Nyheter i Terminal Services

1
(No Transcript)
2
Nyheter i Terminal Services

• Morten Jenssen (morten.jenssen_at_microsoft.com)
• TSP - Networking
• Microsoft Norge AS

3
Session Objectives And Key Takeaways

• Session Objective(s)
• Lean about TS Remote Programs
• Learn about TS Gateway
• Learn About TS Web Access
• Understand the importance of x64 for TS
• Terminal Services is a Rich Client Technology
• Terminal Services can reduce application
  deployment and management overhead
• TS isnt just about WAN links

4
Terminal Services
Central Location

• Centralized Application Access
• App Deployment
• Branch Office
• Secure Anywhere Access
• Compliance Security
• Enabling Technologies
• TS Gateway
• TS Remote Programs
• SSO for managed clients
• TS in Windows Server Longhorn designed for
  low complexity scenarios

5
TS Remote Programs

• Today Terminal Services only provides a mechanism
  to remote whole desktops
• Providing users with 2 desktopscauses confusion
• Providing TS desktops can cause you to be caught
  in a rich client vs. thin client debate
• A mechanism is needed to integrate the benefits
  of centrally deployed managed applications with
  the benefits of rich client applications

6
TS Remote Programs Deployment Best Practices

• Put common application on same server
• Office Family
• Consider putting individual applications on
  separate servers when
• Application has compatibility issues
• A single application and associated users may
  fill server capacity
• Create load-balanced farm for single
  applications that exceed 1 server
• Use Softricity SoftGrid to improve server usage
  and application compatibility

7
TS Web Access

• Provide a simple solution and Infrastructure
• Solution
• Provides simple web interface for launching
  applications
• TS Gateway Provides the HTTPS transport NOT Web
  Access
• Two modes of configuration
• Single Terminal Server mode
• AD Mode (queries group policies for published MSI
  packages)
• Ideal for low complexity scenarios
• Infrastructure
• Whidbey Web Part
• ActiveX Control
• Samples

8
TS Gateway

• Allows secure seamless connection without VPN
• Tunnels RDP over HTTPS
• Place TS behind multiple firewalls without
  opening multiple firewall ports other than 443
• Uses same infrastructure as Outlook over
  RPC/HTTPS
• Allows access to
• Terminal Server Remote Desktops Programs
• Client Remote Desktop
• Server Remote Desktop
• When should TS Gateway be used in place of VPN?
• When no local copy of data is required
• When a quicker connection time is required
• When bandwidth or application data size makes VPN
  experiences suck

9
Terminal Services GatewayRemote Access to
internal applications resources
DMZ
Corp LAN
Internet
Passes RDP/SSL traffic to TS
Terminal Server
Tunnels RDP over RPC/HTTPS
Internal Firewall
Strips off RPC/HTTPS
External Firewall
Home
Terminal Server
Internet
HTTPS / 443
Hotel
Other RDP Hosts
Terminal Services Gateway Server
Network Policy Server
Business Partner/ Client Site
Active Directory DC
10
TS Gateway Best Practices

• Use root-signed SSL certificate
• Dont rely on TSG to block devices
• Use a dedicated TSG Server
• Can co-exist with Outlook RPC/HTTP
• Consider placing behind ISA
• Better than just port based firewall
• Use SSL terminator in DMZ and put TS Gateway in
  main network
• Great if network admin is nervous of domain
  joined Windows servers in the DMZ

11
Key Features

• Terminal Services Session Broker
• Delivers session-based load-balancing providing
  better uptime and performance to your
  environment.
• Terminal Services Easy Print
• Enables fast and reliable printing to a local or
  network-attached printer.

12
Other New Experience Features

• Large Display Support / Custom resolutions
• Span multiple monitors
• PnP Device Redirection Framework
• POS Device Redirection
• Windows Portable Device Redirection
• Windows Server Longhorn Audio Mixer Support
• Windows Presentation Foundation (WPF) Remoting
  (Remote Desktop Only)
• 32-bit Color new RDP compression
• Display Data Prioritization

13
Other New Security Features

• Terminal Services Gateway
• NAP Support
• Device Redirection Hints
• Connection Monitoring
• Network Authentication
• Single Sign-on for domain joined clients
• CredUI / CredMan / CredSSP integration
• Ability to block pre RDP6 client
• Per session direct attached device isolation

14
Custom Display Resolutions

• Today in 2003 TS Display resolutions are
  constrained
• 43 resolutions
• 1600(w) 1200(h) maximums
• This constraint was imposed due to virtual memory
  limitations
• New 169 1610 displays entering market now
• 1680x1050
• 1920x1200
• Customers have clients with multiple monitors
• Most common is 2 or 3 monitors in horizontal
  layout
• Mstsc.exe /span or hxxxx y commands new RDP
  file parameters

15
Display Data Prioritization

• Automatically controls virtual channel (VC)
  traffic so that display data, keyboard and mouse
  data is prioritized over other VC data
• VCs are used for printing, copy paste and file
  transfers
• This prioritization ensures there is always
  sufficient traffic prioritization to ensure the
  user keeps working
• This feature only affects client RDP mapped
  resources

16
Why is x64 so Important for TS?

• Up to 4x improvement in users/server on
  comparable hardware price point
• Performance comparisons are entirely dependent
  on scenario
• Your Mileage WILL Vary
• Whitepaper _at_ http//www.microsoft.com/ts

Based on Initial Internal Testing
x86 x64 Performance Tip Registry Setting to
Reduce Microsoft Outlook 2003 Periodic
Polling HKEY_CURRENT_USER\Software\Microsoft\Off
ice\11.0\Outlook\RPC dword ConnManagerPoll
0x600
17
Benefits of x64 Architecture

• Runs 32-bit software without being recompiled
• Runs 64-bit Windows, drivers and software
  specifically compiled for the x64 instruction set
• Can act like an x86 processor when an x64 system
  is booted into a 32-bit operating system and as
  such runs all 32-bit versions of Windows
  commercially available today
• Runs 32-bit apps at high performance
• 4 GB User VA for Large Memory Aware Processes
• Runs 64-bit applications
• 8 TB Virtual Address Space
• Reduction in Mapping and Soft Page Faults in
  Most Cases
• Eases Migration to 64-bit infrastructure

18
Features Not Supported in 64-bit Windows

• 32-Bit Device Drivers
• Printer Drivers
• Software Kernel Driver Components
• Subsystems
• Microsoft DOS (NTVDM / Command.com)
• CMD processor still present
• 16-bit WOW
• Portable Operating System Interface for UNIX
  (POSIX)
• Services For Unix (SFU) for x64 available H205
• Legacy Transport Protocols
• Apple Talk, Services for Macintosh
• DLC LAN, NetBEUI
• IrDA, OSPF

19
x64 Terminal Server Recommendations

• X64 ideal for current deployments that are kernel
  VA limited
• x64 provides opportunities to significantly
  Scale-Up with new multi-core processors and
  increase user density on Terminal Services based
  systems
• Expected sweet spot for TS moves to 4 cores or
  more
• When driver compatibility is an issue consolidate
  onto Windows Server 2003 x86 SP1 Citrix
  Presentation Server 4.0 with 2 to 4 cores
• Consider x64 based hardware for all deployments
• Remember x64 needs more resources for same
  workload set

20
Understanding 32-Bit Constraints

• 4 GB (232) address space
• 2 GB kernel mode (KM) virtual address space
• Shared across processes
• 2 GB user mode virtual address (VA) space
• Each process has its own
• Kernel VA includes
• System Page Table Entry (PTE) area KM thread
  stacks 900 MB
• Paged Pool page tables, kernel objects 270 MB
• System Cache file cache, registry 500 MB
• Others (Non Paged Pool, images)

System PTEs (900 MB)
Kernel VA (2 GB)
Paged Pool (270 MB)
System Cache (500 MB)
Non Paged Pool, images, etc.
User VA (2 GB)
Process N