Virtualization with Terminal Services
Microsoft® Terminal Services
Terminal Services is a component of Microsoft® Windows® operating systems that allows a user to access applications or data stored on a remote computer over a network connection. Terminal Services is Microsoft's contribution to server-based computing, which allows individual users to easily access network resources. Based on the Remote Desktop Protocol (RDP), Terminal Services was first introduced in Windows NT 4.0 Terminal Server Edition. Windows Server 2008 has introduced several improvements and new features. Microsoft provides the client software, Remote Desktop Connection (formerly called Terminal Services Client), for most versions of their Windows operating systems and Apple's Mac OS X, which allows a user to connect to a server running Terminal Services.
Applications can be run in one location, but controlled in another, through presentation virtualization. Presentation virtualization creates virtual sessions in which applications present their user interfaces remotely - processing happens on the server while graphics, keyboard, mouse, and other end-user input/output (I/O) are handled at the end-user terminal. Each virtual session might run only a single application, or it might present its user with a complete desktop offering multiple applications. In either case, presentation virtualization can provide several benefits:
- Data can be centralized in one location to improve security and availability.
- Management costs can be reduced by only having to manage a single copy of the application on the server.
- More basic terminal hardware and thin clients can be used in placed of complete desktop systems, helping lower costs.
- Bandwidth can be used more effectively, leading to potential performance improvements.
Windows Server 2008 Terminal Services is a core enabler of presentation virtualization. In addition to the benefits above, with Terminal Services in Windows Server 2008 you can:
- Deploy applications that integrate seamlessly with the user’s local desktop.
- Provide access to centrally managed Windows desktops.
- Enable remote access for existing “WAN-unfriendly” applications.
- Highly secure applications and data within the data center—no need to worry about lost laptops.
Introduction to Terminal Services in Windows Server 2008
Terminal Services in Windows Server 2008 includes several enhancements over previous versions. Organizations can now provide centralized access to applications without the need to provide the whole remote desktop. Applications running remotely can be integrated with the local user’s desktop—looking, feeling, and behaving like local applications.
With Terminal Services in Windows Server 2008, organizations can provide more secure access to centralized applications or desktops (and other resources from the Internet) by using HTTPS—without needing to provide access via a Virtual Private Network (VPN) or opening up unwanted ports on firewalls. This reduces the complexity needed to provide secure remote access to applications and data for users, partners, or customers. And for deployments with several servers, new load-balancing features provide a simple way to ensure optimal performance by spreading sessions among the least-loaded available resources.
Enhancements to Terminal Services in Windows Server 2008
Windows Server 2008 delivers several key enhancements to Terminal Services:
Terminal Services RemoteApp. Terminal Services (TS) RemoteApp programs are accessed through Terminal Services, and look and act as if they are running on the end user's local computer. Users can run TS RemoteApp programs side by side with their local programs. If a user is running more than one RemoteApp on the same terminal server, RemoteApp will share the same Terminal Services session. Users can access TS RemoteApp in a number of ways:
- Double-clicking a program icon on their desktop or Start menu that has been created and distributed by their administrator
- Double-clicking a file which has an extension associated with a TS RemoteApp
- Accessing a link to the TS RemoteApp on a Web site by using TS Web Access
After opening the TS RemoteApp on a local computer, the user can interact with the program that is running on the terminal server as if it were running locally.
Terminal Services Gateway. TS Gateway enables authorized remote users to connect to terminal servers and remote desktops (remote computers) on the corporate network from any Internet-connected device that is running Remote Desktop Connection (RDC) 6.0. TS Gateway uses Remote Desktop Protocol (RDP) tunneled over HTTPS to help form a highly secure, encrypted connection between remote users on the Internet and the remote computers on which their productivity applications run, even if their use is located behind a network address translation (NAT) Traversal-based router.
TS Gateway eliminates the need to configure Virtual Private Network (VPN) connections, enabling remote users to connect to the corporate network through the Internet, while providing a comprehensive security configuration model that enables them to control access to specific resources on the network. The TS Gateway Management snap-in console provides a single, one-stop tool that enables you to configure policies to define conditions that must be met for users to connect to resources on.
If Network Policy Server (NPS) is deployed in your organization, you can configure TS Gateway policies, and then use NPS to store, manage, and validate those policies. NPS is the Microsoft implementation of a Remote Authentication Dial-In User Service (RADIUS) server.
Terminal Services Web Access. TS Web Access is a feature that makes Terminal Services RemoteApp available to users from a Web browser. With TS Web Access, a user can visit a Web site—either from the Internet or from an intranet—to access a list of available TS RemoteApp programs. When a user starts a TS RemoteApp program, a Terminal Services session is started on the terminal server that hosts the application.
TS Web Access includes a default Web page that you can use to deploy TS RemoteApp over the Web. The Web page consists of a frame and a customizable Web Part.
Terminal Services Session Broker. TS Session Broker provides a simpler alternative than Microsoft Network Load Balancing for Terminal Services. While not limited to a specific number of servers, the feature provides significant value to server farms of two to five servers. With TS Session Broker, new sessions are distributed to the least-loaded server within the farm—optimizing performance—and users can reconnect to an existing session without having to know specific information about the server where the session was established. IT managers can use the feature to map the Internet Protocol (IP) address of each terminal server to a single Domain Name System (DNS) entry. This configuration can also provide fault tolerance; if one of the farm servers is unavailable, the user will connect to the next least-loaded server in the farm.
Terminal Services Easy Print. TS Easy Print enables users to reliably print from a TS RemoteApp program or full desktop session to a local or network printer installed on the client computer. Printers can now be supported without the need to install print drivers on the terminal server. When users want to print from a TS RemoteApp program or desktop session, they will see the full printer properties dialog box (printer user interface) from the local client and have access to all the printer functionality. IT administrators can use Group Policy to limit the number of printers redirected to just the default printer, thereby reducing overhead and improving scalability.
Core Scenarios for Terminal Services in Windows Server 2008
All of the new features of Terminal Services combine with many other improvements of Windows Server 2008 to provide solutions for the following scenarios:
Remote Access to Applications. Providing access to applications remotely can be a challenge; many applications do not work well over remote connections—even over cable and DSL. By placing an application close to the data it needs and making it available through TS RemoteApp, TS Gateway, and/or TS Web Access, application response is improved for both remote users and users in branch offices. TS Easy Print makes it easier for these users to have a full "in-office" experience.
Securing Applications and Data (Regulatory Compliance). By securing an application and its data in a central location, it is possible to reduce the risk of accidental data loss caused by, for example, the loss of a laptop. Centralizing applications and data ensures that as little data as possible leaves the corporate network. With TS Gateway and TS RemoteApp, users, partners, or customers do not need full access to a company network or computers, and you can limit them to a single application, if needed.
Merger Integration or Outsourcing. In the case of a merger, the merging companies will typically need to use consistent Line of Business (LOB) applications on a variety of Windows versions and configurations. The same can be true when outsourcing to partner organizations that need access to specific LOB applications but not to the full corporate network. Rather than going through the cost of deploying all of the LOB applications to all of the computers in the merged company or outsourcer, the LOB applications can be installed on a terminal server and made available through TS RemoteApp. This is especially useful when an application is difficult to patch or manage, can’t be distributed with Microsoft Systems Management Server (SMS), or has other management issues.
Flexible Office Users. In a company with a non-assigned desk policy, users can work from different computers each day of the week in the office. In some cases, the computer on which a user is working may not have the necessary programs installed locally. By using Terminal Services, the programs can be installed on a terminal server and made available to users as if those programs were locally installed.
