A single computer might support hundreds of VDU terminals which were serviced in turn, each one getting a few 100 milliseconds of computing time before it was the next terminal's turn. All a VDU terminal did was to send keystroke data to the computer and receive and display lines of text in response which scrolled up the screen, eventually disappearing off the top. Oh yes, and it could also beep. Terminals could be 100s of miles from the computer and be connected over a telephone circuit.

Then computers got cheaper until we could all have one each - hence the "personal computer". The scrolling lines of text were replaced by a Graphical User Interface which operated in conjunction with a mouse.

We now have a multi-gigaHertz processor with vast amounts of memory, hard disk and screen space all to ourselves. To many this has been a liberating experience. Being in control of our own powerful computing environment enables us to do our most creative work.

VDU terminals, where they still exist, are now called dumb terminals.

There is, however, a movement within computing to return to the "one central computer serving the many dumb terminals" model. But because no one's going to buy an idea that involves dumb terminals, in a stroke of genius they've been renamed Thin Clients. Stand-alone PCs, therefore, must by comparison, be fat. A Thin Client also isn't, anymore, a monochrome orange or green screen with a keyboard with mysterious extra keys called PF1 or the Gold key. It's a piece of software that runs on virtually any PC whatever its operating system. It doesn't demand much in the way of computing power and isn't a large or complex program - hence its thinness. However, when the thin client is running it displays a standard Windows desktop, generated from the central computer, that can be hard to distinguish from a local PC.

What a Thin Client connects to is hugely complex by comparison. It is a server, such as Windows 2003, running an additional software component called Terminal Services which enables it to simultaneously operate many Windows' Desktops each of which may be operating their own instances of Word, Excel or virtually any other Windows program. What would such a server look like that could operate 50 simultaneous desktop sessions? Dual 3.2gHz Xeon processors, 4 gigabytes of RAM and a SCSI RAID array would be a good starting point.

Running Terminal Services as your office computing solution is an "all your eggs in one basket" approach where a failure of the central server means all computing activity within your organisation stops. The Terminal Server is, therefore, usually a fault-tolerant cluster of several separate servers.

The Terminal Services approach appears old-fashioned. The early development of the Internet was funded by the US Military as a way of producing a geographically distributed computing model which presented no single target that, if destroyed, would cause a complete system failure. Modern network design philosophy reflects this attitude by always trying to avoid any single points of failure.

If you have Windows Server 2000 or 2003 you already have the software and licences to use Terminal Services to access your office network from home.

If you have Windows XP workstations you already have the software installed to access your office PC from home.

Contact us to discuss how this can be setup on your network.

Application Mode is the main Thin Client mode of operation we've been discussing above. Licensing requirements for Terminal Services are strict and you need a separate licensing server to oversee its enforcement. Each Thin Client connection needs a pair of licences - a Thin Client plus a normal Windows Client Access Licence (CAL) which together cost around £120 when bought in bulk.

The only concession is a 120 day grace period before licensing is enforced.

You can't discuss Terminal Services without mentioning the company Citrix and their Terminal Services program called Metaframe. This extends the functionality of Microsoft's Terminal Server program and many companies consider this an essential add-on.

In Windows Server 2003 there is only Application Mode as Administration Mode now appears as a separate component called Remote Desktop which has the same licensing restrictions as Windows 2000's Administration Mode.

Here are the common ones:-

Better Network Security

After the interface to the Internet, workstations are considered the next most vulnerable area of a company's network infrastructure. Workstations are normally scattered throughout a company's site allowing someone intent on breaking into a network to, more easily, get time alone, unobserved with a workstation than with a server. Someone could install hacking software to mount attacks on and thereby gain full access to the servers.

In the Thin Client model, workstations are less of a security risk as they should contain no confidential information. However using a standard PC to host a Thin Client session presents opportunities for defeating the security of the Terminal Server system itself by, say, installing a key-logger program to capture passwords. A special type of PC was invented to combat workstation insecurity in Terminal Server as well as in standard network configurations - the Diskless Workstation. It's exactly that, a standard PC without any type of disk drive but with a mechanism to allow it to boot from a software image stored on a server. Other specific Thin Client hardware devices have been promoted over the last 5 years by companies, including Microsoft, but they haven't caught on. Perhaps this is because a Thin Client device still needs to have a good quality components, especially the monitor, and so with the cost not far short of a full-blown PC a company, not altogether sold on the long-term viability of the Thin Client idea, has seen more value in sticking with standard PCs.

Using Terminal Services to increase network security is one possible solution for an environment where a high level of security is essential but, to be effective, you have to run the Thin Client software on a secure client device such as a diskless workstation.

Easier Control of Workstations and Users

A Thin Client workstation contains no important company data and has a standard software setup which is quick and easy to restore is case of a problem.

There are never any software upgrades or patches or even any operating system upgrades to make on a Thin Client workstation - all such changes are made on the Terminal Server.

Users work in their Terminal Server sessions with a minimum of access privileges so can't fiddle with settings, install extra software or defeat antivirus or other security measures.

This is Corporate IT Department Heaven! It can, however, end up being User Hell.

The type of computer fiddler that installs every piece of free-to-download and computer magazine cover CD software they come across, believing its claims of better this or faster that and who also makes changes, willy nilly, to operating system settings is a rare individual. Most users have, to varying extents, developed survival instincts after years of exposure to badly behaving computers and so are reluctant to make changes to their PC but can often find ways to work around problems. A group of users may have their IT champion who can solve problems before IT support arrives. The inspiration and motivation to find ways to use computers to greater advantage usually comes from the people using the systems every day.

When was the last time a member of your IT department said, "Hey, why don't you try doing it this way instead?" or "See if this bit of software works any better" or " I understand the problem you're having. I'll go and change things around on the server to make it work properly"?

Is my experience atypical or do IT departments resist change and innovation that's likely to give them more work often citing reasons such as budgetary constraints, network security risks or it's against company policy?

There are some situations where an employer wants nothing more than obedience from their "slave labour" workforce and might see Terminal Services as a way to enforce this and suppress any attempts at creativity - Call Centres spring to mind as an example.

Using Terminal Services to control and limit your employees computer use is, in my opinion, a poor reason to use it as it may suppress user-driven innovation.

Cheaper Total Cost Of Operation

The Terminal Server computer does the job, not only of a standard server, but of all the workstations in  company as well. Additionally it must generate screen-update information for each active session. The computing power to run all of this costs at least twice that of a standard server.

The Terminal Services model has an inherently greater risk of stopping a company's computing activities than the less centralised alternatives. Yes, this can be counteracted but it requires a commitment to spending money on both backup hardware and support personnel.

It would be an unusual situation where Terminal Services worked out cheaper than the conventional server and workstation approach.

This is where Thin Client and Terminal Services out-shine the alternatives and can often provide the only effective solution.

Accessing an company network from home or when travelling on business meant, in the past, dialling directly into the network but can now more easily be achieved using a Virtual Private Network (VPN).

The 2 major advantages of a VPN over direct dialling are:-

How many companies have set up VPNs only to find that the remote access connection speed is too slow to use it as they planned?

If you have Broadband at home then the 10-fold speed increase this brings might make the VPN connection workable but a couple of simultaneous Broadband VPN connections might be enough to use up the whole of a companies Internet bandwidth, slowing other Internet activities to a crawl.

If, instead of a VPN, you have a Thin Client connection to a Terminal Server on your company's internal network then your remote session has 100mbps connectivity with the rest of your internal network and the modem-speed connection you have with your session is usually enough to give acceptable screen update performance. Problem solved! The slow connection is no longer between the computer you're operating and the network you're accessing but is instead between you and the computer you're using which, as long as you're not working with high resolution images, video or audio, works well over slow links.

Added bonuses are that you can copy and paste, back and forth, between your local PC and the remote session and you can direct print jobs in the remote session to a printer connected to the local PC.

If you set every remote user's Thin Client to connect to a different TCP port then, with firewall mapping rules, you can direct each user to their own office PC and host as many simultaneous sessions as your Internet bandwidth will allow.

Remote Desktop Protocol uses TCP port 3389 by default but if you want to connect to your network at mycompany.myisp.com on port 3399 then, in the Thin Client connection box type:-

mycompany.myisp.com:3399

Then with your firewall's port mapping rules, direct incoming connections on port 3399 to the relevant host on your internal network, say, 10.0.0.120 on port 3389.

If you flinch at the prospect of opening so many ports on your firewall with "hard-wired" connections to internal computers then remote users could instead come through the firewall over VPN connections and then make the Thin Client connection to their workstations using the default TCP port and by simply typing the workstation name in the connection box. This way is less efficient as there's double encryption - once by Terminal Server and once by the VPN - and it uses up a server CAL but it may appeal on security grounds and it's easier to use with DHCP.

I've tried connections using both methods and found there to be little difference in performance.

Other Points

Windows XP Service Pack 2 was released in August 2004.
Prior to its release, it was rumoured that this would allow several simultaneous sessions - perhaps 2 remote desktop sessions and 1 local session.
 

Unfortunately Microsoft decided not to include this feature in the final version of Service Pack 2.

However, one of the beta versions of SP2 did allow this feature and so, if you copy across the file termserv.dll from this beta version and make a few registry and other changes, you can get 3 simultaneous sessions - 3 remote or 2 remote and 1 local session - using Windows XP with the the standard SP2 and all subsequent hotfixes applied.

I've tested it and it works.

It contravenes the terms of the XP EULA and the computer can't join a domain but it's certainly a useful trick.

If a VPN connection is also available and each workstation has the Wake-on-LAN feature enabled then you can actually turn on an office PC which has been fully shutdown by sending what's called a Magic Packet to its network card. Wait 3 minutes for it to boot up, make your Remote Desktop connection and finally shut down the PC again from within the remote session.

Don't get the 2nd circuit from the same supplier otherwise the two circuits will be contending for the same bandwidth at the ISP.

If possible use a different medium - one cable and the other ADSL.

A second Internet circuit is great as a standby in case your main circuit fails.

It's even possible to use Terminal Services for remote network access without any extra hardware or software licences.