Designing Terminal Server Infrastructure

When designing a Windows Server 2003 Terminal Server infrastructure, there are several components to consider, such as domain and network structure, location and type of license server, configuration of Terminal Servers, client type and location, and print and application characteristics.

Server Requirements

First, identify your Terminal Server requirements. Will you be using Terminal Services for serving applications or just for remote administration? If you are using remote administration only, no additional component installations or licensing is required. Two remote connections and a console connection are supported. Remote administration extends server management across forests and into mixed-mode domains.

Microsoft provides a whitepaper that assists in determining the proper sizing of your server: "Windows Server 2003 Terminal Server Capacity and Scaling" at http://www.microsoft.com/windowsserver2003/techinfo/overview/tsscaling.mspx.

License Server Requirements

If applications are being served to remote clients , then a license server is required. If both Windows Server 2003 and Windows 2000 Terminal Servers are used, the license server must be located on a Windows Server 2003 system. If the license server is on a member server and not a DC, you might need to modify the Registry of the Terminal Servers so they can locate the license server.

If the AD is rebuilt, then the licensing server and licenses will need to be reinstalled so they can then be configured in AD Sites and Services.

For high-availability requirements, it is recommended to install at least two Terminal Server license servers with available CALs. The license servers will advertise in AD as enterprise license servers with the LDAP name of //CN=TS-Enterprise-License-Server,CN=site name,CN=sites,CN=configuration-container .

For load balancing, configure each license server with 50% of the CALS. If a license server is part of a Windows Server 2003 AD forest with multiple domains and multiple Terminal Servers placed in a number of domains, then use the Enterprise mode. Otherwise, use the Domain mode.

Remote Connections

Applications can be served to remote offices or to dial-up clients. By using roaming profiles, users can experience the same desktop when connecting from various locations. In a WAN environment, make sure that routers and firewalls do not filter Remote Desktop Protocol port 3389, which is required for client communication.

Best Practices

The following list identifies best practices in deploying Windows Server 2003 Terminal Services:

• Document your deployment plan and methods .

• Examine security requirements for network and file access.

• Test and pilot your deployment plan.

• Minimize the use of graphics, animation, and cascading menus on the desktop.

• Avoid MS-DOS and Win16 (16-bit) applications.

• Disable Active Desktop and smooth scrolling both in OS and in applications if possible or desirable.

• Make sure all clients are running the most current version of client software.

• Back up your license server regularly to protect data from hardware failure.

Current Environment

Each member bank has its own independent IT environment, which includes Windows NT 4.0 domain, Lotus Notes mail, and file and print server. A total of 7,000 users exist within the 20 banks.

Proposed Environment

The solution includes a Windows Server 2003 AD forest with a parent-child domain, where the top-level domain is a resource domain, and the child domain is a placeholder for every member bank and their client PCs and users.

The resource domain includes Lotus Notes mail servers, HP Remote Desktop Protocol, Structured Query Language (SQL), file and print clusters, Citrix servers, and finally a management solution. A Storage Area Network (SAN) provides data storage.

To provide separation between member banks, the AD forest is designed to show only the individual bank's resources along with their common resources. The network is designed using firewalls, thereby providing security and optimum network bandwidth.

The network will consist of a Management Virtual Local Area Network (VLAN), a Resource VLAN, and a number of member bank VLANs. For management of the servers on the Management and Resource VLANs, a management solution is proposed.

Management Solution

To provide manageability for the IT resources and to maximize the security of the two Citrix servers, a solution will be implemented that provides the IT resources access to servers placed on the Management VLAN and the Resource VLAN. The IT resources can use either a Citrix client and a back door or a Remote Desktop to the two Citrix servers. From the two Citrix servers (jumpstations), the IT resources can hop to every server using Remote Desktop technology. Every server has three NICs: one for the Management VLAN, one for integrated Lights-Out (iLO) access, and one for the Resource VLAN.