< Day Day Up > |
New features of Windows Server 2003 Terminal Services expand the management capability for Administrators. Table 15.2 provides a summary of some new features and their availability on different editions of Windows Server 2003. Table 15.2. Server Features by Edition
Remote Desktop for AdministrationThe Terminal Services administration mode available in Windows 2000 is called Remote Desktop for Administration in Windows Server 2003. Terminal Services is an integral part of the Windows Server 2003 kernel and is available on every installation. Microsoft recommends enabling Remote Desktop for administration on every Windows Server 2003 system. There is minimal impact on performance, no additional disk space is consumed, and Administrators can access servers in any location. note Enable Remote Desktop for Administration on all Windows Server 2003 System for ease of administration. It has minimal impact on the system. Remote Desktop SessionsWindows Server 2003 offers the same two virtual sessions that were available in Window 2000 Terminal Services Remote Administration mode, thus enabling two Administrators to log on simultaneously . In addition, with Windows Server 2003, an Administrator can remotely connect to the real console of a server called session 0 . To remotely connect as console, open a command window and enter mstsc -v:servername /F -console where mstsc is the RDC executable file, -v is the server to connect to, /F selects full screen mode, and console indicates connection to the console. You will receive a logon prompt and with successful authentication, be logged on just as if you were sitting at the physical console. Note that when you connect as console, no other user has to be already logged onto the console. If another user is already connected to the console, you receive this message: "The user domain \ username is logged locally on to this computer. The user has been idle for x minutes. The desktop is unlocked. If you continue, this user's session will end and any unsaved data will be lost. Do you want to continue?" Remote connection to console expands the scope of system administration by allowing remote application installation. Also, tools that will not work in a virtual session can now be run using session 0. Advantages of Remote AdministrationWindows Server 2003 offers new remote administration features:
Configuring Remote DesktopWith Windows 2000 Server, the Administrator can choose either application server or remote administration mode when installing Terminal Services. With Windows Server 2003, the server can run in both modes simultaneously and they are configured separately. To enable Remote Desktop for Administration, go to Control Panel, System, and select the Remote tab, as shown in Figure 15.2. Figure 15.2. Enabling Remote Desktop for Administration.
Console ConnectionIn Windows Server 2003, Administrators can use one of three methods to connect to the console:
note By connecting to the console, Administrators can now remotely defragment, reboot, and perform DC promotion and demotion. Microsoft Remote Desktop ProtocolRDCs use Remote Desktop Protocol 5.2 and can connect to previous versions of Terminal Services as well as Windows Server 2003 systems. Remote Desktop Protocol 5.2 communicates over a TCP/IP network connection and is based on an international standard, multichannel protocol called International Telecommunications Union (ITU) T. 120 protocol, which was first used in Microsoft's NetMeeting conferencing software. This protocol is tuned for high and low bandwidth connections and supports three levels of encryption. See the "Session Encryption Levels" section in this chapter for more details on encryption. Devices SupportedRemote Desktop Protocol supports the following devices:
Installing RDCRDC is built-in to Windows XP and Windows Server 2003. There are several different ways to install RDC in other computers:
Session Encryption LevelsHigh encryption is the default for all terminal sessions. This provides bidirectional security using a 128-bit cipher. However, not all clients support high-level encryption and might not be able to connect. Set the encryption level to Client Compatible to provide the highest encryption level supported by the client. To change the encryption level, go to Programs, Administrative Tools, and select Terminal Services Configuration. Highlight the RDP-Tcp connection, right-click, and select Properties. The encryption options are listed on the General tab and include Low, Client Compatibility, High, and FIPS Compliant. Figure 15.3 shows the Properties configuration screen. Figure 15.3. Changing the encryption level.
Remote Desktop for Administration Best PracticesThe following are recommendations for use of Remote Desktop for Administration:
note Configure disconnect timeouts if more than one account is used for remote administration. This will avoid account lockouts, which can occur if a session is active or is dropped. ProLiant's iLO Now Provides "Terminal Services Pass-through Service" for Windows Remote Console SessionsProLiant servers with the iLO Advanced Features Pack enabled can leverage iLO's remote console function to provide Terminal Services pass through of a Windows Remote Desktop Connection to Windows Server. Beginning with iLO firmware version 1.50, the iLO can leverage the OS functionality of Windows Terminal Services and a remote desktop connection to significantly increase the responsiveness of the graphical remote console. Terminal Services complements the technology within iLO by providing a software-based remote console when the Windows Server OS is functioning normally. In the event the Windows Server OS is not functioning normally, iLO can revert to the hardware-based console at any time. This gives Administrators the performance of an OS-based, graphical remote console with the assurance that the hardware-based iLO remote console is available at all times. The Terminal Services capability is an expansion of the iLO graphical remote console technology; therefore, it is part of the iLO Advanced Feature Pack. The iLO processor leverages the Terminal Services application using the "HP iLO Pass-through service" (HPLOPTS.EXE) in combination with version 1.50 or later of the iLO firmware, to access the Windows Terminal Services Remote Desktop Protocol. note The HP iLO Pass-through Service for Microsoft Terminal Services, iLO Firmware and Windows Server drivers is available at the HP ProLiant Software and Drivers Web site: http://h18000.www1.hp.com/support/files/server/us/index.html Once the correct level of firmware, drivers, and the iLO Pass-through Service for Microsoft Terminal Services are installed, system administrators can use the following methods to take advantage of Terminal Services Pass-through using the following procedures:
When the administrator requests a Terminal Services connection, the iLO remote console applet activates the Terminal Services client application, which connects to iLO on the host server. The iLO device passes all the Terminal Services traffic to the managed server and completes the connection between the iLO browser and the Windows OS. Because Terminal Services is OS-based, it has the primitives that tell the OS how to open a window, the size and color of the window, and so on. Therefore, the Terminal Services application transmits only small amounts of information across the network for improved graphical remote console performance. |
< Day Day Up > |