In the old days of mainframe computing, employees typically used terminal equipment to connect to a big machine in a white room that ran all their programs and calculations. The terminal only showed the user interface while processing keystrokes and responses from the user; the mainframe in the back actually executed the programs and displayed the results to the end user so that very little processor intelligence resided at the client equipment end. This is largely why these terminal systems were called "dumb."
Although the move into the personal computing and desktop computing era made large inroads into corporate America, there are still some uses for dumb terminal (or in more modern terminology, "thin client") functionality. Windows Terminal Services (TS) is a set of programs and utilities that enable this functionality on a more intelligent, contemporary level. In fact, you might already be familiar with Terminal Services in a scaled-down mode. Both Windows XP's Remote Assistance and Remote Desktop Connection utilities are examples of Terminal Services in action. Terminal Services passes only the user interface of a program running on a server to the client computer, which then passes back the appropriate keyboard strokes and mouse clicks. The server running Terminal Services, which many clients can access simultaneously, manages the connections and the active programs seamlessly. It appears to the user that he's using his own computer, rather than one servicing other active applications at the same time.
Why is this useful? Many corporations, in an effort to reduce desktop support responsibilities for their help desks as well as equipment acquisition costs, are deploying thin client computers with limited client-side functionality. These thin clients provide users with a window into a server that is running the applications they need. Microsoft Office, many accounting applications, and multitudes of other programs work effectively under a Terminal Services environment, and the reduced management headaches are worth the extra initial setup effort for some businesses. Think about the reduced cost of applying patches, upgrading software, or removing outdated programs. You apply, upgrade, or remove once, and bingo: your entire enterprise IT environment is updated. It's hard to argue with that. This specific mode of using Terminal Services is known, very simply, as Terminal Services.
Terminal Services has another common use: remote administration. This is a hassle-free way that you can connect to machines running a Terminal Services-compatible operating system and use the machine's interface almost exactly as if you were sitting in front of it. Windows 2000, XP, and Server 2003 and Server 2008 come bundled with a license to do this. This is quite a boon for administrators: you don't have to leave your cubicle to administer elements of Windows on servers in your machine room.
A Terminal Services connection uses TCP port 3389 to allow clients to log on to a session from their workstation. However, the Terminal Services Configuration applet and the Terminal Services Manager console, both of which I'll also cover in this chapter, enable you to change this port and a number of other properties about each connection.
Terminal Server has its own method for licensing clients that log on to terminal servers, separate from the licensing method for clients running one of the other flavors of Windows Server 2008. In addition to being enabled to use Terminal Services in their user account properties, clients must receive a valid license issued by a license server before they are allowed to log on to a terminal server. Later in this chapter I'll discuss in greater detail the subject of licensing issues when using Terminal Services.
Tip
Terminal Services support is not included in Windows Server 2008 Web Edition, although you can use the Remote Desktop Connection applet in the Control Panel to remotely administer the server.
The Remote Desktop Protocol (RDP) is the protocol that drives Terminal Services. RDP is based on and is an extension of the T.120 protocol family of standards. It is a multichannel-capable protocol that allows for separate virtual channels for carrying device communication and presentation data from the server, as well as encrypted client mouse and keyboard data. RDP provides a very extensible base from which to build many additional capabilities, supporting up to 64,000 separate channels for data transmission as well as provisions for multipoint transmission.
Figure 10-1 illustrates the structure of RDP and its functionality from a high-level perspective.
The new Terminal Services client software included in Windows Server 2008 (Remote Desktop Connection, or RDC) uses RDP 6.0, and many local resources are available within the remote session: the client drives, smart cards, audio card, serial ports, printers (including network), and clipboard. Additionally, you can select color depth from 256 colors (8-bit) to True Color (24-bit) and resolution from 640 × 480 up to 1,600 × 1,200.
RDP basically takes instructions from a terminal server host machine on screen images and draws them onto a client's screen, refreshing that image about 20 times every second if there's activity on the client side. (To save bandwidth, if no activity is detected on the client side, it cuts the refresh rate in half.) It then notes any keyboard and mouse activity (among other things) and relays those signals to the terminal server host machine for processing. This two-way exchange of information is wrapped into what's called a session, which consists of the programs running on the host machine and the information being sent over RDP between the terminal server and the client machine.
Here's what's new in Remote Desktop Connection 6.0:
- Network level authentication (NLA) and server authentication
NLA is a new way for the RDC client to authenticate the user, client machine, and server against one another, thus removing the authentication transaction from the RDP process. Server authentication uses Transport Layer Security, or TLS, to match a server's true identity against the one it's projecting. This way clients can be sure that they're indeed talking to a real server and not a malconfigured, "owned" machine that may be posing as the real server in order to receive sensitive data.
- Display improvements
You'll find that now, RDP sessions can support a maximum resolution of 4,096 × 2,048 with additional support for widescreen monitor scenarios. You can also span a session across multiple monitors if you have the hardware installed, and on all of these sessions you can get 32-bit full color depth and ClearType font smoothing.
- Display data prioritization
This allows RDP to give more priority to data used to draw your RDP display during bandwidth-intensive operations like transferring large files or printing a big document, eliminating the herky-jerky user experience found in previous versions of RDP while carrying out these operations. By default, 70% of available bandwidth is used for display data and 30% for the remainder of session data. You can change this in the Registry at HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TermDD; the two keys are
FlowControlDisplayBandwidthfor the display data andFlowControlChannelBandwidthfor everything else.- Desktop experience and composition
This feature allows users to get the look and feel of a regular Windows Vista host, including various desktop themes and access to Windows Media Player, that were unavailable under previous versions of RDP and Terminal Services. You can access this feature and enable it by using the Add Feature selection in Server Manager; the correct entry to select is "Desktop Experience." This is entirely server-based, so no client configuration is necessary.
- Plug and Play Device Redirection Framework
This feature allows you to redirect PnP device interaction from the local RDP client to the server-based session, so the user sees the same seamless user interface for these devices regardless of whether they run locally or remotely. PnP devices in a remote session are limited in scope so that they are only accessible to that session.
- Terminal Services EasyPrint
TS EasyPrint removes the need to install printer drivers on the TS host in the vast majority of cases by taking advantage of the new XPS print path that was introduced in Windows Vista and Windows Server 2008, acting as a proxy and redirecting all calls for the user interface to the print driver installed on the client. Users printing from within a session will see printing progress as they expect and can even adjust printer properties as necessary.
- Single Sign-On
New to Windows Server 2008, users that are logged on to a domain can gain access to a domain-joined Terminal Server machine without needing to enter credentials a second time. This feature, however, only works with the Windows Vista-Windows Server 2008 client-server duo.