Implementing Terminal Services in an Extranet Environment
As a result of the many complex data flows required by today's business-to-business B2B marketplace, many enterprises are building extranets at the periphery of their LANs. This setup enables them to place systems in a buffer zone in which they have control over access from both the external networks as well as the intranet. If you are deploying a vertical application to which both internal and external users require access, then an extranet may be the perfect solution. Think of an extranet as...
Query Process
This command lists processes running on the terminal server and can be filtered to a specific session QUERY PROCESS processid username sessionname id nn programname server servername system lists all processes on the terminal server. processed lists information about only the specific process ID. username lists processes running under the context of a specific user. sessionname lists processes running under the context of a specific session. ID nn lists processes running in the session with the...
Real World Example
Let me walk you through an example of an application that needs to be modified for terminal server use. I'll change the name to protect the publisher. Let's assume that WorkGroup is a problem-tracking system that your company uses to manage projects. It references a SQL database to store project descriptions, timelines, and team members' notes. You want to install WorkGroup on your terminal server so that you can have your user's run it from within a Web page using the Microsoft Terminal...
Chapter Performance Capacity Planning and Availability
With all the advantages that the server-based computing model provides, there are also a number of challenges. By centralizing your users' computing environment, you create a much greater need for fault tolerance, performance, and availability. In the traditional computing model, if a workstation goes down, it typically will affect only a single user, but in a terminal services environment, if a system becomes unavailable, it will impact a large number of clients. As you saw in Chapter 4,...
RoboClient ROBOCLIEXE
The RoboClient program is installed on each test workstation. It communicates with the test manager system and controls execution of your test scripts. By default, when you launch ROBOCLI.EXE, it looks for a test manager system named ts-dev. If your test manager system has a different name, you can use an -s switch to specify another server name where servername is the name of the test manager system , or enter the name in the GUI, as Figure 5.2 shows.
The Terminal Services Protocols
The traditional computing model relies on the standard TCP IP protocol stack to transfer data back and forth between the workstation and server. The client server processing model, however, has very specific needs for maintaining its network link between the client and server. Since only video information and keyboard and mouse movements are communicated and data isn't communicated, the protocol used must be robust and low in latency. Two main protocols have been developed to meet this need RDP...
Installing the Terminal Services Client
To connect to the terminal server, the Terminal Services Client is used. This client is available for a number of platforms Win32 x86 OSs Use this client to connect to the terminal server from a Windows 9x, NT 3.51, NT 4.0, or Win2K PC. This client provided on the terminal server. Win16 OSs Use this client to connect to the Terminal Services server from a Windows 3.11 client. This client is also available on the terminal server. Windows Millennium Edition Windows Me The Terminal Services client...
Group Policy and Software Installation
If you are familiar with Win2K Group Policy, you know that one of its very powerful features is the ability to install, upgrade, and manage software. Although you might be tempted to use this feature to push new software out to your terminal servers, you need to be very careful how you do so. Most MSI packages are unaware of Terminal Service's Install mode, so if you attempt to use Group Policy to deploy user applications, you will not be able to take advantage of registry and INI file mapping....
Environment Settings
The Environment tab of each interface determines the program to use as the shell of the session when the user connects. The default is to use EXPLORER.EXE to provide the user with a full desktop interface. Typically you will use the RDP client to configure a connection to a specific program. However, these interfaces allow you to override the client and either force all connections to a server or all connections from a specific user account to receive a unique program rather than a desktop or...
Permissions on RDP
In Chapter 2, I introduced you to the Terminal Services Configuration utility. At that point, we were only concerned with using it to tune the server for optimal performance, but you can also use this utility to set permissions on RDP as well as set overrides for user session settings. Figure 4.2 shows the connections window of the utility. Figure 4.2 Connections settings in the Terminal Services Configuration utility. Figure 4.2 Connections settings in the Terminal Services Configuration...
Terminal Services Profile Path
When a user logs on to a workstation, the system checks the profile path attribute of his or her user object to see whether the user has a centrally stored profile. If he or she does, and it is newer than any locally cached copy that may exist, the profile is downloaded for the user. In the same way, when a user logs on to a terminal server, the system queries the UserParameters attribute and looks for a Terminal Services Profile path. Figure 4.14 shows the Terminal Services Profile tab of a...
System Tuning For Terminal Services
Now that you've installed Terminal Services, there are a number of measures you can take to tune the system for optimal performance under the heavy load of numerous simultaneous users. I'll make the assumption that you're running Win2K with Service Pack 2 SP2 installed. The first step is to connect to Windows Update and install any Critical Updates and Application Compatibility Updates. These updates will ensure that you have the most up-to-date security and the most application-friendly...
Performance Monitor PerfMon
PerfMon is the tried and true native monitoring tool for Windows systems. As Figure 5.4 shows, you can use PerfMon to view, log, and create alerts based on performance counters. In addition to the counters that you may be familiar with Free Memory, Processor Time, and so on Terminal Services also has a number of counters specific to it. I will define some of the key counters to look at, both standard and Terminal Services-specific, then go over how to set up logging and alerts. Figure 5.4...
RoboServer ROBOSRVEXE
RoboServer is installed on the test manager system. This tool is the conductor of all activity during the test. RoboServer instructs each instance of RoboClient when to open a new connection to the terminal server and which test script to run in the session. From the GUI, you can specify the following parameters The name of the terminal server to use The number of sessions each client computer should establish How many sessions make up a test set The delay time between test sets The delay...
Summary Qpl
In this chapter, I went into detail about the capacity-planning tools that Microsoft provides. I also examined the Performance Monitor counters that will assist you in watching the health and capacity of your terminal servers. We also looked at the Windows Load Balancing Service one of the most powerful options available for high-availability Terminal Services designs. Finally, we went over maintenance scripting and the common commands you will use in maintenance scripts. All the tools and...
Allow Logon to Terminal Services
The last requirement to log on to a terminal server is a per-user setting. In the properties of each user object in the domain, there are a few tabs that are terminal server related. Most of the settings affect session behavior once a user is logged on. But if you leave the Allow logon to terminal server check box clear, the setting will prevent that user from logging on in the first place. Figure 4.5 shows the User properties tab that holds this setting. The Allow logon to terminal server...
Configure a Workstation to Act Like a Thin Client
The following steps walk you through how to configure an NT 4.0 Workstation or Win2K Pro system to act like a thin client. 1. Install the Terminal Services Client for this, you must use the RDP 5.0 client. 2. Create a new local machine account and place it in the local administrators group. 4. Log out and log on again as the new account you created in Step 2. 5. Launch the Client Connection Manager and create or import your Terminal Services connection definitions. 6. Apply the following...
Setting up a Terminal Services License Server
As you read in Chapter 1, each device that connects to a terminal server in application server mode needs a TSCAL. A Terminal Services license server is used to install, distribute and manage these TSCALs. Without a license server, the terminal server will stop accepting connections after 90 days. If you're in a Win2K domain environment, you should install the Terminal Services Licensing service on one of your domain controllers. All terminal servers in the domain will automatically find the...
Application Compatibility Mechanisms
Before we dive into the application-installation process, you must understand the mechanisms that Microsoft has put in place to assist you in making applications that weren't designed with Terminal Services in mind run on a terminal server. These include Terminal Services logon scripts, application compatibility scripts, install and execute modes, registry mapping, and INI file mapping. If an application carries the Certified for Windows 2000 logo, it will generally be compatible with Terminal...
WinK Terminal Services Licensing
Under WTS, a common practice is to disable logging of TSCALs and simply purchase enough Client Access Licenses CALs to cover all your devices. Win2K Terminal Services doesn't allow you to disable license logging, so Win2K Terminal Services administrators are forced to install, configure, and maintain a Win2K Terminal Services License Server on their network. If you're using Win2K Terminal Services for remote administration only, you don't require a TSCAL and don't need a License Server. The...
Task Manager
Task Manager is one of the most common tools used in Windows and is often considered a user tool it offers a great deal of information in a very condensed format. On a terminal server, you can use Task Manager to display processes in either only your session or all sessions on the server. From here you can kill a hung process or quickly spot a leaky one. In Figure 5.8, you can see the Show processes from all sessions check box. Once this check box is selected, you should select Select Columns...
RDP Access Levels
RDP provides three basic levels of access Guest Access, User Access, and Full Control. The level assigned to a group determines the group's abilities when connected to the terminal server over RDP. Let's first examine the permissions available, then put them together into the basic access levels. Figure 4.4 shows the advanced ACL Editor's list of individual permissions, and Table 4.1 explains which abilities each permission setting bestows on the users. i Apply these permissions to objects and...
Affinity Mode
Affinity mode is very important in a farm of terminal servers. Affinity remembers which server accepted the last request from a specific client IP address. This way, if a user loses his or her connection to the server, the user can reconnect to the same server in the cluster and re-establish the same session assuming you are allowing a disconnected session to stay alive . One problem that this behavior might create, however, is if a user tries to reconnect from a different client device, the...
Terminal Services Compatibility Flags
When you install an application, Terminal Services creates a compatibility flag registry key, which Figure 3.15 shows, that instructs Terminal Services about which type of program the application is MS-DOS, 16-bit, 32-bit . If you're installing a legacy application that will not run on Terminal Services, you can adjust this flag so that Terminal Services makes adjustments when the application is launched. Figure 3.15 The compatibility flags registry values. Figure 3.15 The compatibility flags...
Terminal Server Maintenance
In a perfect world, Windows systems would always perform as they are supposed to. Users would be able to log on, log off, open and close applications, and recover from hung applications without causing problems to the system or other users. In reality, however, most Terminal Services administrators have found that applications will occasionally cause memory leaks and user profiles will sometimes become locked on the terminal server. Although your goal should be to find the cause of such...
Remote Control
One of the most powerful support features of Terminal Services is remote control or shadowing. I will explain how to use shadowing later in the chapter. For now, let's look at the settings that control how it behaves. Figure 4.9 shows the Remote Control tabs of each of the properties sheets. General Address Account Profile j Telephones j Organization Published Certificates j Member Of Dial-in j Object j Security Environment Sessions Remote control j Terminal Services Profile Use this tab to...