Home directory where the .ini files are stored. When a user logs on, the system checks the system directory for .ini files newer than the ones in the user’s Windows directory. If newer .ini files are found, they’re merged with the user’s .ini files.

Think Smart, Think Thin

Terminal Services is a wonderful solution if it meets your needs. Of course, I wouldn’t advise you to force it on everyone. If your application sucks up CPU cycles, requires intense graphics, or needs more than 256 colors, then it’s probably not for you. Just remember that a terminal server can be your total solution, or it can let you add applications to your existing desktop environment.

The way I see it, you can spend your money to provide high-end workstations on desktops and try to keep them current. Or you can put your IT investments in your servers and provide thin clients on the desktop.

Featured

comments powered by Disqus

Subscribe on YouTube

Upcoming Training Events

0 AM
Live! 360 Orlando
November 17-22, 2024
TechMentor @ Microsoft HQ
August 11-15, 2025