The Terminal Services Family
|
Microsoft Windows 2000 and 2003 Terminal Services allow multiple users to log on to a Windows 2000 or Windows 2003 server, have their own desktop environment, and execute programs that stay resident. User logons effectively get their own protected memory space for applications and data. Users can have a Windows desktop and run Windows- based applications without the need to load the applications on their local PC. A server running Terminal Services can host hundreds of concurrent users (the specifics of server sizing will be covered in later chapters). In this chapter, we will use the generic term Terminal Server to refer to a server running Windows 2000 Server or Windows Server 2003 with Terminal Services enabled.
The client computing device used to communicate with the Terminal Server can be a PC or a specially designed terminal made to work with the Terminal Server display protocol. The PC or terminal runs a relatively small program that enables a logon and accepts redirected screen output from the Terminal Server. The Microsoft Terminal Services client program relies on a protocol originally developed for Microsoft's NetMeeting, called Remote Desktop Protocol (RDP). RDP is based on the International Telecommunications Union's (ITU) T.120 protocol. The T.120 protocol is a standard multichannel conferencing protocol that is tuned for enterprise environments and supports session encryption.
Terminal Services History—It Started with Windows NT 4.0 Server, Terminal Server Edition
Microsoft's Windows NT 4.0 Server, TSE, was the implementation of Citrix MultiWin (which will be discussed in Chapter 3) on the Windows NT 4.0 Server platform. Although Windows NT 4.0 is no longer officially supported by Microsoft or Citrix, it is worth discussing the beginnings of Terminal Services technology to further understand where it is today. For those still running Windows NT 4.0 TSE, we strongly recommend upgrading to Windows 2003 (see the upcoming "Windows 2003 Server" section for justification). If support for 16-bit applications is required, NT 4.0 Terminal Services Edition (TSE) is still necessary, as Windows 2000 and 2003 do not effectively support 16-bit applications.
Because of the MultiWin-inspired kernel of TSE, users could log on to virtual Windows NT 4.0 sessions with the same desktop and application look and feel of Windows NT 4.0 Workstation. With TSE, Microsoft created a separate code base for the operating system in order to overcome some of the memory management limitations of Windows NT 4.0 Server and to generally tune it for multiuser access.
Microsoft included their Terminal Server client, which is the client portion of the Remote Desktop Protocol, with TSE. This RDP client supported a variety of Windows desktops over TCP/IP networking, including Windows 95 and 98, Windows CE, Windows NT Workstation, Windows 2000, and Windows XP.
TSE Internals
In order to achieve the multiuser capabilities required in TSE, the Citrix MultiWin technology needed to be integrated into the Windows NT 4.0 Server kernel. This integration meant that several components, services, and drivers were added or modified in the original Windows NT 4.0 Server core operating system. Windows NT 4.0 components such as the Virtual Memory Manager (VMM) and Object Manager (OM) were modified to perform in a multiuser environment.
Virtual Memory Manager The VMM in TSE mapped virtual addresses in the process's address space to physical pages in the computer's memory. In Windows NT, a process's address space was divided into two 2GB address ranges: user (process-specific addresses) and kernel (system-specific addresses). For the user address space, the VMM provided an individualized view of the physical memory to each process, ensuring that a call for system resources (a thread) within a process can access its own memory, but not the memory of other processes.
SessionSpace The kernel address space in TSE was common for all processes within the system, thus providing a consistent means for accessing all kernel services. The fact that all processes in Windows NT 4.0 shared the kernel address space resulted in kernel resource limitations when supporting multiple interactive sessions on a single server. In TSE, these limitations were addressed by creating a special address range in the kernel, called SessionSpace, which could be mapped on a per-session basis. Each process was associated with a SessionSpace via a SessionID. When a remote user connected to Terminal Server, a new SessionID was generated, and all of the processes created for that connection inherited that SessionID and unique session space, as shown next. Other process groups, with a different SessionID, point to a separate set of memory-mapped objects and physical pages at the same virtual address.
The Windows NT 4.0 Terminal Server made all objects required for multiuser capability virtual so that the applications and system programs from different user sessions do not collide. Every object name created within a session is appended with a unique identifier number associated with the individual user session (SessionID) that created it. For example, if a user started an application in the first session on the Terminal Server, the session would be seen as session1 and the application seen as application1, as shown in Figure 2-1.
Figure 2-1: Execution of a multiuser Windows application
The Remote Desktop Protocol was designed to support TCP/IP over LAN or WAN communication links. Due to the multisession nature of the protocol, a special user mode extension (RDPWSX), as depicted in Figure 2-2, is needed to receive all incoming client packets. RDPWSX manages sessions and calls WINLOGON to authenticate them. In addition, RDPWSX will validate the client license with the license server and negotiate client-server encryption keys.
Figure 2-2: An RDP session
Upon successfully establishing a session, the MultiWin subsystem gained control over session management. A virtual session was created by localizing a copy of WIN32K.SYS with all the necessary device drivers. The TERMDD (Terminal Server Device Driver) then provided the run-time environment of a session-specific protocol driver in order to service multiple client session requests. To support the mouse and keyboard commands sent to each session's copy of the WIN32K.SYS subsystem, the RDPWD (Remote Desktop Winstation Driver) was loaded.
The console session was always the first to load, and was assigned a special client connection ID of 0. The console session launched at system startup with the system-configured Windows NT display, mouse, and keyboard drivers loaded. The Terminal Server service contacted the Windows NT session manager (SMSS.EXE) and loaded the RDP user mode protocol extension RDPWSX to create two idle client sessions right after the creation of the console session. These two idle sessions listened on TCP service port 3389 for RDP protocol packets from the client.
Code Sharing Terminal Server also implemented memory code sharing (also known as Copy on-Write Page Protection). This feature allowed one copy of executable code, such as Microsoft Word, to be loaded into physical memory, and to have multiple users run the same copy of the program code. If a user loaded a private copy of a Word document, a separate memory space would be set aside and marked as read/write under the protection of Virtual Memory Manager. No other process could access this private memory space. This was extremely useful and efficient when a large number of users were using the same programs.
| Note | Code sharing cannot be utilized in 16-bit applications, since they need to run inside a separate DOS VDM (Virtual Dos Machine). For this reason, approximately 20 percent more memory is used by 16-bit and DOS applications than by comparable 32-bit applications. In order to properly size the RAM requirement in TSE, a live functional test should be conducted to observe the total working set of memory consumed by a specific application, because many 32-bit applications contain 16-bit code. |
Windows 2000 Terminal Services
In Windows 2000 Terminal Services, SessionSpace remains. The layout on the memory map has been modified to further tune the system and enable a common layout for all Windows 2000 systems, whether or not Terminal Services has been installed. The main modification is that SessionSpace has been reduced to 60MB and starts at the memory address location A0000000. Moving SessionSpace up to A0000000 allows all system drivers (win32k.sys), video drivers, and printer drivers to be loaded in a common virtual address location, whether they are accessed through a Terminal Services session or on a session without Terminal Services. Microsoft redesigned the memory mapping to eliminate the need for a separate version of the operating system to support Terminal Services, as was necessary with Windows NT 4.0 Server and TSE. Among other obvious advantages, service packs for Terminal Services no longer lag behind those for the base operating system as they did with TSE.
A new Windows 2000 service, appropriately called Terminal Services (termsrv.exe), is the controlling process in the Terminal Server architecture. It is primarily responsible for session management, initiation, and termination of user sessions and session event notification. The Terminal Server service is entirely protocol independent, so it can function using RDP or a third-party add-on protocol such as ICA from Citrix.
A user mode protocol extension provides assistance to the Terminal Server service. It is the responsibility of this component to provide protocol-specific functions and services, such as licensing, session shadowing, client font enumeration, and so forth. Each Terminal Server session protocol (for example, RDP and ICA) has its own protocol extension, providing a variety of services.
| Note | For RDP, this user mode extension is called wsxtshar.dll. |
Windows 2003 Server
Windows Server 2003 is now the flagship product for Terminal Services. Packaged with the release of Windows Server 2003 is a new client connection program. The new Terminal Services client, first released with Windows XP, is called Remote Desktop Connection (RDC) and provides substantial improvements over previous releases, including greater functionality through a simplified user interface. RDC can also be used to connect to a Windows XP Professional-based computer running Remote Desktop, and can be used to connect to previous versions of Terminal Services (Windows NT 4—Terminal Server Edition and Windows 2000 Server). RDC utilizes a new version of RDP and a new licensing model that provides for user and device licensing of Terminal Services and NT CAL's rather than just device licensing that had been required (see the "Licensing" section later in this chapter). This licensing change represents a tremendous win for all Windows SBC environments, as it dramatically reduces the costs for environments where users have more than one device they connect from. For example, under the Windows 2000 licensing model, if a user connected to a Terminal Services server or farm from a laptop, desktop, and home computer, Microsoft required the user's organization to purchase three Windows Terminal Services client access licenses and three Windows 2000 Server client access licenses for this one user. Under the new per-user licensing, the organization will only need to purchase one license for that user.
Windows 2003 Editions Comparison
Windows Server 2003 comes in six releases and four named editions; Standard, Enterprise, Datacenter, and Web. The Web edition will run on small-footprint servers. As the name implies, this edition is for web servers only—systems running IIS 6.0 and web applications. This edition will make an excellent and cost-effective platform for web services such as MetaFrame Web Interface and MetaFrame Secure Access Manager, as discussed in Chapter 16.
The Standard edition is the general-purpose version intended for traditional Windows Server tasks such as file and print serving, security, and Terminal Services. This is the server upon which a Citrix MetaFrame XP installation is most likely to be based.
The Enterprise edition is a "hardened" version of the operating system. Microsoft has added a number of features to this edition to increase its value as an application server platform. We envision that this server will be used for three potential purposes: large Terminal Services Farms, clustering, transaction processing, or server consolidation.
Finally, the Datacenter edition is the "big iron" version of the operating system. It is designed for the most demanding application and availability requirements where hardware cost is not a concern. This version requires a minimum of eight CPUs in a system and can run on systems containing up to 32 CPUs. System administrators who covet the chance to work on a Windows "mainframe" will be running this.
As mentioned, there are actually six releases. The additional two are the 64-bit versions of the Enterprise and Datacenter editions designed for the Intel Itanium processor. Because of the emphasis by the Microsoft SQL Server team on 64-bit computing, these releases will be targeted at high-volume database or transaction processing applications, but not much else.
Table 2-1 compares the features of the four named editions.
| Feature | Standard Edition | Enterprise Edition | Datacenter Edition | Web Edition |
|---|---|---|---|---|
| Scalability | ||||
| 64-bit support for Intel Itanium-based computers | + | + | ||
| Hot add memory [1], [2] | + | + | ||
| Non-Uniform Memory Access (NUMA)[2] | + | + | ||
| Datacenter program | + | |||
| Maximum RAM Support | ||||
| 2GB | + | + | + | + |
| 4GB | + | + | + | |
| 32GB | + | + | ||
| 64GB [3] | 1/2 | + | ||
| 512GB [4] | 1/2 | |||
| Maximum Symmetric Multiprocessing Support (SMP) | ||||
| 2-way | + | + | + | + |
| 4-way | + | + | + | |
| 8-way | + | + | ||
| 32-way | + | |||
| 64-way | + | |||
| Directory Services | ||||
| Active Directory | + | + | + | 1/2 |
| Metadirectory Services (MMS) | + | + | ||
| support | ||||
| Security Services | ||||
| Internet connection firewall | + | + | + | |
| Public Key Infrastructure, certificate services, and smart cards | 1/2 | + | + | 1/2 |
| Terminal Services | ||||
| Remote Desktop for Administration | + | + | + | + |
| Terminal Server | + | + | + |
|
| Terminal Server Session Directory | + | + | ||
| Clustering Technologies | ||||
| Network load balancing | + | + | + | + |
| Cluster service | + | + | ||
| Communications and Networking Services | ||||
| Virtual private network (VPN) support | + | + | + | 1/2 |
| Internet Authentication Service (IAS) | + | + | + | |
| Network bridge | + | + | + | |
| Internet Connection Sharing (ICS) | + | + | ||
| IPv6 | + | + | + | + |
| File and Print Services | ||||
| Distributed File System (Dfs) | + | + | + | + |
| Encrypting File System (EFS) | + | + | + | + |
| Shadow Copy Restore | + | + | + | + |
| Removable and remote storage | + | + | + | |
| Fax service | + | + | + | |
| Services for Macintosh | + | + | + | |
| Management Services | ||||
| IntelliMirror | + | + | + | 1/2 |
| Group policy results | + | + | + | 1/2 |
| Windows Management Instrumentation (WMI) command line | + | + | + | + |
| Remote OS installation | + | + | + | + |
| Remote Installation Services (RIS) | + | + | + | |
| Windows System Resource Manager (WSRM) | + | + |
| |
| .NET Application Services | ||||
| .NET Framework[1] | + | + | + | + |
| Internet Information Services (IIS) 6.0 | + | + | + | + |
| ASP.NET[1] | + | + | + | + |
| Enterprise UDDI services | + | + | + | |
| Multimedia Services | ||||
| Windows Media Services | + | + | + | |
| Key: + = Feature included 1/2 = Feature partially supported | ||||
|
[1]Not supported in 64-bit versions of Windows Server 2003.
[2]May be limited by lack of support by OEM hardware.
[3]Datacenter Edition's 32-bit version and Enterprise Editions 64-bit version both support up to 64 GB RAM.
[4]The 64-bit version of Datacenter Edition supports up to 512GB RAM. | ||||
|
EAN: 2147483647
Pages: 158