Hardware

10 reasons why Windows Terminal Services is growing more popular

Windows Terminal Services has recently been enjoying a resurgence. Brien Posey offers his thoughts on why that's happening.

Windows Terminal Services (which was renamed Remote Desktop Services in Windows Server 2008 R2) has been around for many years. But lately, I've seen an increase in the number of organizations that use it. Here are a few reasons why.

Note: This article is also available as a PDF download. It was originally published in the 10 Things Blog on April 12, 2010.

1: The hardware has finally caught up

When Terminal Services debuted with Windows NT, server hardware was hard-pressed to support multiple server sessions. Furthermore, 10 Mbps networks were still the standard at that time and could easily become saturated by network-intensive applications, such as Terminal Services. Today, server hardware is far more powerful than it has ever been, and running multiple operating system instances on a server is the norm. Today's servers are well equipped to handle the demands of hosting Terminal Service sessions.

2: Windows Server 2008 R2 offers a full VDI solution

Windows Server 2008 R2 allows administrators to deploy a full virtual desktop infrastructure (VDI) solution. This means that the terminal server can be configured to host virtual desktop operating systems. When users log off, any changes they made are rolled back, and the virtual hard drive is left in a pristine condition, ready for the next user.

3: You can create dedicated virtual desktops

Normally, a virtual desktop pool is designed so that every virtual desktop within it is identical. Because users are not allowed to make changes to the virtual desktop, each VDI session begins with a pristine virtual machine. Although this technique works well, the business needs of some organizations require users to be able to make certain changes to their desktops. In these types of situations, Windows Server 2008 R2 allows you to dedicate a specific virtual desktop to an individual user. That way, the user has his or her own virtual desktop to configure as needed.

4: You can host individual applications rather than entire sessions

One of my favorite new features in Windows Server 2008 is RemoteApp. RemoteApp allows you to virtualize individual applications, as opposed to virtualizing an entire desktop. Not only is this approach less resource intensive for the server, it allows administrators to centralize application management without having to commit to a full-blown, thin-client environment.

5: Desktop hardware has a longer life span

The economy has seen better days, and everyone is looking to make the most of their IT budget. By using Terminal Services, organizations can squeeze more life out of their desktop computers. Because all the processing occurs at the server end, the desktops are essentially acting as dumb terminals. This means that using existing desktop hardware remains a viable option for much longer than it would if applications were run locally. Likewise, running applications on a terminal server may allow organizations to purchase lower-end desktop hardware than they otherwise would, resulting in cost savings.

6: Users can access their "work computer" from anywhere

Supporting users who need to work from outside the office is nothing new. But if you've ever supported remote users, you know that keeping mobile computers up to date can be challenging. And if they use one computer at work and a different computer away from the office, they may be less productive when working remotely, unless the two computers are configured identically. Implementing a Terminal Services environment allows remote users to have a consistent experience, regardless of whether they are working in the office or on the road.

7: Application maintenance becomes easier

In a Terminal Services environment, applications are installed on a terminal server rather than on individual desktops. As a result, application patching becomes much easier because there is only one copy of each application. You no longer have to make sure that application-level patches are applied to every desktop in the organization. It is worth noting, though, that each desktop retains its own operating system, which must still be kept up to date.

8: Desktop PCs have a smaller attack surface

Because Terminal Services involves applications or desktop sessions that are centrally hosted, there's no need to install applications on individual desktops. This helps to reduce the attack surface of the desktops in your organization. Typically, the desktop computers will require an operating system, some antivirus software, and a Terminal Services client (which is included with Windows). Everything else can be run on the server.

9: Desktop provisioning becomes easier

Once an organization has adopted Terminal Services, desktops can be configured to run a minimal configuration. This makes the process of provisioning desktops a lot easier. Image files become smaller and can therefore be deployed much more quickly, and the issue of application compatibility testing (at the desktop level) goes away.

10: You may be able to give up your desktop management software

I have seen at least one real-world example of an organization that decided to give up its desktop management software after implementing Terminal Services. It had purchased the desktop management software primarily to maintain hardware and software inventories across the organization. Because the vendor required an annual maintenance contract, ongoing costs were associated with using the software. Switching to a Terminal Services environment eliminated the need for software management at the desktop, thereby allowing the organization to reduce expenses by getting rid of its desktop management software.

Stay on top of the latest Microsoft Windows tips and tricks with TechRepublic's Windows Desktop newsletter, delivered every Monday and Thursday. Automatically sign up today!

About

Brien Posey is a seven-time Microsoft MVP. He has written thousands of articles and written or contributed to dozens of books on a variety of IT subjects.

7 comments
obokky
obokky

As itstechnical stated, the article purports to be about Terminal Services; however, VDI appears to be used interchangeably when it's not even the same service. As someone who has fully implemented Terminal Services in an enterprise of 40 locations and 2,500 named users in 2002-2004, I can attest that 2008R2 raised the bar of TS capabilities and management, but it hardly invented anything new. Case in point: the article states that the ability to publish an application is some kind of new 2008R2 feature when, in fact, TS has always been capable of executing a single application via the RDP client. It also makes it sound like only the newest hardware enabled TS to become successful. The reality is that a single x64-enabled dual 3.06GHz Xeon box with 6GB and Server 2003/32 was capable of hosting full desktops for ~75 knowledge workers. The real advancement was Server 2003 itself with its major strides forward in memory management for the terminal sessions. Prior to that, Server 2000's archaic load balancing had to be painstakingly utilized and limit ~25-35 users per box while finding someway to attempt to synchronize their user profiles across the boxes. The remaining points in the article ring true regarding provisioning, support, and remote accessibility/portability. Basically, each site has a single "desktop" to support from an OS/app management perspective. Only the user profiles have to be investigated when users report challenges - allowing a 1:500 helpdesk staffing ratio. And in today's higher/cheaper bandwidth scenario, it is more feasible than ever to depend upon remote TS servers rather than dedicating one per LAN - making SoHo environments much more cost effective.

itstechnical
itstechnical

Well...you confused me a bit by throwing 3 different environments into this posting...RDS or Terminal Services which can stand alone, VDI using VDA and RemoteApp which comes with VDA so maybe it's only 2 different environments? From my limited view, at least one additional reason RDS is enjoying resurgence is Microsoft's demand for $100 annually per user license to use VDA. That 'fee' has knocked VDI out of my budget!

robo_dev
robo_dev

This is not a 'bash Microsoft' rant. Microsoft makes some great products and they have made great strides in terms of the security of their applications and operating systems. However, the whole approach of using Terminal Services as a remote connectivity method has some major issues. First of all, at a high level, there is too much variability in terms of what a user can deploy as their Terminal Services solution versus what is typically seen in either a hardware-based or service-based remote connectivity solution. I don't like to use the term 'idiot proof' but it's really difficult, for example, to deploy a Cisco VPN and leave it with big security holes. But anyone can deploy an unpatched Windows 2003 Terminal Server box, open up a couple of extra ports, and the security level is that of a 'honey pot'. Hackers will avoid it, but only because they think it's a trap. The script kiddies will hack it. And over time, remember that the security of the Terminal Services application all depends on integrity of the underlying OS. A security appliance will have a hardened kernel that cannot typically be softened up by the end user. Any software-based solution such as Terminal Server can, either through user mis-configuration or through lax patch management, be based on an OS that is about as hardened as butter on a Texas road in July. And where there are vulnerabilities, there will be exploits, and so it goes.

Lamini
Lamini

thank you. So many things wrong with Terminal Services, why bother with it. Why play with ease of use vs security.

aandruli
aandruli

Using the MS terminal services software is like using a padlock on a bank safe -- plan on it failing to a mischief-maker. Citrix is the way to go with this one -- they have the terminal application thing working the way it should.

dmeireles
dmeireles

...and you'll have another layer of security and more flexibility. I think that the author is doing this analyses based on a well configured Remote Desktop server. As you mentioned (and very well) with the Firewall example, nothing is idiot proof, and even the most secure products can be turned into Honey pots if the admin is reckless.

Editor's Picks