Technology Overview

Microsoft® Windows® Terminal Services (WTS) provides access to Windows-based applications from a variety of client hardware devices. Applications are installed on the server and accessed by clients via Terminal Services software. Microsoft Windows Terminal Services provides functionality similar to a terminal-based, centralized host environment in which multiple terminals connect to a host computer. Each terminal provides a conduit for input and output between a user and the host computer. A user can log on at a terminal, and then run applications on the host computer, accessing files, databases, network resources, and so on. Each terminal session is independent, with the host operating system managing conflicts between multiple users contending for shared resources. Windows Terminal Services became available in Microsoft's Server 2000 family circa 1999; it includes Windows Server 2000 and Advanced editions. This Feature Note will reference both Windows Server 2000 and Windows Server 2003 Terminal Services components.

Windows Terminal Services communicates over a TCP/IP network connection using Microsoft Remote Desktop Protocol (RDP). The primary difference between Terminal Services and the traditional mainframe environment is that the dumb terminals (e.g. VT100's) in a mainframe environment only provide character-based input and output. A Terminal Services client provides a complete graphical user interface including a Microsoft Windows operating system desktop and support for a variety of input devices, such as a keyboard and mouse. In the Terminal Services environment, an application runs entirely on the Terminal Server. The Terminal Services client performs no local processing of application software. The server transmits the graphical user interface to the client; the client transmits the user's input back to the server.

Windows Terminal Services Architecture

WTS extends the model of distributed computing by allowing PCs to operate in a server-based computing environment. With Terminal Services running on a Windows 2000-based server, all client application execution, data processing, and data storage occur on the server. Applications and user desktops are transmitted over the network and displayed via terminal emulation software. Similarly, printing, keyboard input, and mouse clicks are also transmitted over the network between the server and the terminal emulation software. Each user logs on and sees only their individual session, which is managed transparently by the server operating system and is independent of any other client session. Figure one illustrates the Windows Terminal Services model, one user at a client machine using RDS protocol through TCP/IP accessing a program residing on the Terminal Server. Hundreds of users can simultaneously access the same application residing on the Terminal Server and work on a task completely independent of each other.

Terminal Services extends the model of distributed computing by allowing PCs to operate as both thin and fat clients simultaneously. At the hardware level, a thin client is a device that relies on a server for applications and data, and performs little or no application processing. Thus a thin client (often called a terminal) requires relatively small amounts of RAM and local disk storage capacity. A typical PC (also called a fat-client) usually has more RAM and a larger disk drive so it can handle all of an application's code and data locally.

WTS client software is available for different client hardware devices, including PCs, Windows-based terminals, and even non-Windows-based devices such as a Macintosh or UNIX workstation. By letting users access a Windows 2000 desktop running on Windows 2000 Server, Terminal Services provides a bridging technology for users moving to a Windows 2000 Professional Desktop environment. Frequently updated or hard to install line-of-business applications can be installed centrally on a Windows 2000 Server, and the Terminal Services client software can be used to access just the application, rather than the entire desktop. This is useful for any desktop, including the latest operating systems such as Windows 2000 Professional, especially when it is desirable, for performance reasons, to locate the application execution logic as close as possible to the backend data.

Terminal Services Features

Terminal Services allows centralized management of some or all computing resources for each client connected to a Terminal server and provides each user with their own working environment. Additional Terminal Services advantages include:

• Bringing Windows 200X to desktops faster. Terminal Services acts as a convenient bridging tool for earlier desktops migrating to Windows 2000 Professional. It allows the Windows 2000 desktop experience to be delivered "virtually" to non-PC desktops and PCs that need hardware upgrades before they can run a full Windows 2000 operating system locally.

• Centralized deployment of applications. Terminal Services provides centralized deployment and management of 32-bit Windows-based applications to Windows-based terminals, remote users, or local PC desktops. Terminal Services ensures that all clients can access current versions of an application because the software is installed once on a server, rather than every desktop throughout the company. This model reduces the costs and challenge of updating desktop machines, especially for remotely located desktops or branch office environments. In addition, Terminal Services features such as 'Remote Control' can simplify application support.

• Remote administration. Terminal Services provides remote administration for the Windows 2000 Server family. This gives system administrators a powerful method of remotely administering each member of the Windows 2000 Server family from any client device over a LAN, WAN, or dial-up connection.

Ease of Use*

Feature Description

Automated Local Printer Support Windows 2000 Server Terminal Services can add and automatically reconnect printers attached to Terminal Services clients. Clipboard Redirection This feature lets users cut and paste between applications running on the local machine and those running on the Terminal Server. Performance Enhancements Many improvements to caching, including persistent caching, packet utilization, frame size, and other enhancements, now provide significant performance improvements in Terminal Services. Roaming Disconnect Support This feature lets users disconnect from a session without logging off. Users can let a session remain active while disconnected and then reconnect to the existing session from another machine or at a later time. The Windows 2000 Server security model requires logon to reconnect, so sessions remain secure at all times. Multiple Logon Support This feature lets a user have multiple simultaneous logon sessions from one or more desktops. Users can log on to multiple computers running Windows 2000 Server using the same logon name, or they can log on to a single server multiple times (again using the same logon name) to do several tasks or run multiple unique desktop sessions. *Information from www.microsoft.com

Manageability*

Feature Description

Remote Administration Mode Remote administration mode allows Terminal Services to be enabled on any computer running Windows 2000 Server for graphical remote administration. Enabling this mode leaves server performance and application compatibility unaffected and allows up to two concurrent remote sessions.

Remote Control

This feature lets helpdesk staff view or control another Terminal Services session. Keyboard input, mouse movements, and display graphics are shared between two Terminal Services sessions, giving the support person the ability to diagnose and resolve configuration problems, as well as train the user remotely. This feature is especially useful for organizations with branch offices. Integration with Windows 2000 Server Features Terminal Services supports and extends all Windows 2000 Server features, such as Active Directory® services and the Microsoft Management Console.

Network Load Balancing

Network load balancing, available in Windows 200X Advanced Server and Datacenter Server, lets Terminal Services clients connect to a pool of servers running Terminal Services, eliminating a single point of failure. Windows-based Terminals Based on Windows CE and Embedded NT 4.0 Based on custom implementations of the Windows CE and Embedded NT operating systems and the Remote Desktop Protocol (RDP), Windows-based terminals are now available from major terminal partners (such as Wyse Technology, Network Computing Devices, Boundless Corporation, and Neoware Systems). Windows 2000 Server enhances these devices to include such features as remote control and local printing.

Client Connection Manager

This tool lets administrators and end users set up pre-defined connections to one or several different servers for a single application or full desktop access. Client Connection Manager creates an icon on the client desktop for single-click connectivity to one or more computers running Terminal Services. This way, administrators who want to provide a single line-of-business application across the computing environment can create a connection, export it, and distribute that connection along with the Terminal Services Client software to the PC desktops (for example, Win32® - and Win16-based systems). The connection is automatically made available when the client software is installed. License Manager The Terminal Services License Manager helps system administrators and purchasing offices track the clients and associated licenses connecting to the Terminal Services.

Distributed File System (DFS) Support

Support for DFS lets users connect to a DFS share and allows administrators to host DFS shares from a Terminal Server. System Policies Components Allow Desktop Lockdown Terminal Services-based clients have additional components on the Windows desktop and Start menu: Disconnect, Logoff, and Windows 2000 Server Security. Administrators can disable these components in cases where this level of flexibility isn't needed.

Terminal Services Manager Administrators can use the Terminal Services Manager tool to query and manage Terminal Services sessions, users, and processes on computers running Windows 2000.

Terminal Services Configuration

Terminal Services Configuration is used to manage connection protocol settings and server settings, including permissions, encryption strength, and the licensing mode.

Integration with Windows 2000 Server User Management

Administrators create user accounts for Terminal Services users in the same way they create accounts for Windows 2000 Server users. This lets existing PC users access their accounts from terminal and terminal emulation desktops. Extra fields exist for specifying Terminal Services specific information, such as the Terminal Services Profile Path and Home Directory.

Integration with Windows 2000 Server Performance Monitor

Integration with Windows 2000 Server Performance Monitor allows system administrators to easily monitor Terminal Services system performance, including tracking processor use, memory allocation, and paged memory usage and swapping per user session.

Messaging Support

Administrators can alert users to system shutdowns and upgrades or to new application postings. Configurable Inactivity Timeout Administrators can configure when to time out sessions due to inactivity, reducing server workload. *Information from www.microsoft.com

Security*

Feature Description

RDP Encryption The built-in RDP encryption feature lets administrators encrypt all or some of the RDP data transmitted between the Windows 2000 Server and Terminal Services Clients (including all Windows-based Terminals) at three different levels (low, medium, or high), depending on security needs. The default encryption level is medium, which provides bi-directional encryption between the server and the client using RSA Security's RC4 encryption algorithm, using a 56-bit key (or a 40-bit key, if using a Terminal Server 4.0 client). Terminal Services also supports 128-bit bi-directional encryption, which is available if you install the Windows 2000 High Encryption Pack. Limit Logon Attempts and Connection Time Administrators can limit the number of user logon attempts to prevent hackers from attacking a server, as well as the connection time of any individual user or groups of users. Manage User Security Administrators can set up security restrictions for individual users or an entire server. This includes limiting the ability to redirect to local devices. *Information from www.microsoft.com

Terminal Services Benefits

Benefit Description

Rapid, Centralized Deployment of Applications Terminal Server is great for rapidly deploying Windows-based applications to computing devices across an enterprise—especially applications that are frequently updated, infrequently used, or hard to manage. When an application is managed on Terminal Server, and not on each device, administrators can be certain that users are running the latest version of the application. Low-bandwidth Access to Data Terminal Server considerably reduces the amount of network bandwidth required to access data remotely. Using Terminal Server to run an application over bandwidth-constrained connections, such as dial-up or shared WAN links, is very effective for remotely accessing and manipulating large amounts of data because only a screen view of the data is transmitted, rather than the data itself. Windows Anywhere Terminal Server helps users become more productive by enabling access to current applications on any device—including under-powered hardware and non-Windows desktops. And because Terminal Server lets you use Windows anywhere, you can take advantage of extra processing capabilities from newer, lighter-weight devices such as the Pocket PC.

New Features & Improvements in Windows Server 2003

Benefit Description

Increased Scalability

Enterprises need the ability to scale-up and scale-out. Terminal Server supports more users on each high-end server than Windows 2000; and Session Directory in Windows Server 2003, Enterprise Edition provides support for Microsoft's network load balancing and other third-party load balancing technologies.

Improved Manageability

Terminal Server provides unsurpassed remote manageability by taking advantage of technologies like Group Policy. Complete remote management capabilities are available through a comprehensive read/write Windows Management Instrumentation (WMI) provider.

Easy-to-use Remote Desktop Connection

Remote Desktop Connection (the new "Terminal Services Client") is an RDP 5.1 client that features a much improved user interface, enabling users to save connection settings, easily switch between windowed and full screen mode, and to dynamically alter their remote experience to match the available bandwidth.

Enhanced Remote Desktop Protocol (RDP)

When connecting to a terminal server using an RDP 5.1 client, many of the local resources are available within the remote session, including the client file system, smart cards, audio (output), serial ports, printers (including network), and the clipboard. These redirection facilities allow users to easily take advantage of the capabilities of their client device from within the remote session. For instance, files can be opened, saved and printed to the users local PC, regardless of whether the application is running locally or remotely.

Greater Color Depth & Screen Resolution

With RDP 5.1, color depth can be selected from 256 colors (8-bit) to True Color (24-bit), and resolution can be set from 640 x 480 up to 1600 x 1200. For example, an IT administrator can use Terminal Server to support store kiosks displaying merchandise. They can be set to provide true color images for the best product image.

Additional Windows Server 2003 Enhancements

Terminal Server takes advantage of many Windows Server 2003 features, such as software restriction policies, roaming profile enhancements, and new application compatibility modes.

Terminal Services Licensing Requirements

The Windows Server 2003 licensing model requires a server license for each copy of the server software installed. Terminal Services functionality is included in the Windows Server license. Terminal Server Licensing operates between several components as shown in Figure 2. The Terminal Server Licensing-enabled license server, the Microsoft Certificate Authority and License Clearinghouse, one or more terminal servers, and terminal server clients. A single license server can support multiple terminal servers. There can be one or more license servers in a domain, or throughout a site.

The Microsoft Clearinghouse is the facility Microsoft maintains to activate license servers and to issue client license key packs to license servers. A client license key pack is a digital representation of a group of client access license tokens. The Microsoft Clearinghouse is accessed through the Terminal Services Licensing administrative tool. It might be reached directly over the Internet, through a Web page, or by phone.

Windows Server Client Access License

In addition to a server license, a Windows Server Client Access License (CAL) is required. If you wish to conduct a Windows session, an incremental Terminal Server Client Access License (TS CAL) is required as well. A Windows session is defined as a session during which the server software hosts a graphical user interface on a device. For Windows sessions, a TS CAL is required for each user or device. Two types of Terminal Server Client Access Licenses are available: TS Device CAL or TS User CAL. A TS Device CAS permits one device used by any user to conduct Windows Sessions on any of your available Terminal Servers. A TS User CAL permits one user using any device to conduct Windows Sessions on any of your Terminal Servers. You may choose to use a combination of TS Device CALs and TS User CALs simultaneously with the Terminal Server software.

Planning your Terminal Server Deployment

The idea of Terminals Services is great, it provides all the right ingredients for what your organization needs. Now what? Installation of any Microsoft enterprise application is a delicate combination of process defining, information technology and licensing. Particle Measuring Systems has provided a high level deployment guide for reference when deploying Windows Terminal Services.

1. Install your Terminal Server.
2. Install your License Server.
3. Activate Terminal Server Licensing - A license server is not considered operational until it is activated. If you do not activate the license server as a part of the installation itself, you can activate it later.
4. Decide on what Client Access License to purchase. (Per device or Per User)
5. Purchase your Terminal Server CALs.
6. Install Terminal Server CALs.
7. Make sure that your Terminal Server can detect the License Server - It is essential that a Windows Server 2003 Terminal Server is able to detect a computer running Terminal Server Licensing on Windows Server 2003 for correct operation within your network.
8. Matching your Terminal Server Mode with the types of CALs purchased.
9. Go-Live and manage your CALs when in operations using Administrative Tools.

There are many resources on Microsoft's web site, for more specific information visit Microsoft's web site at www.microsoft.com.

Terminal Services & Facility Net 3.0 Terminal Services is supported by Facility Net 3.0 Service Pack 3 and later. Both the Real Time Station (RTS) and Network Station must be upgraded for this feature. However, only Network Stations can be run on the Terminal Server. The RTS must be run on a separate system within your network.

Configuration All Facility Net network stations that are running on a Terminal Server have the same instrument configuration. They share a single pms_view.cfg file. Any changes to the configuration will be seen by the other users the next time they start Facility Net. To eliminate conflicting configuration, users should be discouraged or restricted from changing the instrument configuration. Ideally only one user should be able to set the configuration for all users on a Terminal Server environment.

The job configuration, pager settings and directory settings are also shared among all the Terminal Services clients. Any changes to these configurations will be seen by all the network stations running on the Terminal Server the next time a user starts Facility Net.

Security Security can also be used to allow each Terminal Services user to customize their Facility Net display configuration. Users must login to Facility Net to see their own display configuration. A feature has been added to Facility Net that allows users to login when Facility Net starts up. This feature is activated by adding the following to fac-view.ini

[Security] InitialLogin=1

Sensor Status Each user will have an individual sensor status configuration. You will be able to set up your own sample point visibility and computer visibility. Users must login in order to see their own sensor status configuration. Data displays such as plots and historical tabular update on Terminal Services network stations just as they do with other network stations. The size and location of the windows are specific to each user.

Closing a Session Facility Net must be shut down before ending a session with the Terminal Server. The user should exit Facility Net before logging off from a session otherwise Facility Net will terminate abruptly and problems could result. Lock files or other files could be left open and cause the system not to function.

Access Rights All terminal services users must have full read and write access rights to the following folders:

• The network directory used by the RTS network directory. This privilege is needed so that network station users can lock the database when doing retrievals of historical data. • The windows directory on the Terminal Server (c:\windows or c:\winnt). This privilege is needed so that users can save information to configuration files. • The temp directory on the Terminal Server (c:\temp) and all its subdirectories. The database uses this directory for temporary files.

ROI Terminal Services was built with the intent of providing organizations with a more reliable, more scalable, and more manageable server-based computing platform. Terminal Services offers new options for application deployment, more efficient access to data over low bandwidth, and enhances the value of legacy and new, lighter-weight devices. An improved client interface, support for a wide variety of data redirection types, and an array of client deployment options, combined with new and improved server management tools and security enhancements, make it much easier to manage Terminal Services and Windows Server 2003-based computers.

Windows Terminal Services maximizes application availability, allows for trouble-free maintenance and reduces administration overhead. By offloading persistence functions (processor and server intensive operations) you do not have to buy expensive hardware to support your applications. The result is savings on hardware costs, with increased application performance.

More Information and Related Links See the following resources for further information:

• What's New in Terminal Server at http://www.microsoft.com/windowsserver2003/evaluation/overview/technologies/terminalserver.mspx
• Windows Server Family Overview at http://www.microsoft.com/windowsserver2003/evaluation/overview/default.mspx
• Windows Server Features Guide at http://www.microsoft.com/windowsserver2003/evaluation/features/
• Introducing Microsoft .NET-connected Technologies at http://www.microsoft.com//windowsserver2003/evaluation/overview/dotnet/default.mspx
• Using Software Restriction Policies to Protect Against Unauthorized Software at http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx.

For the latest information about Windows Server 2003, see the Windows Server 2003 Web site at http://www.microsoft.com/windowsserver2003.