Read an Excerpt
1. Why Terminal ServicesWindows 2000, the next generation of Microsoft Windows NT, represents a significant leap in power for Windows computing. Some of the greatest improvements have come in Windows 2000 Terminal Services, a system for allowing multiuser access to Windows programs. Intelligent use of Windows 2000 Terminal Services improves the manageability of your network, and lets you more easily support remote users, including anonymous users across the Internet. Terminal Services is an integrated feature in all versions of Windows 2000 Server.
Windows NT has always been a multiuser operating system in one sense-many users can connect to a Windows NT server and perform tasks on that server, but only through specific services exposed by the server. For example, a Windows NT server can share files with client systems, share access to other networks (such as the Internet), share access to a database, and so on. But with Windows 2000 Terminal Services, you can share whole applications. What's the difference? With Terminal Services, users run a program, user interface and all, on the server. All the computing occurs on the server. The user's computer sends keystrokes and mouse events to the server; the server sends back display changes. As a result, very little processing takes place on the client. The client computer does not even need to have the application installed, and the application may very well be one that the client computer is incapable of running. There are Terminal Services clients for DOS, Windows 3.1, and Windows CE-based handheld devices, and you can use them to run Windows 2000 applications from the server. Even the load on the network is light.
ManyWindows NT networks install their applications on the server and allow users to start the applications from there, but this too is very different from Terminal Services. When clients run programs off a network share, the program still loads on the client and processing takes place on the client. Since the program files must transfer to the client in order for the program to load, there can be a considerable delay, depending on network traffic. Once again, with Terminal Services the program loads on the server itself, and the only transfers on the network between the client and server are of screen changes and keyboard and mouse events.
Terminal Services itself places very little extra load on a server. If only for remote administrative purposes, you probably should activate it on all servers in your network.
Terminal Services administration is integrated into the Windows 2000 Active Directory. You can use the full power of Active Directory's group policy management to assign rights to users running Terminal Services applications.
A Quick Overview of Terminal Services
Windows 2000 Terminal Services works by sharing the user interface. Clients send keystrokes and mouse events to the server and receive display changes back. Even on a fairly slow connection, such as a 28.8K modem, the performance of Terminal Services connections is good enough to display all but the most multimedia-intensive applications. The protocol exchanged between clients and servers is called Remote Desktop Protocol (RDP). RDP is based on the International Telecommunication Union's (ITU) T.120 protocol, an international open standard first used in multiple virtual channel conferencing products like Microsoft's NetMeeting. RDP is a sophisticated protocol, supporting multiple levels of encryption and Unicode, a standard for character definition in all languages. At the network transport level, Terminal Services requires a TCP/IP connection. See Table 1 for some of the most important features of RDP.
Some applications may not run on Terminal Services. This problem exists, for example, for those applications that handle multiuser environments by tracking an IP address for each user, because Terminal Services forces all users to share the IP address of the Terminal Server. See Chapter 4 for more detail on why some programs don't work well with Terminal Services and what, if anything, you can do to make them work.
For the same reason, Terminal Services is incompatible with Windows Clustering Services, which allows multiple servers with different IP addresses to function as one large, fault-tolerant server. In lieu of clustering, Network Load Balancing Services for Windows 2000 does allow some load distribution for busy Terminal servers.
Why and When to Deploy Terminal Services
Terminal Services makes many things possible and many other things easier. You may have many computers that run old operating systems such as DOS or Windows 3.1, and perhaps even Windows 95 is inadequate for some of the applications you want your users to run. Upgrading systems is complicated and expensive, and can require user retraining.
Analysts often refer to the "total cost of ownership" (TCO) of computers, and how hidden costs, such as all the damage users do to their systems and the support costs they create, make computers more expensive than they seem. Bringing all the computing onto the server, where administrators can control users' options and more easily deploy new software, lowers TCO relative to running conventional Windows clients.
As shown in Figure 1-1, with Terminal Services, the permutations and combinations of applications and client platforms you can support are almost unlimited.
Servicing Mixed Platforms
Even if you are planning to upgrade your client systems, Terminal Services makes it easier to do so by letting you deploy applications aggressively, even if all your client systems aren't yet capable of running them. This lets you upgrade systems more gradually.
With Terminal Services, users can run Windows 2000 applications on a Windows 2000 server as long as they can connect to the server over TCP/IP If you are contemplating migrating your clients to Windows 2000 Professional, Terminal Services is an especially attractive interim step, because it lets you deploy Windows 2000 applications without having all your Windows 2000 clients up and running. Since all the work is on the server, you can focus all your performance concerns there and do all your backups centrally.
The same goes for remote users: you may have no control over what computer users have at home, but if it's a DOS or Windows system connected to the Internet, they can log on to the server and run all the network applications they run at the office. By using a virtual private network, you can add strong encryption to the connection, making sure that only authorized users can connect.
You can also use the Web, deploying Web servers that let users access programs via a Web browser. However, the programs you want people to run probably aren't HTML-based (at least not yet). It's likely they're Visual Basic programs, Microsoft Access programs, or proprietary programs for your business-all Win32 native programs that don't run in a Web browser. Sure, with a lot of work and development expertise you might be able to make them accessible through a Web server, but Terminal Services makes this unnecessary. Terminal Services doesn't just present a dumb graphics terminal. Users can print to local printers, even though the application is running remotely. Users can also transfer clipboard data from the application running on Terminal Services to local applications. This makes it easier to work with Terminal Services applications as peers alongside other programs.
The more you rely on Terminal Services, the easier client management becomes. In a Windows 2000 network using Terminal Services, if a client develops any sort of problem you can simply replace it with another system off the shelf. Because the users' applications are installed on the server, all they need are links (potentially just one) to continue working. In the case of Windows-based Terminals, the situation is even simpler. Just replace the device and everything's fine.
Many server products can be administered remotely using standard network protocols, but they are easier to administer if you're logged on at the actual server on which they run. Similarly, the remote administration interface may not be as full featured as the local version. By running an administration session under Terminal Services, you have almost all the power and convenience you would have if you were physically at the system. Since servers can be located in inconvenient locations like closets or even remote offices, Terminal Services can provide the environment that makes working on these systems possible.
You can administer file and print sharing over a Terminal Services connection. You can edit the registry of the server you're logged on to using that server's local copy of a registry editor. You can run any Microsoft Management Console (MMC)-based administration program on the server to remotely administer servers. Terminal Services provides a great way for an administrator working from a remote site or from home to administer entire domains, forests, or clusters.
Terminal Services also has a basic remote control facility that administrators can use to view or take control of client systems. This can be useful to demonstrate a technique or feature to a user, or to perform remote administration of the system.
Centralized Application Deployment
By deploying user applications on servers for access through Terminal Services, administrators can retain control over the use and configuration of the application.
Because Terminal Services integrates with Windows 2000's Active Directory, you can manage your users' access to applications and resources from applications more effectively and more automatically than in the past. If applications are installed locally on individual PCs, management of them can be tedious and dangerous, because user environments inevitably change from one system to another, even with a robust management system in place.
With Terminal Services, the applications are deployed centrally, so there is only one copy to manage. Upgrades and backups are much simpler. Each user is likely to have his or her own configuration settings in a personal folder (probably the Windows 2000 home directory). Changes users make don't affect other users.
Because most developers write applications for use in a single-user mode, these applications may need modifications to run properly in a multiuser system like Windows 2000 Terminal Services. Microsoft provides application compatibility scripts (in the %SystemRoot%\ Application Compatibility Scripts\Install folder) for modifying the application installation so that it runs properly. There aren't just Microsoft programs in there, but Corel Office, Lotus SmartSuite, and Peachtree Accounting as well. Other application vendors can help you make any necessary modifications. New and updated application compatibility scripts are available on a special Microsoft Web site.
Microsoft also certifies applications as Windows 2000-compatible, and all such applications are certified to work in multiuser environments like Terminal Services. See http://www.microsoft.com/windows2000/upgrade/compat/certified.asp for a list of such applications...