< Day Day Up > |
When designing a Windows Server 2003 Terminal Server infrastructure, there are several components to consider, such as domain and network structure, location and type of license server, configuration of Terminal Servers, client type and location, and print and application characteristics. Server RequirementsFirst, identify your Terminal Server requirements. Will you be using Terminal Services for serving applications or just for remote administration? If you are using remote administration only, no additional component installations or licensing is required. Two remote connections and a console connection are supported. Remote administration extends server management across forests and into mixed-mode domains. Microsoft provides a whitepaper that assists in determining the proper sizing of your server: "Windows Server 2003 Terminal Server Capacity and Scaling" at http://www.microsoft.com/windowsserver2003/techinfo/overview/tsscaling.mspx. License Server RequirementsIf applications are being served to remote clients , then a license server is required. If both Windows Server 2003 and Windows 2000 Terminal Servers are used, the license server must be located on a Windows Server 2003 system. If the license server is on a member server and not a DC, you might need to modify the Registry of the Terminal Servers so they can locate the license server. If the AD is rebuilt, then the licensing server and licenses will need to be reinstalled so they can then be configured in AD Sites and Services. For high-availability requirements, it is recommended to install at least two Terminal Server license servers with available CALs. The license servers will advertise in AD as enterprise license servers with the LDAP name of //CN=TS-Enterprise-License-Server,CN=site name,CN=sites,CN=configuration-container . For load balancing, configure each license server with 50% of the CALS. If a license server is part of a Windows Server 2003 AD forest with multiple domains and multiple Terminal Servers placed in a number of domains, then use the Enterprise mode. Otherwise, use the Domain mode. note If a member server is configured as the Terminal Server license server, Registry modifications on the Terminal Servers will be needed so the server can locate the license server. Refer to Microsoft KB article 279461, "How to Override the License Server Discovery Process in Windows Server 2003 Terminal Services." Remote ConnectionsApplications can be served to remote offices or to dial-up clients. By using roaming profiles, users can experience the same desktop when connecting from various locations. In a WAN environment, make sure that routers and firewalls do not filter Remote Desktop Protocol port 3389, which is required for client communication. note Enable Remote Desktop Protocol port 3389 on firewalls and routers to allow Terminal Server protocol. Best PracticesThe following list identifies best practices in deploying Windows Server 2003 Terminal Services:
note The case study cited here describes the Terminal Services deployment for an actual company that declined to have its name mentioned here. It is referred to as XYZ Company. Current EnvironmentEach member bank has its own independent IT environment, which includes Windows NT 4.0 domain, Lotus Notes mail, and file and print server. A total of 7,000 users exist within the 20 banks. Proposed EnvironmentThe solution includes a Windows Server 2003 AD forest with a parent-child domain, where the top-level domain is a resource domain, and the child domain is a placeholder for every member bank and their client PCs and users. The resource domain includes Lotus Notes mail servers, HP Remote Desktop Protocol, Structured Query Language (SQL), file and print clusters, Citrix servers, and finally a management solution. A Storage Area Network (SAN) provides data storage. To provide separation between member banks, the AD forest is designed to show only the individual bank's resources along with their common resources. The network is designed using firewalls, thereby providing security and optimum network bandwidth. The network will consist of a Management Virtual Local Area Network (VLAN), a Resource VLAN, and a number of member bank VLANs. For management of the servers on the Management and Resource VLANs, a management solution is proposed. Management SolutionTo provide manageability for the IT resources and to maximize the security of the two Citrix servers, a solution will be implemented that provides the IT resources access to servers placed on the Management VLAN and the Resource VLAN. The IT resources can use either a Citrix client and a back door or a Remote Desktop to the two Citrix servers. From the two Citrix servers (jumpstations), the IT resources can hop to every server using Remote Desktop technology. Every server has three NICs: one for the Management VLAN, one for integrated Lights-Out (iLO) access, and one for the Resource VLAN. |
< Day Day Up > |